From 1ffda21ae38d203e381bedbf7bdbbd69c9031062 Mon Sep 17 00:00:00 2001 From: Brian Picciano Date: Fri, 20 May 2022 14:54:26 -0600 Subject: Implement ratelimit on authentications --- srv/src/http/posts.go | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) (limited to 'srv/src/http/posts.go') diff --git a/srv/src/http/posts.go b/srv/src/http/posts.go index 0aea3e3..816e361 100644 --- a/srv/src/http/posts.go +++ b/srv/src/http/posts.go @@ -197,7 +197,7 @@ func (a *api) editPostHandler() http.Handler { }) } -func postFromPostReq(r *http.Request) post.Post { +func postFromPostReq(r *http.Request) (post.Post, error) { p := post.Post{ ID: r.PostFormValue("id"), @@ -207,18 +207,30 @@ func postFromPostReq(r *http.Request) post.Post { Series: r.PostFormValue("series"), } - p.Body = strings.TrimSpace(r.PostFormValue("body")) // textareas encode newlines as CRLF for historical reasons p.Body = strings.ReplaceAll(p.Body, "\r\n", "\n") + p.Body = strings.TrimSpace(r.PostFormValue("body")) + + if p.ID == "" || + p.Title == "" || + p.Description == "" || + p.Body == "" || + len(p.Tags) == 0 { + return post.Post{}, errors.New("ID, Title, Description, Tags, and Body are all required") + } - return p + return p, nil } func (a *api) postPostHandler() http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - p := postFromPostReq(r) + p, err := postFromPostReq(r) + if err != nil { + apiutil.BadRequest(rw, r, err) + return + } if err := a.params.PostStore.Set(p, time.Now()); err != nil { apiutil.InternalServerError( @@ -267,8 +279,14 @@ func (a *api) previewPostHandler() http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { + p, err := postFromPostReq(r) + if err != nil { + apiutil.BadRequest(rw, r, err) + return + } + storedPost := post.StoredPost{ - Post: postFromPostReq(r), + Post: p, PublishedAt: time.Now(), } -- cgit v1.2.3