From 2a6c9eee4d6bc0b2573569cbfeb254ac4dee005c Mon Sep 17 00:00:00 2001
From: grumbulon <grumbulon@grumbulon.xyz>
Date: Sun, 28 May 2023 01:23:18 -0400
Subject: [PATCH] safer type assertion

---
 internal/api/zone.go | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/internal/api/zone.go b/internal/api/zone.go
index d9fb118..ffbb5d4 100644
--- a/internal/api/zone.go
+++ b/internal/api/zone.go
@@ -91,7 +91,17 @@ func ReceiveFile(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	zoneFile := newDNSRequest(header.Filename, claims["username"].(string), b)
+	user, ok := claims["username"].(string)
+	if !ok {
+		logger.Response = Response{
+			Message: "Expected username to be a string",
+			Status:  http.StatusInternalServerError,
+			Err:     errors.New("unable to assert string type to claims interface{}"),
+		}
+		logger.newLogEntry().errorLogger(logger.Response)
+	}
+
+	zoneFile := newDNSRequest(header.Filename, user, b)
 
 	if err := zoneFile.parse(); err != nil {
 		logger.Response = Response{
@@ -120,7 +130,7 @@ func ReceiveFile(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// check if request is coming from user not in the DB but has a valid JWT
-	db.Where("username = ?", claims["username"].(string)).First(&result)
+	db.Where("username = ?", user).First(&result)
 
 	if result.Username == "" {
 		logger.Response = Response{
@@ -136,7 +146,7 @@ func ReceiveFile(w http.ResponseWriter, r *http.Request) {
 
 	db.Create(
 		&ZoneRequest{
-			User: claims["username"].(string),
+			User: user,
 			Zone: &Zone{
 				FileName: header.Filename,
 			},