Skip to content

Commit b35986f

Browse files
alan-netticaalan-nettica
committed
validate
1 parent 9b011b4 commit b35986f

File tree

1 file changed

+82
-0
lines changed

1 file changed

+82
-0
lines changed

mongo/mongo.go

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,11 @@ package mongo
33
import (
44
"context"
55
"encoding/json"
6+
"errors"
67
"os"
78
"reflect"
89
"sort"
10+
"strings"
911
"sync"
1012
"time"
1113

@@ -21,6 +23,12 @@ import (
2123
var mongoClient *mongo.Client
2224
var m sync.Mutex
2325

26+
func validate(s string) bool {
27+
28+
return !strings.ContainsAny(s, "${}()")
29+
30+
}
31+
2432
// getMongoClient returns a mongo client for the given connection string
2533
func getMongoClient() (*mongo.Client, error) {
2634

@@ -58,6 +66,10 @@ func Serialize(id string, parm string, col string, c interface{}) error {
5866
// return err
5967
//}
6068

69+
if !validate(id) {
70+
return nil
71+
}
72+
6173
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
6274
defer cancel()
6375

@@ -98,6 +110,10 @@ func Serialize(id string, parm string, col string, c interface{}) error {
98110
// Deserialize read interface from disk
99111
func Deserialize(id string, parm string, col string, t reflect.Type) (interface{}, error) {
100112

113+
if !validate(id) {
114+
return nil, errors.New("invalid id")
115+
}
116+
101117
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
102118
defer cancel()
103119

@@ -166,6 +182,10 @@ func Deserialize(id string, parm string, col string, t reflect.Type) (interface{
166182
// DeleteVPN removes the given id from the given collection
167183
func DeleteVPN(id string, col string) error {
168184

185+
if !validate(id) {
186+
return errors.New("invalid id")
187+
}
188+
169189
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
170190
defer cancel()
171191

@@ -187,6 +207,10 @@ func DeleteVPN(id string, col string) error {
187207
// Delete removes the given id from the given collection
188208
func Delete(id string, ident string, col string) error {
189209

210+
if !validate(id) {
211+
return errors.New("invalid id")
212+
}
213+
190214
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
191215
defer cancel()
192216

@@ -209,6 +233,10 @@ func Delete(id string, ident string, col string) error {
209233
func ReadAllDevices(param string, id string) ([]*model.Device, error) {
210234
devices := make([]*model.Device, 0)
211235

236+
if !validate(id) {
237+
return nil, errors.New("invalid id")
238+
}
239+
212240
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
213241
defer cancel()
214242

@@ -283,6 +311,10 @@ func GetDevicesForPushNotifications() ([]*model.Device, error) {
283311
// ReadDevicesAndVPNsForAccount
284312
func ReadDevicesAndVPNsForAccount(accountid string) ([]*model.Device, error) {
285313

314+
if !validate(accountid) {
315+
return nil, errors.New("invalid id")
316+
}
317+
286318
devices := make([]*model.Device, 0)
287319

288320
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
@@ -333,6 +365,10 @@ func ReadDevicesAndVPNsForAccount(accountid string) ([]*model.Device, error) {
333365
// ReadVPNsforNetwork from MongoDB
334366
func ReadVPNsforNetwork(netid string) ([]*model.VPN, error) {
335367

368+
if !validate(netid) {
369+
return nil, errors.New("invalid id")
370+
}
371+
336372
vpns := make([]*model.VPN, 0)
337373

338374
ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
@@ -384,6 +420,11 @@ func ReadVPNsforNetwork(netid string) ([]*model.VPN, error) {
384420

385421
// ReadAllHosts from MongoDB
386422
func ReadAllVPNs(param string, id string) ([]*model.VPN, error) {
423+
424+
if !validate(id) {
425+
return nil, errors.New("invalid id")
426+
}
427+
387428
vpns := make([]*model.VPN, 0)
388429

389430
ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
@@ -430,6 +471,10 @@ func ReadAllVPNs(param string, id string) ([]*model.VPN, error) {
430471
func ReadAllNetworks(param string, id string) ([]*model.Network, error) {
431472
nets := make([]*model.Network, 0)
432473

474+
if !validate(id) {
475+
return nil, errors.New("invalid id")
476+
}
477+
433478
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
434479
defer cancel()
435480

@@ -468,6 +513,10 @@ func ReadAllNetworks(param string, id string) ([]*model.Network, error) {
468513
func ReadServices(param string, id string) ([]*model.Service, error) {
469514
services := make([]*model.Service, 0)
470515

516+
if !validate(id) {
517+
return nil, errors.New("invalid id")
518+
}
519+
471520
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
472521
defer cancel()
473522

@@ -538,6 +587,11 @@ func ReadAllUsers() []*model.User {
538587

539588
// ReadAllAccounts from MongoDB
540589
func ReadAllAccounts(email string) ([]*model.Account, error) {
590+
591+
if !validate(email) {
592+
return nil, errors.New("invalid id")
593+
}
594+
541595
accounts := make([]*model.Account, 0)
542596

543597
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
@@ -576,6 +630,11 @@ func ReadAllAccounts(email string) ([]*model.Account, error) {
576630

577631
// ReadAllAccountsForID from MongoDB
578632
func ReadAllAccountsForID(id string) ([]*model.Account, error) {
633+
634+
if !validate(id) {
635+
return nil, errors.New("invalid id")
636+
}
637+
579638
accounts := make([]*model.Account, 0)
580639

581640
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
@@ -616,6 +675,14 @@ func ReadAllAccountsForID(id string) ([]*model.Account, error) {
616675

617676
// ReadAccountForUser from MongoDB
618677
func ReadAccountForUser(email string, accountid string) (*model.Account, error) {
678+
679+
if !validate(email) {
680+
return nil, errors.New("invalid email")
681+
}
682+
if !validate(accountid) {
683+
return nil, errors.New("invalid id")
684+
}
685+
619686
var account *model.Account
620687

621688
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
@@ -654,6 +721,11 @@ func ReadAccountForUser(email string, accountid string) (*model.Account, error)
654721

655722
// ReadAllSubscriptions from MongoDB
656723
func ReadAllSubscriptions(accountid string) ([]*model.Subscription, error) {
724+
725+
if !validate(accountid) {
726+
return nil, errors.New("invalid id")
727+
}
728+
657729
subscriptions := make([]*model.Subscription, 0)
658730

659731
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
@@ -693,6 +765,11 @@ func ReadAllSubscriptions(accountid string) ([]*model.Subscription, error) {
693765

694766
// ReadAllServices from MongoDB
695767
func ReadAllServices(accountid string) ([]*model.Service, error) {
768+
769+
if !validate(accountid) {
770+
return nil, errors.New("invalid id")
771+
}
772+
696773
services := make([]*model.Service, 0)
697774

698775
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
@@ -805,6 +882,11 @@ func ReadServiceHost(id string) ([]*model.Service, error) {
805882

806883
// UpsertUser to MongoDB
807884
func UpsertUser(user *model.User) error {
885+
886+
if user.Email == "" || !validate(user.Email) {
887+
return errors.New("invalid email")
888+
}
889+
808890
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
809891
defer cancel()
810892

0 commit comments

Comments
 (0)