diff options
| author | Tyler Murphy <tylermurphy534@gmail.com> | 2023-01-26 21:29:06 -0500 |
|---|---|---|
| committer | Tyler Murphy <tylermurphy534@gmail.com> | 2023-01-26 21:29:06 -0500 |
| commit | 6bea3bf2ef31f978b98848a5f2a045dcab0cc2f0 (patch) | |
| tree | 76e6eda59aa43378f5744fd08962b9767147671f /src/types | |
| parent | i did things (diff) | |
| download | xssbook-6bea3bf2ef31f978b98848a5f2a045dcab0cc2f0.tar.gz xssbook-6bea3bf2ef31f978b98848a5f2a045dcab0cc2f0.tar.bz2 xssbook-6bea3bf2ef31f978b98848a5f2a045dcab0cc2f0.zip | |
input length and range checking
Diffstat (limited to 'src/types')
| -rw-r--r-- | src/types/extract.rs | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/src/types/extract.rs b/src/types/extract.rs index 6518ca1..bb50aa7 100644 --- a/src/types/extract.rs +++ b/src/types/extract.rs @@ -38,7 +38,7 @@ pub struct Json<T>(pub T); #[async_trait] impl<T, S, B> FromRequest<S, B> for Json<T> where - T: DeserializeOwned, + T: DeserializeOwned + Check, B: HttpBody + Send + 'static, B::Data: Send, B::Error: Into<BoxError>, @@ -56,10 +56,35 @@ impl<T, S, B> FromRequest<S, B> for Json<T> where return Err(ResponseCode::BadRequest.msg("Invalid utf8 body")) }; - let Ok(value) = serde_json::from_str(&string) else { + let Ok(value) = serde_json::from_str::<T>(&string) else { return Err(ResponseCode::BadRequest.msg("Invalid request body")) }; + if let Err(msg) = value.check() { + return Err(ResponseCode::BadRequest.msg(&msg)); + } + Ok(Json(value)) } -}
\ No newline at end of file +} + +pub type CheckResult = std::result::Result<(), String>; + +pub trait Check { + + fn check(&self) -> CheckResult; + + fn assert_length(string: &str, min: usize, max: usize, message: &str) -> CheckResult { + if string.len() < min || string.len() > max { + return Err(message.to_string()) + } + Ok(()) + } + + fn assert_range(number: u64, min: u64, max: u64, message: &str) -> CheckResult { + if number < min || number > max { + return Err(message.to_string()) + } + Ok(()) + } +}
\ No newline at end of file |