fix(api): add validation for passed URL params

leonsteinhaeuser · leonsteinhaeuser · commit a622f548fe1a · 2024-10-04T19:21:22.000+02:00
diff --git a/cmd/main.go b/cmd/main.go
@@ -78,6 +78,7 @@ func main() {
 		r.Route("/service", func(r chi.Router) {
 			r.Get("/", api.ListApplications(*appConfig))
 			r.Route("/{kind}/{namespace}/{name}", func(r chi.Router) {
+				r.Use(api.MiddlewareValidation(*appConfig))
 				r.Post("/restart", api.Restart(k8sClient))
 				r.Get("/status", api.Status(ldgr))
 			})
diff --git a/internal/api/restart.go b/internal/api/restart.go
@@ -41,6 +41,37 @@ func getKindNamespaceNameFromRequest(r *http.Request) k8s.KindNamespaceName {
 	}
 }
 
+func MiddlewareValidation(config config.Config) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			kindNamespaceName := getKindNamespaceNameFromRequest(r)
+			isFound := false
+
+			if kindNamespaceName.Kind == "" || kindNamespaceName.Namespace == "" || kindNamespaceName.Name == "" {
+				http.Error(w, "invalid request", http.StatusBadRequest)
+				return
+			}
+
+			if kindNamespaceName.Kind != "Deployment" && kindNamespaceName.Kind != "StatefulSet" {
+				http.Error(w, "invalid kind", http.StatusBadRequest)
+				return
+			}
+
+			for _, service := range config.Services {
+				if service.Kind == kindNamespaceName.Kind && service.Namespace == kindNamespaceName.Namespace && service.Name == kindNamespaceName.Name {
+					isFound = true
+					break
+				}
+			}
+			if !isFound {
+				http.Error(w, "service not found", http.StatusNotFound)
+				return
+			}
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
 func Restart(client *kubernetes.Clientset) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
 		kindNamespaceName := getKindNamespaceNameFromRequest(r)
