From 6898412e6cfcaa0e07d926e179aa4c366ba8960f Mon Sep 17 00:00:00 2001
From: Lee Salminen <leesalminen@gmail.com>
Date: Fri, 19 Aug 2022 16:54:06 -0600
Subject: [PATCH] more validation

---
 lnbits/extensions/boltcards/views_api.py | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/lnbits/extensions/boltcards/views_api.py b/lnbits/extensions/boltcards/views_api.py
index d58369f7..5611d5b7 100644
--- a/lnbits/extensions/boltcards/views_api.py
+++ b/lnbits/extensions/boltcards/views_api.py
@@ -55,25 +55,30 @@ async def api_card_create_or_update(
     card_id: str = None,
     wallet: WalletTypeInfo = Depends(require_admin_key),
 ):
-    if(len(bytes.fromhex(data.uid)) != 7):
-        raise HTTPException(
+    try:
+        if len(bytes.fromhex(data.uid)) != 7:
+            raise HTTPException(
                 detail="Invalid bytes for card uid.", status_code=HTTPStatus.BAD_REQUEST
             )
 
-    if(len(bytes.fromhex(data.k0)) != 16):
-        raise HTTPException(
+        if len(bytes.fromhex(data.k0)) != 16:
+            raise HTTPException(
                 detail="Invalid bytes for k0.", status_code=HTTPStatus.BAD_REQUEST
             )
 
-    if(len(bytes.fromhex(data.k1)) != 16):
-        raise HTTPException(
+        if len(bytes.fromhex(data.k1)) != 16:
+            raise HTTPException(
                 detail="Invalid bytes for k1.", status_code=HTTPStatus.BAD_REQUEST
             )
 
-    if(len(bytes.fromhex(data.k2)) != 16):
-        raise HTTPException(
+        if len(bytes.fromhex(data.k2)) != 16:
+            raise HTTPException(
                 detail="Invalid bytes for k2.", status_code=HTTPStatus.BAD_REQUEST
             )
+    except:
+        raise HTTPException(
+            detail="Invalid byte data provided.", status_code=HTTPStatus.BAD_REQUEST
+        )
 
     if card_id:
         card = await get_card(card_id)