diff options
author | Chris <ccbrown112@gmail.com> | 2018-02-07 11:05:46 -0600 |
---|---|---|
committer | Harrison Healey <harrisonmhealey@gmail.com> | 2018-02-07 12:05:46 -0500 |
commit | eff65aa05c74e93533c2504b8141b0474011e68c (patch) | |
tree | 60bec436bb92818bb1498fe2e7e4083ab13b7142 /utils/api.go | |
parent | 7bd298ceaa24c0721e0acd65692cb2d1ca4983f3 (diff) | |
download | chat-eff65aa05c74e93533c2504b8141b0474011e68c.tar.gz chat-eff65aa05c74e93533c2504b8141b0474011e68c.tar.bz2 chat-eff65aa05c74e93533c2504b8141b0474011e68c.zip |
ABC-132: sign error page parameters (#8197)
* sign error page parameters
* add comments
Diffstat (limited to 'utils/api.go')
-rw-r--r-- | utils/api.go | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/utils/api.go b/utils/api.go index 005c3284b..51524074d 100644 --- a/utils/api.go +++ b/utils/api.go @@ -4,6 +4,9 @@ package utils import ( + "crypto" + "crypto/rand" + "encoding/base64" "fmt" "html/template" "net/http" @@ -32,13 +35,25 @@ func OriginChecker(allowedOrigins string) func(*http.Request) bool { } } -func RenderWebError(err *model.AppError, w http.ResponseWriter, r *http.Request) { - status := http.StatusTemporaryRedirect - if err.StatusCode != http.StatusInternalServerError { - status = err.StatusCode +func RenderWebAppError(w http.ResponseWriter, r *http.Request, err *model.AppError, s crypto.Signer) { + RenderWebError(w, r, err.StatusCode, url.Values{ + "message": []string{err.Message}, + }, s) +} + +func RenderWebError(w http.ResponseWriter, r *http.Request, status int, params url.Values, s crypto.Signer) { + queryString := params.Encode() + + h := crypto.SHA256 + sum := h.New() + sum.Write([]byte("/error?" + queryString)) + signature, err := s.Sign(rand.Reader, sum.Sum(nil), h) + if err != nil { + http.Error(w, "", http.StatusInternalServerError) + return } + destination := strings.TrimRight(GetSiteURL(), "/") + "/error?" + queryString + "&s=" + base64.URLEncoding.EncodeToString(signature) - destination := strings.TrimRight(GetSiteURL(), "/") + "/error?message=" + url.QueryEscape(err.Message) if status >= 300 && status < 400 { http.Redirect(w, r, destination, status) return |