mirror of
https://github.com/go-gitea/gitea
synced 2024-12-24 17:44:27 +00:00
711 lines
23 KiB
Go
Vendored
711 lines
23 KiB
Go
Vendored
// Copyright 2014 Martini Authors
|
|
// Copyright 2014 The Macaron Authors
|
|
// Copyright 2020 The Gitea Authors
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License"): you may
|
|
// not use this file except in compliance with the License. You may obtain
|
|
// a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
// License for the specific language governing permissions and limitations
|
|
// under the License.
|
|
|
|
// Package binding is a middleware that provides request data binding and validation for Chi.
|
|
package binding
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
"mime/multipart"
|
|
"net/http"
|
|
"net/url"
|
|
"reflect"
|
|
"regexp"
|
|
"strconv"
|
|
"strings"
|
|
"unicode/utf8"
|
|
|
|
"github.com/goccy/go-json"
|
|
"github.com/unknwon/com"
|
|
)
|
|
|
|
// Bind wraps up the functionality of the Form and Json middleware
|
|
// according to the Content-Type and verb of the request.
|
|
// A Content-Type is required for POST and PUT requests.
|
|
// Bind invokes the ErrorHandler middleware to bail out if errors
|
|
// occurred. If you want to perform your own error handling, use
|
|
// Form or Json middleware directly. An interface pointer can
|
|
// be added as a second argument in order to map the struct to
|
|
// a specific interface.
|
|
func Bind(req *http.Request, obj interface{}) Errors {
|
|
contentType := req.Header.Get("Content-Type")
|
|
if req.Method == "POST" || req.Method == "PUT" || len(contentType) > 0 {
|
|
switch {
|
|
case strings.Contains(contentType, "form-urlencoded"):
|
|
return Form(req, obj)
|
|
case strings.Contains(contentType, "multipart/form-data"):
|
|
return MultipartForm(req, obj)
|
|
case strings.Contains(contentType, "json"):
|
|
return JSON(req, obj)
|
|
default:
|
|
var errors Errors
|
|
if contentType == "" {
|
|
errors.Add([]string{}, ERR_CONTENT_TYPE, "Empty Content-Type")
|
|
} else {
|
|
errors.Add([]string{}, ERR_CONTENT_TYPE, "Unsupported Content-Type")
|
|
}
|
|
return errors
|
|
}
|
|
} else {
|
|
return Form(req, obj)
|
|
}
|
|
}
|
|
|
|
const (
|
|
_JSON_CONTENT_TYPE = "application/json; charset=utf-8"
|
|
STATUS_UNPROCESSABLE_ENTITY = 422
|
|
)
|
|
|
|
// errorHandler simply counts the number of errors in the
|
|
// context and, if more than 0, writes a response with an
|
|
// error code and a JSON payload describing the errors.
|
|
// The response will have a JSON content-type.
|
|
// Middleware remaining on the stack will not even see the request
|
|
// if, by this point, there are any errors.
|
|
// This is a "default" handler, of sorts, and you are
|
|
// welcome to use your own instead. The Bind middleware
|
|
// invokes this automatically for convenience.
|
|
func errorHandler(errs Errors, rw http.ResponseWriter) {
|
|
if len(errs) > 0 {
|
|
rw.Header().Set("Content-Type", _JSON_CONTENT_TYPE)
|
|
if errs.Has(ERR_DESERIALIZATION) {
|
|
rw.WriteHeader(http.StatusBadRequest)
|
|
} else if errs.Has(ERR_CONTENT_TYPE) {
|
|
rw.WriteHeader(http.StatusUnsupportedMediaType)
|
|
} else {
|
|
rw.WriteHeader(STATUS_UNPROCESSABLE_ENTITY)
|
|
}
|
|
errOutput, _ := json.Marshal(errs)
|
|
rw.Write(errOutput)
|
|
return
|
|
}
|
|
}
|
|
|
|
// Form is middleware to deserialize form-urlencoded data from the request.
