From 79c5696cb46abb110966f7db1bf2d55dbc63bb1d Mon Sep 17 00:00:00 2001
From: Ben Morrison <ben@gbmor.dev>
Date: Fri, 14 Jun 2019 00:31:17 -0400
Subject: prevent potential ddos via circular registry POST

---
 svc/post.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/svc/post.go b/svc/post.go
index 34ae92f..46032b9 100644
--- a/svc/post.go
+++ b/svc/post.go
@@ -3,6 +3,7 @@ package svc // import "github.com/getwtxt/getwtxt/svc"
 import (
 	"fmt"
 	"net/http"
+	"strings"
 
 	"github.com/getwtxt/registry"
 )
@@ -35,6 +36,10 @@ func apiPostUser(w http.ResponseWriter, r *http.Request) {
 
 	switch remoteRegistry {
 	case true:
+		if strings.Contains(urls, confObj.Instance.URL) {
+			errHTTP(w, r, fmt.Errorf("can't submit this registry to itself"), http.StatusBadRequest)
+			break
+		}
 		remoteRegistries.List = append(remoteRegistries.List, urls)
 
 		if err := twtxtCache.CrawlRemoteRegistry(urls); err != nil {
@@ -49,7 +54,7 @@ func apiPostUser(w http.ResponseWriter, r *http.Request) {
 
 		if err := twtxtCache.AddUser(nick, urls, "", uip, statuses); err != nil {
 			errHTTP(w, r, fmt.Errorf("error adding user to cache: %v", err.Error()), http.StatusBadRequest)
-			return
+			break
 		}
 
 		_, err = w.Write([]byte(fmt.Sprintf("200 OK\n")))
-- 
cgit 1.4.1-2-gfad0