cerc-io/plugeth
18
0
Fork 1
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

cmd/faucet: double check user against the GH website

Browse Source
This commit is contained in:
Péter Szilágyi 2017-04-16 18:49:06 +03:00
parent c7a4d9cf8a
commit cb3f5f8b93
No known key found for this signature in database
GPG Key ID: E9AE538CEDF8293D
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cmd/faucet/faucet.go
View File

@ -306,7 +306,7 @@ func (f *faucet) apiHandler(conn *websocket.Conn) {
websocket.JSON.Send(conn, map[string]string{"error": "URL doesn't link to GitHub Gists"})
continue
}
log.Info("Faucet funds requested", "gist", msg.URL)
log.Info("Faucet funds requested", "addr", conn.RemoteAddr(), "gist", msg.URL)
// Retrieve the gist from the GitHub Gist APIs
parts := strings.Split(msg.URL, "/")
@ -348,6 +348,17 @@ func (f *faucet) apiHandler(conn *websocket.Conn) {
websocket.JSON.Send(conn, map[string]string{"error": "No Ethereum address found to fund"})
continue
}
// Validate the user's existence since the API is unhelpful here
if res, err = http.Head("https://github.com/%s", gist.Owner.Login); err != nil {
websocket.JSON.Send(conn, map[string]string{"error": err.Error()})
continue
}
res.Body.Close()
if res.StatusCode != 200 {
websocket.JSON.Send(conn, map[string]string{"error": "Invalid user... boom!"})
continue
}
// Ensure the user didn't request funds too recently
f.lock.Lock()
var (