From 802d5a33bd77b3d177d3873c225daf2edc5286da Mon Sep 17 00:00:00 2001
From: Sam Anthony <sam@samanthony.xyz>
Date: Fri, 29 Nov 2024 14:00:43 -0500
Subject: server: input validation

---
 server/duty.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'server/duty.go')

diff --git a/server/duty.go b/server/duty.go
index 82bf60f..55022f3 100644
--- a/server/duty.go
+++ b/server/duty.go
@@ -8,6 +8,11 @@ import (
 	"strconv"
 )
 
+const (
+	minDutyCycle = 0.0
+	maxDutyCycle = 100.0
+)
+
 type DutyCycle float32
 
 type DutyCycleHandler struct {
@@ -24,10 +29,14 @@ func (h DutyCycleHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 
 	dc, err := strconv.ParseFloat(r.URL.RawQuery, 32)
-	if err != nil {
+	if err != nil || !isValidDutyCycle(dc) {
 		badRequest(w, "invalid duty cycle: '%s'", r.URL.RawQuery)
 		return
 	}
 
 	h.dc.Set <- DutyCycle(dc)
 }
+
+func isValidDutyCycle(dc float64) bool {
+	return dc >= minDutyCycle && dc <= maxDutyCycle
+}
-- 
cgit v1.2.3