Updated GetQueryScaffolding

39f03eec · Martin Iversen · 58421a79 · 39f03eec · 39f03eec · 39f03eec
Commit 39f03eec authored Apr 8, 2022 by Martin Iversen
--- a/api/apiTools/basicTools.go
+++ b/api/apiTools/basicTools.go
@@ -3,8 +3,8 @@ package apiTools
 import (
 	"encoding/json"
 	"errors"
+	"github.com/gorilla/mux"
 	"net/http"
-	"net/url"
 	"stillasTracker/api/constants"
 	"strings"
 )
@@ -18,30 +18,69 @@ func CreatePath(segments []string) string {
 	return finalPath
 }
+/*
+GetQueryScaffolding function checks that the queries are valid in the scaffolding requests
+Code inspired by the following stackoverflow issue:
 //https://stackoverflow.com/questions/59570978/is-there-a-way-to-check-for-invalid-query-parameters-in-an-http-request
-func GetQueryProject(r *http.Request) (url.Values, bool) {
+*/
-	query := r.URL.Query()
+func GetQueryScaffolding(r *http.Request) (map[string]string, bool) {
+	query := mux.Vars(r)
-	allowedQuery := map[string]bool{constants.P_idURL: true, constants.P_nameURL: true, constants.P_scaffolding: true, constants.P_State: true}
+	allowedQuery := map[string]bool{constants.S_id: true, constants.S_type: true}
 	for k := range query {
 		if _, ok := allowedQuery[k]; !ok {
 			return nil, false
 		}
 	}
+	valid := true
+	if query[constants.S_type] != "" {
+		for i := range constants.ScaffoldingTypes {
+			if !(query[constants.S_type] == constants.ScaffoldingTypes[i]) {
+				valid = false
+			} else {
+				valid = true
+				break
+			}
+		}
+		if valid == false {
+			return nil, valid
+		}
+	}
+	return query, true
+}
+/*
+GetQueryProject function checks that the queries are valid in the project requests
+Code inspired by the following stackoverflow issue:
+//https://stackoverflow.com/questions/59570978/is-there-a-way-to-check-for-invalid-query-parameters-in-an-http-request
+*/
+func GetQueryProject(r *http.Request) (map[string]string, bool) {
+	query := mux.Vars(r)
+	allowedQuery := map[string]bool{constants.P_idURL: true, constants.P_nameURL: true, constants.P_scaffolding: true, constants.P_State: true}
-	if query.Has(constants.P_scaffolding) {
+	for k := range query {
-		if !(query.Get(constants.P_scaffolding) == "true" || query.Get(constants.P_scaffolding) == "false") {
+		if _, ok := allowedQuery[k]; !ok {
 			return nil, false
 		}
 	}
+	if query[constants.P_scaffolding] != "" {
+		if !(query[constants.P_scaffolding] == "true" || query[constants.P_scaffolding] == "false") {
+			return nil, false
+		}
+	}
 	return query, true
 }
+/*
+GetQueryProfile function checks that the queries are valid in the profile requests
+Code inspired by the following stackoverflow issue:
 //https://stackoverflow.com/questions/59570978/is-there-a-way-to-check-for-invalid-query-parameters-in-an-http-request
-func GetQueryProfile(r *http.Request) (url.Values, bool) {
+*/
-	query := r.URL.Query()
+func GetQueryProfile(r *http.Request) (map[string]string, bool) {
+	query := mux.Vars(r)
 	//Defines the allowed parts of the url
 	allowedQuery := map[string]bool{constants.U_nameURL: true, constants.U_Role: true, constants.U_idURL: true}
@@ -53,8 +92,8 @@ func GetQueryProfile(r *http.Request) (url.Values, bool) {
 	}
 	//Checks that the URL only contains the allowed roles
-	if query.Has(constants.U_Role) {
+	if query[constants.U_Role] != "" {
-		if !(query.Get(constants.U_Role) == constants.U_admin || query.Get(constants.U_Role) == strings.ToLower(constants.U_Installer) || query.Get(constants.U_Role) == strings.ToLower(constants.U_Storage)) {
+		if !(query[constants.U_Role] == constants.U_admin || query[constants.U_Role] == strings.ToLower(constants.U_Installer) || query[constants.U_Role] == strings.ToLower(constants.U_Storage)) {
 			return nil, false
 		}
 	}

--- a/api/endpoints/profiles.go
+++ b/api/endpoints/profiles.go
@@ -73,9 +73,9 @@ func getProfile(w http.ResponseWriter, r *http.Request) {
 	}
 	switch true { //Forwards the request to the appropriate function based on the passed in query
-	case query.Has(constants.U_Role):
+	case query[constants.U_Role] != "":
 		getUsersByRole(w, r)
-	case query.Has(constants.U_idURL) || query.Has(constants.U_nameURL):
+	case query[constants.U_idURL] != "" || query[constants.U_nameURL] != "":
 		getIndividualUser(w, r)
 	default:
 		getAll(w)
@@ -323,9 +323,9 @@ func getIndividualUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	switch true { //Forwards the request based on the passed in constant
-	case query.Has(constants.U_name):
+	case query[constants.U_name] != "":
 		getUserByName(w, r)
-	case query.Has(constants.U_idURL):
+	case query[constants.U_idURL] != "":
 		getIndividualUserByID(w, r)
 	}
 }

--- a/api/endpoints/scaffolding.go
+++ b/api/endpoints/scaffolding.go
@@ -2,7 +2,6 @@ package endpoints
 import (
 	"encoding/json"
-	"github.com/gorilla/mux"
 	"google.golang.org/api/iterator"
 	"net/http"
 	tool "stillasTracker/api/apiTools"
@@ -48,7 +47,7 @@ a user can search based on projects, id or type
 func getPart(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	w.Header().Set("Access-Control-Allow-Origin", "*")
-	queries := mux.Vars(r)
+	queries, _ := tool.GetQueryScaffolding(r)
 	switch true {
 	case queries["type"] != "" && queries["id"] != "": //URL is on the following format: /stillastracking/v1/api/unit?type=""&id=""