From 03f316e06e83c5038c24cea52077a1c01c37c846 Mon Sep 17 00:00:00 2001 From: Hugo Thunnissen Date: Sat, 23 Nov 2019 14:08:08 +0100 Subject: [PATCH] Check if hostname is valid --- auth_request_client.go | 35 +++++++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/auth_request_client.go b/auth_request_client.go index 955ef3d..47f9af1 100644 --- a/auth_request_client.go +++ b/auth_request_client.go @@ -4,13 +4,15 @@ import ( "encoding/json" "errors" "fmt" + "regexp" "github.com/gorilla/websocket" ) const ( - MSG_TYPE_AUTH string = "auth" - MSG_TYPE_SET_ID string = "set-id" + MSG_TYPE_AUTH string = "auth" + MSG_TYPE_SET_ID string = "set-id" + MSG_TYPE_INVALID_HOST string = "invalid-host" ) type AuthRequestClient struct { @@ -19,8 +21,8 @@ type AuthRequestClient struct { } type AuthRequestProtocolMessage struct { - MessageType string `json:"type"` - Parameters map[string]string + MessageType string `json:"type"` + Parameters map[string]string `json:"parameters"` } func (c *AuthRequestClient) ReceiveRequest() (*AuthRequest, error) { @@ -40,15 +42,23 @@ func (c *AuthRequestClient) ReceiveRequest() (*AuthRequest, error) { ) } - instance, ok := message.Parameters["instance"] + host, ok := message.Parameters["host"] - if !ok { - return nil, errors.New("No \"instance\" parameter included in auth request parameters") + if !ok || !validHost(host) { + response := &AuthRequestProtocolMessage{ + MessageType: MSG_TYPE_INVALID_HOST, + Parameters: make(map[string]string), + } + + c.conn.WriteJSON(response) + + // Invalid or no host provided, let's try again + return c.ReceiveRequest() } r := &AuthRequest{ Client: c, - Instance: instance, + Instance: host, } (*c.app.Logger).Info("Returning AuthRequest") @@ -92,3 +102,12 @@ func (c *AuthRequestClient) PropagateID(ID string) error { func (c *AuthRequestClient) Close() { c.conn.Close() } + +func validHost(host string) bool { + re, _ := regexp.Compile(`^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$`) + + if re.MatchString(host) { + return true + } + return false +}