diff --git a/CHANGELOG.md b/CHANGELOG.md index a1ff8a3..71eae8b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Added `/api/v1/settings/move_followers` API endpoint (replaces `/api/v1/accounts/move_followers`). - Added `/api/v1/settings/import_follows` API endpoint. +- Validation of Monero subscription payout address. ### Removed diff --git a/src/mastodon_api/subscriptions/views.rs b/src/mastodon_api/subscriptions/views.rs index 0cd8e15..a86dc25 100644 --- a/src/mastodon_api/subscriptions/views.rs +++ b/src/mastodon_api/subscriptions/views.rs @@ -26,7 +26,10 @@ use crate::models::profiles::types::{ }; use crate::models::subscriptions::queries::get_subscription_by_participants; use crate::models::users::queries::get_user_by_id; -use crate::monero::wallet::create_monero_address; +use crate::monero::{ + helpers::validate_monero_address, + wallet::create_monero_address, +}; use crate::utils::currencies::Currency; use super::types::{ Invoice, @@ -124,6 +127,7 @@ pub async fn register_subscription_option( if price == 0 { return Err(ValidationError("price must be greater than 0").into()); }; + validate_monero_address(&payout_address)?; let payment_info = MoneroSubscription { chain_id: monero_config.chain_id.clone(), price, diff --git a/src/monero/helpers.rs b/src/monero/helpers.rs index 3b65c9f..0e466b5 100644 --- a/src/monero/helpers.rs +++ b/src/monero/helpers.rs @@ -6,6 +6,7 @@ use tokio_postgres::GenericClient; use uuid::Uuid; use crate::config::MoneroConfig; +use crate::errors::ValidationError; use crate::models::{ invoices::queries::{ get_invoice_by_id, @@ -19,6 +20,14 @@ use super::wallet::{ MoneroError, }; +pub fn validate_monero_address(address: &str) + -> Result<(), ValidationError> +{ + Address::from_str(address) + .map_err(|_| ValidationError("invalid monero address"))?; + Ok(()) +} + pub async fn check_expired_invoice( config: &MoneroConfig, db_client: &impl GenericClient,