Skip to content

Commit

Permalink
Validate filters for events on rpc level
Browse files Browse the repository at this point in the history
  • Loading branch information
lostystyg committed Aug 24, 2022
1 parent ac03dcb commit e4c102c
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 1 deletion.
18 changes: 18 additions & 0 deletions src/pocketdb/helpers/ShortFormHelper.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,24 @@ bool PocketHelpers::ShortTxFilterValidator::Activities::IsFilterAllowed(PocketDb
return allowed.find(type) != allowed.end();
}

bool PocketHelpers::ShortTxFilterValidator::Events::IsFilterAllowed(PocketDb::ShortTxType type)
{
static const std::set<PocketDb::ShortTxType> allowed = {
PocketDb::ShortTxType::Money,
PocketDb::ShortTxType::Referal,
PocketDb::ShortTxType::Answer,
PocketDb::ShortTxType::Comment,
PocketDb::ShortTxType::Subscriber,
PocketDb::ShortTxType::CommentScore,
PocketDb::ShortTxType::ContentScore,
PocketDb::ShortTxType::PrivateContent,
PocketDb::ShortTxType::Boost,
PocketDb::ShortTxType::Repost,
};

return allowed.find(type) != allowed.end();
}

PocketDb::ShortTxType PocketHelpers::ShortTxTypeConvertor::strToType(const std::string& typeStr)
{
static const auto& typesMap = GetTypesMap();
Expand Down
6 changes: 6 additions & 0 deletions src/pocketdb/helpers/ShortFormHelper.h
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,12 @@ namespace PocketHelpers
public:
static bool IsFilterAllowed(PocketDb::ShortTxType type);
};

class Events
{
public:
static bool IsFilterAllowed(PocketDb::ShortTxType type);
};
};

// STMT here is used to avoid including here any of sqlite3 headers, however
Expand Down
2 changes: 1 addition & 1 deletion src/pocketdb/web/PocketContentRpc.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1359,7 +1359,7 @@ namespace PocketWeb::PocketWebRpc
if (rawFilters[i].isStr()) {
const auto& rawFilter = rawFilters[i].get_str();
auto filter = ShortTxTypeConvertor::strToType(rawFilter);
if (filter == ShortTxType::NotSet) {
if (!PocketHelpers::ShortTxFilterValidator::Events::IsFilterAllowed(filter)) {
throw JSONRPCError(RPC_INVALID_PARAMETER, "Unexpected filter: " + rawFilter);
}
filters.insert(filter);
Expand Down

0 comments on commit e4c102c

Please sign in to comment.