Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2026-05-30 10:55:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

Adding a security for only int resources & adding a silent fail

Browse Source
This commit is contained in:
Zoe Roux
2020-09-21 00:36:22 +02:00
parent 522d253e9c
commit 5a1826d01d
19 changed files with 176 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Kyoo.CommonAPI/LocalRepository.cs
+25 -10
View File
@@ -138,7 +138,7 @@ namespace Kyoo.Controllers
T old = await Get(edited.Slug);
if (old == null)
throw new ItemNotFound($"No ressource found with the slug {edited.Slug}.");
throw new ItemNotFound($"No resource found with the slug {edited.Slug}.");
if (resetOld)
Utility.Nullify(old);
@@ -148,34 +148,49 @@ namespace Kyoo.Controllers
return old;
}
protected virtual Task Validate(T ressource)
protected virtual Task Validate(T resource)
{
if (ressource.Slug == null)
throw new ArgumentException("Ressource can't have null as a slug.");
if (string.IsNullOrEmpty(resource.Slug))
throw new ArgumentException("Resource can't have null as a slug.");
if (int.TryParse(resource.Slug, out int _))
{
try
{
MethodInfo setter = typeof(T).GetProperty(nameof(resource.Slug))!.GetSetMethod();
if (setter != null)
setter.Invoke(resource, new object[] {resource.Slug + '!'});
else
throw new ArgumentException("Resources slug can't be number only.");
}
catch
{
throw new ArgumentException("Resources slug can't be number only.");
}
}
foreach (PropertyInfo property in typeof(T).GetProperties()
.Where(x => typeof(IEnumerable).IsAssignableFrom(x.PropertyType)
&& !typeof(string).IsAssignableFrom(x.PropertyType)))
{
object value = property.GetValue(ressource);
object value = property.GetValue(resource);
if (value is ICollection || value == null)
continue;
value = Utility.RunGenericMethod(typeof(Enumerable), "ToList", Utility.GetEnumerableType((IEnumerable)value), value);
property.SetValue(ressource, value);
property.SetValue(resource, value);
}
return Task.CompletedTask;
}
public virtual async Task Delete(int id)
{
T ressource = await Get(id);
await Delete(ressource);
T resource = await Get(id);
await Delete(resource);
}
public virtual async Task Delete(string slug)
{
T ressource = await Get(slug);
await Delete(ressource);
T resource = await Get(slug);
await Delete(resource);
}
public abstract Task Delete(T obj);