diff options
author | George Goldberg <george@gberg.me> | 2018-02-13 13:35:52 +0000 |
---|---|---|
committer | George Goldberg <george@gberg.me> | 2018-02-13 13:46:01 +0000 |
commit | 5c101253c5987743cf1b3a8fe68814d748070622 (patch) | |
tree | e2632505d051e7d15d6daf974ed8ac92095f82fe /utils/api.go | |
parent | b7fc3d7d35ca4dd16097715a66463392a1dfaf0a (diff) | |
parent | d88d2bc2ed3aefa68b5ed2942f493ae42bb40bfa (diff) | |
download | chat-5c101253c5987743cf1b3a8fe68814d748070622.tar.gz chat-5c101253c5987743cf1b3a8fe68814d748070622.tar.bz2 chat-5c101253c5987743cf1b3a8fe68814d748070622.zip |
Merge branch 'master' into advanced-permissions-phase-1
Diffstat (limited to 'utils/api.go')
-rw-r--r-- | utils/api.go | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/utils/api.go b/utils/api.go index 005c3284b..51524074d 100644 --- a/utils/api.go +++ b/utils/api.go @@ -4,6 +4,9 @@ package utils import ( + "crypto" + "crypto/rand" + "encoding/base64" "fmt" "html/template" "net/http" @@ -32,13 +35,25 @@ func OriginChecker(allowedOrigins string) func(*http.Request) bool { } } -func RenderWebError(err *model.AppError, w http.ResponseWriter, r *http.Request) { - status := http.StatusTemporaryRedirect - if err.StatusCode != http.StatusInternalServerError { - status = err.StatusCode +func RenderWebAppError(w http.ResponseWriter, r *http.Request, err *model.AppError, s crypto.Signer) { + RenderWebError(w, r, err.StatusCode, url.Values{ + "message": []string{err.Message}, + }, s) +} + +func RenderWebError(w http.ResponseWriter, r *http.Request, status int, params url.Values, s crypto.Signer) { + queryString := params.Encode() + + h := crypto.SHA256 + sum := h.New() + sum.Write([]byte("/error?" + queryString)) + signature, err := s.Sign(rand.Reader, sum.Sum(nil), h) + if err != nil { + http.Error(w, "", http.StatusInternalServerError) + return } + destination := strings.TrimRight(GetSiteURL(), "/") + "/error?" + queryString + "&s=" + base64.URLEncoding.EncodeToString(signature) - destination := strings.TrimRight(GetSiteURL(), "/") + "/error?message=" + url.QueryEscape(err.Message) if status >= 300 && status < 400 { http.Redirect(w, r, destination, status) return |