diff options
author | Péter Szilágyi <peterke@gmail.com> | 2017-04-16 23:49:06 +0800 |
---|---|---|
committer | Péter Szilágyi <peterke@gmail.com> | 2017-04-16 23:49:06 +0800 |
commit | cb3f5f8b932156df9078085e77bef493eca1581b (patch) | |
tree | 06e46224bd248a0f742419e83b0b74c2127421a3 /cmd | |
parent | c7a4d9cf8ae307a94d16dd8197824eecd320cdf7 (diff) | |
download | go-tangerine-cb3f5f8b932156df9078085e77bef493eca1581b.tar go-tangerine-cb3f5f8b932156df9078085e77bef493eca1581b.tar.gz go-tangerine-cb3f5f8b932156df9078085e77bef493eca1581b.tar.bz2 go-tangerine-cb3f5f8b932156df9078085e77bef493eca1581b.tar.lz go-tangerine-cb3f5f8b932156df9078085e77bef493eca1581b.tar.xz go-tangerine-cb3f5f8b932156df9078085e77bef493eca1581b.tar.zst go-tangerine-cb3f5f8b932156df9078085e77bef493eca1581b.zip |
cmd/faucet: double check user against the GH website
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/faucet/faucet.go | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/cmd/faucet/faucet.go b/cmd/faucet/faucet.go index fd34cdec1..c418da818 100644 --- a/cmd/faucet/faucet.go +++ b/cmd/faucet/faucet.go @@ -306,7 +306,7 @@ func (f *faucet) apiHandler(conn *websocket.Conn) { websocket.JSON.Send(conn, map[string]string{"error": "URL doesn't link to GitHub Gists"}) continue } - log.Info("Faucet funds requested", "gist", msg.URL) + log.Info("Faucet funds requested", "addr", conn.RemoteAddr(), "gist", msg.URL) // Retrieve the gist from the GitHub Gist APIs parts := strings.Split(msg.URL, "/") @@ -348,6 +348,17 @@ func (f *faucet) apiHandler(conn *websocket.Conn) { websocket.JSON.Send(conn, map[string]string{"error": "No Ethereum address found to fund"}) continue } + // Validate the user's existence since the API is unhelpful here + if res, err = http.Head("https://github.com/%s", gist.Owner.Login); err != nil { + websocket.JSON.Send(conn, map[string]string{"error": err.Error()}) + continue + } + res.Body.Close() + + if res.StatusCode != 200 { + websocket.JSON.Send(conn, map[string]string{"error": "Invalid user... boom!"}) + continue + } // Ensure the user didn't request funds too recently f.lock.Lock() var ( |