From ebf07bf3027eebdaf88e55b56c9bda8069f90f6a Mon Sep 17 00:00:00 2001
From: costa <aschen@cug.edu.cn>
Date: Mon, 7 Jun 2021 22:23:44 +0800
Subject: [PATCH] fix: add check for shortID

---
 handler/handler.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/handler/handler.go b/handler/handler.go
index 7efff95..ccfeaa1 100644
--- a/handler/handler.go
+++ b/handler/handler.go
@@ -259,6 +259,17 @@ func DeleteHandler(bdb *badger.DB, db *pogreb.DB) fiber.Handler {
 		if err != nil {
 			return c.JSON(fiber.Map{"error": "true", "message": helper.ErrorPrint(err.Error(), helper.ID107)})
 		}
+		// check the shortID, avoid delete wrong link.
+		if len(post.ShortID) > helper.ShortIDToken {
+			code := strings.Replace(post.ShortID, "%7C", "|", -1)
+			val, err := helper.FindDB([]byte(code), db)
+			if err != nil {
+				return c.JSON(fiber.Map{"error": "true", "message": helper.ErrorPrint(err.Error(), helper.ID107)})
+			}
+			if val != post.URL {
+				return c.JSON(fiber.Map{"error": "true", "message": helper.ErrorPrint(helper.ID107, helper.ID107)})
+			}
+		}
 		// delete short URL
 		err = db.Delete([]byte(post.ShortID))
 		if err != nil {