misc: try to be more strict in URL filter
This commit is contained in:
parent
df0cff37af
commit
a9714fe51a
24
src/main.rs
24
src/main.rs
|
@ -223,7 +223,7 @@ mod service {
|
|||
use validators::prelude::*;
|
||||
|
||||
#[derive(Validator)]
|
||||
#[validator(http_url(local(Allow)))]
|
||||
#[validator(http_url(local(NotAllow)))]
|
||||
#[derive(Clone, Debug)]
|
||||
/// A struct representing a URL.
|
||||
pub struct HttpUrl {
|
||||
|
@ -237,6 +237,24 @@ mod service {
|
|||
}
|
||||
}
|
||||
|
||||
impl HttpUrl {
|
||||
/// Transform this into an `Err(())` if the url does not match more
|
||||
/// criteria.
|
||||
pub fn strict(self) -> Result<Self, ()> {
|
||||
// Don't even bother with URLs that don't have hosts.
|
||||
if !self.url.has_host() {
|
||||
return Err(());
|
||||
}
|
||||
|
||||
// URLs that cannot be a base are weird (UNIX sockets, data types)
|
||||
if self.url.cannot_be_a_base() {
|
||||
return Err(())
|
||||
}
|
||||
|
||||
Ok(self)
|
||||
}
|
||||
}
|
||||
|
||||
/// Database management, including messaging and work stealing.
|
||||
pub mod db {
|
||||
use super::{slug::Slug, HttpUrl};
|
||||
|
@ -679,7 +697,9 @@ async fn shorten(
|
|||
.into(),
|
||||
)
|
||||
})?;
|
||||
HttpUrl::parse_str(url_str)
|
||||
HttpUrl::parse_string(url_str)
|
||||
.map_err(|_| (warp::http::StatusCode::BAD_REQUEST, "Invalid URL.".into()))?
|
||||
.strict()
|
||||
.map_err(|_| (warp::http::StatusCode::BAD_REQUEST, "Invalid URL.".into()))?
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue