From 372c116283596af14f556b269c93d513fe36f796 Mon Sep 17 00:00:00 2001 From: softsimon Date: Tue, 13 Oct 2020 19:54:47 +0700 Subject: [PATCH] Input sanitation. Minimum amount fix. Debug log updated. --- backend/src/api/donations.ts | 2 +- backend/src/api/mempool.ts | 6 +++--- backend/src/routes.ts | 10 ++++++++++ 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/backend/src/api/donations.ts b/backend/src/api/donations.ts index 63de49840..d5873e111 100644 --- a/backend/src/api/donations.ts +++ b/backend/src/api/donations.ts @@ -61,7 +61,7 @@ class Donations { this.notifyDonationStatusCallback(data.id); } - if (parseFloat(response.btcPaid) < 0.001) { + if (parseFloat(response.btcPaid) < 0.01) { return; } diff --git a/backend/src/api/mempool.ts b/backend/src/api/mempool.ts index cd069ee5d..4967c0ffd 100644 --- a/backend/src/api/mempool.ts +++ b/backend/src/api/mempool.ts @@ -88,7 +88,7 @@ class Mempool { firstSeen: Math.round((new Date().getTime() / 1000)), }, transaction); } catch (e) { - logger.warn(txId + ' not found'); + logger.debug(txId + ' not found'); return false; } } @@ -125,7 +125,7 @@ class Mempool { } newTransactions.push(transaction); } else { - logger.err('Error finding transaction in mempool.'); + logger.debug('Error finding transaction in mempool.'); } } @@ -138,7 +138,7 @@ class Mempool { if (this.mempoolProtection === 0 && transactions.length / currentMempoolSize <= 0.80) { this.mempoolProtection = 1; this.inSync = false; - logger.warn('Mempool clear protection triggered.'); + logger.warn(`Mempool clear protection triggered because transactions.length: ${transactions.length} and currentMempoolSize: ${currentMempoolSize}.`); setTimeout(() => { this.mempoolProtection = 2; logger.warn('Mempool clear protection resumed.'); diff --git a/backend/src/routes.ts b/backend/src/routes.ts index fd89f3a55..c07cd2fd7 100644 --- a/backend/src/routes.ts +++ b/backend/src/routes.ts @@ -118,11 +118,21 @@ class Routes { return; } + if (p.orderId !== '' && !/^(@|)[a-zA-Z0-9_]{1,15}$/.test(p.orderId)) { + res.status(400).send('Invalid Twitter handle'); + return; + } + if (p.amount < 0.001) { res.status(400).send('Amount needs to be at least 0.001'); return; } + if (p.amount > 1000) { + res.status(400).send('Amount too large'); + return; + } + try { const result = await donations.createRequest(p.amount, p.orderId); res.json(result);