zeromicro/go-zero
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: fixed #2945 (#2953)

Browse Source 
Co-authored-by: Kevin Wan <wanjunfeng@gmail.com>
This commit is contained in:
chen quan
2023-04-23 22:22:03 +08:00
committed by GitHub
parent 9970ff55cd
commit ce4eb6ed61
5 changed files with 67 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
rest/handler/contentsecurityhandler.go
View File

@@ -18,6 +18,12 @@ type UnsignedCallback func(w http.ResponseWriter, r *http.Request, next http.Han
// ContentSecurityHandler returns a middleware to verify content security.
func ContentSecurityHandler(decrypters map[string]codec.RsaDecrypter, tolerance time.Duration,
strict bool, callbacks ...UnsignedCallback) func(http.Handler) http.Handler {
return LimitContentSecurityHandler(maxBytes, decrypters, tolerance, strict, callbacks)
}
// LimitContentSecurityHandler returns a middleware to verify content security.
func LimitContentSecurityHandler(maxBytesSize int64, decrypters map[string]codec.RsaDecrypter, tolerance time.Duration,
strict bool, callbacks []UnsignedCallback) func(http.Handler) http.Handler {
if len(callbacks) == 0 {
callbacks = append(callbacks, handleVerificationFailure)
}
@@ -36,7 +42,7 @@ func ContentSecurityHandler(decrypters map[string]codec.RsaDecrypter, tolerance
r.Header.Get(contentSecurity))
executeCallbacks(w, r, next, strict, code, callbacks)
} else if r.ContentLength > 0 && header.Encrypted() {
CryptionHandler(header.Key)(next).ServeHTTP(w, r)
LimitCryptionHandler(maxBytesSize, header.Key)(next).ServeHTTP(w, r)
} else {
next.ServeHTTP(w, r)
}