|
|
// It gets data from the form-urlencoded body, if present, or from the
|
|
// query string. It uses the http.Request.ParseForm() method
|
|
// to perform deserialization, then reflection is used to map each field
|
|
// into the struct with the proper type. Structs with primitive slice types
|
|
// (bool, float, int, string) can support deserialization of repeated form
|
|
// keys, for example: key=val1&key=val2&key=val3
|
|
// An interface pointer can be added as a second argument in order
|
|
// to map the struct to a specific interface.
|
|
func Form(req *http.Request, formStruct interface{}) Errors {
|
|
var errors Errors
|
|
|
|
ensurePointer(formStruct)
|
|
formStructV := reflect.ValueOf(formStruct)
|
|
parseErr := req.ParseForm()
|
|
|
|
// Format validation of the request body or the URL would add considerable overhead,
|
|
// and ParseForm does not complain when URL encoding is off.
|
|
// Because an empty request body or url can also mean absence of all needed values,
|
|
// it is not in all cases a bad request, so let's return 422.
|
|
if parseErr != nil {
|
|
errors.Add([]string{}, ERR_DESERIALIZATION, parseErr.Error())
|
|
}
|
|
errors = mapForm(formStructV, req.Form, nil, errors)
|
|
return append(errors, Validate(req, formStruct)...)
|
|
}
|
|
|
|
// MaxMemory represents maximum amount of memory to use when parsing a multipart form.
|
|
// Set this to whatever value you prefer; default is 10 MB.
|
|
var MaxMemory = int64(1024 * 1024 * 10)
|
|
|
|
// MultipartForm works much like Form, except it can parse multipart forms
|
|
// and handle file uploads. Like the other deserialization middleware handlers,
|
|
// you can pass in an interface to make the interface available for injection
|
|
// into other handlers later.
|
|
func MultipartForm(req *http.Request, formStruct interface{}) Errors {
|
|
var errors Errors
|
|
ensurePointer(formStruct)
|
|
formStructV := reflect.ValueOf(formStruct)
|
|
// This if check is necessary due to https://github.com/martini-contrib/csrf/issues/6
|
|
if req.MultipartForm == nil {
|
|
// Workaround for multipart forms returning nil instead of an error
|
|
// when content is not multipart; see https://code.google.com/p/go/issues/detail?id=6334
|
|
if multipartReader, err := req.MultipartReader(); err != nil {
|
|
errors.Add([]string{}, ERR_DESERIALIZATION, err.Error())
|
|
} else {
|
|
form, parseErr := multipartReader.ReadForm(MaxMemory)
|
|
if parseErr != nil {
|
|
errors.Add([]string{}, ERR_DESERIALIZATION, parseErr.Error())
|
|
}
|
|
|
|
if req.Form == nil {
|
|
req.ParseForm()
|
|
}
|
|
for k, v := range form.Value {
|
|
req.Form[k] = append(req.Form[k], v...)
|
|
}
|
|
|
|
req.MultipartForm = form
|
|
}
|
|
}
|
|
errors = mapForm(formStructV, req.MultipartForm.Value, req.MultipartForm.File, errors)
|
|
return append(errors, Validate(req, formStruct)...)
|
|
}
|
|
|
|
// JSON is middleware to deserialize a JSON payload from the request
|
|
// into the struct that is passed in. The resulting struct is then
|
|
// validated, but no error handling is actually performed here.
|
|
// An interface pointer can be added as a second argument in order
|
|
// to map the struct to a specific interface.
|
|
func JSON(req *http.Request, jsonStruct interface{}) Errors {
|
|
var errors Errors
|
|
ensurePointer(jsonStruct)
|
|
|
|
if req.Body != nil {
|
|
defer req.Body.Close()
|
|
err := json.NewDecoder(req.Body).Decode(jsonStruct)
|
|
if err != nil && err != io.EOF {
|
|
errors.Add([]string{}, ERR_DESERIALIZATION, err.Error())
|
|
}
|
|
}
|
|
return append(errors, Validate(req, jsonStruct)...)
|
|
}
|
|
|
|
// RawValidate is same as Validate but does not require a HTTP context,
|
|
// and can be used independently just for validation.
