From 4a0ff69c8adaad8fb1d5a28ad9848bfe2291e10a Mon Sep 17 00:00:00 2001 From: /alex/ Date: Wed, 8 May 2024 15:18:58 +0200 Subject: [PATCH] fix: check commitment id (#1388) * add check * nit * review --- src/bin/inx-chronicle/api/core/routes.rs | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/bin/inx-chronicle/api/core/routes.rs b/src/bin/inx-chronicle/api/core/routes.rs index 4663bdc29..7be2eb370 100644 --- a/src/bin/inx-chronicle/api/core/routes.rs +++ b/src/bin/inx-chronicle/api/core/routes.rs @@ -333,7 +333,20 @@ async fn commitment( Path(commitment_id): Path, headers: HeaderMap, ) -> ApiResult> { - commitment_by_index(database, Path(commitment_id.slot_index()), headers).await + let slot_commitment = database + .collection::() + .get_commitment(commitment_id.slot_index()) + .await? + .ok_or(MissingError::NoResults)?; + + if slot_commitment.commitment_id != commitment_id { + return Err(ApiError::from(MissingError::NoResults)); + } + + if matches!(headers.get(axum::http::header::ACCEPT), Some(header) if header == BYTE_CONTENT_HEADER) { + return Ok(IotaRawResponse::Raw(slot_commitment.commitment.data())); + } + Ok(IotaRawResponse::Json(slot_commitment.commitment.into_inner())) } async fn commitment_by_index(