move path check to app access manager

2023-11-11 11:41:47 +05:30
parent dc0a59fcf2
commit ea14212337
2 changed files with 8 additions and 12 deletions
--- a/src/main/kotlin/com/restapi/AppAccessManager.kt
+++ b/src/main/kotlin/com/restapi/AppAccessManager.kt
@@ -2,6 +2,7 @@ package com.restapi

 import io.javalin.http.Context
 import io.javalin.http.Handler
+import io.javalin.http.HttpStatus
 import io.javalin.security.AccessManager
 import io.javalin.security.RouteRole
 import org.slf4j.LoggerFactory
@@ -10,6 +11,12 @@ class AppAccessManager : AccessManager {
    private val logger = LoggerFactory.getLogger("Access")
    override fun manage(handler: Handler, ctx: Context, routeRoles: Set<RouteRole>) {
        logger.warn("access {}, {}", ctx.pathParamMap(), routeRoles)
-        handler.handle(ctx)
+        val regex = Regex("^[a-zA-Z0-9\\-_\\.]+$")
+
+        if(ctx.pathParamMap().values.count { !regex.matches(it) } > 0){
+         ctx.status(HttpStatus.FORBIDDEN).result("invalid request")
+        } else {
+            handler.handle(ctx)
+        }
    }
 }