Skip to content

Commit

Permalink
fix & improve qs validation
Browse files Browse the repository at this point in the history
  • Loading branch information
@morphy2k
morphy2k committed Jul 2, 2020
1 parent 86ac6ed commit d26a8b3
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 2 deletions.
42 changes: 42 additions & 0 deletions controller/item.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,22 +164,64 @@ Loop:
switch kind {
case item.KindArmor:
err = filter.AddString("type", r.URL.Query().Get("type"))
if err != nil {
break
}

err = filter.AddInt("armor.class", r.URL.Query().Get("armor.class"))
if err != nil {
break
}

err = filter.AddString("armor.material.name", r.URL.Query().Get("armor.material.name"))
if err != nil {
break
}
case item.KindFirearm:
err = filter.AddString("type", r.URL.Query().Get("type"))
if err != nil {
break
}

err = filter.AddString("class", r.URL.Query().Get("class"))
if err != nil {
break
}

err = filter.AddString("caliber", r.URL.Query().Get("caliber"))
if err != nil {
break
}
case item.KindTacticalrig:
err = filter.AddInt("armor.class", r.URL.Query().Get("armor.class"))
if err != nil {
break
}

err = filter.AddString("armor.material.name", r.URL.Query().Get("armor.material.name"))
if err != nil {
break
}
case item.KindAmmunition:
err = filter.AddString("type", r.URL.Query().Get("type"))
if err != nil {
break
}

err = filter.AddString("caliber", r.URL.Query().Get("caliber"))
if err != nil {
break
}
case item.KindMagazine:
err = filter.AddString("caliber", r.URL.Query().Get("caliber"))
if err != nil {
break
}
case item.KindMedical, item.KindFood, item.KindGrenade, item.KindClothing, item.KindModificationMuzzle, item.KindModificationDevice, item.KindModificationSight, item.KindModificationSightSpecial, item.KindModificationGoggles:
err = filter.AddString("type", r.URL.Query().Get("type"))
if err != nil {
break
}
}
if err != nil {
s := &Status{}
Expand Down
15 changes: 13 additions & 2 deletions model/model.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,10 @@ package model

import (
"encoding/json"
"fmt"
"net/http"
"net/url"
"regexp"
"strconv"
"time"

Expand Down Expand Up @@ -61,14 +63,23 @@ func NewResponse(msg string, code int) *Response {
// Filter represents an MongoDB query filter
type Filter map[string]interface{}

var regexNotAllowedFieldChars = regexp.MustCompile(`[^[:alnum:][:blank:]!#%&'()*+,\-./:;?_~]`)

// AddString adds a string to the given MongoDB field
func (f Filter) AddString(field, value string) error {
var err error
if value != "" {
if regexNotAllowedFieldChars.MatchString(value) {
return fmt.Errorf("%w: field \"%s\" contains invalid characters", ErrInvalidInput, field)
}

var err error
f[field], err = url.QueryUnescape(value)
if err != nil {
return err
}
}

return err
return nil
}

// AddInt adds an integer to the given MongoDB field
Expand Down

0 comments on commit d26a8b3

Please sign in to comment.