~emersion/soju

2a78536eb9ffd3b4d7ee0d4985555bcf6cb8761f — Simon Ser 3 months ago 14d27ff
config: validate http-origin patterns
1 files changed, 8 insertions(+), 2 deletions(-)

M config/config.go
M config/config.go => config/config.go +8 -2
@@ 4,6 4,7 @@ import (
	"fmt"
	"net"
	"os"
	"path"
	"strconv"
	"strings"
	"time"


@@ 115,7 116,7 @@ func Defaults() *Server {
	}
}

func Load(path string) (*Server, error) {
func Load(filename string) (*Server, error) {
	var raw struct {
		Listen []struct {
			Addr string `scfg:",param"`


@@ 140,7 141,7 @@ func Load(path string) (*Server, error) {

	raw.MaxUserNetworks = -1

	f, err := os.Open(path)
	f, err := os.Open(filename)
	if err != nil {
		return nil, err
	}


@@ 218,6 219,11 @@ func Load(path string) (*Server, error) {
		}
		srv.FileUpload = &FileUpload{driver, source}
	}
	for _, origin := range raw.HTTPOrigin {
		if _, err := path.Match(origin, origin); err != nil {
			return nil, fmt.Errorf("directive http-origin: %v", err)
		}
	}
	srv.HTTPOrigins = raw.HTTPOrigin
	if raw.HTTPIngress != "" {
		srv.HTTPIngress = raw.HTTPIngress