From 5e531e19d34fa4e325c99bb48b99e864e3eba340 Mon Sep 17 00:00:00 2001 From: Kavin <20838718+FireMasterK@users.noreply.github.com> Date: Sun, 30 Oct 2022 20:29:57 +0000 Subject: [PATCH] Add better validation for some parameters. --- .../handlers/auth/AuthPlaylistHandlers.java | 15 ++++++++------ .../server/handlers/auth/FeedHandlers.java | 20 +++++++++++++++++-- .../server/handlers/auth/UserHandlers.java | 5 ++++- 3 files changed, 31 insertions(+), 9 deletions(-) diff --git a/src/main/java/me/kavin/piped/server/handlers/auth/AuthPlaylistHandlers.java b/src/main/java/me/kavin/piped/server/handlers/auth/AuthPlaylistHandlers.java index 1959fe4..e33157a 100644 --- a/src/main/java/me/kavin/piped/server/handlers/auth/AuthPlaylistHandlers.java +++ b/src/main/java/me/kavin/piped/server/handlers/auth/AuthPlaylistHandlers.java @@ -120,7 +120,7 @@ public class AuthPlaylistHandlers { public static byte[] createPlaylist(String session, String name) throws IOException { - if (StringUtils.isBlank(name)) + if (StringUtils.isBlank(session) || StringUtils.isBlank(name)) return mapper.writeValueAsBytes(new InvalidRequestResponse()); User user = DatabaseHelper.getUserFromSession(session); @@ -144,7 +144,7 @@ public class AuthPlaylistHandlers { public static byte[] renamePlaylistResponse(String session, String playlistId, String newName) throws IOException { - if (StringUtils.isBlank(playlistId)) + if (StringUtils.isBlank(session) || StringUtils.isBlank(playlistId)) return mapper.writeValueAsBytes(new InvalidRequestResponse()); User user = DatabaseHelper.getUserFromSession(session); @@ -176,7 +176,7 @@ public class AuthPlaylistHandlers { public static byte[] deletePlaylistResponse(String session, String playlistId) throws IOException { - if (StringUtils.isBlank(playlistId)) + if (StringUtils.isBlank(session) || StringUtils.isBlank(playlistId)) return mapper.writeValueAsBytes(new InvalidRequestResponse()); User user = DatabaseHelper.getUserFromSession(session); @@ -206,7 +206,7 @@ public class AuthPlaylistHandlers { public static byte[] addToPlaylistResponse(String session, String playlistId, String videoId) throws IOException, ExtractionException { - if (StringUtils.isBlank(playlistId) || StringUtils.isBlank(videoId)) + if (StringUtils.isBlank(session) || StringUtils.isBlank(playlistId) || StringUtils.isBlank(videoId)) return mapper.writeValueAsBytes(new InvalidRequestResponse()); var user = DatabaseHelper.getUserFromSession(session); @@ -267,7 +267,7 @@ public class AuthPlaylistHandlers { public static byte[] removeFromPlaylistResponse(String session, String playlistId, int index) throws IOException { - if (StringUtils.isBlank(playlistId)) + if (StringUtils.isBlank(session) || StringUtils.isBlank(playlistId)) return mapper.writeValueAsBytes(new InvalidRequestResponse()); try (Session s = DatabaseSessionFactory.createSession()) { @@ -303,7 +303,7 @@ public class AuthPlaylistHandlers { public static byte[] importPlaylistResponse(String session, String playlistId) throws IOException, ExtractionException { - if (StringUtils.isBlank(playlistId)) + if (StringUtils.isBlank(session) || StringUtils.isBlank(playlistId)) return mapper.writeValueAsBytes(new InvalidRequestResponse()); var user = DatabaseHelper.getUserFromSession(session); @@ -379,6 +379,9 @@ public class AuthPlaylistHandlers { public static byte[] playlistsResponse(String session) throws IOException { + if (StringUtils.isBlank(session)) + return mapper.writeValueAsBytes(new InvalidRequestResponse()); + try (Session s = DatabaseSessionFactory.createSession()) { User user = DatabaseHelper.getUserFromSession(session, s); diff --git a/src/main/java/me/kavin/piped/server/handlers/auth/FeedHandlers.java b/src/main/java/me/kavin/piped/server/handlers/auth/FeedHandlers.java index 1696f1a..39c0ae9 100644 --- a/src/main/java/me/kavin/piped/server/handlers/auth/FeedHandlers.java +++ b/src/main/java/me/kavin/piped/server/handlers/auth/FeedHandlers.java @@ -19,6 +19,7 @@ import me.kavin.piped.utils.obj.db.User; import me.kavin.piped.utils.obj.db.Video; import me.kavin.piped.utils.resp.AcceptedResponse; import me.kavin.piped.utils.resp.AuthenticationFailureResponse; +import me.kavin.piped.utils.resp.InvalidRequestResponse; import me.kavin.piped.utils.resp.SubscribeStatusResponse; import org.apache.commons.lang3.StringUtils; import org.hibernate.Session; @@ -37,6 +38,9 @@ public class FeedHandlers { public static byte[] subscribeResponse(String session, String channelId) throws IOException { + if (StringUtils.isBlank(session) || StringUtils.isBlank(channelId)) + return mapper.writeValueAsBytes(new InvalidRequestResponse()); + try (Session s = DatabaseSessionFactory.createSession()) { User user = DatabaseHelper.getUserFromSessionWithSubscribed(session); @@ -68,6 +72,10 @@ public class FeedHandlers { } public static byte[] isSubscribedResponse(String session, String channelId) throws IOException { + + if (StringUtils.isBlank(session) || StringUtils.isBlank(channelId)) + return mapper.writeValueAsBytes(new InvalidRequestResponse()); + try (StatelessSession s = DatabaseSessionFactory.createStatelessSession()) { var cb = s.getCriteriaBuilder(); var query = cb.createQuery(Long.class); @@ -86,7 +94,7 @@ public class FeedHandlers { public static byte[] feedResponse(String session) throws IOException { if (StringUtils.isBlank(session)) - return mapper.writeValueAsBytes(new AuthenticationFailureResponse()); + return mapper.writeValueAsBytes(new InvalidRequestResponse()); User user = DatabaseHelper.getUserFromSession(session); @@ -131,7 +139,7 @@ public class FeedHandlers { public static byte[] feedResponseRSS(String session) throws IOException, FeedException { if (StringUtils.isBlank(session)) - return mapper.writeValueAsBytes(new AuthenticationFailureResponse()); + return mapper.writeValueAsBytes(new InvalidRequestResponse()); User user = DatabaseHelper.getUserFromSession(session); @@ -369,6 +377,8 @@ public class FeedHandlers { public static byte[] importResponse(String session, String[] channelIds, boolean override) throws IOException { + if (StringUtils.isBlank(session)) + return mapper.writeValueAsBytes(new InvalidRequestResponse()); User user = DatabaseHelper.getUserFromSessionWithSubscribed(session); @@ -418,6 +428,9 @@ public class FeedHandlers { public static byte[] subscriptionsResponse(String session) throws IOException { + if (StringUtils.isBlank(session)) + return mapper.writeValueAsBytes(new InvalidRequestResponse()); + User user = DatabaseHelper.getUserFromSession(session); if (user != null) { @@ -484,6 +497,9 @@ public class FeedHandlers { public static byte[] unsubscribeResponse(String session, String channelId) throws IOException { + if (StringUtils.isBlank(session) || StringUtils.isBlank(channelId)) + return mapper.writeValueAsBytes(new InvalidRequestResponse()); + User user = DatabaseHelper.getUserFromSession(session); if (user != null) { diff --git a/src/main/java/me/kavin/piped/server/handlers/auth/UserHandlers.java b/src/main/java/me/kavin/piped/server/handlers/auth/UserHandlers.java index 1cbecb0..475ea86 100644 --- a/src/main/java/me/kavin/piped/server/handlers/auth/UserHandlers.java +++ b/src/main/java/me/kavin/piped/server/handlers/auth/UserHandlers.java @@ -112,7 +112,7 @@ public class UserHandlers { public static byte[] deleteUserResponse(String session, String pass) throws IOException { - if (StringUtils.isBlank(pass)) + if (StringUtils.isBlank(session) || StringUtils.isBlank(pass)) return mapper.writeValueAsBytes(new InvalidRequestResponse()); try (Session s = DatabaseSessionFactory.createSession()) { @@ -140,6 +140,9 @@ public class UserHandlers { public static byte[] logoutResponse(String session) throws JsonProcessingException { + if (StringUtils.isBlank(session)) + return mapper.writeValueAsBytes(new InvalidRequestResponse()); + try (StatelessSession s = DatabaseSessionFactory.createStatelessSession()) { var tr = s.beginTransaction(); if (s.createMutationQuery("UPDATE User user SET user.sessionId = :newSessionId where user.sessionId = :sessionId")