move path check to app access manager

2023-11-11 11:41:47 +05:30 · 2023-11-11 11:41:47 +05:30 · ea14212337
commit ea14212337
parent dc0a59fcf2
2 changed files with 8 additions and 12 deletions
--- a/src/main/kotlin/com/restapi/AppAccessManager.kt
+++ b/src/main/kotlin/com/restapi/AppAccessManager.kt
@ -2,6 +2,7 @@ package com.restapi

 import io.javalin.http.Context
 import io.javalin.http.Handler
+import io.javalin.http.HttpStatus
 import io.javalin.security.AccessManager
 import io.javalin.security.RouteRole
 import org.slf4j.LoggerFactory
@ -10,6 +11,12 @@ class AppAccessManager : AccessManager {
    private val logger = LoggerFactory.getLogger("Access")
    override fun manage(handler: Handler, ctx: Context, routeRoles: Set<RouteRole>) {
        logger.warn("access {}, {}", ctx.pathParamMap(), routeRoles)
-        handler.handle(ctx)
+        val regex = Regex("^[a-zA-Z0-9\\-_\\.]+$")
+
+        if(ctx.pathParamMap().values.count { !regex.matches(it) } > 0){
+         ctx.status(HttpStatus.FORBIDDEN).result("invalid request")
+        } else {
+            handler.handle(ctx)
+        }
    }
 }
--- a/src/main/kotlin/com/restapi/Main.kt
+++ b/src/main/kotlin/com/restapi/Main.kt
@ -103,17 +103,6 @@ fun main(args: Array<String>) {

                NaiveRateLimit.requestPerTimeUnit(ctx, appConfig.rateLimit().getOrDefault(30), TimeUnit.MINUTES) // throws if rate limit is exceeded

-                //allow only alpha, numeric, hypen, underscore, dot in paths
-                val regex = Regex("^[a-zA-Z0-9\\-_\\.]+$")
-
-                ctx.path().split("/")
-                    .dropWhile { it.isEmpty() }
-                    .forEach {
-                        if (!it.matches(regex)) {
-                            throw IllegalArgumentException()
-                        }
-                    }
-
                val authToken = ctx.header("Authorization")?.replace("Bearer ", "")
                    ?.replace("Bearer: ", "")
                    ?.trim() ?: throw UnauthorizedResponse()