From 802d5a33bd77b3d177d3873c225daf2edc5286da Mon Sep 17 00:00:00 2001
From: Sam Anthony <sam@samanthony.xyz>
Date: Fri, 29 Nov 2024 14:00:43 -0500
Subject: server: input validation

---
 server/humidity.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'server/humidity.go')

diff --git a/server/humidity.go b/server/humidity.go
index 8cffccc..e31f4fb 100644
--- a/server/humidity.go
+++ b/server/humidity.go
@@ -8,6 +8,11 @@ import (
 	"strconv"
 )
 
+const (
+	minHumidity = 0.0
+	maxHumidity = 100.0
+)
+
 type Humidity float32
 
 type HumidityHandler struct {
@@ -46,7 +51,7 @@ func (h HumidityHandler) post(w http.ResponseWriter, r *http.Request) {
 	humidityStr := queryVals["humidity"]
 
 	humidity, err := strconv.ParseFloat(humidityStr, 32)
-	if err != nil {
+	if err != nil || !isValidHumidity(humidity){
 		badRequest(w, "invalid humidity: '%s'", humidityStr)
 		return
 	}
@@ -79,3 +84,7 @@ func parseQuery(query string, keys []string) (map[string]string, error) {
 	}
 	return vals, nil
 }
+
+func isValidHumidity(humidity float64) bool {
+	return humidity >= minHumidity && humidity <= maxHumidity;
+}
-- 
cgit v1.2.3