From e9c6f3abdebdfb9163ead6e0a25411f40104f84f Mon Sep 17 00:00:00 2001
From: MG-ng <45321071+MG-ng@users.noreply.github.com>
Date: Tue, 21 Sep 2021 16:50:14 +0200
Subject: [PATCH] accounttype and partnerid check on create account

Refined the partnerid and accounttype check in the /create route according to the /doc/Send-requirements.md
Both are not mandatory but if given, they should be strings.

The typeof check is for direct string initialisation with "".
instanceof is used for string initialisation with new String() / the primitiv wrapper class.
---
 controllers/api.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/controllers/api.js b/controllers/api.js
index d653e36..37159f9 100644
--- a/controllers/api.js
+++ b/controllers/api.js
@@ -139,8 +139,12 @@ const postLimiter = rateLimit({
 
 router.post('/create', postLimiter, async function (req, res) {
   logger.log('/create', [req.id]);
-  if (!(req.body.partnerid && req.body.partnerid === 'bluewallet' && req.body.accounttype)) return errorBadArguments(res);
-
+  // Valid if the partnerid isn't there or is a string (same with accounttype)
+  if (! (
+        (!req.body.partnerid || (typeof req.body.partnerid === 'string' || req.body.partnerid instanceof String))
+        && (!req.body.accounttype || (typeof req.body.accounttype === 'string' || req.body.accounttype instanceof String))
+      ) ) return errorBadArguments(res);
+  
   if (config.sunset) return errorSunset(res);
 
   let u = new User(redis, bitcoinclient, lightning);