diff options
Diffstat (limited to 'internal/api')
| -rw-r--r-- | internal/api/client/app/appcreate.go | 15 | ||||
| -rw-r--r-- | internal/api/client/auth/auth.go | 1 | ||||
| -rw-r--r-- | internal/api/client/auth/callback.go | 4 | ||||
| -rw-r--r-- | internal/api/client/status/status.go | 13 | ||||
| -rw-r--r-- | internal/api/s2s/user/outboxget.go | 5 | ||||
| -rw-r--r-- | internal/api/s2s/user/repliesget.go | 5 | ||||
| -rw-r--r-- | internal/api/security/useragentblock.go | 3 |
7 files changed, 24 insertions, 22 deletions
diff --git a/internal/api/client/app/appcreate.go b/internal/api/client/app/appcreate.go index 0c9407ae1..c23a838f4 100644 --- a/internal/api/client/app/appcreate.go +++ b/internal/api/client/app/appcreate.go @@ -20,14 +20,22 @@ package app import ( "fmt" - "github.com/sirupsen/logrus" "net/http" + "github.com/sirupsen/logrus" + "github.com/gin-gonic/gin" "github.com/superseriousbusiness/gotosocial/internal/api/model" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) +const ( + // permitted length for most fields + formFieldLen = 64 + // redirect can be a bit bigger because we probably need to encode data in the redirect uri + formRedirectLen = 512 +) + // AppsPOSTHandler swagger:operation POST /api/v1/apps appCreate // // Register a new application on this instance. @@ -79,11 +87,6 @@ func (m *Module) AppsPOSTHandler(c *gin.Context) { return } - // permitted length for most fields - formFieldLen := 64 - // redirect can be a bit bigger because we probably need to encode data in the redirect uri - formRedirectLen := 512 - // check lengths of fields before proceeding so the user can't spam huge entries into the database if len(form.ClientName) > formFieldLen { c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("client_name must be less than %d bytes", formFieldLen)}) diff --git a/internal/api/client/auth/auth.go b/internal/api/client/auth/auth.go index c183576f8..4b8b7101e 100644 --- a/internal/api/client/auth/auth.go +++ b/internal/api/client/auth/auth.go @@ -29,6 +29,7 @@ import ( "github.com/superseriousbusiness/gotosocial/internal/router" ) +/* #nosec G101 */ const ( // AuthSignInPath is the API path for users to sign in through AuthSignInPath = "/auth/sign_in" diff --git a/internal/api/client/auth/callback.go b/internal/api/client/auth/callback.go index 322ba5fc9..286bcd935 100644 --- a/internal/api/client/auth/callback.go +++ b/internal/api/client/auth/callback.go @@ -182,7 +182,7 @@ func (m *Module) parseUserFromClaims(ctx context.Context, claims *oidc.Claims, i // // note that for the first iteration, iString is still "" when the check is made, so our first choice // is still the raw username with no integer stuck on the end - for i := 1; !found; i = i + 1 { + for i := 1; !found; i++ { usernameAvailable, err := m.db.IsUsernameAvailable(ctx, username+iString) if err != nil { return nil, err @@ -190,7 +190,7 @@ func (m *Module) parseUserFromClaims(ctx context.Context, claims *oidc.Claims, i if usernameAvailable { // no error so we've found a username that works found = true - username = username + iString + username += iString continue } iString = strconv.Itoa(i) diff --git a/internal/api/client/status/status.go b/internal/api/client/status/status.go index cf6687efb..6c7f077e1 100644 --- a/internal/api/client/status/status.go +++ b/internal/api/client/status/status.go @@ -19,10 +19,11 @@ package status import ( - "github.com/sirupsen/logrus" "net/http" "strings" + "github.com/sirupsen/logrus" + "github.com/gin-gonic/gin" "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/config" @@ -110,13 +111,13 @@ func (m *Module) muxHandler(c *gin.Context) { logrus.Debug("entering mux handler") ru := c.Request.RequestURI - switch c.Request.Method { - case http.MethodGet: - if strings.HasPrefix(ru, ContextPath) { + if c.Request.Method == http.MethodGet { + switch { + case strings.HasPrefix(ru, ContextPath): // TODO - } else if strings.HasPrefix(ru, FavouritedPath) { + case strings.HasPrefix(ru, FavouritedPath): m.StatusFavedByGETHandler(c) - } else { + default: m.StatusGETHandler(c) } } diff --git a/internal/api/s2s/user/outboxget.go b/internal/api/s2s/user/outboxget.go index 46f9d2ded..8b3fecfdd 100644 --- a/internal/api/s2s/user/outboxget.go +++ b/internal/api/s2s/user/outboxget.go @@ -90,9 +90,8 @@ func (m *Module) OutboxGETHandler(c *gin.Context) { return } - page := false - pageString := c.Query(PageKey) - if pageString != "" { + var page bool + if pageString := c.Query(PageKey); pageString != "" { i, err := strconv.ParseBool(pageString) if err != nil { l.Debugf("error parsing page string: %s", err) diff --git a/internal/api/s2s/user/repliesget.go b/internal/api/s2s/user/repliesget.go index e6328a26b..fd3c680f1 100644 --- a/internal/api/s2s/user/repliesget.go +++ b/internal/api/s2s/user/repliesget.go @@ -102,9 +102,8 @@ func (m *Module) StatusRepliesGETHandler(c *gin.Context) { return } - page := false - pageString := c.Query(PageKey) - if pageString != "" { + var page bool + if pageString := c.Query(PageKey); pageString != "" { i, err := strconv.ParseBool(pageString) if err != nil { l.Debugf("error parsing page string: %s", err) diff --git a/internal/api/security/useragentblock.go b/internal/api/security/useragentblock.go index bc9586199..1d1fff736 100644 --- a/internal/api/security/useragentblock.go +++ b/internal/api/security/useragentblock.go @@ -31,8 +31,7 @@ func (m *Module) UserAgentBlock(c *gin.Context) { "func": "UserAgentBlock", }) - ua := c.Request.UserAgent() - if ua == "" { + if ua := c.Request.UserAgent(); ua == "" { l.Debug("aborting request because there's no user-agent set") c.AbortWithStatus(http.StatusTeapot) return |