diff options
| author | Xe Iaso <me@xeiaso.net> | 2024-01-28 13:21:49 -0500 |
|---|---|---|
| committer | Xe Iaso <me@xeiaso.net> | 2024-01-28 13:24:36 -0500 |
| commit | 2f5df3bf784fc77abd1336301bdb38d3bd318387 (patch) | |
| tree | bdd8108f03b05c3c05c8d0251c7b6ac3706b56fc /internal/accept_encoding.go | |
| parent | 57bd9082dd4f01fab353db4485819a2f87416245 (diff) | |
| download | xesite-2f5df3bf784fc77abd1336301bdb38d3bd318387.tar.xz xesite-2f5df3bf784fc77abd1336301bdb38d3bd318387.zip | |
internal: add validation for referers and accept-encoding
Signed-off-by: Xe Iaso <me@xeiaso.net>
Diffstat (limited to 'internal/accept_encoding.go')
| -rw-r--r-- | internal/accept_encoding.go | 89 |
1 files changed, 88 insertions, 1 deletions
diff --git a/internal/accept_encoding.go b/internal/accept_encoding.go index 9eca7ed..395cf24 100644 --- a/internal/accept_encoding.go +++ b/internal/accept_encoding.go @@ -3,21 +3,108 @@ package internal import ( "expvar" "net/http" + "strconv" + "strings" "tailscale.com/metrics" ) var ( acceptEncodings = &metrics.LabelMap{Label: "encoding"} + + validEncodings = []string{ + "gzip", + "x-gzip", + "deflate", + "br", + "identity", + "snappy", + "bzip2", + "lzma", + "zstd", + } ) func init() { expvar.Publish("gauge_xesite_accept_encoding", acceptEncodings) } +func inValidEncodings(enc string) bool { + for _, validEnc := range validEncodings { + if enc == validEnc { + return true + } + } + return false +} + func AcceptEncodingMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - acceptEncodings.Add(r.Header.Get("Accept-Encoding"), 1) + for _, enc := range ParseAcceptEncoding(r.Header.Get("Accept-Encoding")) { + if !inValidEncodings(enc.Encoding) { + continue + } + acceptEncodings.Add(enc.Encoding, 1) + } + next.ServeHTTP(w, r) }) } + +type EncodingQ struct { + Encoding string + Q float64 +} + +func ParseAcceptEncoding(acptEnc string) []EncodingQ { + var eqs []EncodingQ + + encQStrs := strings.Split(acptEnc, ",") + for _, encQStr := range encQStrs { + trimedEncQStr := strings.Trim(encQStr, " ") + + encQ := strings.Split(trimedEncQStr, ";") + if len(encQ) == 1 { + eq := EncodingQ{encQ[0], 1} + eqs = append(eqs, eq) + } else { + qp := strings.Split(encQ[1], "=") + q, err := strconv.ParseFloat(qp[1], 64) + if err != nil { + panic(err) + } + eq := EncodingQ{encQ[0], q} + eqs = append(eqs, eq) + } + } + return eqs +} + +type LangQ struct { + Lang string + Q float64 +} + +func ParseAcceptLanguage(acptLang string) []LangQ { + var lqs []LangQ + + langQStrs := strings.Split(acptLang, ",") + for _, langQStr := range langQStrs { + trimedLangQStr := strings.Trim(langQStr, " ") + + langQ := strings.Split(trimedLangQStr, ";") + if len(langQ) == 1 { + lq := LangQ{langQ[0], 1} + lqs = append(lqs, lq) + } else { + qp := strings.Split(langQ[1], "=") + q, err := strconv.ParseFloat(qp[1], 64) + if err != nil { + panic(err) + } + lq := LangQ{langQ[0], q} + lqs = append(lqs, lq) + } + } + return lqs +} |