xss validation

This commit is contained in:
Mazyar
2025-12-07 23:52:17 +03:30
parent b8a10f355e
commit 7fb182f180
10 changed files with 372 additions and 29 deletions
+14 -12
View File
@@ -4,22 +4,24 @@ import (
"encoding/json"
"tm/pkg/logger"
"tm/pkg/response"
"tm/pkg/security"
"github.com/asaskevich/govalidator"
"github.com/labstack/echo/v4"
)
// Handler handles HTTP requests for inquiry operations
type Handler struct {
service Service
logger logger.Logger
service Service
logger logger.Logger
xssPolicy *security.XSSPolicy
}
// NewInquiryHandler creates a new inquiry handler
func NewHandler(service Service, logger logger.Logger) *Handler {
func NewHandler(service Service, logger logger.Logger, xssPolicy *security.XSSPolicy) *Handler {
return &Handler{
service: service,
logger: logger,
service: service,
logger: logger,
xssPolicy: xssPolicy,
}
}
@@ -42,8 +44,8 @@ func (h *Handler) CreateInquiry(c echo.Context) error {
return response.BadRequest(c, "Invalid request format", "")
}
// Validate form
if _, err := govalidator.ValidateStruct(form); err != nil {
// Validate and sanitize form
if err := form.ValidateAndSanitize(h.xssPolicy); err != nil {
return response.ValidationError(c, err.Error(), "")
}
@@ -122,8 +124,8 @@ func (h *Handler) UpdateInquiryStatus(c echo.Context) error {
return response.BadRequest(c, "Invalid request format", "")
}
// Validate form
if _, err := govalidator.ValidateStruct(form); err != nil {
// Validate and sanitize form
if err := form.ValidateAndSanitize(h.xssPolicy); err != nil {
return response.ValidationError(c, err.Error(), "")
}
@@ -163,8 +165,8 @@ func (h *Handler) SearchInquiries(c echo.Context) error {
return response.BadRequest(c, "Invalid request format", "")
}
// Validate form
if _, err := govalidator.ValidateStruct(form); err != nil {
// Validate and sanitize form
if err := form.ValidateAndSanitize(h.xssPolicy); err != nil {
return response.ValidationError(c, err.Error(), "")
}