From c29756ac6e9ef5409b8f51e355e00dcb99f2de08 Mon Sep 17 00:00:00 2001
From: Kieran <kieran@harkin.me>
Date: Mon, 13 Jun 2022 15:43:23 +0100
Subject: [PATCH] Return 404 response on failure to parse file id

---
 VoidCat/Controllers/UploadController.cs |  2 +-
 VoidCat/Model/Extensions.cs             | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/VoidCat/Controllers/UploadController.cs b/VoidCat/Controllers/UploadController.cs
index 6cc894c..ba369fb 100644
--- a/VoidCat/Controllers/UploadController.cs
+++ b/VoidCat/Controllers/UploadController.cs
@@ -156,7 +156,7 @@ namespace VoidCat.Controllers
         [Route("{id}")]
         public async Task<IActionResult> GetInfo([FromRoute] string id)
         {
-            var fid = id.FromBase58Guid();
+            if (!id.TryFromBase58Guid(out var fid)) return StatusCode(404);
             var uid = HttpContext.GetUserId();
             var isOwner = uid.HasValue && await _userUploads.Uploader(fid) == uid;
 
diff --git a/VoidCat/Model/Extensions.cs b/VoidCat/Model/Extensions.cs
index 532beaa..46f8dbf 100644
--- a/VoidCat/Model/Extensions.cs
+++ b/VoidCat/Model/Extensions.cs
@@ -47,6 +47,21 @@ public static class Extensions
         return new Guid(guidBytes);
     }
 
+    public static bool TryFromBase58Guid(this string base58, out Guid v)
+    {
+        try
+        {
+            v = base58.FromBase58Guid();
+            return true;
+        }
+        catch
+        {
+            // ignored
+            v = Guid.Empty;
+            return false;
+        }
+    }
+
     public static string ToBase58(this Guid id)
     {
         var enc = new NBitcoin.DataEncoders.Base58Encoder();
@@ -65,7 +80,7 @@ public static class Extensions
     {
         return file.EditSecret == editSecret;
     }
-    
+
     public static string ToHex(this byte[] data)
     {
         return BitConverter.ToString(data).Replace("-", string.Empty).ToLower();