From 21d8f3990e816bf3190741e0a1438467d68aa7f4 Mon Sep 17 00:00:00 2001
From: Robert Jacob <robert.jacob@holidaycheck.com>
Date: Wed, 22 Jun 2016 18:53:28 +0200
Subject: [PATCH] Do not accept empty service ID.

---
 api/service.go | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/api/service.go b/api/service.go
index 6b9c2af..d55d6b2 100644
--- a/api/service.go
+++ b/api/service.go
@@ -67,12 +67,17 @@ func (d *ServiceAPI) Put(params martini.Params, w http.ResponseWriter, r *http.R
 }
 
 func (d *ServiceAPI) Delete(params martini.Params, w http.ResponseWriter, r *http.Request) {
-	serviceId := params["_1"]
-	if !strings.HasPrefix(serviceId, "/") {
-		serviceId = "/" + serviceId
+	serviceID := params["_1"]
+	if len(serviceID) == 0 {
+		responseError(w, "can not use empty ID")
+		return
+	}
+
+	if !strings.HasPrefix(serviceID, "/") {
+		serviceID = "/" + serviceID
 	}
 
-	err := d.Storage.Delete(serviceId)
+	err := d.Storage.Delete(serviceID)
 	if err != nil {
 		responseError(w, err.Error())
 		return
@@ -89,6 +94,11 @@ func extractService(r *http.Request) (service.Service, error) {
 	if err != nil {
 		return serviceModel, errors.New("Unable to decode JSON request")
 	}
+
+	if len(serviceModel.Id) == 0 {
+		return serviceModel, errors.New("can not use empty ID")
+	}
+
 	if !strings.HasPrefix(serviceModel.Id, "/") {
 		serviceModel.Id = "/" + serviceModel.Id
 	}