fix: Transak getURL input validation

bloomwalletio · Feb 29, 2024 · a8e1d4f · a8e1d4f
1 parent cbe29c2
commit a8e1d4f
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/packages/desktop/lib/electron/managers/transak.manager.ts b/packages/desktop/lib/electron/managers/transak.manager.ts
@@ -5,6 +5,8 @@ import { ITransakManager, ITransakWindowData } from '@core/app'
 import path from 'path'
 import { TRANSAK_WIDGET_URL } from '@auxiliary/transak/constants'
 import { buildQueryParametersFromObject } from '@core/utils/url'
+import { validateBech32Address } from '@core/utils'
+import { IOTA_BECH32_HRP } from '@core/network'
 
 export default class TransakManager implements ITransakManager {
     private rect: Electron.Rectangle
@@ -165,6 +167,16 @@ export default class TransakManager implements ITransakManager {
         const { address, currency, service } = data
         const apiKey = process.env.TRANSAK_API_KEY
 
+        validateBech32Address(IOTA_BECH32_HRP, address)
+
+        if (currency.length !== 3) {
+            throw new Error('Invalid Transak currency')
+        }
+
+        if (service !== 'BUY' && service !== 'SELL') {
+            throw new Error('Invalid Transak service')
+        }
+
         const queryParams = buildQueryParametersFromObject({
             apiKey,
             defaultFiatCurrency: currency,