header analyzer fix large headers
This commit is contained in:
nahakubuilde
+52
-2
@@ -3,12 +3,19 @@ package parser
|
||||
import (
|
||||
"embed"
|
||||
"html/template"
|
||||
"log"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"headeranalyzer/security"
|
||||
)
|
||||
|
||||
type Handler struct {
|
||||
templates *template.Template
|
||||
csrf *security.CSRFManager
|
||||
validator *security.InputValidator
|
||||
}
|
||||
|
||||
func NewHandler(embeddedFiles embed.FS) *Handler {
|
||||
@@ -56,13 +63,38 @@ func NewHandler(embeddedFiles embed.FS) *Handler {
|
||||
|
||||
return &Handler{
|
||||
templates: tmpl,
|
||||
csrf: security.NewCSRFManager(time.Hour),
|
||||
validator: security.NewInputValidator(),
|
||||
}
|
||||
}
|
||||
|
||||
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method == http.MethodPost {
|
||||
// Validate CSRF token
|
||||
csrfToken := r.FormValue("csrf_token")
|
||||
if !h.csrf.ValidateToken(csrfToken) {
|
||||
http.Redirect(w, r, "/?error="+url.QueryEscape("Invalid security token. Please try again."), http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
|
||||
// Get and validate headers input
|
||||
headers := r.FormValue("headers")
|
||||
report := Analyze(headers)
|
||||
log.Printf("DEBUG: Received headers input: %d characters", len(headers))
|
||||
|
||||
validatedHeaders, err := h.validator.ValidateEmailHeaders(headers)
|
||||
if err != nil {
|
||||
log.Printf("DEBUG: Validation failed: %v", err)
|
||||
if security.IsValidationError(err) {
|
||||
http.Redirect(w, r, "/?error="+url.QueryEscape(err.Error()), http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, "/?error="+url.QueryEscape("Invalid input provided"), http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
|
||||
log.Printf("DEBUG: Headers validated successfully")
|
||||
report := Analyze(validatedHeaders)
|
||||
log.Printf("DEBUG: Analysis completed, From field: '%s'", report.From)
|
||||
// Create a wrapper struct to include current page info
|
||||
data := struct {
|
||||
*Report
|
||||
@@ -71,16 +103,34 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
Report: report,
|
||||
CurrentPage: "home",
|
||||
}
|
||||
h.templates.ExecuteTemplate(w, "headeranalyzer.html", data)
|
||||
|
||||
log.Printf("DEBUG: About to render template with data")
|
||||
err = h.templates.ExecuteTemplate(w, "headeranalyzer.html", data)
|
||||
if err != nil {
|
||||
log.Printf("ERROR: Template execution failed: %v", err)
|
||||
http.Error(w, "Template rendering failed", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
log.Printf("DEBUG: Template rendered successfully")
|
||||
return
|
||||
}
|
||||
|
||||
// Generate CSRF token for GET requests
|
||||
csrfToken, err := h.csrf.GenerateToken()
|
||||
if err != nil {
|
||||
http.Redirect(w, r, "/?error="+url.QueryEscape("Security token generation failed"), http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
|
||||
// For GET requests, create an empty report so template conditions work
|
||||
data := struct {
|
||||
*Report
|
||||
CurrentPage string
|
||||
CSRFToken string
|
||||
}{
|
||||
Report: &Report{}, // Empty report so .From will be empty string
|
||||
CurrentPage: "home",
|
||||
CSRFToken: csrfToken,
|
||||
}
|
||||
h.templates.ExecuteTemplate(w, "headeranalyzer.html", data)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user