From a0d2773ef4eb8b283d25158a2075aaba4d1fe6df Mon Sep 17 00:00:00 2001 From: spiral Date: Wed, 1 Dec 2021 08:43:16 -0500 Subject: [PATCH] fix: missing systemRef in patch /system, crash when system not found --- PluralKit.API/Controllers/v2/SwitchControllerV2.cs | 4 ++++ PluralKit.API/Controllers/v2/SystemControllerV2.cs | 11 ++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/PluralKit.API/Controllers/v2/SwitchControllerV2.cs b/PluralKit.API/Controllers/v2/SwitchControllerV2.cs index 459f310c..d7784553 100644 --- a/PluralKit.API/Controllers/v2/SwitchControllerV2.cs +++ b/PluralKit.API/Controllers/v2/SwitchControllerV2.cs @@ -81,6 +81,7 @@ public class SwitchControllerV2: PKControllerBase public async Task SwitchCreate(string systemRef, [FromBody] PostSwitchParams data) { var system = await ResolveSystem(systemRef); + if (system == null) throw Errors.SystemNotFound; if (ContextFor(system) != LookupContext.ByOwner) throw Errors.GenericMissingPermissions; @@ -163,6 +164,7 @@ public class SwitchControllerV2: PKControllerBase // for now, don't need to make a PatchObject for this, since it's only one param var system = await ResolveSystem(systemRef); + if (system == null) throw Errors.SystemNotFound; if (ContextFor(system) != LookupContext.ByOwner) throw Errors.GenericMissingPermissions; @@ -197,6 +199,7 @@ public class SwitchControllerV2: PKControllerBase public async Task SwitchMemberPatch(string systemRef, string switchRef, [FromBody] JArray data) { var system = await ResolveSystem(systemRef); + if (system == null) throw Errors.SystemNotFound; if (ContextFor(system) != LookupContext.ByOwner) throw Errors.GenericMissingPermissions; @@ -244,6 +247,7 @@ public class SwitchControllerV2: PKControllerBase public async Task SwitchDelete(string systemRef, string switchRef) { var system = await ResolveSystem(systemRef); + if (system == null) throw Errors.SystemNotFound; if (ContextFor(system) != LookupContext.ByOwner) throw Errors.GenericMissingPermissions; diff --git a/PluralKit.API/Controllers/v2/SystemControllerV2.cs b/PluralKit.API/Controllers/v2/SystemControllerV2.cs index ca0f54b5..1933cdea 100644 --- a/PluralKit.API/Controllers/v2/SystemControllerV2.cs +++ b/PluralKit.API/Controllers/v2/SystemControllerV2.cs @@ -21,10 +21,13 @@ public class SystemControllerV2: PKControllerBase return Ok(system.ToJson(ContextFor(system), APIVersion.V2)); } - [HttpPatch("@me")] - public async Task DoSystemPatch([FromBody] JObject data) + [HttpPatch("{systemRef}")] + public async Task DoSystemPatch(string systemRef, [FromBody] JObject data) { - var system = await ResolveSystem("@me"); + var system = await ResolveSystem(systemRef); + if (system == null) throw Errors.SystemNotFound; + if (ContextFor(system) != LookupContext.ByOwner) + throw Errors.GenericMissingPermissions; var patch = SystemPatch.FromJSON(data, APIVersion.V2); patch.AssertIsValid(); @@ -39,6 +42,7 @@ public class SystemControllerV2: PKControllerBase public async Task GetSystemSettings(string systemRef) { var system = await ResolveSystem(systemRef); + if (system == null) throw Errors.SystemNotFound; if (ContextFor(system) != LookupContext.ByOwner) throw Errors.GenericMissingPermissions; @@ -50,6 +54,7 @@ public class SystemControllerV2: PKControllerBase public async Task DoSystemSettingsPatch(string systemRef, [FromBody] JObject data) { var system = await ResolveSystem(systemRef); + if (system == null) throw Errors.SystemNotFound; if (ContextFor(system) != LookupContext.ByOwner) throw Errors.GenericMissingPermissions;