Mercurial > gemma

view pkg/middleware/json.go @ 4723:baabc2b2f094

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Avoid creating user profiles without matching role The INSTEAD OF triggers on users.list_users did that already, but profile data coming e.g. via restoring a dump had been added also if there was no matching database role in the cluster. This also unifies the errors occuring on creation of users with existing role names that differed between roles with and without profile before. Note this is no referential integrity. A dropped role still leaves an orphaned profile behind.
author Tom Gottfried <tom@intevation.de>
date Thu, 17 Oct 2019 18:56:59 +0200
parents 4394daeea96a
children 6270951dda28
line wrap: on
line source

// This is Free Software under GNU Affero General Public License v >= 3.0
// without warranty, see README.md and license for details.
//
// SPDX-License-Identifier: AGPL-3.0-or-later
// License-Filename: LICENSES/AGPL-3.0.txt
//
// Copyright (C) 2019 by via donau
//   – Österreichische Wasserstraßen-Gesellschaft mbH
// Software engineering by Intevation GmbH
//
// Author(s):
//  * Sascha L. Teichmann <sascha.teichmann@intevation.de>

package middleware

import (
	"context"
	"encoding/json"
	"io"
	"net/http"
)

type jsonInputKeyType int

const jsonInputKey jsonInputKeyType = 0

// DefaultLimit limits the incoming JSON payload to 2K to
// prevent flooding the server.
const DefaultLimit = 2048

// GetJSONInput returns the deserialized JSON data from
// the incoming request if any.
func GetJSONInput(req *http.Request) interface{} {
	return req.Context().Value(jsonInputKey)
}

// JSONMiddleware is a middleware to deserialize the incomming
// request body to a object to be created by a given input function
// and stores the result into the context.
// GetJSONInput can be used to receive the deserialized data.
// limit limits the size of the incoming body to prevent
// flooding the server.
func JSONMiddleware(next http.Handler, input func(*http.Request) interface{}, limit int64) http.Handler {

	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
		dst := input(req)
		defer req.Body.Close()
		var r io.Reader
		switch {
		case limit == 0:
			r = io.LimitReader(req.Body, DefaultLimit)
		case limit > 0:
			r = io.LimitReader(req.Body, limit)
		default:
			r = req.Body
		}
		if err := json.NewDecoder(r).Decode(dst); err != nil {
			http.Error(rw, "error: "+err.Error(), http.StatusBadRequest)
			return
		}
		parent := req.Context()
		ctx := context.WithValue(parent, jsonInputKey, input)
		req = req.WithContext(ctx)
		next.ServeHTTP(rw, req)
	})
}