From d96dcefb06c90adb47ac99758e8969b75c64e646 Mon Sep 17 00:00:00 2001 From: Louis Schmieder Date: Fri, 18 Dec 2020 07:34:06 +0100 Subject: [PATCH] vweb: http methods check (#7371) --- vlib/vweb/vweb.v | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/vlib/vweb/vweb.v b/vlib/vweb/vweb.v index e855b4cee8..73112fd7c3 100644 --- a/vlib/vweb/vweb.v +++ b/vlib/vweb/vweb.v @@ -13,6 +13,7 @@ import time pub const ( methods_with_form = [http.Method.post, .put, .patch] + methods_without_first = ['ost', 'ut', 'et', 'atch', 'ptions', 'elete', 'ead'] // needed for method checking as method parameter header_server = 'Server: VWeb\r\n' header_connection_close = 'Connection: close\r\n' headers_close = '$header_server$header_connection_close\r\n' @@ -399,6 +400,7 @@ fn handle_conn(mut conn net.TcpConn, mut app T) { } else { // Get methods // Get is default + mut req_method_str := '$req.method' if req.method == .post { if 'post' in attrs { route_words_a = attrs.filter(it.to_lower() != 'post').map(it[1..].split('/')) @@ -426,10 +428,19 @@ fn handle_conn(mut conn net.TcpConn, mut app T) { } else { route_words_a = attrs.filter(it.to_lower() != 'get').map(it[1..].split('/')) } + mut req_method := []string{} if route_words_a.len > 0 { for route_words in route_words_a { + if route_words[0] in methods_without_first && route_words.len == 1 { + req_method << route_words[0] + } if url_words.len == route_words.len || (url_words.len >= route_words.len - 1 && route_words.last().ends_with('...')) { + if req_method.len > 0 { + if req_method_str.to_lower()[1..] !in req_method { + continue + } + } // match `/:user/:repo/tree` to `/vlang/v/tree` mut matching := false mut unknown := false @@ -471,6 +482,7 @@ fn handle_conn(mut conn net.TcpConn, mut app T) { action = method.name vars = variables } + req_method = []string{} } } }