diff --git a/server/plugin.go b/server/plugin.go index 0617eaef..280c232f 100644 --- a/server/plugin.go +++ b/server/plugin.go @@ -153,6 +153,12 @@ func (p *Plugin) handleTelemetry(w http.ResponseWriter, r *http.Request) { return } + if telemetryRequest == nil { + p.API.LogError("Invalid request body") + p.handleErrorWithCode(w, http.StatusBadRequest, "Unable to decode JSON", errors.New("invalid request body")) + return + } + if telemetryRequest.Event != "" { p.trackFrontend(userID, telemetryRequest.Event, telemetryRequest.Properties) } @@ -183,6 +189,12 @@ func (p *Plugin) handleAdd(w http.ResponseWriter, r *http.Request) { senderName := p.listManager.GetUserName(userID) + if addRequest == nil { + p.API.LogError("Invalid request body") + p.handleErrorWithCode(w, http.StatusBadRequest, "Unable to decode JSON", errors.New("invalid request body")) + return + } + if addRequest.SendTo == "" { _, err = p.listManager.AddIssue(userID, addRequest.Message, addRequest.Description, addRequest.PostID) if err != nil { @@ -349,6 +361,12 @@ func (p *Plugin) handleEdit(w http.ResponseWriter, r *http.Request) { } r.Body.Close() + if editRequest == nil { + p.API.LogError("Invalid request body") + p.handleErrorWithCode(w, http.StatusBadRequest, "Unable to decode JSON", errors.New("invalid request body")) + return + } + foreignUserID, list, oldMessage, err := p.listManager.EditIssue(userID, editRequest.ID, editRequest.Message, editRequest.Description) if err != nil { p.API.LogError("Unable to edit message: err=" + err.Error()) @@ -395,6 +413,12 @@ func (p *Plugin) handleChangeAssignment(w http.ResponseWriter, r *http.Request) } r.Body.Close() + if changeRequest == nil { + p.API.LogError("Invalid request body") + p.handleErrorWithCode(w, http.StatusBadRequest, "Unable to decode JSON", errors.New("invalid request body")) + return + } + if changeRequest.SendTo == "" { http.Error(w, "No user specified", http.StatusBadRequest) return @@ -450,6 +474,12 @@ func (p *Plugin) handleAccept(w http.ResponseWriter, r *http.Request) { return } + if acceptRequest == nil { + p.API.LogError("Invalid request body") + p.handleErrorWithCode(w, http.StatusBadRequest, "Unable to decode JSON", errors.New("invalid request body")) + return + } + todoMessage, sender, err := p.listManager.AcceptIssue(userID, acceptRequest.ID) if err != nil { p.API.LogError("Unable to accept issue err=" + err.Error()) @@ -486,6 +516,12 @@ func (p *Plugin) handleComplete(w http.ResponseWriter, r *http.Request) { return } + if completeRequest == nil { + p.API.LogError("Invalid request body") + p.handleErrorWithCode(w, http.StatusBadRequest, "Unable to decode JSON", errors.New("invalid request body")) + return + } + issue, foreignID, listToUpdate, err := p.listManager.CompleteIssue(userID, completeRequest.ID) if err != nil { p.API.LogError("Unable to complete issue err=" + err.Error()) @@ -531,6 +567,12 @@ func (p *Plugin) handleRemove(w http.ResponseWriter, r *http.Request) { return } + if removeRequest == nil { + p.API.LogError("Invalid request body") + p.handleErrorWithCode(w, http.StatusBadRequest, "Unable to decode JSON", errors.New("invalid request body")) + return + } + issue, foreignID, isSender, listToUpdate, err := p.listManager.RemoveIssue(userID, removeRequest.ID) if err != nil { p.API.LogError("Unable to remove issue, err=" + err.Error()) @@ -582,6 +624,12 @@ func (p *Plugin) handleBump(w http.ResponseWriter, r *http.Request) { return } + if bumpRequest == nil { + p.API.LogError("Invalid request body") + p.handleErrorWithCode(w, http.StatusBadRequest, "Unable to decode JSON", errors.New("invalid request body")) + return + } + todoMessage, foreignUser, foreignIssueID, err := p.listManager.BumpIssue(userID, bumpRequest.ID) if err != nil { p.API.LogError("Unable to bump issue, err=" + err.Error())