|
|
// This function does not support Validator interface.
|
|
func RawValidate(obj interface{}) Errors {
|
|
var errs Errors
|
|
v := reflect.ValueOf(obj)
|
|
k := v.Kind()
|
|
if k == reflect.Interface || k == reflect.Ptr {
|
|
v = v.Elem()
|
|
k = v.Kind()
|
|
}
|
|
if k == reflect.Slice || k == reflect.Array {
|
|
for i := 0; i < v.Len(); i++ {
|
|
e := v.Index(i).Interface()
|
|
errs = validateStruct(errs, e)
|
|
}
|
|
} else {
|
|
errs = validateStruct(errs, obj)
|
|
}
|
|
return errs
|
|
}
|
|
|
|
// Validate is middleware to enforce required fields. If the struct
|
|
// passed in implements Validator, then the user-defined Validate method
|
|
// is executed, and its errors are mapped to the context. This middleware
|
|
// performs no error handling: it merely detects errors and maps them.
|
|
func Validate(req *http.Request, obj interface{}) Errors {
|
|
var errs Errors
|
|
v := reflect.ValueOf(obj)
|
|
k := v.Kind()
|
|
if k == reflect.Interface || k == reflect.Ptr {
|
|
v = v.Elem()
|
|
k = v.Kind()
|
|
}
|
|
if k == reflect.Slice || k == reflect.Array {
|
|
for i := 0; i < v.Len(); i++ {
|
|
e := v.Index(i).Interface()
|
|
errs = validateStruct(errs, e)
|
|
if validator, ok := e.(Validator); ok {
|
|
errs = validator.Validate(req, errs)
|
|
}
|
|
}
|
|
} else {
|
|
errs = validateStruct(errs, obj)
|
|
if validator, ok := obj.(Validator); ok {
|
|
errs = validator.Validate(req, errs)
|
|
}
|
|
}
|
|
return errs
|
|
}
|
|
|
|
var (
|
|
AlphaDashPattern = regexp.MustCompile(`[^\d\w-_]`)
|
|
AlphaDashDotPattern = regexp.MustCompile(`[^\d\w-_\.]`)
|
|
EmailPattern = regexp.MustCompile(`\A[\w!#$%&'*+/=?^_`+"`"+`{|}~-]+(?:\.[\w!#$%&'*+/=?^_`+"`"+`{|}~-]+)*@(?:[\w](?:[\w-]*[\w])?\.)+[a-zA-Z0-9](?:[\w-]*[\w])?\z`)
|
|
)
|
|
|
|
// Copied from github.com/asaskevich/govalidator.
|
|
const _MAX_URL_RUNE_COUNT = 2083
|
|
const _MIN_URL_RUNE_COUNT = 3
|
|
|
|
var (
|
|
urlSchemaRx = `((ftp|tcp|udp|wss?|https?):\/\/)`
|
|
urlUsernameRx = `(\S+(:\S*)?@)`
|
|
urlIPRx = `([1-9]\d?|1\d\d|2[01]\d|22[0-3])(\.(1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.([0-9]\d?|1\d\d|2[0-4]\d|25[0-4]))`
|
|
ipRx = `(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))`
|
|
urlSubdomainRx = `((www\.)|([a-zA-Z0-9]([-\.][-\._a-zA-Z0-9]+)*))`
|
|
urlPortRx = `(:(\d{1,5}))`
|
|
urlPathRx = `((\/|\?|#)[^\s]*)`
|
|
URLPattern = regexp.MustCompile(`\A` + urlSchemaRx + `?` + urlUsernameRx + `?` + `((` + urlIPRx + `|(\[` + ipRx + `\])|(([a-zA-Z0-9]([a-zA-Z0-9-_]+)?[a-zA-Z0-9]([-\.][a-zA-Z0-9]+)*)|(` + urlSubdomainRx + `?))?(([a-zA-Z\x{00a1}-\x{ffff}0-9]+-?-?)*[a-zA-Z\x{00a1}-\x{ffff}0-9]+)(?:\.([a-zA-Z\x{00a1}-\x{ffff}]{1,}))?))\.?` + urlPortRx + `?` + urlPathRx + `?\z`)
|
|
)
|
|
|
|
// IsURL check if the string is an URL.
