From 62f39f35618ed299cb4c1b9ad4db2f18816c1b12 Mon Sep 17 00:00:00 2001 From: Rafael Date: Sat, 30 Nov 2024 10:06:03 +0000 Subject: [PATCH] fix: do server side validation on blacklist address validation imports a lot of files that rely on nodejs to run previouly the build was automatically adding polyfills for that --- .tool-versions | 1 + lib/blacklist.js | 12 ++++++ .../src/pages/Blacklist/Blacklist.js | 40 +++++++------------ 3 files changed, 27 insertions(+), 26 deletions(-) create mode 100644 .tool-versions diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 00000000..50a9fc7b --- /dev/null +++ b/.tool-versions @@ -0,0 +1 @@ +nodejs 14 diff --git a/lib/blacklist.js b/lib/blacklist.js index 8324fc20..7665916c 100644 --- a/lib/blacklist.js +++ b/lib/blacklist.js @@ -1,5 +1,6 @@ const _ = require('lodash/fp') +const { addressDetector } = require('@lamassu/coins') const db = require('./db') const notifierQueries = require('./notifier/queries') @@ -16,7 +17,18 @@ const deleteFromBlacklist = address => { return db.none(sql, [address]) } +const isValidAddress = address => { + try { + return !_.isEmpty(addressDetector.getSupportedCoinsForAddress(address).matches) + } catch { + return false + } +} + const insertIntoBlacklist = address => { + if (!isValidAddress(address)) { + return Promise.reject(new Error('Invalid address')) + } return db .none( 'INSERT INTO blacklist (address) VALUES ($1);', diff --git a/new-lamassu-admin/src/pages/Blacklist/Blacklist.js b/new-lamassu-admin/src/pages/Blacklist/Blacklist.js index 8bfc12a7..034cfa7b 100644 --- a/new-lamassu-admin/src/pages/Blacklist/Blacklist.js +++ b/new-lamassu-admin/src/pages/Blacklist/Blacklist.js @@ -144,7 +144,6 @@ const Blacklist = () => { }) const [addEntry] = useMutation(ADD_ROW, { - onError: () => console.log('Error while adding row'), refetchQueries: () => ['getBlacklistData'] }) @@ -184,33 +183,22 @@ const Blacklist = () => { setConfirmDialog(false) } - const validateAddress = address => { - try { - return !R - .isEmpty - // addressDetector.getSupportedCoinsForAddress(address).matches - () - } catch { - return false - } - } - const addToBlacklist = async address => { setErrorMsg(null) - if (!validateAddress(address)) { - setErrorMsg('Invalid address') - return - } - const res = await addEntry({ variables: { address } }) - if (!res.errors) { - return setShowModal(false) - } - const duplicateKeyError = res.errors.some(e => { - return e.message.includes('duplicate') - }) - if (duplicateKeyError) { - setErrorMsg('This address is already being blocked') - } else { + try { + const res = await addEntry({ variables: { address } }) + if (!res?.errors) { + return setShowModal(false) + } + const duplicateKeyError = res?.errors?.some(e => { + return e.message.includes('duplicate') + }) + if (duplicateKeyError) { + setErrorMsg('This address is already being blocked') + } else { + setErrorMsg(`Server error${': ' + res?.errors[0]?.message}`) + } + } catch (e) { setErrorMsg('Server error') } }