From ba042d9b85c2bb8c70e55f097281701908661d3e Mon Sep 17 00:00:00 2001
From: Aryeh Harris <harryttd@gmail.com>
Date: Fri, 13 Oct 2023 15:35:42 -0400
Subject: [PATCH] Validate solution and nonce data types

---
 src/middleware.ts | 29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/src/middleware.ts b/src/middleware.ts
index 0a68192..4bca5a6 100644
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -77,13 +77,28 @@ const validateChallengeBody = (
   res: Response,
   next: NextFunction
 ) => {
-  const { solution, nonce } = req.body
-
-  if (!env.DISABLE_CHALLENGES && (!solution || !nonce)) {
-    return res.status(400).send({
-      status: "ERROR",
-      message: "'solution', and 'nonce', fields are required",
-    })
+  if (!env.DISABLE_CHALLENGES) {
+    const { solution, nonce } = req.body
+    if (!solution || !nonce) {
+      return res.status(400).send({
+        status: "ERROR",
+        message: "'solution', and 'nonce', fields are required",
+      })
+    }
+
+    if (!Number.isInteger(nonce)) {
+      return res.status(400).send({
+        status: "ERROR",
+        message: "'nonce' must be an integer",
+      })
+    }
+
+    if (typeof solution !== "string") {
+      return res.status(400).send({
+        status: "ERROR",
+        message: "'solution' must be a string",
+      })
+    }
   }
 
   next()