gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-06 05:04:27 +08:00
Code Issues Projects Releases Packages Wiki Activity

remove query unescape usage

Browse source
This commit is contained in:
abhishek9686 2024-09-29 16:00:38 +04:00
parent 38be79cc8d
commit 1561aaf788
4 changed files with 13 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
controllers/middleware.go
View file

@ -2,7 +2,6 @@ package controller
import ( import (
"net/http" "net/http"
"net/url"
"strings" "strings"
"github.com/gorilla/mux" "github.com/gorilla/mux"
@ -92,7 +91,7 @@ func userMiddleWare(handler http.Handler) http.Handler {
if userID, ok := params["username"]; ok { if userID, ok := params["username"]; ok {
r.Header.Set("TARGET_RSRC_ID", userID) r.Header.Set("TARGET_RSRC_ID", userID)
} else { } else {
username, _ := url.QueryUnescape(r.URL.Query().Get("username")) username := r.URL.Query().Get("username")
if username != "" { if username != "" {
r.Header.Set("TARGET_RSRC_ID", username) r.Header.Set("TARGET_RSRC_ID", username)
} }

3
controllers/user.go
View file

@ -5,7 +5,6 @@ import (
"errors" "errors"
"fmt" "fmt"
"net/http" "net/http"
"net/url"
"reflect" "reflect"
"github.com/gorilla/mux" "github.com/gorilla/mux"
@ -240,7 +239,7 @@ func getUser(w http.ResponseWriter, r *http.Request) {
func getUserV1(w http.ResponseWriter, r *http.Request) { func getUserV1(w http.ResponseWriter, r *http.Request) {
// set header. // set header.
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
usernameFetched, _ := url.QueryUnescape(r.URL.Query().Get("username")) usernameFetched := r.URL.Query().Get("username")
if usernameFetched == "" { if usernameFetched == "" {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("username is required"), "badrequest")) logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("username is required"), "badrequest"))
return return

3
logic/security.go
View file

@ -2,7 +2,6 @@ package logic
import ( import (
"net/http" "net/http"
"net/url"
"strings" "strings"
"github.com/gorilla/mux" "github.com/gorilla/mux"
@ -97,7 +96,7 @@ func ContinueIfUserMatch(next http.Handler) http.HandlerFunc {
var params = mux.Vars(r) var params = mux.Vars(r)
var requestedUser = params["username"] var requestedUser = params["username"]
if requestedUser == "" { if requestedUser == "" {
requestedUser, _ = url.QueryUnescape(r.URL.Query().Get("username")) requestedUser = r.URL.Query().Get("username")
} }
if requestedUser != r.Header.Get("user") { if requestedUser != r.Header.Get("user") {
ReturnErrorResponse(w, r, errorResponse) ReturnErrorResponse(w, r, errorResponse)

