fix internal error when passing invalid file fields

saferwall · Jul 28, 2024 · 9e74187 · 9e74187
1 parent 73673e0
commit 9e74187
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 5 deletions.
diff --git a/internal/file/api.go b/internal/file/api.go
@@ -91,11 +91,8 @@ func (r resource) get(c echo.Context) error {
 		fields = strings.Split(fieldsParam, ",")
 	}
 
-	if len(fields) > 0 {
-		allowed := areFieldsAllowed(fields)
-		if !allowed {
-			return errors.BadRequest("field not allowed")
-		}
+	if !checkFieldsExist(entity.File{}, fields) {
+		return errors.BadRequest("field not allowed")
 	}
 
 	ctx := c.Request().Context()

diff --git a/internal/file/utils.go b/internal/file/utils.go
@@ -7,7 +7,9 @@ package file
 import (
 	"crypto/sha256"
 	"encoding/hex"
+	"reflect"
 	"regexp"
+	"strings"
 )
 
 var (
@@ -24,6 +26,27 @@ func areFieldsAllowed(fields []string) bool {
 	return true
 }
 
+// checkFieldsExist checks if all fields exist in the tags map
+func checkFieldsExist(v interface{}, fieldList []string) bool {
+	tags := make(map[string]struct{})
+	val := reflect.ValueOf(v)
+	for i := 0; i < val.Type().NumField(); i++ {
+		field := val.Type().Field(i)
+		tag := field.Tag.Get("json")
+		if tag != "" {
+			tag = strings.Split(tag, ",")[0]
+			tags[tag] = struct{}{}
+		}
+	}
+
+	for _, field := range fieldList {
+		if _, exists := tags[field]; !exists {
+			return false
+		}
+	}
+	return true
+}
+
 // isStringInSlice check if a string exist in a list of strings
 func isStringInSlice(a string, list []string) bool {
 	for _, b := range list {