From def5c31d0bf76b5afe9dda3b6e1e9f02359657c7 Mon Sep 17 00:00:00 2001
From: Tanner Collin <git@tannercollin.com>
Date: Fri, 1 May 2020 01:21:06 +0000
Subject: [PATCH] Add santiy check to backup download

---
 apiserver/apiserver/api/views.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/apiserver/apiserver/api/views.py b/apiserver/apiserver/api/views.py
index 04203bf..350db5c 100644
--- a/apiserver/apiserver/api/views.py
+++ b/apiserver/apiserver/api/views.py
@@ -7,6 +7,7 @@ from django.db.models import Max
 from django.http import HttpResponse, Http404
 from django.core.files.base import File
 from django.core.cache import cache
+from django.utils.timezone import now
 from rest_framework import viewsets, views, mixins, generics, exceptions
 from rest_framework.decorators import action
 from rest_framework.permissions import BasePermission, IsAuthenticated, SAFE_METHODS, IsAuthenticatedOrReadOnly
@@ -409,6 +410,10 @@ class BackupView(views.APIView):
             if not backup_path:
                 raise Http404
 
+            if str(now().date()) not in backup_path:
+                # sanity check - make sure it's actually today's backup
+                raise Http404()
+
             backup_url = 'https://static.{}/backups/{}'.format(
                 settings.PRODUCTION_HOST,
                 backup_path,