aicra/request_data.go

package gfw

import (
	"encoding/json"
	"fmt"
	"git.xdrm.io/xdrm-brackets/gfw/multipart"
	"log"
	"net/http"
	"strings"
)

// buildRequestDataFromRequest builds a 'requestData'
// from an http request
func buildRequestDataFromRequest(req *http.Request) *requestData {

	i := &requestData{
		Url:  make([]*requestParameter, 0),
		Get:  make(map[string]*requestParameter),
		Form: make(map[string]*requestParameter),
		Set:  make(map[string]*requestParameter),
	}

	// GET (query) data
	i.fetchGet(req)

	// no Form if GET
	if req.Method == "GET" {
		return i
	}

	// POST (body) data
	i.fetchForm(req)

	return i

}

// bindUrl stores URL data and fills 'Set'
// with creating pointers inside 'Url'
func (i *requestData) fillUrl(data []string) {

	for index, value := range data {

		// create set index
		setindex := fmt.Sprintf("URL#%d", index)

		// store value in 'Set'
		i.Set[setindex] = &requestParameter{
			Parsed: false,
			Value:  value,
		}

		// create link in 'Url'
		i.Url = append(i.Url, i.Set[setindex])

	}

}

// fetchGet stores data from the QUERY (in url parameters)
func (i *requestData) fetchGet(req *http.Request) {

	for name, value := range req.URL.Query() {

		// prevent injections
		if isParameterNameInjection(name) {
			log.Printf("get.injection: '%s'\n", name)
			continue
		}

		// create set index
		setindex := fmt.Sprintf("GET@%s", name)

		// store value in 'Set'
		i.Set[setindex] = &requestParameter{
			Parsed: false,
			Value:  value,
		}

		// create link in 'Get'
		i.Get[name] = i.Set[setindex]

	}

}

// fetchForm stores FORM data
//
// - parse 'form-data' if not supported (not POST requests)
// - parse 'x-www-form-urlencoded'
// - parse 'application/json'
func (i *requestData) fetchForm(req *http.Request) {

	contentType := req.Header.Get("Content-Type")

	// parse json
	if strings.HasPrefix(contentType, "application/json") {
		i.parseJsonForm(req)
		return
	}

	// parse urlencoded
	if strings.HasPrefix(contentType, "application/x-www-form-urlencoded") {
		i.parseUrlencodedForm(req)
		return
	}

	// parse multipart
	if strings.HasPrefix(contentType, "multipart/form-data; boundary=") {
		i.parseMultipartForm(req)
		return
	}

	// if unknown type store nothing
}

// parseJsonForm parses JSON from the request body inside 'Form'
// and 'Set'
func (i *requestData) parseJsonForm(req *http.Request) {

	parsed := make(map[string]interface{}, 0)

	decoder := json.NewDecoder(req.Body)

	// if parse error: do nothing
	if err := decoder.Decode(&parsed); err != nil {
		return
	}

	// else store values 'parsed' values
	for name, value := range parsed {

		// prevent injections
		if isParameterNameInjection(name) {
			log.Printf("post.injection: '%s'\n", name)
			continue
		}

		// store value in 'Set'
		i.Set[name] = &requestParameter{
			Parsed: true,
			Value:  value,
		}

		// create link in 'Form'
		i.Form[name] = i.Set[name]

	}

}

// parseUrlencodedForm parses urlencoded from the request body inside 'Form'
// and 'Set'
func (i *requestData) parseUrlencodedForm(req *http.Request) {

	// use http.Request interface
	req.ParseForm()

	for name, value := range req.PostForm {

		// prevent injections
		if isParameterNameInjection(name) {
			log.Printf("post.injection: '%s'\n", name)
			continue
		}

		// store value in 'Set'
		i.Set[name] = &requestParameter{
			Parsed: false,
			Value:  value,
		}

		// create link in 'Form'
		i.Form[name] = i.Set[name]
	}

}

// parseMultipartForm parses multi-part from the request body inside 'Form'
// and 'Set'
func (i *requestData) parseMultipartForm(req *http.Request) {