20
pro/controllers/users.go
View file

@ -71,8 +71,8 @@ func UserHandlers(r *mux.Router) {
// Responses: // Responses:
// 200: ReturnSuccessResponse // 200: ReturnSuccessResponse
func userInviteSignUp(w http.ResponseWriter, r *http.Request) { func userInviteSignUp(w http.ResponseWriter, r *http.Request) {
email, _ := url.QueryUnescape(r.URL.Query().Get("email")) email := r.URL.Query().Get("email")
code, _ := url.QueryUnescape(r.URL.Query().Get("invite_code")) code := r.URL.Query().Get("invite_code")
in, err := logic.GetUserInvite(email) in, err := logic.GetUserInvite(email)
if err != nil { if err != nil {
logger.Log(0, "failed to fetch users: ", err.Error()) logger.Log(0, "failed to fetch users: ", err.Error())
@ -133,8 +133,8 @@ func userInviteSignUp(w http.ResponseWriter, r *http.Request) {
// Responses: // Responses:
// 200: ReturnSuccessResponse // 200: ReturnSuccessResponse
func userInviteVerify(w http.ResponseWriter, r *http.Request) { func userInviteVerify(w http.ResponseWriter, r *http.Request) {
email, _ := url.QueryUnescape(r.URL.Query().Get("email")) email := r.URL.Query().Get("email")
code, _ := url.QueryUnescape(r.URL.Query().Get("invite_code")) code := r.URL.Query().Get("invite_code")
err := logic.ValidateAndApproveUserInvite(email, code) err := logic.ValidateAndApproveUserInvite(email, code)
if err != nil { if err != nil {
logger.Log(0, "failed to fetch users: ", err.Error()) logger.Log(0, "failed to fetch users: ", err.Error())
@ -299,7 +299,7 @@ func listUserInvites(w http.ResponseWriter, r *http.Request) {
// Responses: // Responses:
// 200: ReturnSuccessResponse // 200: ReturnSuccessResponse
func deleteUserInvite(w http.ResponseWriter, r *http.Request) { func deleteUserInvite(w http.ResponseWriter, r *http.Request) {
email, _ := url.QueryUnescape(r.URL.Query().Get("invitee_email")) email := r.URL.Query().Get("invitee_email")
err := logic.DeleteUserInvite(email) err := logic.DeleteUserInvite(email)
if err != nil { if err != nil {
logger.Log(0, "failed to delete user invite: ", email, err.Error()) logger.Log(0, "failed to delete user invite: ", email, err.Error())
@ -365,7 +365,7 @@ func listUserGroups(w http.ResponseWriter, r *http.Request) {
// 200: userBodyResponse // 200: userBodyResponse
func getUserGroup(w http.ResponseWriter, r *http.Request) { func getUserGroup(w http.ResponseWriter, r *http.Request) {
gid, _ := url.QueryUnescape(r.URL.Query().Get("group_id")) gid := r.URL.Query().Get("group_id")
if gid == "" { if gid == "" {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("group id is required"), "badrequest")) logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("group id is required"), "badrequest"))
return return
@ -486,7 +486,7 @@ func updateUserGroup(w http.ResponseWriter, r *http.Request) {
// @Failure 500 {object} models.ErrorResponse // @Failure 500 {object} models.ErrorResponse
func deleteUserGroup(w http.ResponseWriter, r *http.Request) { func deleteUserGroup(w http.ResponseWriter, r *http.Request) {
gid, _ := url.QueryUnescape(r.URL.Query().Get("group_id")) gid := r.URL.Query().Get("group_id")
if gid == "" { if gid == "" {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("group id is required"), "badrequest")) logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("group id is required"), "badrequest"))
return return
@ -512,7 +512,7 @@ func deleteUserGroup(w http.ResponseWriter, r *http.Request) {
// @Success 200 {object} []models.UserRolePermissionTemplate // @Success 200 {object} []models.UserRolePermissionTemplate
// @Failure 500 {object} models.ErrorResponse // @Failure 500 {object} models.ErrorResponse
func ListRoles(w http.ResponseWriter, r *http.Request) { func ListRoles(w http.ResponseWriter, r *http.Request) {
platform, _ := url.QueryUnescape(r.URL.Query().Get("platform")) platform := r.URL.Query().Get("platform")
var roles []models.UserRolePermissionTemplate var roles []models.UserRolePermissionTemplate
var err error var err error
if platform == "true" { if platform == "true" {
@ -538,7 +538,7 @@ func ListRoles(w http.ResponseWriter, r *http.Request) {
// @Success 200 {object} models.UserRolePermissionTemplate // @Success 200 {object} models.UserRolePermissionTemplate
// @Failure 500 {object} models.ErrorResponse // @Failure 500 {object} models.ErrorResponse
func getRole(w http.ResponseWriter, r *http.Request) { func getRole(w http.ResponseWriter, r *http.Request) {
rid, _ := url.QueryUnescape(r.URL.Query().Get("role_id")) rid := r.URL.Query().Get("role_id")
if rid == "" { if rid == "" {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("role is required"), "badrequest")) logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("role is required"), "badrequest"))
return return
@ -628,7 +628,7 @@ func updateRole(w http.ResponseWriter, r *http.Request) {
// @Failure 500 {object} models.ErrorResponse // @Failure 500 {object} models.ErrorResponse
func deleteRole(w http.ResponseWriter, r *http.Request) { func deleteRole(w http.ResponseWriter, r *http.Request) {
rid, _ := url.QueryUnescape(r.URL.Query().Get("role_id")) rid := r.URL.Query().Get("role_id")
if rid == "" { if rid == "" {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("role is required"), "badrequest")) logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("role is required"), "badrequest"))
return return