From 4ac6aa0151e5ad5b2970e6510c1083a1fe6703f7 Mon Sep 17 00:00:00 2001 From: cuigh Date: Fri, 17 Nov 2017 12:31:19 +0800 Subject: [PATCH] Add server-side data validation --- controller/registry.go | 4 ++-- controller/role.go | 4 ++-- controller/user.go | 4 ++-- controller/volume.go | 2 +- main.go | 2 ++ model/auth.go | 8 ++++---- model/docker.go | 10 +++++----- 7 files changed, 18 insertions(+), 16 deletions(-) diff --git a/controller/registry.go b/controller/registry.go index 41dd8b6..75d3edd 100644 --- a/controller/registry.go +++ b/controller/registry.go @@ -36,7 +36,7 @@ func registryList(ctx web.Context) error { func registryCreate(ctx web.Context) error { registry := &model.Registry{} - err := ctx.Bind(registry) + err := ctx.Bind(registry, true) if err != nil { return err } @@ -52,7 +52,7 @@ func registryDelete(ctx web.Context) error { func registryUpdate(ctx web.Context) error { registry := &model.Registry{} - err := ctx.Bind(registry) + err := ctx.Bind(registry, true) if err != nil { return err } diff --git a/controller/role.go b/controller/role.go index 069b108..9cd3f75 100644 --- a/controller/role.go +++ b/controller/role.go @@ -48,7 +48,7 @@ func roleNew(ctx web.Context) error { func roleCreate(ctx web.Context) error { role := &model.Role{} - err := ctx.Bind(role) + err := ctx.Bind(role, true) if err == nil { err = biz.Role.Create(role, ctx.User()) } @@ -99,7 +99,7 @@ func roleEdit(ctx web.Context) error { func roleUpdate(ctx web.Context) error { role := &model.Role{} - err := ctx.Bind(role) + err := ctx.Bind(role, true) if err == nil { role.ID = ctx.P("id") err = biz.Role.Update(role, ctx.User()) diff --git a/controller/user.go b/controller/user.go index 03ab239..8ecfdee 100644 --- a/controller/user.go +++ b/controller/user.go @@ -70,7 +70,7 @@ func userNew(ctx web.Context) error { func userCreate(ctx web.Context) error { user := &model.User{} - err := ctx.Bind(user) + err := ctx.Bind(user, true) if err == nil { user.Type = model.UserTypeInternal err = biz.User.Create(user, ctx.User()) @@ -135,7 +135,7 @@ func userEdit(ctx web.Context) error { func userUpdate(ctx web.Context) error { user := &model.User{} - err := ctx.Bind(user) + err := ctx.Bind(user, true) if err == nil { err = biz.User.Update(user, ctx.User()) } diff --git a/controller/volume.go b/controller/volume.go index 122bc61..ddcbf8c 100644 --- a/controller/volume.go +++ b/controller/volume.go @@ -56,7 +56,7 @@ func volumeNew(ctx web.Context) error { func volumeCreate(ctx web.Context) error { info := &model.VolumeCreateInfo{} - err := ctx.Bind(info) + err := ctx.Bind(info, true) if err != nil { return err } diff --git a/main.go b/main.go index 2ec8e24..92c320f 100644 --- a/main.go +++ b/main.go @@ -10,6 +10,7 @@ import ( "github.com/cuigh/auxo/app" "github.com/cuigh/auxo/app/flag" "github.com/cuigh/auxo/config" + "github.com/cuigh/auxo/data/valid" "github.com/cuigh/auxo/net/web" "github.com/cuigh/auxo/net/web/filter" "github.com/cuigh/auxo/net/web/filter/auth" @@ -50,6 +51,7 @@ func server() *web.Server { ws := web.Auto() // set render + ws.Validator = &valid.Validator{Tag: "valid"} ws.Renderer = jet.New().SetDebug(config.GetBool("debug")). AddFunc("time", misc.FormatTime(setting.TimeZone.Offset)). AddFunc("i18n", misc.Message(setting.Language)). diff --git a/model/auth.go b/model/auth.go index 2998bc3..16d1a4f 100644 --- a/model/auth.go +++ b/model/auth.go @@ -26,7 +26,7 @@ const ( type Role struct { ID string `bson:"_id" json:"id,omitempty"` - Name string `bson:"name" json:"name,omitempty"` + Name string `bson:"name" json:"name,omitempty" valid:"required"` Description string `bson:"desc" json:"desc,omitempty"` Perms []string `bson:"perms" json:"perms,omitempty"` CreatedAt time.Time `bson:"created_at" json:"created_at,omitempty"` @@ -35,11 +35,11 @@ type Role struct { type User struct { ID string `bson:"_id" json:"id,omitempty"` - Name string `bson:"name" json:"name,omitempty"` - LoginName string `bson:"login_name" json:"login_name,omitempty"` + Name string `bson:"name" json:"name,omitempty" valid:"required"` + LoginName string `bson:"login_name" json:"login_name,omitempty" valid:"required"` Password string `bson:"password" json:"password,omitempty"` Salt string `bson:"salt" json:"salt,omitempty"` - Email string `bson:"email" json:"email,omitempty"` + Email string `bson:"email" json:"email,omitempty" valid:"required"` Admin bool `bson:"admin" json:"admin,omitempty"` Type UserType `bson:"type" json:"type,omitempty"` Status UserStatus `bson:"status" json:"status,omitempty"` diff --git a/model/docker.go b/model/docker.go index 5a86676..2964c8f 100644 --- a/model/docker.go +++ b/model/docker.go @@ -17,10 +17,10 @@ import ( type Registry struct { ID string `bson:"_id" json:"id,omitempty"` - Name string `bson:"name" json:"name,omitempty"` - URL string `bson:"url" json:"url,omitempty"` - Username string `bson:"username" json:"username,omitempty"` - Password string `bson:"password" json:"password,omitempty"` + Name string `bson:"name" json:"name,omitempty" valid:"required"` + URL string `bson:"url" json:"url,omitempty" valid:"required,url"` + Username string `bson:"username" json:"username,omitempty" valid:"required"` + Password string `bson:"password" json:"password,omitempty" valid:"required"` CreatedAt time.Time `bson:"created_at" json:"created_at,omitempty"` UpdatedAt time.Time `bson:"updated_at" json:"updated_at,omitempty"` } @@ -639,7 +639,7 @@ type NetworkCreateInfo struct { } type VolumeCreateInfo struct { - Name string `json:"name"` + Name string `json:"name" valid:"required"` Driver string `json:"driver"` CustomDriver string `json:"custom_driver"` Options Options `json:"options"`