|
|
func isURL(str string) bool {
|
|
if str == "" || utf8.RuneCountInString(str) >= _MAX_URL_RUNE_COUNT || len(str) <= _MIN_URL_RUNE_COUNT || strings.HasPrefix(str, ".") {
|
|
return false
|
|
}
|
|
u, err := url.Parse(str)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
if strings.HasPrefix(u.Host, ".") {
|
|
return false
|
|
}
|
|
if u.Host == "" && (u.Path != "" && !strings.Contains(u.Path, ".")) {
|
|
return false
|
|
}
|
|
return URLPattern.MatchString(str)
|
|
|
|
}
|
|
|
|
type (
|
|
// Rule represents a validation rule.
|
|
Rule struct {
|
|
// IsMatch checks if rule matches.
|
|
IsMatch func(string) bool
|
|
// IsValid applies validation rule to condition.
|
|
IsValid func(Errors, string, interface{}) (bool, Errors)
|
|
}
|
|
|
|
// ParamRule does same thing as Rule but passes rule itself to IsValid method.
|
|
ParamRule struct {
|
|
// IsMatch checks if rule matches.
|
|
IsMatch func(string) bool
|
|
// IsValid applies validation rule to condition.
|
|
IsValid func(Errors, string, string, interface{}) (bool, Errors)
|
|
}
|
|
|
|
// RuleMapper and ParamRuleMapper represent validation rule mappers,
|
|
// it allwos users to add custom validation rules.
|
|
RuleMapper []*Rule
|
|
ParamRuleMapper []*ParamRule
|
|
)
|
|
|
|
var ruleMapper RuleMapper
|
|
var paramRuleMapper ParamRuleMapper
|
|
|
|
// AddRule adds new validation rule.
|
|
func AddRule(r *Rule) {
|
|
ruleMapper = append(ruleMapper, r)
|
|
}
|
|
|
|
// AddParamRule adds new validation rule.
|
|
func AddParamRule(r *ParamRule) {
|
|
paramRuleMapper = append(paramRuleMapper, r)
|
|
}
|
|
|
|
func in(fieldValue interface{}, arr string) bool {
|
|
val := fmt.Sprintf("%v", fieldValue)
|
|
vals := strings.Split(arr, ",")
|
|
isIn := false
|
|
for _, v := range vals {
|
|
if v == val {
|
|
isIn = true
|
|
break
|
|
}
|
|
}
|
|
return isIn
|
|
}
|
|
|
|
func parseFormName(raw, actual string) string {
|
|
if len(actual) > 0 {
|
|
return actual
|
|
}
|
|
return nameMapper(raw)
|
|
}
|
|
|
|
// Performs required field checking on a struct
|
|
func validateStruct(errors Errors, obj interface{}) Errors {
|
|
typ := reflect.TypeOf(obj)
|
|
val := reflect.ValueOf(obj)
|
|
|
|
if typ.Kind() == reflect.Ptr {
|
|
typ = typ.Elem()
|
|
val = val.Elem()
|
|
}
|
|
|
|
for i := 0; i < typ.NumField(); i++ {
|
|
field := typ.Field(i)
|
|
|
|
// Allow ignored fields in the struct
|
|
if field.Tag.Get("form") == "-" || !val.Field(i).CanInterface() {
|
|
continue
|
|
}
|
|
|
|
fieldVal := val.Field(i)
|
|
fieldValue := fieldVal.Interface()
|
|
zero := reflect.Zero(field.Type).Interface()
|
|
|
|
// Validate nested and embedded structs (if pointer, only do so if not nil)
|
|
if field.Type.Kind() == reflect.Struct ||
|
|
(field.Type.Kind() == reflect.Ptr && !reflect.DeepEqual(zero, fieldValue) &&
|
|
field.Type.Elem().Kind() == reflect.Struct) {
|
|
errors = validateStruct(errors, fieldValue)
|
|
}
|
|
errors = validateField(errors, zero, field, fieldVal, fieldValue)
|
|
}
|
|
return errors
|
|
}
|
|
|
|
// Don't pass in pointers to bind to. Can lead to bugs.
