-
Notifications
You must be signed in to change notification settings - Fork 138
/
Copy pathvalidation.go
91 lines (79 loc) · 3.39 KB
/
validation.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
// Copyright 2022-Present Couchbase, Inc.
//
// Use of this software is governed by the Business Source License included
// in the file licenses/BSL-Couchbase.txt. As of the Change Date specified
// in that file, in accordance with the Business Source License, use of this
// software will be governed by the Apache License, Version 2.0, included in
// the file licenses/APL2.txt.
package db
import (
"bytes"
"context"
"net/http"
"strings"
"github.com/couchbase/sync_gateway/base"
)
// validateNewBody validates any new body being received (i.e. through blip, import, and API)
func validateNewBody(body Body) error {
// Reject a body that contains the "_removed" property, this means that the user
// is trying to update a document they do not have read access to.
if body[BodyRemoved] != nil {
return base.HTTPErrorf(http.StatusNotFound, "Document revision is not accessible")
}
// Reject bodies that contains the "_purged" property.
if _, ok := body[BodyPurged]; ok {
return base.HTTPErrorf(http.StatusBadRequest, "user defined top-level property '_purged' is not allowed in document body")
}
for key := range body {
if strings.HasPrefix(key, BodyInternalPrefix) {
return base.HTTPErrorf(http.StatusBadRequest, "user defined top-level properties that start with '_sync_' are not allowed in document body")
}
}
return nil
}
// validateAPIDocUpdate finds disallowed document properties that are allowed in through blip and/or import but not through
// the REST API
func validateAPIDocUpdate(body Body) error {
// VaLidation for disallowed properties for blip and import should be done in validateNewBody
// _rev, _attachments, _id are validated before reaching this function (due to endpoint specific behaviour)
if _, ok := body[base.SyncPropertyName]; ok {
return base.HTTPErrorf(http.StatusBadRequest, "document-top level property '_sync' is a reserved internal property")
}
return nil
}
// validateImportBody validates incoming import bodies
func validateImportBody(body Body) error {
if isPurged, ok := body[BodyPurged].(bool); ok && isPurged {
return base.ErrImportCancelledPurged
}
// Prevent disallowed internal properties from being used
disallowed := []string{BodyId, BodyRev, BodyExpiry, BodyRevisions}
for _, prop := range disallowed {
if _, ok := body[prop]; ok {
return base.NewHTTPError(http.StatusNotFound, "top-level property '"+prop+"' is a reserved internal property therefore cannot be imported")
}
}
// TODO: Validate attachment data to ensure user is not setting invalid attachments
return nil
}
// validateBlipBody validates incoming blip rev bodies
// Takes a rawBody to avoid an unnecessary call to doc.BodyBytes()
func validateBlipBody(ctx context.Context, rawBody []byte, doc *Document) error {
// Prevent disallowed internal properties from being used
disallowed := []string{base.SyncPropertyName, BodyId, BodyRev, BodyDeleted, BodyRevisions}
for _, prop := range disallowed {
// Only unmarshal if raw body contains the disallowed property
if bytes.Contains(rawBody, []byte(`"`+prop+`"`)) {
if _, ok := doc.Body(ctx)[prop]; ok {
return base.NewHTTPError(http.StatusNotFound, "top-level property '"+prop+"' is a reserved internal property")
}
}
}
return nil
}
func validateExistingDoc(doc *Document, importAllowed, docExists bool) error {
if !importAllowed && docExists && !doc.HasValidSyncData() {
return base.HTTPErrorf(409, "Not imported")
}
return nil
}