From 25d72a7e31a0d077546639f3de25d75ebb4efa14 Mon Sep 17 00:00:00 2001
From: Wim <wim@42.be>
Date: Sat, 24 Oct 2015 17:44:14 +0200
Subject: Add some validation for incoming connections

---
 matterhook/matterhook.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/matterhook/matterhook.go b/matterhook/matterhook.go
index efc77cc0..8e87cc7b 100644
--- a/matterhook/matterhook.go
+++ b/matterhook/matterhook.go
@@ -71,6 +71,11 @@ func (c *Client) StartServer() {
 
 // ServeHTTP implementation.
 func (c *Client) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "POST" {
+		log.Println("invalid " + r.Method + " connection from " + r.RemoteAddr)
+		http.NotFound(w, r)
+		return
+	}
 	msg := IMessage{}
 	err := r.ParseForm()
 	if err != nil {
@@ -86,6 +91,11 @@ func (c *Client) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		http.NotFound(w, r)
 		return
 	}
+	if msg.Token == "" {
+		log.Println("no token from " + r.RemoteAddr)
+		http.NotFound(w, r)
+		return
+	}
 	c.In <- msg
 }
 
-- 
cgit v1.2.3