	/* (1) Create reader */
	mpr := multipart.CreateReader(req)

	/* (2) Parse multipart */
	mpr.Parse()

	/* (3) Store data into 'Form' and 'Set */
	for name, component := range mpr.Components {

		// prevent injections
		if isParameterNameInjection(name) {
			log.Printf("post.injection: '%s'\n", name)
			continue
		}

		// store value in 'Set'
		i.Set[name] = &requestParameter{
			Parsed: false,
			File:   component.File,
			Value:  component.Data,
		}

		// create link in 'Form'
		i.Form[name] = i.Set[name]

	}

	return

}

// isParameterNameInjection returns whether there is
// a parameter name injection:
// - inferred GET parameters
// - inferred URL parameters
func isParameterNameInjection(pName string) bool {
	return strings.HasPrefix(pName, "GET@") || strings.HasPrefix(pName, "URL#")
}
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00			`package gfw`

			`import (`
			`"encoding/json"`
			`"fmt"`
update imports to be in right package 2018-05-30 07:06:26 +00:00			`"git.xdrm.io/xdrm-brackets/gfw/multipart"`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00			`"log"`
			`"net/http"`
			`"strings"`
			`)`

moved 'err' into package 2018-06-01 07:09:26 +00:00			`// buildRequestDataFromRequest builds a 'requestData'`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00			`// from an http request`
moved 'err' into package 2018-06-01 07:09:26 +00:00			`func buildRequestDataFromRequest(req http.Request) requestData {`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00
moved 'err' into package 2018-06-01 07:09:26 +00:00			`i := &requestData{`
			`Url: make([]*requestParameter, 0),`
			`Get: make(map[string]*requestParameter),`
			`Form: make(map[string]*requestParameter),`
			`Set: make(map[string]*requestParameter),`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00			`}`

			`// GET (query) data`
			`i.fetchGet(req)`

			`// no Form if GET`
			`if req.Method == "GET" {`
			`return i`
			`}`

			`// POST (body) data`
			`i.fetchForm(req)`

			`return i`

			`}`

			`// bindUrl stores URL data and fills 'Set'`
			`// with creating pointers inside 'Url'`
moved 'err' into package 2018-06-01 07:09:26 +00:00			`func (i *requestData) fillUrl(data []string) {`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00
			`for index, value := range data {`

			`// create set index`
			`setindex := fmt.Sprintf("URL#%d", index)`

			`// store value in 'Set'`
moved 'err' into package 2018-06-01 07:09:26 +00:00			`i.Set[setindex] = &requestParameter{`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00			`Parsed: false,`
			`Value: value,`
			`}`

			`// create link in 'Url'`
			`i.Url = append(i.Url, i.Set[setindex])`

			`}`

			`}`

			`// fetchGet stores data from the QUERY (in url parameters)`
moved 'err' into package 2018-06-01 07:09:26 +00:00			`func (i requestData) fetchGet(req http.Request) {`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00
			`for name, value := range req.URL.Query() {`

			`// prevent injections`
			`if isParameterNameInjection(name) {`
			`log.Printf("get.injection: '%s'\n", name)`
			`continue`
			`}`

			`// create set index`
			`setindex := fmt.Sprintf("GET@%s", name)`

			`// store value in 'Set'`
moved 'err' into package 2018-06-01 07:09:26 +00:00			`i.Set[setindex] = &requestParameter{`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00			`Parsed: false,`
			`Value: value,`
			`}`

			`// create link in 'Get'`
			`i.Get[name] = i.Set[setindex]`

			`}`

			`}`

			`// fetchForm stores FORM data`
			`//`
			`// - parse 'form-data' if not supported (not POST requests)`
			`// - parse 'x-www-form-urlencoded'`
			`// - parse 'application/json'`
moved 'err' into package 2018-06-01 07:09:26 +00:00			`func (i requestData) fetchForm(req http.Request) {`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00
			`contentType := req.Header.Get("Content-Type")`

