From 12a6fe1adc50bbbad12d96e8cf1700958817948e Mon Sep 17 00:00:00 2001
From: Adithya Vardhan <imadithyavardhan@gmail.com>
Date: Wed, 22 Feb 2023 18:10:23 +0530
Subject: [PATCH] feat: add pubkey hex check

---
 common/globals.go              | 2 ++
 controllers/keysend.ctrl.go    | 6 ++++++
 controllers_v2/keysend.ctrl.go | 6 ++++++
 3 files changed, 14 insertions(+)

diff --git a/common/globals.go b/common/globals.go
index b53b18b..ecc7ee5 100644
--- a/common/globals.go
+++ b/common/globals.go
@@ -15,4 +15,6 @@ const (
 	AccountTypeCurrent  = "current"
 	AccountTypeOutgoing = "outgoing"
 	AccountTypeFees     = "fees"
+
+	DestinationPubkeyHexSize = 66
 )
diff --git a/controllers/keysend.ctrl.go b/controllers/keysend.ctrl.go
index ada8ceb..4909419 100644
--- a/controllers/keysend.ctrl.go
+++ b/controllers/keysend.ctrl.go
@@ -1,10 +1,12 @@
 package controllers
 
 import (
+	"encoding/hex"
 	"fmt"
 	"net/http"
 	"strconv"
 
+	"github.com/getAlby/lndhub.go/common"
 	"github.com/getAlby/lndhub.go/lib"
 	"github.com/getAlby/lndhub.go/lib/responses"
 	"github.com/getAlby/lndhub.go/lib/service"
@@ -91,6 +93,10 @@ func (controller *KeySendController) KeySend(c echo.Context) error {
 	if err != nil {
 		return err
 	}
+	if _, err := hex.DecodeString(invoice.DestinationPubkeyHex); err != nil || len(invoice.DestinationPubkeyHex) != common.DestinationPubkeyHexSize {
+		c.Logger().Errorf("Invalid destination pubkey hex user_id:%v pubkey:%v", userID, len(invoice.DestinationPubkeyHex))
+		return c.JSON(http.StatusBadRequest, responses.BadArgumentsError)
+	}
 	invoice.DestinationCustomRecords = map[uint64][]byte{}
 	for key, value := range reqBody.CustomRecords {
 		intKey, err := strconv.Atoi(key)
diff --git a/controllers_v2/keysend.ctrl.go b/controllers_v2/keysend.ctrl.go
index 2244d4e..24a0d96 100644
--- a/controllers_v2/keysend.ctrl.go
+++ b/controllers_v2/keysend.ctrl.go
@@ -1,10 +1,12 @@
 package v2controllers
 
 import (
+	"encoding/hex"
 	"fmt"
 	"net/http"
 	"strconv"
 
+	"github.com/getAlby/lndhub.go/common"
 	"github.com/getAlby/lndhub.go/lib/responses"
 	"github.com/getAlby/lndhub.go/lib/service"
 	"github.com/getAlby/lndhub.go/lnd"
@@ -182,6 +184,10 @@ func (controller *KeySendController) SingleKeySend(c echo.Context, reqBody *KeyS
 		controller.svc.Logger.Error(err)
 		return nil, &responses.GeneralServerError
 	}
+	if _, err := hex.DecodeString(invoice.DestinationPubkeyHex); err != nil || len(invoice.DestinationPubkeyHex) != common.DestinationPubkeyHexSize {
+		c.Logger().Errorf("Invalid destination pubkey hex user_id:%v pubkey:%v", userID, len(invoice.DestinationPubkeyHex))
+		return nil, &responses.BadArgumentsError
+	}
 	invoice.DestinationCustomRecords = map[uint64][]byte{}
 
 	for key, value := range customRecords {