Skip to content

Commit

Permalink
Merge pull request #33 from camicroscope/develop
Browse files Browse the repository at this point in the history
For 3.7.4
  • Loading branch information
birm authored May 15, 2020
2 parents ef869eb + 4a3b91b commit 2981073
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 2 deletions.
5 changes: 4 additions & 1 deletion caracal.js
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ const iipHandler = require('./handlers/iipHandler.js');
const loaderHandler = require('./handlers/loaderHandler.js');
const permissionHandler = require('./handlers/permssionHandler.js');
const dataHandlers = require('./handlers/dataHandlers.js');
const sanitizeBody = require('./handlers/sanitizeHandler.js');
// TODO validation of data

var WORKERS = process.env.NUM_THREADS || 4;
Expand Down Expand Up @@ -57,6 +58,8 @@ app.use('/loader/', loaderHandler);

// data, mongo
app.use('/data', auth.loginHandler(auth.PUBKEY));
// sanitize
app.use("/data", sanitizeBody);
// slide
app.get('/data/Slide/find', dataHandlers.Slide.find);
app.get('/data/Slide/find', auth.filterHandler('data', 'userFilter', 'filter'));
Expand Down Expand Up @@ -167,7 +170,7 @@ app.use(function(err, req, res, next) {
// wrap strings in a json
if (typeof err === 'string' || err instanceof String) {
err = {'error': err};
console.error(err)
console.error(err);
} else {
console.error(err.error || err.message || err.toString());
}
Expand Down
2 changes: 1 addition & 1 deletion handlers/authHandlers.js
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ if (DISABLE_SEC && !JWK_URL) {
} else {
console.error('need JWKS URL (JWK_URL)');
process.exit(1);
}
}

const getToken = function(req) {
if (req.headers.authorization &&
Expand Down
20 changes: 20 additions & 0 deletions handlers/sanitizeHandler.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
var ERR_ON_SANITIZE = (process.env.ERR_ON_SANITIZE === 'true') || false;

function sanitizeBody(req, res, next) {
// handle req body edgecases
if (ERR_ON_SANITIZE) {
if (req.body.indexOf("<") >=0 || req.body.indexOf(">") >=0) {
let e = {'statusCode': 400};
e.error = 'Characters < and > disallowed in body.';
next(e);
} else {
next();
}
} else {
req.body = req.body.replace(/</g, "");
req.body = req.body.replace(/>/g, "");
next();
}
}

module.exports = sanitizeBody;

0 comments on commit 2981073

Please sign in to comment.