From cf9678d7126e1951f9e4aabaa30d7350eb76973b Mon Sep 17 00:00:00 2001 From: Bennett Wetters Date: Mon, 15 Jan 2024 23:18:34 +0100 Subject: [PATCH] Actually end the connection when request checks fail --- handlers/sensors.go | 13 ++++++++----- handlers/state.go | 13 ++++++++----- handlers/util.go | 23 ++++++++++------------- 3 files changed, 26 insertions(+), 23 deletions(-) diff --git a/handlers/sensors.go b/handlers/sensors.go index 753574b..0c30346 100644 --- a/handlers/sensors.go +++ b/handlers/sensors.go @@ -17,14 +17,17 @@ func EnvironmentSensor( resp *types.EnvironmentSensor, ) func(http.ResponseWriter, *http.Request) { return func(w http.ResponseWriter, r *http.Request) { - body := string(updateEndpointValidator(authDB, validCredentials, w, r)) + body, err := updateEndpointValidator(authDB, validCredentials, w, r) + if err != nil { + log.Println(err) + return + } // Parse request body - newState, err := strconv.ParseFloat(body, 64) + newState, err := strconv.ParseFloat(string(body), 64) if err != nil || math.IsInf(newState, 0) { - log.Println("Failed to parse request body from", r.RemoteAddr, "body:", body) - w.WriteHeader(http.StatusBadRequest) - _, _ = io.WriteString(w, "HTTP request body has to be a valid float64 value != +/-Inf") + log.Println("Failed to parse request body from", r.RemoteAddr, "with error:", err) + http.Error(w, "HTTP request body has to be a valid float64 value != +/-Inf", http.StatusBadRequest) return } diff --git a/handlers/state.go b/handlers/state.go index 5db5d99..72384e5 100644 --- a/handlers/state.go +++ b/handlers/state.go @@ -16,14 +16,17 @@ func StateOpen( resp *types.SpaceState, ) func(http.ResponseWriter, *http.Request) { return func(w http.ResponseWriter, r *http.Request) { - body := string(updateEndpointValidator(authDB, validCredentials, w, r)) + body, err := updateEndpointValidator(authDB, validCredentials, w, r) + if err != nil { + log.Println(err) + return + } // Parse request body - newState, err := strconv.ParseBool(body) + newState, err := strconv.ParseBool(string(body)) if err != nil { - log.Println("Failed to parse request body from", r.RemoteAddr, "body:", body) - w.WriteHeader(http.StatusBadRequest) - _, _ = io.WriteString(w, "HTTP request body should either be true or false") + log.Println("Failed to parse request body from", r.RemoteAddr, "with error:", err) + http.Error(w, "HTTP request body should either be true or false", http.StatusBadRequest) return } diff --git a/handlers/util.go b/handlers/util.go index 927b6c9..ffc4801 100644 --- a/handlers/util.go +++ b/handlers/util.go @@ -1,8 +1,9 @@ package handlers import ( + "errors" + "fmt" "io" - "log" "net/http" "gitlab.hamburg.ccc.de/ccchh/spaceapid/config" @@ -14,32 +15,28 @@ import ( func updateEndpointValidator( authDB config.HTTPBACredentials, validCredentials []config.HTTPBACredentialID, w http.ResponseWriter, r *http.Request, -) (body []byte) { +) ([]byte, error) { // Check BasicAuth credentials username, password, ok := r.BasicAuth() if !ok || !util.CheckCredentials(authDB, validCredentials, username, password) { - log.Println("Unauthorized request from", r.RemoteAddr, "Username:", username, "Password:", password) w.Header().Set("WWW-Authenticate", "Basic realm=\"space-api\"") - w.WriteHeader(http.StatusUnauthorized) - return + http.Error(w, "", http.StatusUnauthorized) + return []byte{}, errors.New(fmt.Sprintf("Unauthorized request from %s Username: %s Password: %s", r.RemoteAddr, username, password)) } // Check if PUT method if r.Method != http.MethodPut { - log.Println("Wrong Method: ", r.Method, "from", r.RemoteAddr, "at", r.RequestURI) w.Header().Set("Allow", http.MethodPut) - w.WriteHeader(http.StatusMethodNotAllowed) - return + http.Error(w, "", http.StatusMethodNotAllowed) + return []byte{}, errors.New(fmt.Sprintf("Wrong Method: %s from %s at %s", r.Method, r.RemoteAddr, r.RequestURI)) } // Read request body body, err := io.ReadAll(r.Body) if err != nil { - log.Println("Failed to read request body from", r.RemoteAddr) - w.WriteHeader(http.StatusInternalServerError) - _, _ = io.WriteString(w, "Failed reading HTTP request body") - return + http.Error(w, "", http.StatusInternalServerError) + return []byte{}, errors.New(fmt.Sprintf("Failed to read request body from %s with error: %s", r.RemoteAddr, err)) } - return body + return body, nil } -- 2.44.1