			`// parse json`
			`if strings.HasPrefix(contentType, "application/json") {`
			`i.parseJsonForm(req)`
			`return`
			`}`

			`// parse urlencoded`
			`if strings.HasPrefix(contentType, "application/x-www-form-urlencoded") {`
			`i.parseUrlencodedForm(req)`
			`return`
			`}`

			`// parse multipart`
			`if strings.HasPrefix(contentType, "multipart/form-data; boundary=") {`
			`i.parseMultipartForm(req)`
			`return`
			`}`

			`// if unknown type store nothing`
			`}`

			`// parseJsonForm parses JSON from the request body inside 'Form'`
			`// and 'Set'`
moved 'err' into package 2018-06-01 07:09:26 +00:00			`func (i requestData) parseJsonForm(req http.Request) {`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00
			`parsed := make(map[string]interface{}, 0)`

			`decoder := json.NewDecoder(req.Body)`

			`// if parse error: do nothing`
			`if err := decoder.Decode(&parsed); err != nil {`
			`return`
			`}`

			`// else store values 'parsed' values`
			`for name, value := range parsed {`

			`// prevent injections`
			`if isParameterNameInjection(name) {`
			`log.Printf("post.injection: '%s'\n", name)`
			`continue`
			`}`

			`// store value in 'Set'`
moved 'err' into package 2018-06-01 07:09:26 +00:00			`i.Set[name] = &requestParameter{`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00			`Parsed: true,`
			`Value: value,`
			`}`

			`// create link in 'Form'`
			`i.Form[name] = i.Set[name]`

			`}`

			`}`

			`// parseUrlencodedForm parses urlencoded from the request body inside 'Form'`
			`// and 'Set'`
moved 'err' into package 2018-06-01 07:09:26 +00:00			`func (i requestData) parseUrlencodedForm(req http.Request) {`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00
			`// use http.Request interface`
			`req.ParseForm()`

			`for name, value := range req.PostForm {`

			`// prevent injections`
			`if isParameterNameInjection(name) {`
			`log.Printf("post.injection: '%s'\n", name)`
			`continue`
			`}`

			`// store value in 'Set'`
moved 'err' into package 2018-06-01 07:09:26 +00:00			`i.Set[name] = &requestParameter{`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00			`Parsed: false,`
			`Value: value,`
			`}`

			`// create link in 'Form'`
			`i.Form[name] = i.Set[name]`
			`}`

			`}`

			`// parseMultipartForm parses multi-part from the request body inside 'Form'`
			`// and 'Set'`
moved 'err' into package 2018-06-01 07:09:26 +00:00			`func (i requestData) parseMultipartForm(req http.Request) {`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00
			`/* (1) Create reader */`
			`mpr := multipart.CreateReader(req)`

			`/* (2) Parse multipart */`
			`mpr.Parse()`

			`/* (3) Store data into 'Form' and 'Set */`
			`for name, component := range mpr.Components {`

			`// prevent injections`
			`if isParameterNameInjection(name) {`
			`log.Printf("post.injection: '%s'\n", name)`
			`continue`
			`}`

			`// store value in 'Set'`
moved 'err' into package 2018-06-01 07:09:26 +00:00			`i.Set[name] = &requestParameter{`
moved data parser into 'request_data' + created internal lib to parse multipart inside 'internal/multipart' + added default type 'any' + more things... 2018-05-29 13:42:41 +00:00			`Parsed: false,`
			`File: component.File,`
			`Value: component.Data,`
			`}`

			`// create link in 'Form'`
			`i.Form[name] = i.Set[name]`

			`}`

			`return`

			`}`

			`// isParameterNameInjection returns whether there is`
			`// a parameter name injection:`
			`// - inferred GET parameters`
			`// - inferred URL parameters`
			`func isParameterNameInjection(pName string) bool {`
			`return strings.HasPrefix(pName, "GET@") \|\| strings.HasPrefix(pName, "URL#")`
			`}`