From 9b44ff107fd6093a2e93120727ca8cb216a3657e Mon Sep 17 00:00:00 2001 From: Gabe Kangas Date: Tue, 13 Jun 2023 12:58:22 -0700 Subject: [PATCH] fix(api): validate stream key payload. Closes #3082 --- controllers/admin/config.go | 12 ++++++++++++ test/automated/api/configmanagement.test.js | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/controllers/admin/config.go b/controllers/admin/config.go index 76b452fe2..feebd6d2c 100644 --- a/controllers/admin/config.go +++ b/controllers/admin/config.go @@ -850,6 +850,18 @@ func SetStreamKeys(w http.ResponseWriter, r *http.Request) { return } + if len(streamKeys.Value) == 0 { + controllers.WriteSimpleResponse(w, false, "must provide at least one valid stream key") + return + } + + for _, streamKey := range streamKeys.Value { + if streamKey.Key == "" { + controllers.WriteSimpleResponse(w, false, "stream key cannot be empty") + return + } + } + if err := data.SetStreamKeys(streamKeys.Value); err != nil { controllers.WriteSimpleResponse(w, false, err.Error()) return diff --git a/test/automated/api/configmanagement.test.js b/test/automated/api/configmanagement.test.js index 5bab5a318..f0a2ad0a9 100644 --- a/test/automated/api/configmanagement.test.js +++ b/test/automated/api/configmanagement.test.js @@ -187,6 +187,18 @@ test('verify default admin configuration', async (done) => { done(); }); +test('verify stream key validation', async (done) => { + const badPayload = { id: 'zz', comment: 'ouch' }; + const url = '/api/admin/config/streamkeys'; + const res = await request + .post(url) + .auth('admin', defaultAdminPassword) + .send(badPayload) + .expect(400); + + done(); +}); + test('set server name', async (done) => { const res = await sendAdminRequest('config/name', newServerName); done();