From 843fe4ce386a732d86dbab476f1245fdd961cfdb Mon Sep 17 00:00:00 2001 From: yosoyubik Date: Thu, 29 Apr 2021 11:23:50 +0200 Subject: [PATCH] json-rpc: add validation for json-rpc request --- pkg/arvo/app/azimuth-rpc.hoon | 36 ++++------------------------------- pkg/arvo/lib/json/rpc.hoon | 27 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 32 deletions(-) diff --git a/pkg/arvo/app/azimuth-rpc.hoon b/pkg/arvo/app/azimuth-rpc.hoon index ed1d0dedf7..35b9a4ad08 100644 --- a/pkg/arvo/app/azimuth-rpc.hoon +++ b/pkg/arvo/app/azimuth-rpc.hoon @@ -70,43 +70,15 @@ :: TODO: method not supported :: not-found:gen - ?~ json-rpc=(validate-json-rpc body.req) + ?~ rpc-request=(validate-request:json-rpc body.req parse-method) :: TODO: malformed request :: not-found:gen - (process-rpc-request:do u.json-rpc) - :: TODO: validate that format is e.g. 'get-point' - :: TODO: maybe replace with getPoint and translate to %term + (process-rpc-request:do u.rpc-request) + :: TODO: validate that format is e.g. 'getPoint' + :: TODO: maybe use getPoint and translate to %get-point :: ++ parse-method |=(t=@t t) - :: TODO: move to library - :: - ++ validate-json-rpc - |= body=(unit octs) - ^- (unit request:rpc) - ?~ body ~ - ?~ jon=(de-json:html q.u.body) ~ - :: ignores non-object responses - :: - :: ?. ?=([%o *] json) ~|([%format-not-valid json] !!) - ?. ?=([%o *] u.jon) ~ - %- some - %. u.jon - =, dejs:format - %- ot - :~ ['id' no] - ['jsonrpc' so] - ['method' (cu parse-method so)] - :: - :- 'params' - |= =json - ^- request-params:rpc - ?: =(%a -.json) - [%list ((ar same) json)] - ?. =(%o -.json) - !! - [%object ~(tap by ((om same) json))] - == -- -- :: diff --git a/pkg/arvo/lib/json/rpc.hoon b/pkg/arvo/lib/json/rpc.hoon index c5ead16c7e..89f100b813 100644 --- a/pkg/arvo/lib/json/rpc.hoon +++ b/pkg/arvo/lib/json/rpc.hoon @@ -50,4 +50,31 @@ ['message' s+message.response] == == +:: +++ validate-request + |= [body=(unit octs) parse-method=$-(@t term)] + ^- (unit request) + ?~ body ~ + ?~ jon=(de-json:html q.u.body) ~ + :: ignores non-object responses + :: + :: ?. ?=([%o *] json) ~|([%format-not-valid json] !!) + ?. ?=([%o *] u.jon) ~ + %- some + %. u.jon + =, dejs:format + %- ot + :~ ['id' no] + ['jsonrpc' so] + ['method' (cu parse-method so)] + :: + :- 'params' + |= =json + ^- request-params + ?: =(%a -.json) + [%list ((ar same) json)] + ?. =(%o -.json) + !! + [%object ~(tap by ((om same) json))] + == --