56 lines
1.4 KiB
Go
56 lines
1.4 KiB
Go
package handlers
|
|
|
|
import (
|
|
"crypto/subtle"
|
|
"net/http"
|
|
"net/url"
|
|
"regexp"
|
|
"strings"
|
|
|
|
"crowdsec-dashy/internal/middleware"
|
|
)
|
|
|
|
var validNameRE = regexp.MustCompile(`^[a-zA-Z0-9_\-]{1,64}$`)
|
|
|
|
func matchName(name string) (bool, error) {
|
|
return validNameRE.MatchString(name), nil
|
|
}
|
|
|
|
// flashRedirect redirects with flash type and message as query params.
|
|
// Handles to URLs that already contain a query string.
|
|
func flashRedirect(w http.ResponseWriter, r *http.Request, to, flashType, msg string) {
|
|
v := url.Values{}
|
|
v.Set("flash", flashType)
|
|
v.Set("msg", msg)
|
|
sep := "?"
|
|
if strings.Contains(to, "?") {
|
|
sep = "&"
|
|
}
|
|
http.Redirect(w, r, to+sep+v.Encode(), http.StatusSeeOther)
|
|
}
|
|
|
|
// readFlash extracts a validated flash message from URL query params.
|
|
func readFlash(r *http.Request) FlashMessage {
|
|
flash := r.URL.Query().Get("flash")
|
|
msg := r.URL.Query().Get("msg")
|
|
if flash == "" || msg == "" {
|
|
return FlashMessage{}
|
|
}
|
|
switch flash {
|
|
case "success", "error", "warning", "info":
|
|
return FlashMessage{Type: flash, Message: msg}
|
|
}
|
|
return FlashMessage{}
|
|
}
|
|
|
|
// checkCSRF verifies the _csrf form field against the token in the request context.
|
|
// Must be called after r.ParseForm().
|
|
func checkCSRF(r *http.Request) bool {
|
|
expected := middleware.CSRFFromContext(r)
|
|
if expected == "" {
|
|
return false
|
|
}
|
|
got := r.FormValue("_csrf")
|
|
return subtle.ConstantTimeCompare([]byte(got), []byte(expected)) == 1
|
|
}
|