From 9aa88727e900b71faad37ed72147d18e17f2991c Mon Sep 17 00:00:00 2001
From: Mark Burns <markthedeveloper@gmail.com>
Date: Thu, 14 May 2015 15:31:38 +0900
Subject: [PATCH] add request validation to API endpoint

---
 lib/slanger/api_server.rb | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/slanger/api_server.rb b/lib/slanger/api_server.rb
index d6926084..78c94f47 100644
--- a/lib/slanger/api_server.rb
+++ b/lib/slanger/api_server.rb
@@ -16,22 +16,24 @@ class ApiServer < Sinatra::Base
     set :show_exceptions, false
 
     # Respond with HTTP 401 Unauthorized if request cannot be authenticated.
-    error(Signature::AuthenticationError) { |c| halt 401, "401 UNAUTHORIZED\n" }
+    error(Signature::AuthenticationError) { |e| halt 401, "401 UNAUTHORIZED\n#{e}" }
 
     post '/apps/:app_id/events' do
       authenticate
-
       # Event and channel data are now serialized in the JSON data
       # So, extract and use it
-      data = JSON.parse(request.body.read.tap{ |s| s.force_encoding('utf-8')})
+      rv = RequestValidation.new(request.body.read)
+      socket_id = rv.socket_id
+      data = rv.data
 
       # Send event to each channel
-      data["channels"].each { |channel| publish(channel, data['name'], data['data'], data['socket_id']) }
+      data["channels"].each { |channel| publish(channel, data['name'], data['data'], socket_id) }
 
       status 202
       return {}.to_json
     end
 
+
     post '/apps/:app_id/channels/:channel_id/events' do
       authenticate