Do not accept “subdirectories” for public campsite types URL

For now, it ends with the UUID or 404.
This commit is contained in:
jordi fita mas 2023-10-18 20:58:52 +02:00
parent 852acaccc3
commit 6e7df4ca79
1 changed files with 23 additions and 15 deletions

View File

@ -28,25 +28,33 @@ type PublicHandler struct {
func (h *PublicHandler) Handler(user *auth.User, company *auth.Company, conn *database.Conn) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
var typeUuid string
typeUuid, r.URL.Path = httplib.ShiftPath(r.URL.Path)
if !uuid.Valid(typeUuid) {
http.NotFound(w, r)
return
}
var head string
head, r.URL.Path = httplib.ShiftPath(r.URL.Path)
switch r.Method {
case http.MethodGet:
if !uuid.Valid(head) {
http.NotFound(w, r)
return
switch head {
case "":
switch r.Method {
case http.MethodGet:
page, err := newPublicPage(r.Context(), company, conn, user.Locale, typeUuid)
if database.ErrorIsNotFound(err) {
http.NotFound(w, r)
return
} else if err != nil {
panic(err)
}
page.MustRender(w, r, user, company, conn)
default:
httplib.MethodNotAllowed(w, r, http.MethodGet)
}
page, err := newPublicPage(r.Context(), company, conn, user.Locale, head)
if database.ErrorIsNotFound(err) {
http.NotFound(w, r)
return
} else if err != nil {
panic(err)
}
page.MustRender(w, r, user, company, conn)
default:
httplib.MethodNotAllowed(w, r, http.MethodGet)
http.NotFound(w, r)
}
})
}