mirror of
https://github.com/matrix-org/dendrite
synced 2024-12-15 06:03:44 +01:00
c4c8bfd027
* reject invalid UTF-8 Signed-off-by: Jonas Fentker <jonas@fentker.eu> * update sytest-whitelist Signed-off-by: Jonas Fentker <jonas@fentker.eu> Co-authored-by: Kegsay <kegan@matrix.org>
56 lines
1.9 KiB
Go
56 lines
1.9 KiB
Go
// Copyright 2017 Vector Creations Ltd
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package httputil
|
|
|
|
import (
|
|
"encoding/json"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"unicode/utf8"
|
|
|
|
"github.com/matrix-org/dendrite/clientapi/jsonerror"
|
|
"github.com/matrix-org/util"
|
|
)
|
|
|
|
// UnmarshalJSONRequest into the given interface pointer. Returns an error JSON response if
|
|
// there was a problem unmarshalling. Calling this function consumes the request body.
|
|
func UnmarshalJSONRequest(req *http.Request, iface interface{}) *util.JSONResponse {
|
|
// encoding/json allows invalid utf-8, matrix does not
|
|
// https://matrix.org/docs/spec/client_server/r0.6.1#api-standards
|
|
body, err := ioutil.ReadAll(req.Body)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("ioutil.ReadAll failed")
|
|
resp := jsonerror.InternalServerError()
|
|
return &resp
|
|
}
|
|
|
|
if !utf8.Valid(body) {
|
|
return &util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: jsonerror.NotJSON("Body contains invalid UTF-8"),
|
|
}
|
|
}
|
|
|
|
if err := json.Unmarshal(body, iface); err != nil {
|
|
// TODO: We may want to suppress the Error() return in production? It's useful when
|
|
// debugging because an error will be produced for both invalid/malformed JSON AND
|
|
// valid JSON with incorrect types for values.
|
|
return &util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: jsonerror.BadJSON("The request body could not be decoded into valid JSON. " + err.Error()),
|
|
}
|
|
}
|
|
return nil
|
|
}
|