Do not accept “subdirectories” for public campsite types URL

For now, it ends with the UUID or 404.
2023-10-18 20:58:52 +02:00 · 2023-10-18 20:58:52 +02:00 · 6e7df4ca79
parent 852acaccc3
commit 6e7df4ca79
1 changed files with 23 additions and 15 deletions
--- a/pkg/campsite/types/public.go
+++ b/pkg/campsite/types/public.go
@ -28,25 +28,33 @@ type PublicHandler struct {

 func (h *PublicHandler) Handler(user *auth.User, company *auth.Company, conn *database.Conn) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		var typeUuid string
+		typeUuid, r.URL.Path = httplib.ShiftPath(r.URL.Path)
+
+		if !uuid.Valid(typeUuid) {
+			http.NotFound(w, r)
+			return
+		}
+
 		var head string
 		head, r.URL.Path = httplib.ShiftPath(r.URL.Path)
-
-		switch r.Method {
-		case http.MethodGet:
-			if !uuid.Valid(head) {
-				http.NotFound(w, r)
-				return
+		switch head {
+		case "":
+			switch r.Method {
+			case http.MethodGet:
+				page, err := newPublicPage(r.Context(), company, conn, user.Locale, typeUuid)
+				if database.ErrorIsNotFound(err) {
+					http.NotFound(w, r)
+					return
+				} else if err != nil {
+					panic(err)
+				}
+				page.MustRender(w, r, user, company, conn)
+			default:
+				httplib.MethodNotAllowed(w, r, http.MethodGet)
 			}
-			page, err := newPublicPage(r.Context(), company, conn, user.Locale, head)
-			if database.ErrorIsNotFound(err) {
-				http.NotFound(w, r)
-				return
-			} else if err != nil {
-				panic(err)
-			}
-			page.MustRender(w, r, user, company, conn)
 		default:
-			httplib.MethodNotAllowed(w, r, http.MethodGet)
+			http.NotFound(w, r)
 		}
 	})
 }