From 3ac1b3654904713ee897882e6da924bc25ed89c3 Mon Sep 17 00:00:00 2001
From: catbref <misc-github@talk2dom.com>
Date: Mon, 4 May 2020 08:17:05 +0100
Subject: [PATCH] Restrict API call POST /chat to prevent CPU abuse

---
 src/main/java/org/qortal/api/resource/ChatResource.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/main/java/org/qortal/api/resource/ChatResource.java b/src/main/java/org/qortal/api/resource/ChatResource.java
index 4c4aed37..59530907 100644
--- a/src/main/java/org/qortal/api/resource/ChatResource.java
+++ b/src/main/java/org/qortal/api/resource/ChatResource.java
@@ -22,6 +22,7 @@ import javax.ws.rs.core.MediaType;
 import org.qortal.api.ApiError;
 import org.qortal.api.ApiErrors;
 import org.qortal.api.ApiExceptionFactory;
+import org.qortal.api.Security;
 import org.qortal.crypto.Crypto;
 import org.qortal.data.transaction.ChatTransactionData;
 import org.qortal.repository.DataException;
@@ -119,6 +120,8 @@ public class ChatResource {
 	)
 	@ApiErrors({ApiError.TRANSACTION_INVALID, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE})
 	public String buildChat(ChatTransactionData transactionData) {
+		Security.checkApiCallAllowed(request);
+
 		try (final Repository repository = RepositoryManager.getRepository()) {
 			ChatTransaction chatTransaction = (ChatTransaction) Transaction.fromData(repository, transactionData);