don't process invalid requests

routes/avatars.js

@@ -1,18 +1,19 @@
 var express = require('express');
 var router = express.Router();
 var skins = require('../skins');
-var fs = require('fs')
+var fs = require('fs');
+
+var valid_uuid = /^[0-9a-f]{32}$/;
 
 /* GET home page. */
 router.get('/:uuid/:size?', function(req, res) {
   //res.render('index', { title: 'Express' });
   //res.send("uuid is set to " + req.param("uuid"));
   //console.log(req.param('size'))
-  var uuid = req.param('uuid')
+  var uuid = req.param('uuid');
-  var size = req.param('size')
+  var size = req.param('size') || 180;
-  if (size == null) {
+  console.log(uuid);
-    size = 180;
+  if (valid_uuid.test(uuid)) {
-  }
     var filename = 'skins/' + uuid + ".png";
     if (fs.existsSync(filename)) {
       skins.extract_face(filename, size, function() {
@@ -33,10 +34,14 @@ router.get('/:uuid/:size?', function(req, res) {
           });
         } else {
           res.status(404)        // HTTP status 404: NotFound
-        .send('404 Not found')
+          .send('404 Not found');
         }
       });
     }
+  } else {
+    res.status(422) // "Unprocessable Entity", valid request, but semantically erroneous: https://tools.ietf.org/html/rfc4918#page-78
+    .send("422 Invlid UUID");
+  }
 });
 
 module.exports = router;