Skip to content

Commit 6bde166

Browse files
author
zainhoda
committed
Add some basic url validation and some prettier errors
1 parent ea1226f commit 6bde166

File tree

1 file changed

+26
-6
lines changed

1 file changed

+26
-6
lines changed

main.go

Lines changed: 26 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ import (
77
"log"
88
"math/rand"
99
"net/http"
10+
"net/url"
1011
"os/exec"
1112
"regexp"
1213
"strconv"
@@ -81,7 +82,7 @@ func LoginHandler(w http.ResponseWriter, req *http.Request, p httprouter.Params)
8182
if verifyUser(w, req, email, password) {
8283
http.Redirect(w, req, "/admin/", http.StatusFound)
8384
} else {
84-
fmt.Fprintf(w, "Invalid email/password")
85+
http.Redirect(w, req, "/error/Invalid email or password", http.StatusFound)
8586
}
8687
}
8788

@@ -184,15 +185,21 @@ func AdminPage(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
184185
"Blogs": getBlogsForUser(db, username),
185186
})
186187
} else {
187-
fmt.Fprintf(w, "You must be authenticated!") // TODO make this look better
188+
http.Redirect(w, r, "/error/You must be authenticated!", http.StatusFound)
188189
}
189190
}
190191

191192
func AdminHandler(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
192193
blogname := r.FormValue("blogname")
193-
website := r.FormValue("website")
194+
websiteOriginal := r.FormValue("website")
194195
port := rand.Intn(63000) + 2000
195196

197+
website, err := checkUrl(websiteOriginal)
198+
if err != nil {
199+
http.Redirect(w, r, fmt.Sprintf("/error/%s is not a valid url", websiteOriginal), http.StatusFound)
200+
return
201+
}
202+
196203
re := regexp.MustCompile("[^A-Za-z]")
197204
blogname = re.ReplaceAllString(blogname, "")
198205

@@ -217,20 +224,23 @@ func AdminHandler(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
217224
fmt.Println(err)
218225
} else {
219226
fmt.Println("80 -> " + strconv.Itoa(port))
220-
fmt.Fprintf(w, "%s", create)
227+
fmt.Println(create)
221228
db.Update(func(tx *bolt.Tx) error {
222229
b := tx.Bucket([]byte("BlogMappingBucket"))
223230
err := b.Put([]byte(blogname), []byte(website))
224231
return err
225232
})
226233
addBlogToUser(db, username, blogname, website)
227234
http.Redirect(w, r, "/admin/", http.StatusFound)
235+
return
228236
}
229237
} else {
230-
fmt.Fprintf(w, "Failure creating blog! Please choose a different name!")
238+
http.Redirect(w, r, "/error/Failure creating blog! Please choose a different name!", http.StatusFound)
239+
return
231240
}
232241
} else {
233-
fmt.Fprintf(w, "You must be authenticated!") // TODO make this look better
242+
http.Redirect(w, r, "/error/You must be authenticated!", http.StatusFound)
243+
return
234244
}
235245
}
236246

@@ -383,6 +393,16 @@ func getUserFromCookie(value string) string {
383393
return ""
384394
}
385395

396+
func checkUrl(s string) (string, error) {
397+
u, err := url.Parse(s)
398+
399+
if err != nil || u.Host == "" {
400+
u, err = url.Parse("http://" + s)
401+
}
402+
403+
return u.Host, err
404+
}
405+
386406
func main() {
387407
fmt.Println("Started server on port 1337")
388408
router := httprouter.New()

0 commit comments

Comments
 (0)