terbshaeusser/website
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Activity

check content-type in login endpoint

Browse Source 
Signed-off-by: Tobias Erbshäußer <tobias@tesoft.dev>
This commit is contained in:
Tobias Erbshäußer
2026-05-24 09:22:25 +02:00
parent 7f7cf1ae1d
commit f94f37507d
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/api.go
+13 -1
View File
@@ -17,8 +17,15 @@ type ApiHandler struct {
const authTokenCookieName = "auth-token" const authTokenCookieName = "auth-token"
const isAuthorizedContextKey = "is-authorized" const isAuthorizedContextKey = "is-authorized"
const contentTypeHeaderKey = "Content-Type"
const JsonMimeType = "application/json"
func (h *ApiHandler) ServeLoginPost(writer http.ResponseWriter, request *http.Request) { func (h *ApiHandler) ServeLoginPost(writer http.ResponseWriter, request *http.Request) {
if !HasContentType(request, JsonMimeType) {
WriteError(writer, http.StatusBadRequest, "expected json body", nil)
return
}
bodyReader := request.Body bodyReader := request.Body
body, err := io.ReadAll(bodyReader) body, err := io.ReadAll(bodyReader)
_ = bodyReader.Close() _ = bodyReader.Close()
@@ -108,7 +115,7 @@ func IsAuthorized(request *http.Request) bool {
} }
func WriteResponse(writer http.ResponseWriter, code int, body any) { func WriteResponse(writer http.ResponseWriter, code int, body any) {
writer.Header().Set("Content-Type", "application/json") writer.Header().Set(contentTypeHeaderKey, "application/json")
writer.WriteHeader(code) writer.WriteHeader(code)
_ = json.NewEncoder(writer).Encode(body) _ = json.NewEncoder(writer).Encode(body)
} }
@@ -122,3 +129,8 @@ func WriteError(writer http.ResponseWriter, code int, message string, err error)
"message": message, "message": message,
}) })
} }
func HasContentType(request *http.Request, mimeType string) bool {
contentType := request.Header.Get(contentTypeHeaderKey)
return contentType == mimeType
}