Mercurial > gemma
comparison pkg/middleware/modifyquery.go @ 5495:0766dcb7e7f8
Merged logging branch into default.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Tue, 21 Sep 2021 12:49:30 +0200 |
parents | 5f47eeea988d |
children |
comparison
equal
deleted
inserted
replaced
5488:a726a92ea5c9 | 5495:0766dcb7e7f8 |
---|---|
13 | 13 |
14 package middleware | 14 package middleware |
15 | 15 |
16 import ( | 16 import ( |
17 "encoding/hex" | 17 "encoding/hex" |
18 "log" | |
19 "net/http" | 18 "net/http" |
20 "net/url" | 19 "net/url" |
21 "strings" | 20 "strings" |
22 | 21 |
23 "gemma.intevation.de/gemma/pkg/auth" | 22 "gemma.intevation.de/gemma/pkg/auth" |
23 "gemma.intevation.de/gemma/pkg/log" | |
24 ) | 24 ) |
25 | 25 |
26 // ParseQuery is a modified version of the internal query | 26 // ParseQuery is a modified version of the internal query |
27 // parser of the url.parseQuery of the standard library. | 27 // parser of the url.parseQuery of the standard library. |
28 func ParseQuery( | 28 func ParseQuery( |
74 // So we do the splitting ourselves. | 74 // So we do the splitting ourselves. |
75 | 75 |
76 parameters := make(url.Values) | 76 parameters := make(url.Values) |
77 | 77 |
78 if err := ParseQuery(parameters, req.URL.RawQuery, "&", "=", nil); err != nil { | 78 if err := ParseQuery(parameters, req.URL.RawQuery, "&", "=", nil); err != nil { |
79 log.Printf("parsing query failed: %v\n", err) | 79 log.Errorf("parsing query failed: %v\n", err) |
80 http.Error(rw, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) | 80 http.Error(rw, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) |
81 return | 81 return |
82 } | 82 } |
83 | 83 |
84 if err := modify(req, parameters); err != nil { | 84 if err := modify(req, parameters); err != nil { |
85 log.Printf("modifying query parameters failed: %v\n", err) | 85 log.Errorf("modifying query parameters failed: %v\n", err) |
86 http.Error(rw, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) | 86 http.Error(rw, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) |
87 } | 87 } |
88 | 88 |
89 req.URL.RawQuery = parameters.Encode() | 89 req.URL.RawQuery = parameters.Encode() |
90 | 90 |
99 func InjectUser(req *http.Request, parameters url.Values) error { | 99 func InjectUser(req *http.Request, parameters url.Values) error { |
100 // To prevent SQL injections | 100 // To prevent SQL injections |
101 parameters.Del("env") | 101 parameters.Del("env") |
102 | 102 |
103 if session, ok := auth.GetSession(req); ok { | 103 if session, ok := auth.GetSession(req); ok { |
104 // log.Printf("info: injecting user %s\n", session.User) | 104 // log.Infof("injecting user %s\n", session.User) |
105 parameters.Set("env", "user:"+hex.EncodeToString([]byte(session.User))) | 105 parameters.Set("env", "user:"+hex.EncodeToString([]byte(session.User))) |
106 } | 106 } |
107 return nil | 107 return nil |
108 } | 108 } |