From 0c25425346a43b3f5f56d1293194d315afc46198 Mon Sep 17 00:00:00 2001 From: nimbleghost <132819643+nimbleghost@users.noreply.github.com> Date: Wed, 31 May 2023 18:30:20 +0200 Subject: [PATCH] Use readJSONWithLimit for web push sub/unsub --- server/server_web_push.go | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/server/server_web_push.go b/server/server_web_push.go index a465764e..bf5b92b9 100644 --- a/server/server_web_push.go +++ b/server/server_web_push.go @@ -9,8 +9,7 @@ import ( ) func (s *Server) handleTopicWebPushSubscribe(w http.ResponseWriter, r *http.Request, v *visitor) error { - var sub webPushSubscribePayload - err := json.NewDecoder(r.Body).Decode(&sub) + sub, err := readJSONWithLimit[webPushSubscribePayload](r.Body, jsonBodyBytesLimit, false) if err != nil || sub.BrowserSubscription.Endpoint == "" || sub.BrowserSubscription.Keys.P256dh == "" || sub.BrowserSubscription.Keys.Auth == "" { return errHTTPBadRequestWebPushSubscriptionInvalid } @@ -19,17 +18,14 @@ func (s *Server) handleTopicWebPushSubscribe(w http.ResponseWriter, r *http.Requ if err != nil { return err } - if err = s.webPush.AddSubscription(topic.ID, v.MaybeUserID(), sub); err != nil { + if err = s.webPush.AddSubscription(topic.ID, v.MaybeUserID(), *sub); err != nil { return err } return s.writeJSON(w, newSuccessResponse()) } func (s *Server) handleTopicWebPushUnsubscribe(w http.ResponseWriter, r *http.Request, _ *visitor) error { - var payload webPushUnsubscribePayload - - err := json.NewDecoder(r.Body).Decode(&payload) - + payload, err := readJSONWithLimit[webPushUnsubscribePayload](r.Body, jsonBodyBytesLimit, false) if err != nil { return errHTTPBadRequestWebPushSubscriptionInvalid }