|
|
func ensureNotPointer(obj interface{}) {
|
|
if reflect.TypeOf(obj).Kind() == reflect.Ptr {
|
|
panic("Pointers are not accepted as binding models")
|
|
}
|
|
}
|
|
|
|
func validateField(errors Errors, zero interface{}, field reflect.StructField, fieldVal reflect.Value, fieldValue interface{}) Errors {
|
|
if fieldVal.Kind() == reflect.Slice {
|
|
for i := 0; i < fieldVal.Len(); i++ {
|
|
sliceVal := fieldVal.Index(i)
|
|
if sliceVal.Kind() == reflect.Ptr {
|
|
sliceVal = sliceVal.Elem()
|
|
}
|
|
|
|
sliceValue := sliceVal.Interface()
|
|
zero := reflect.Zero(sliceVal.Type()).Interface()
|
|
if sliceVal.Kind() == reflect.Struct ||
|
|
(sliceVal.Kind() == reflect.Ptr && !reflect.DeepEqual(zero, sliceValue) &&
|
|
sliceVal.Elem().Kind() == reflect.Struct) {
|
|
errors = validateStruct(errors, sliceValue)
|
|
}
|
|
/* Apply validation rules to each item in a slice. ISSUE #3
|
|
else {
|
|
errors = validateField(errors, zero, field, sliceVal, sliceValue)
|
|
}*/
|
|
}
|
|
}
|
|
|
|
rules := strings.Split(field.Tag.Get("binding"), ";")
|
|
|
|
if reflect.DeepEqual(zero, fieldValue) {
|
|
for _, rule := range rules {
|
|
if rule == "Required" {
|
|
errors.Add([]string{field.Name}, ERR_REQUIRED, "Required")
|
|
break
|
|
}
|
|
if strings.HasPrefix(rule, "Default(") {
|
|
if fieldVal.CanSet() {
|
|
errors = setWithProperType(field.Type.Kind(), rule[8:len(rule)-1], fieldVal, field.Tag.Get("form"), errors)
|
|
} else {
|
|
errors.Add([]string{field.Name}, ERR_EXCLUDE, "Default")
|
|
}
|
|
break
|
|
}
|
|
}
|
|
|
|
return errors
|
|
}
|
|
|
|
VALIDATE_RULES:
|
|
for _, rule := range rules {
|
|
if len(rule) == 0 {
|
|
continue
|
|
}
|
|
|
|
switch {
|
|
case rule == "Required":
|
|
continue
|
|
case strings.HasPrefix(rule, "Default("):
|
|
continue
|
|
case rule == "OmitEmpty": // legacy
|
|
continue
|
|
|
|
case rule == "AlphaDash":
|
|
if AlphaDashPattern.MatchString(fmt.Sprintf("%v", fieldValue)) {
|
|
errors.Add([]string{field.Name}, ERR_ALPHA_DASH, "AlphaDash")
|
|
break VALIDATE_RULES
|
|
}
|
|
case rule == "AlphaDashDot":
|
|
if AlphaDashDotPattern.MatchString(fmt.Sprintf("%v", fieldValue)) {
|
|
errors.Add([]string{field.Name}, ERR_ALPHA_DASH_DOT, "AlphaDashDot")
|
|
break VALIDATE_RULES
|
|
}
|
|
case strings.HasPrefix(rule, "Size("):
|
|
size, _ := strconv.Atoi(rule[5 : len(rule)-1])
|
|
if str, ok := fieldValue.(string); ok && utf8.RuneCountInString(str) != size {
|
|
errors.Add([]string{field.Name}, ERR_SIZE, "Size")
|
|
break VALIDATE_RULES
|
|
}
|
|
if fieldVal.Kind() == reflect.Slice && fieldVal.Len() != size {
|
|
errors.Add([]string{field.Name}, ERR_SIZE, "Size")
|
|
break VALIDATE_RULES
|
|
}
|
|
case strings.HasPrefix(rule, "MinSize("):
|
|
min, _ := strconv.Atoi(rule[8 : len(rule)-1])
|
|
if str, ok := fieldValue.(string); ok && utf8.RuneCountInString(str) < min {
