julien.rbrt.fr / tangled-core
forked from tangled.org/core
Monorepo for Tangled — https://tangled.org
fork atom

appview/knots, appview/spindles: strip protocol and @ symbol from user inputs

Signed-off-by: Evan Jarrett <evan@evanjarrett.com>

evan.jarrett.net 4f99f195 73964ab9

options
unified split
Changed files
+21 -3
appview
knots
knots.go
pages
templates
knots
fragments
addMemberModal.html
repo
settings
access.html
spindles
fragments
addMemberModal.html
spindles
spindles.go
+9
appview/knots/knots.go 
···

       
6

       
6

       
 

       
	"log/slog"


     

       
7

       
7

       
 

       
	"net/http"


     

       
8

       
8

       
 

       
	"slices"


     

       

       
9

       
+

       
	"strings"


     

       
9

       
10

       
 

       
	"time"


     

       
10

       
11

       
 

       



     

       
11

       
12

       
 

       
	"github.com/go-chi/chi/v5"


     
···

       
145

       
146

       
 

       
	}


     

       
146

       
147

       
 

       



     

       
147

       
148

       
 

       
	domain := r.FormValue("domain")


     

       

       
149

       
+

       
	// Strip protocol, trailing slashes, and whitespace


     

       

       
150

       
+

       
	// Rkey cannot contain slashes


     

       

       
151

       
+

       
	domain = strings.TrimSpace(domain)


     

       

       
152

       
+

       
	domain = strings.TrimPrefix(domain, "https://")


     

       

       
153

       
+

       
	domain = strings.TrimPrefix(domain, "http://")


     

       

       
154

       
+

       
	domain = strings.TrimSuffix(domain, "/")


     

       
148

       
155

       
 

       
	if domain == "" {


     

       
149

       
156

       
 

       
		k.Pages.Notice(w, noticeId, "Incomplete form.")


     

       
150

       
157

       
 

       
		return


     
···

       
526

       
533

       
 

       
	}


     

       
527

       
534

       
 

       



     

       
528

       
535

       
 

       
	member := r.FormValue("member")


     

       

       
536

       
+

       
	member = strings.TrimPrefix(member, "@")


     

       
529

       
537

       
 

       
	if member == "" {


     

       
530

       
538

       
 

       
		l.Error("empty member")


     

       
531

       
539

       
 

       
		k.Pages.Notice(w, noticeId, "Failed to add member, empty form.")


     
···

       
626

       
634

       
 

       
	}


     

       
627

       
635

       
 

       



     

       
628

       
636

       
 

       
	member := r.FormValue("member")


     

       

       
637

       
+

       
	member = strings.TrimPrefix(member, "@")


     

       
629

       
638

       
 

       
	if member == "" {


     

       
630

       
639

       
 

       
		l.Error("empty member")


     

       
631

       
640

       
 

       
		k.Pages.Notice(w, noticeId, "Failed to remove member, empty form.")
+1 -1
appview/pages/templates/knots/fragments/addMemberModal.html 
···

       
34

       
34

       
 

       
    id="member-did-{{ .Id }}"


     

       
35

       
35

       
 

       
    name="member"


     

       
36

       
36

       
 

       
    required


     

       
37

       

       
-

       
    placeholder="@foo.bsky.social"


     

       

       
37

       
+

       
    placeholder="foo.bsky.social"


     

       
38

       
38

       
 

       
  />


     

       
39

       
39

       
 

       
  <div class="flex gap-2 pt-2">


     

       
40

       
40

       
 

       
    <button
+1 -1
appview/pages/templates/repo/settings/access.html 
···

       
89

       
89

       
 

       
    id="add-collaborator"


     

       
90

       
90

       
 

       
    name="collaborator"


     

       
91

       
91

       
 

       
    required


     

       
92

       

       
-

       
    placeholder="@foo.bsky.social"


     

       

       
92

       
+

       
    placeholder="foo.bsky.social"


     

       
93

       
93

       
 

       
  />


     

       
94

       
94

       
 

       
  <div class="flex gap-2 pt-2">


     

       
95

       
95

       
 

       
    <button
+1 -1
appview/pages/templates/spindles/fragments/addMemberModal.html 
···

       
36

       
36

       
 

       
    id="member-did-{{ .Id }}"


     

       
37

       
37

       
 

       
    name="member"


     

       
38

       
38

       
 

       
    required


     

       
39

       

       
-

       
    placeholder="@foo.bsky.social"


     

       

       
39

       
+

       
    placeholder="foo.bsky.social"


     

       
40

       
40

       
 

       
  />


     

       
41

       
41

       
 

       
  <div class="flex gap-2 pt-2">


     

       
42

       
42

       
 

       
    <button
+9
appview/spindles/spindles.go 
···

       
6

       
6

       
 

       
	"log/slog"


     

       
7

       
7

       
 

       
	"net/http"


     

       
8

       
8

       
 

       
	"slices"


     

       

       
9

       
+

       
	"strings"


     

       
9

       
10

       
 

       
	"time"


     

       
10

       
11

       
 

       



     

       
11

       
12

       
 

       
	"github.com/go-chi/chi/v5"


     
···

       
146

       
147

       
 

       
	}


     

       
147

       
148

       
 

       



     

       
148

       
149

       
 

       
	instance := r.FormValue("instance")


     

       

       
150

       
+

       
	// Strip protocol, trailing slashes, and whitespace


     

       

       
151

       
+

       
	// Rkey cannot contain slashes


     

       

       
152

       
+

       
	instance = strings.TrimSpace(instance)


     

       

       
153

       
+

       
	instance = strings.TrimPrefix(instance, "https://")


     

       

       
154

       
+

       
	instance = strings.TrimPrefix(instance, "http://")


     

       

       
155

       
+

       
	instance = strings.TrimSuffix(instance, "/")


     

       
149

       
156

       
 

       
	if instance == "" {


     

       
150

       
157

       
 

       
		s.Pages.Notice(w, noticeId, "Incomplete form.")


     

       
151

       
158

       
 

       
		return


     
···

       
484

       
491

       
 

       
	}


     

       
485

       
492

       
 

       



     

       
486

       
493

       
 

       
	member := r.FormValue("member")


     

       

       
494

       
+

       
	member = strings.TrimPrefix(member, "@")


     

       
487

       
495

       
 

       
	if member == "" {


     

       
488

       
496

       
 

       
		l.Error("empty member")


     

       
489

       
497

       
 

       
		s.Pages.Notice(w, noticeId, "Failed to add member, empty form.")


     
···

       
613

       
621

       
 

       
	}


     

       
614

       
622

       
 

       



     

       
615

       
623

       
 

       
	member := r.FormValue("member")


     

       

       
624

       
+

       
	member = strings.TrimPrefix(member, "@")


     

       
616

       
625

       
 

       
	if member == "" {


     

       
617

       
626

       
 

       
		l.Error("empty member")


     

       
618

       
627

       
 

       
		s.Pages.Notice(w, noticeId, "Failed to remove member, empty form.")