mirrors/go-hauk
2
0
Fork 0
mirror of https://github.com/parkan/go-hauk.git synced 2026-05-08 16:47:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix code review findings

Browse Source
This commit is contained in:
Arkadiy Kukarkin
2025-12-23 13:25:56 +01:00
parent 6ac2155c5e
commit 098d9c45c4
4 changed files with 55 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
api/create.go
View File

@@ -41,8 +41,16 @@ func (s *Server) handleCreate(w http.ResponseWriter, r *http.Request) {
return
}
d, _ := strconv.Atoi(dur)
i, _ := strconv.ParseFloat(interval, 64)
d, err := strconv.Atoi(dur)
if err != nil || d <= 0 {
fmt.Fprintln(w, "Invalid duration!")
return
}
i, err := strconv.ParseFloat(interval, 64)
if err != nil || i <= 0 {
fmt.Fprintln(w, "Invalid interval!")
return
}
mod, _ := strconv.Atoi(r.FormValue("mod"))
adoptable := r.FormValue("ado") == "1"
encrypted := r.FormValue("e2e") == "1"
@@ -110,7 +118,7 @@ func (s *Server) handleCreate(w http.ResponseWriter, r *http.Request) {
}
if customLink != "" && linkIDRe.MatchString(customLink) {
if err := s.tryCustomLink(ctx, share, customLink); err == nil {
if err := s.tryCustomLink(ctx, customLink, user); err == nil {
share.SetID(customLink)
}
}
@@ -142,7 +150,7 @@ func (s *Server) handleCreate(w http.ResponseWriter, r *http.Request) {
}
if customLink != "" && linkIDRe.MatchString(customLink) {
if err := s.tryCustomLink(ctx, share, customLink); err == nil {
if err := s.tryCustomLink(ctx, customLink, user); err == nil {
share.SetID(customLink)
}
}
@@ -195,11 +203,32 @@ func (s *Server) handleCreate(w http.ResponseWriter, r *http.Request) {
}
}
type customLinkSetter interface {
SetID(string)
}
func (s *Server) tryCustomLink(ctx context.Context, link, user string) error {
if !s.cfg.AllowLinkReq {
return fmt.Errorf("custom links disabled")
}
// check reserved links
if allowedUsers, reserved := s.cfg.ReservedLinks[link]; reserved {
allowed := false
for _, u := range allowedUsers {
if u == user {
allowed = true
break
}
}
if !allowed {
return fmt.Errorf("link reserved")
}
}
// whitelist mode: only reserved links allowed
if s.cfg.ReserveWL {
if _, reserved := s.cfg.ReservedLinks[link]; !reserved {
return fmt.Errorf("link not in whitelist")
}
}
func (s *Server) tryCustomLink(ctx context.Context, _ customLinkSetter, link string) error {
exists, err := s.store.Exists(ctx, "locdata-"+link)
if err != nil {
return err

9
api/post.go
View File

@@ -36,11 +36,12 @@ func (s *Server) handlePost(w http.ResponseWriter, r *http.Request) {
var point []any
if !session.Encrypted() {
latF, _ := strconv.ParseFloat(lat, 64)
lonF, _ := strconv.ParseFloat(lon, 64)
timeF, _ := strconv.ParseFloat(ts, 64)
latF, err1 := strconv.ParseFloat(lat, 64)
lonF, err2 := strconv.ParseFloat(lon, 64)
timeF, err3 := strconv.ParseFloat(ts, 64)
if latF < -90 || latF > 90 || lonF < -180 || lonF > 180 {
if err1 != nil || err2 != nil || err3 != nil ||
latF < -90 || latF > 90 || lonF < -180 || lonF > 180 {
fmt.Fprintln(w, "Invalid location!")
return
}