diff --git a/router/upload.go b/router/upload.go index b00d59e9..9176f03c 100644 --- a/router/upload.go +++ b/router/upload.go @@ -167,10 +167,14 @@ func (f *UploadForm) ExtractInfo(r *http.Request) error { return metainfo.ErrInvalidTorrentFile } exactTopic = strings.SplitAfter(exactTopic, ":")[2] - f.InfoHash = strings.ToUpper(strings.Split(exactTopic, "&")[0]) - matched, err := regexp.MatchString("^[0-9A-Z]+$", f.Infohash) //ffuuuuuuck - if err != nil || !matched { - return metainfo.ErrInvalidTorrentFile + f.Infohash = strings.ToUpper(strings.Split(exactTopic, "&")[0]) + base16, err := regexp.MatchString("^[0-9A-F]{40}$", f.Infohash) + if err != nil { + return err + } + base32, err := regexp.MatchString("^[2-7A-Z]{32}$", f.Infohash) + if !base16 && !base32 { + return err } f.Filesize = 0 diff --git a/service/api/api.go b/service/api/api.go index 05d2990e..9fd32ae8 100644 --- a/service/api/api.go +++ b/service/api/api.go @@ -99,16 +99,18 @@ func validateMagnet(r *TorrentRequest) (error, int) { } exactTopic = strings.SplitAfter(exactTopic, ":")[2] r.Hash = strings.ToUpper(strings.Split(exactTopic, "&")[0]) + fmt.Println(r.Hash) return nil, http.StatusOK } func validateHash(r *TorrentRequest) (error, int) { r.Hash = strings.ToUpper(r.Hash) - matched, err := regexp.MatchString("^[0-9A-Z]+$", r.Hash) //fucking garbage + base16, err := regexp.MatchString("^[0-9A-F]{40}$", r.Hash) if err != nil { return err, http.StatusInternalServerError } - if !matched { + base32, err := regexp.MatchString("^[2-7A-Z]{32}$", r.Hash) + if !base16 && !base32 { return ErrHash, http.StatusNotAcceptable } return nil, http.StatusOK