Added checks for JSON body in accounts_data endpoint (#863)

Signed-off-by: Prateek Sachan <psachan@cs.iitr.ac.in>
author: Prateek Sachan <42961174+prateek2211@users.noreply.github.com> 2020-04-11 22:17:05 +0530
committer: GitHub <noreply@github.com> 2020-04-12 00:47:05 +0800
commit: 317658aceae207624e46a19318e2c39781d4e7ae (patch)
tree: f1523b37e35c70781e53774792df2ceafc9745af
parent: dacee648f7b6a44636271709cc62b93e25b0f451 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/clientapi/routing/account_data.go b/clientapi/routing/account_data.go
index 24db41f5..a5d53c32 100644
--- a/clientapi/routing/account_data.go
+++ b/clientapi/routing/account_data.go
@@ -15,6 +15,7 @@
 package routing
 
 import (
+	"encoding/json"
 	"io/ioutil"
 	"net/http"
 
@@ -80,12 +81,26 @@ func SaveAccountData(
 
 	defer req.Body.Close() // nolint: errcheck
 
+	if req.Body == http.NoBody {
+		return util.JSONResponse{
+			Code: http.StatusBadRequest,
+			JSON: jsonerror.NotJSON("Content not JSON"),
+		}
+	}
+
 	body, err := ioutil.ReadAll(req.Body)
 	if err != nil {
 		util.GetLogger(req.Context()).WithError(err).Error("ioutil.ReadAll failed")
 		return jsonerror.InternalServerError()
 	}
 
+	if !json.Valid(body) {
+		return util.JSONResponse{
+			Code: http.StatusBadRequest,
+			JSON: jsonerror.BadJSON("Bad JSON content"),
+		}
+	}
+
 	if err := accountDB.SaveAccountData(
 		req.Context(), localpart, roomID, dataType, string(body),
 	); err != nil {
author	Prateek Sachan <42961174+prateek2211@users.noreply.github.com>	2020-04-11 22:17:05 +0530
committer	GitHub <noreply@github.com>	2020-04-12 00:47:05 +0800
commit	317658aceae207624e46a19318e2c39781d4e7ae (patch)
tree	f1523b37e35c70781e53774792df2ceafc9745af
parent	dacee648f7b6a44636271709cc62b93e25b0f451 (diff)