|
|
errors.Add([]string{field.Name}, ERR_MIN_SIZE, "MinSize")
|
|
break VALIDATE_RULES
|
|
}
|
|
if fieldVal.Kind() == reflect.Slice && fieldVal.Len() < min {
|
|
errors.Add([]string{field.Name}, ERR_MIN_SIZE, "MinSize")
|
|
break VALIDATE_RULES
|
|
}
|
|
case strings.HasPrefix(rule, "MaxSize("):
|
|
max, _ := strconv.Atoi(rule[8 : len(rule)-1])
|
|
if str, ok := fieldValue.(string); ok && utf8.RuneCountInString(str) > max {
|
|
errors.Add([]string{field.Name}, ERR_MAX_SIZE, "MaxSize")
|
|
break VALIDATE_RULES
|
|
}
|
|
if fieldVal.Kind() == reflect.Slice && fieldVal.Len() > max {
|
|
errors.Add([]string{field.Name}, ERR_MAX_SIZE, "MaxSize")
|
|
break VALIDATE_RULES
|
|
}
|
|
case strings.HasPrefix(rule, "Range("):
|
|
nums := strings.Split(rule[6:len(rule)-1], ",")
|
|
if len(nums) != 2 {
|
|
break VALIDATE_RULES
|
|
}
|
|
val := com.StrTo(fmt.Sprintf("%v", fieldValue)).MustInt()
|
|
if val < com.StrTo(nums[0]).MustInt() || val > com.StrTo(nums[1]).MustInt() {
|
|
errors.Add([]string{field.Name}, ERR_RANGE, "Range")
|
|
break VALIDATE_RULES
|
|
}
|
|
case rule == "Email":
|
|
if !EmailPattern.MatchString(fmt.Sprintf("%v", fieldValue)) {
|
|
errors.Add([]string{field.Name}, ERR_EMAIL, "Email")
|
|
break VALIDATE_RULES
|
|
}
|
|
case rule == "Url":
|
|
str := fmt.Sprintf("%v", fieldValue)
|
|
if !isURL(str) {
|
|
errors.Add([]string{field.Name}, ERR_URL, "Url")
|
|
break VALIDATE_RULES
|
|
}
|
|
case strings.HasPrefix(rule, "In("):
|
|
if !in(fieldValue, rule[3:len(rule)-1]) {
|
|
errors.Add([]string{field.Name}, ERR_IN, "In")
|
|
break VALIDATE_RULES
|
|
}
|
|
case strings.HasPrefix(rule, "NotIn("):
|
|
if in(fieldValue, rule[6:len(rule)-1]) {
|
|
errors.Add([]string{field.Name}, ERR_NOT_INT, "NotIn")
|
|
break VALIDATE_RULES
|
|
}
|
|
case strings.HasPrefix(rule, "Include("):
|
|
if !strings.Contains(fmt.Sprintf("%v", fieldValue), rule[8:len(rule)-1]) {
|
|
errors.Add([]string{field.Name}, ERR_INCLUDE, "Include")
|
|
break VALIDATE_RULES
|
|
}
|
|
case strings.HasPrefix(rule, "Exclude("):
|
|
if strings.Contains(fmt.Sprintf("%v", fieldValue), rule[8:len(rule)-1]) {
|
|
errors.Add([]string{field.Name}, ERR_EXCLUDE, "Exclude")
|
|
break VALIDATE_RULES
|
|
}
|
|
default:
|
|
// Apply custom validation rules
|
|
var isValid bool
|
|
for i := range ruleMapper {
|
|
if ruleMapper[i].IsMatch(rule) {
|
|
isValid, errors = ruleMapper[i].IsValid(errors, field.Name, fieldValue)
|
|
if !isValid {
|
|
break VALIDATE_RULES
|
|
}
|
|
}
|
|
}
|
|
for i := range paramRuleMapper {
|
|
if paramRuleMapper[i].IsMatch(rule) {
|
|
isValid, errors = paramRuleMapper[i].IsValid(errors, rule, field.Name, fieldValue)
|
|
if !isValid {
|
|
break VALIDATE_RULES
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return errors
|
|
}
|
|
|
|
// NameMapper represents a form tag name mapper.
