Mercurial > gemma

comparison pkg/middleware/modifyquery.go @ 5495:0766dcb7e7f8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merged logging branch into default.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Tue, 21 Sep 2021 12:49:30 +0200
parents 5f47eeea988d
children
comparison
equal deleted inserted replaced
5488:a726a92ea5c9 5495:0766dcb7e7f8
13 13
14 package middleware 14 package middleware
15 15
16 import ( 16 import (
17 "encoding/hex" 17 "encoding/hex"
18 "log"
19 "net/http" 18 "net/http"
20 "net/url" 19 "net/url"
21 "strings" 20 "strings"
22 21
23 "gemma.intevation.de/gemma/pkg/auth" 22 "gemma.intevation.de/gemma/pkg/auth"
23 "gemma.intevation.de/gemma/pkg/log"
24 ) 24 )
25 25
26 // ParseQuery is a modified version of the internal query 26 // ParseQuery is a modified version of the internal query
27 // parser of the url.parseQuery of the standard library. 27 // parser of the url.parseQuery of the standard library.
28 func ParseQuery( 28 func ParseQuery(
74 // So we do the splitting ourselves. 74 // So we do the splitting ourselves.
75 75
76 parameters := make(url.Values) 76 parameters := make(url.Values)
77 77
78 if err := ParseQuery(parameters, req.URL.RawQuery, "&", "=", nil); err != nil { 78 if err := ParseQuery(parameters, req.URL.RawQuery, "&", "=", nil); err != nil {
79 log.Printf("parsing query failed: %v\n", err) 79 log.Errorf("parsing query failed: %v\n", err)
80 http.Error(rw, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) 80 http.Error(rw, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
81 return 81 return
82 } 82 }
83 83
84 if err := modify(req, parameters); err != nil { 84 if err := modify(req, parameters); err != nil {
85 log.Printf("modifying query parameters failed: %v\n", err) 85 log.Errorf("modifying query parameters failed: %v\n", err)
86 http.Error(rw, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) 86 http.Error(rw, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
87 } 87 }
88 88
89 req.URL.RawQuery = parameters.Encode() 89 req.URL.RawQuery = parameters.Encode()
90 90
99 func InjectUser(req *http.Request, parameters url.Values) error { 99 func InjectUser(req *http.Request, parameters url.Values) error {
100 // To prevent SQL injections 100 // To prevent SQL injections
101 parameters.Del("env") 101 parameters.Del("env")
102 102
103 if session, ok := auth.GetSession(req); ok { 103 if session, ok := auth.GetSession(req); ok {
104 // log.Printf("info: injecting user %s\n", session.User) 104 // log.Infof("injecting user %s\n", session.User)
105 parameters.Set("env", "user:"+hex.EncodeToString([]byte(session.User))) 105 parameters.Set("env", "user:"+hex.EncodeToString([]byte(session.User)))
106 } 106 }
107 return nil 107 return nil
108 } 108 }