API security improvements
This commit is contained in:
parent
025f74808a
commit
a2935b2060
|
@ -8,6 +8,7 @@ import (
|
|||
"net/http"
|
||||
"regexp"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"gitlab.com/mporrato/uBrowserSync/syncstore"
|
||||
)
|
||||
|
@ -77,6 +78,7 @@ func info(w http.ResponseWriter, req *http.Request) {
|
|||
|
||||
func createSync(w http.ResponseWriter, req *http.Request) {
|
||||
body := new(syncstore.CreateReq)
|
||||
req.Body = http.MaxBytesReader(w, req.Body, 10000)
|
||||
err := json.NewDecoder(req.Body).Decode(&body)
|
||||
if err != nil {
|
||||
sendJSONError(w, invalidRequestError)
|
||||
|
@ -123,6 +125,7 @@ func getVersion(syncId string, w http.ResponseWriter, _ *http.Request) {
|
|||
|
||||
func updateSync(syncId string, w http.ResponseWriter, req *http.Request) {
|
||||
body := new(syncstore.UpdateReq)
|
||||
req.Body = http.MaxBytesReader(w, req.Body, int64(10000 + maxSyncSize))
|
||||
err := json.NewDecoder(req.Body).Decode(&body)
|
||||
if err != nil {
|
||||
sendJSONError(w, invalidRequestError)
|
||||
|
@ -191,6 +194,10 @@ func bookmarks(w http.ResponseWriter, req *http.Request) {
|
|||
sendJSONError(w, syncstore.NotImplementedError)
|
||||
}
|
||||
|
||||
func notFound(w http.ResponseWriter, _ *http.Request) {
|
||||
sendJSONError(w, syncstore.NotImplementedError)
|
||||
}
|
||||
|
||||
func init() {
|
||||
var (
|
||||
err error
|
||||
|
@ -224,11 +231,20 @@ func init() {
|
|||
}
|
||||
|
||||
func main() {
|
||||
http.HandleFunc("/info", info)
|
||||
http.HandleFunc("/bookmarks", bookmarks)
|
||||
http.HandleFunc("/bookmarks/", bookmarks)
|
||||
mux := http.NewServeMux()
|
||||
mux.HandleFunc("/", notFound)
|
||||
mux.HandleFunc("/info", info)
|
||||
mux.HandleFunc("/info/", info)
|
||||
mux.HandleFunc("/bookmarks", bookmarks)
|
||||
mux.HandleFunc("/bookmarks/", bookmarks)
|
||||
|
||||
log.Println("HTTP server listening on", listen)
|
||||
err := http.ListenAndServe(listen, nil)
|
||||
server := &http.Server{
|
||||
Addr: listen,
|
||||
Handler: mux,
|
||||
ReadTimeout: 15 * time.Second,
|
||||
WriteTimeout: 15 * time.Second,
|
||||
MaxHeaderBytes: 5000}
|
||||
err := server.ListenAndServe()
|
||||
log.Println("HTTP server terminated", err)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue