1
0
mirror of https://gitlab.crans.org/nounous/ghostream.git synced 2024-12-22 20:52:20 +00:00

Validation on path

This commit is contained in:
Alexandre Iooss 2020-09-24 16:13:21 +02:00
parent 43158a655f
commit eafb4456c4
No known key found for this signature in database
GPG Key ID: 6C79278F3FCDCC02

View File

@ -6,6 +6,7 @@ import (
"log" "log"
"net/http" "net/http"
"os" "os"
"regexp"
"github.com/pion/webrtc/v3" "github.com/pion/webrtc/v3"
"gitlab.crans.org/nounous/ghostream/internal/monitoring" "gitlab.crans.org/nounous/ghostream/internal/monitoring"
@ -29,6 +30,9 @@ var (
// Preload templates // Preload templates
templates = template.Must(template.ParseGlob("web/template/*.html")) templates = template.Must(template.ParseGlob("web/template/*.html"))
// Precompile regex
validPath = regexp.MustCompile("^\\/[a-z0-9_-]*\\/?$")
) )
// Handle WebRTC session description exchange via POST // Handle WebRTC session description exchange via POST
@ -82,7 +86,12 @@ func viewerGetHandler(w http.ResponseWriter, r *http.Request) {
// Handle site index and viewer pages // Handle site index and viewer pages
// POST requests are used to exchange WebRTC session descriptions // POST requests are used to exchange WebRTC session descriptions
func viewerHandler(w http.ResponseWriter, r *http.Request) { func viewerHandler(w http.ResponseWriter, r *http.Request) {
// FIXME validation on path: https://golang.org/doc/articles/wiki/#tmp_11 // Validation on path
if validPath.FindStringSubmatch(r.URL.Path) == nil {
http.NotFound(w, r)
log.Print(r.URL.Path)
return
}
// Route depending on HTTP method // Route depending on HTTP method
switch r.Method { switch r.Method {