LogalDeveloper/owncast
LogalDeveloper/owncast
0
Fork 0
Code

fix(api): validate stream key payload. Closes #3082

Browse Source
This commit is contained in:
Gabe Kangas 2023-06-13 12:58:22 -07:00
parent 26686dd6da
commit 9b44ff107f
No known key found for this signature in database
GPG Key ID: 4345B2060657F330
2 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
controllers/admin/config.go
View File

@ -850,6 +850,18 @@ func SetStreamKeys(w http.ResponseWriter, r *http.Request) {
return return
} }
if len(streamKeys.Value) == 0 {
controllers.WriteSimpleResponse(w, false, "must provide at least one valid stream key")
return
}
for _, streamKey := range streamKeys.Value {
if streamKey.Key == "" {
controllers.WriteSimpleResponse(w, false, "stream key cannot be empty")
return
}
}
if err := data.SetStreamKeys(streamKeys.Value); err != nil { if err := data.SetStreamKeys(streamKeys.Value); err != nil {
controllers.WriteSimpleResponse(w, false, err.Error()) controllers.WriteSimpleResponse(w, false, err.Error())
return return

12
test/automated/api/configmanagement.test.js
View File

@ -187,6 +187,18 @@ test('verify default admin configuration', async (done) => {
done(); done();
}); });
test('verify stream key validation', async (done) => {
const badPayload = { id: 'zz', comment: 'ouch' };
const url = '/api/admin/config/streamkeys';
const res = await request
.post(url)
.auth('admin', defaultAdminPassword)
.send(badPayload)
.expect(400);
done();
});
test('set server name', async (done) => { test('set server name', async (done) => {
const res = await sendAdminRequest('config/name', newServerName); const res = await sendAdminRequest('config/name', newServerName);
done(); done();