From bb096a0357fa7481e3c149cba65056595622ac6c Mon Sep 17 00:00:00 2001
From: Omar Roth <omarroth@protonmail.com>
Date: Wed, 10 Jul 2019 11:22:10 -0500
Subject: [PATCH] Raise 400 on invalid request to '/feed/webhook'

---
 src/invidious.cr | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/invidious.cr b/src/invidious.cr
index ba7e65b5..8d5ed886 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -2656,9 +2656,18 @@ end
 get "/feed/webhook/:token" do |env|
   verify_token = env.params.url["token"]
 
-  mode = env.params.query["hub.mode"]
-  topic = env.params.query["hub.topic"]
-  challenge = env.params.query["hub.challenge"]
+  mode = env.params.query["hub.mode"]?
+  topic = env.params.query["hub.topic"]?
+  challenge = env.params.query["hub.challenge"]?
+
+  if !mode || !topic || !challenge
+    env.response.status_code = 400
+    next
+  else
+    mode = mode.not_nil!
+    topic = topic.not_nil!
+    challenge = challenge.not_nil!
+  end
 
   case verify_token
   when .starts_with? "v1"