|
|
type NameMapper func(string) string
|
|
|
|
var (
|
|
nameMapper = func(field string) string {
|
|
newstr := make([]rune, 0, len(field))
|
|
for i, chr := range field {
|
|
if isUpper := 'A' <= chr && chr <= 'Z'; isUpper {
|
|
if i > 0 {
|
|
newstr = append(newstr, '_')
|
|
}
|
|
chr -= ('A' - 'a')
|
|
}
|
|
newstr = append(newstr, chr)
|
|
}
|
|
return string(newstr)
|
|
}
|
|
)
|
|
|
|
// SetNameMapper sets name mapper.
|
|
func SetNameMapper(nm NameMapper) {
|
|
nameMapper = nm
|
|
}
|
|
|
|
// Takes values from the form data and puts them into a struct
|
|
func mapForm(formStruct reflect.Value, form map[string][]string,
|
|
formfile map[string][]*multipart.FileHeader, errors Errors) Errors {
|
|
|
|
if formStruct.Kind() == reflect.Ptr {
|
|
formStruct = formStruct.Elem()
|
|
}
|
|
typ := formStruct.Type()
|
|
|
|
for i := 0; i < typ.NumField(); i++ {
|
|
typeField := typ.Field(i)
|
|
structField := formStruct.Field(i)
|
|
|
|
if typeField.Type.Kind() == reflect.Ptr && typeField.Anonymous {
|
|
structField.Set(reflect.New(typeField.Type.Elem()))
|
|
errors = mapForm(structField.Elem(), form, formfile, errors)
|
|
if reflect.DeepEqual(structField.Elem().Interface(), reflect.Zero(structField.Elem().Type()).Interface()) {
|
|
structField.Set(reflect.Zero(structField.Type()))
|
|
}
|
|
} else if typeField.Type.Kind() == reflect.Struct {
|
|
errors = mapForm(structField, form, formfile, errors)
|
|
}
|
|
|
|
inputFieldName := parseFormName(typeField.Name, typeField.Tag.Get("form"))
|
|
if len(inputFieldName) == 0 || !structField.CanSet() {
|
|
continue
|
|
}
|
|
|
|
inputValue, exists := form[inputFieldName]
|
|
if exists {
|
|
numElems := len(inputValue)
|
|
if structField.Kind() == reflect.Slice && numElems > 0 {
|
|
sliceOf := structField.Type().Elem().Kind()
|
|
slice := reflect.MakeSlice(structField.Type(), numElems, numElems)
|
|
for i := 0; i < numElems; i++ {
|
|
errors = setWithProperType(sliceOf, inputValue[i], slice.Index(i), inputFieldName, errors)
|
|
}
|
|
formStruct.Field(i).Set(slice)
|
|
} else {
|
|
errors = setWithProperType(typeField.Type.Kind(), inputValue[0], structField, inputFieldName, errors)
|
|
}
|
|
continue
|
|
}
|
|
|
|
inputFile, exists := formfile[inputFieldName]
|
|
if !exists {
|
|
continue
|
|
}
|
|
fhType := reflect.TypeOf((*multipart.FileHeader)(nil))
|
|
numElems := len(inputFile)
|
|
if structField.Kind() == reflect.Slice && numElems > 0 && structField.Type().Elem() == fhType {
|
|
slice := reflect.MakeSlice(structField.Type(), numElems, numElems)
|
|
for i := 0; i < numElems; i++ {
|
|
slice.Index(i).Set(reflect.ValueOf(inputFile[i]))
|
|
}
|
|
structField.Set(slice)
|
|
} else if structField.Type() == fhType {
|
|
structField.Set(reflect.ValueOf(inputFile[0]))
|
|
}
|
|
}
|
|
return errors
|
|
}
|
|
|
|
// This sets the value in a struct of an indeterminate type to the
|
|
// matching value from the request (via Form middleware) in the
|
|
// same type, so that not all deserialized values have to be strings.
