From f8ba3937bbc5e7410165802e19416c1cd351a126 Mon Sep 17 00:00:00 2001 From: Bart Van Der Meerssche Date: Thu, 24 Mar 2011 07:31:30 +0000 Subject: [PATCH] [api] add a device and digest check to /sensor --- server/api/flukso/src/flukso.hrl | 13 ++++++++----- server/api/flukso/src/flukso_sensor.erl | 9 +++++---- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/server/api/flukso/src/flukso.hrl b/server/api/flukso/src/flukso.hrl index cfe2696..2aa6bd8 100644 --- a/server/api/flukso/src/flukso.hrl +++ b/server/api/flukso/src/flukso.hrl @@ -26,15 +26,18 @@ jsonpCallback}). %% checks -check_version(undefined, undefined) -> - {false, false}; -check_version(Version, undefined) -> +check_version(Version) -> case Version of "1.0" -> {Version, true}; _ -> {false, false} - end; + end. + +check_version(undefined, undefined) -> + {false, false}; +check_version(Version, undefined) -> + check_version(Version); check_version(undefined, Version) -> - check_version(Version, undefined); + check_version(Version); check_version(_, _) -> {false, false}. diff --git a/server/api/flukso/src/flukso_sensor.erl b/server/api/flukso/src/flukso_sensor.erl index a6f3e89..df72e4e 100644 --- a/server/api/flukso/src/flukso_sensor.erl +++ b/server/api/flukso/src/flukso_sensor.erl @@ -39,11 +39,12 @@ allowed_methods(ReqData, State) -> {['POST'], ReqData, State}. malformed_request(ReqData, State) -> - {_Version, ValidVersion} = check_version(wrq:get_req_header("X-Version", ReqData), wrq:get_qs_value("version", ReqData)), -% TODO: check validity of X-Device and X-Digest headers + {_Version, ValidVersion} = check_version(wrq:get_req_header("X-Version", ReqData)), + {_Device, ValidDevice} = check_32hex(wrq:get_req_header("X-Device", ReqData)), + {_Digest, ValidDigest} = check_32hex(wrq:get_req_header("X-Digest", ReqData)), - {case {ValidVersion} of - {true} -> false; + {case {ValidVersion, ValidDevice, ValidDigest} of + {true, true, true} -> false; _ -> true end, ReqData, State}.