mirror of
https://gitlab.crans.org/nounous/ghostream.git
synced 2024-12-22 10:22:19 +00:00
Validation on path
This commit is contained in:
parent
43158a655f
commit
eafb4456c4
11
web/web.go
11
web/web.go
@ -6,6 +6,7 @@ import (
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"regexp"
|
||||
|
||||
"github.com/pion/webrtc/v3"
|
||||
"gitlab.crans.org/nounous/ghostream/internal/monitoring"
|
||||
@ -29,6 +30,9 @@ var (
|
||||
|
||||
// Preload templates
|
||||
templates = template.Must(template.ParseGlob("web/template/*.html"))
|
||||
|
||||
// Precompile regex
|
||||
validPath = regexp.MustCompile("^\\/[a-z0-9_-]*\\/?$")
|
||||
)
|
||||
|
||||
// Handle WebRTC session description exchange via POST
|
||||
@ -82,7 +86,12 @@ func viewerGetHandler(w http.ResponseWriter, r *http.Request) {
|
||||
// Handle site index and viewer pages
|
||||
// POST requests are used to exchange WebRTC session descriptions
|
||||
func viewerHandler(w http.ResponseWriter, r *http.Request) {
|
||||
// FIXME validation on path: https://golang.org/doc/articles/wiki/#tmp_11
|
||||
// Validation on path
|
||||
if validPath.FindStringSubmatch(r.URL.Path) == nil {
|
||||
http.NotFound(w, r)
|
||||
log.Print(r.URL.Path)
|
||||
return
|
||||
}
|
||||
|
||||
// Route depending on HTTP method
|
||||
switch r.Method {
|
||||
|
Loading…
Reference in New Issue
Block a user