|
|
// Supported types are string, int, float, and bool.
|
|
func setWithProperType(valueKind reflect.Kind, val string, structField reflect.Value, nameInTag string, errors Errors) Errors {
|
|
switch valueKind {
|
|
case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
|
|
if val == "" {
|
|
val = "0"
|
|
}
|
|
intVal, err := strconv.ParseInt(val, 10, 64)
|
|
if err != nil {
|
|
errors.Add([]string{nameInTag}, ERR_INTERGER_TYPE, "Value could not be parsed as integer")
|
|
} else {
|
|
structField.SetInt(intVal)
|
|
}
|
|
case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
|
|
if val == "" {
|
|
val = "0"
|
|
}
|
|
uintVal, err := strconv.ParseUint(val, 10, 64)
|
|
if err != nil {
|
|
errors.Add([]string{nameInTag}, ERR_INTERGER_TYPE, "Value could not be parsed as unsigned integer")
|
|
} else {
|
|
structField.SetUint(uintVal)
|
|
}
|
|
case reflect.Bool:
|
|
if val == "on" {
|
|
structField.SetBool(true)
|
|
break
|
|
}
|
|
|
|
if val == "" {
|
|
val = "false"
|
|
}
|
|
boolVal, err := strconv.ParseBool(val)
|
|
if err != nil {
|
|
errors.Add([]string{nameInTag}, ERR_BOOLEAN_TYPE, "Value could not be parsed as boolean")
|
|
} else if boolVal {
|
|
structField.SetBool(true)
|
|
}
|
|
case reflect.Float32:
|
|
if val == "" {
|
|
val = "0.0"
|
|
}
|
|
floatVal, err := strconv.ParseFloat(val, 32)
|
|
if err != nil {
|
|
errors.Add([]string{nameInTag}, ERR_FLOAT_TYPE, "Value could not be parsed as 32-bit float")
|
|
} else {
|
|
structField.SetFloat(floatVal)
|
|
}
|
|
case reflect.Float64:
|
|
if val == "" {
|
|
val = "0.0"
|
|
}
|
|
floatVal, err := strconv.ParseFloat(val, 64)
|
|
if err != nil {
|
|
errors.Add([]string{nameInTag}, ERR_FLOAT_TYPE, "Value could not be parsed as 64-bit float")
|
|
} else {
|
|
structField.SetFloat(floatVal)
|
|
}
|
|
case reflect.String:
|
|
structField.SetString(val)
|
|
}
|
|
return errors
|
|
}
|
|
|
|
// Pointers must be bind to.
|
|
func ensurePointer(obj interface{}) {
|
|
if reflect.TypeOf(obj).Kind() != reflect.Ptr {
|
|
panic("Pointers are only accepted as binding models")
|
|
}
|
|
}
|
|
|
|
type (
|
|
// ErrorHandler is the interface that has custom error handling process.
|
|
ErrorHandler interface {
|
|
// Error handles validation errors with custom process.
|
|
Error(*http.Request, Errors)
|
|
}
|
|
|
|
// Validator is the interface that handles some rudimentary
|
|
// request validation logic so your application doesn't have to.
|
|
Validator interface {
|
|
// Validate validates that the request is OK. It is recommended
|
|
// that validation be limited to checking values for syntax and
|
|
// semantics, enough to know that you can make sense of the request
|
|
// in your application. For example, you might verify that a credit
|
|
// card number matches a valid pattern, but you probably wouldn't
|
|
// perform an actual credit card authorization here.
|
|
Validate(*http.Request, Errors) Errors
|
|
}
|
|
)
|