parakeet.at / plc-mirror
A PLC Mirror written in Rust
fork atom

feat: protect against favicon.ico and invalid dids

mia.omg.lol d7e2d7aa f812b525

+8
unified split
+8
src/api.rs
··· 34 let conn = rqctx.context().get_conn().await?; 35 let did = path.into_inner().did; 36 37 let op = db::get_latest_operation(&conn, &did) 38 .await 39 .map_err(|v| HttpError::for_internal_error(v.to_string()))?
··· 34 let conn = rqctx.context().get_conn().await?; 35 let did = path.into_inner().did; 36 37 + if did == "favicon.ico" { 38 + return Err(HttpError::for_not_found(None, Default::default())); 39 + } 40 + 41 + if !did.starts_with("did:plc:") { 42 + return Err(HttpError::for_bad_request(None, "Invalid DID".to_string())); 43 + } 44 + 45 let op = db::get_latest_operation(&conn, &did) 46 .await 47 .map_err(|v| HttpError::for_internal_error(v.to_string()))?