header analyzer fix large headers

2025-07-18 07:33:11 +01:00
parent 597ddef66f
commit 20cfcd1829
13 changed files with 8166 additions and 165 deletions
@@ -3,8 +3,12 @@ package passwordgenerator
 import (
 	"encoding/json"
 	"net/http"
+
+	"headeranalyzer/security"
 )

+var validator = security.NewInputValidator()
+
 // PasswordAPIHandler handles password generation requests
 func PasswordAPIHandler(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodPost {
@@ -32,6 +36,45 @@ func PasswordAPIHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	// Validate input parameters
+	if requestData.Length < 4 || requestData.Length > 128 {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte("Length must be between 4 and 128"))
+		return
+	}
+
+	if requestData.NumberCount < 0 || requestData.NumberCount > 20 {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte("Number count must be between 0 and 20"))
+		return
+	}
+
+	if requestData.WordCount < 2 || requestData.WordCount > 10 {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte("Word count must be between 2 and 10"))
+		return
+	}
+
+	if len(requestData.SpecialChars) > 50 {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte("Special characters string too long"))
+		return
+	}
+
+	// Validate type parameter
+	if requestData.Type != "random" && requestData.Type != "passphrase" {
+		requestData.Type = "passphrase" // Default to passphrase
+	}
+
+	// Validate number position
+	validPositions := map[string]bool{"start": true, "end": true, "each": true}
+	if !validPositions[requestData.NumberPosition] {
+		requestData.NumberPosition = "end" // Default
+	}
+
+	// Sanitize special characters to prevent potential issues
+	requestData.SpecialChars = validator.SanitizeHTML(requestData.SpecialChars)
+
 	// Convert to internal Config format
 	config := Config{
 		Length:               requestData.Length,
@@ -4,12 +4,18 @@ import (
 	"embed"
 	"html/template"
 	"net/http"
+	"net/url"
 	"strconv"
 	"strings"
+	"time"
+
+	"headeranalyzer/security"
 )

 type Handler struct {
 	templates *template.Template
+	csrf      *security.CSRFManager
+	validator *security.InputValidator
 }

 type PasswordConfig struct {
@@ -57,10 +63,19 @@ func NewHandler(embeddedFiles embed.FS) *Handler {

 	return &Handler{
 		templates: tmpl,
+		csrf:      security.NewCSRFManager(time.Hour),
+		validator: security.NewInputValidator(),
 	}
 }

 func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	// Generate CSRF token
+	csrfToken, err := h.csrf.GenerateToken()
+	if err != nil {
+		http.Redirect(w, r, "/password?error="+url.QueryEscape("Security token generation failed"), http.StatusSeeOther)
+		return
+	}
+
 	// Parse URL parameters to set default values
 	config := PasswordConfig{
 		Type:           getStringParam(r, "type", "passphrase"),
@@ -80,9 +95,11 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	data := struct {
 		CurrentPage string
 		Config      PasswordConfig
+		CSRFToken   string
 	}{
 		CurrentPage: "password",
 		Config:      config,
+		CSRFToken:   csrfToken,
 	}
 	h.templates.ExecuteTemplate(w, "password.html", data)
 }