enki
b3204ea07a
Some checks are pending
CI Pipeline / Run Tests (push) Waiting to run
CI Pipeline / Lint Code (push) Waiting to run
CI Pipeline / Security Scan (push) Waiting to run
CI Pipeline / Build Docker Images (push) Blocked by required conditions
CI Pipeline / E2E Tests (push) Blocked by required conditions
262 lines
6.0 KiB
Go
262 lines
6.0 KiB
Go
package validation
|
|
|
|
import (
|
|
"fmt"
|
|
"regexp"
|
|
"strings"
|
|
"unicode/utf8"
|
|
)
|
|
|
|
// ValidationError represents a validation error with user-friendly message
|
|
type ValidationError struct {
|
|
Field string `json:"field"`
|
|
Message string `json:"message"`
|
|
Code string `json:"code"`
|
|
}
|
|
|
|
func (e ValidationError) Error() string {
|
|
return fmt.Sprintf("validation error on field '%s': %s", e.Field, e.Message)
|
|
}
|
|
|
|
// ValidateFileHash validates a SHA-256 hash
|
|
func ValidateFileHash(hash string) error {
|
|
if hash == "" {
|
|
return ValidationError{
|
|
Field: "hash",
|
|
Message: "File hash is required",
|
|
Code: "required",
|
|
}
|
|
}
|
|
|
|
if len(hash) != 64 {
|
|
return ValidationError{
|
|
Field: "hash",
|
|
Message: "File hash must be exactly 64 characters long",
|
|
Code: "invalid_length",
|
|
}
|
|
}
|
|
|
|
// Check if it's valid hexadecimal
|
|
matched, _ := regexp.MatchString("^[a-fA-F0-9]+$", hash)
|
|
if !matched {
|
|
return ValidationError{
|
|
Field: "hash",
|
|
Message: "File hash must contain only hexadecimal characters (0-9, a-f)",
|
|
Code: "invalid_format",
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// ValidateFileName validates a filename
|
|
func ValidateFileName(filename string) error {
|
|
if filename == "" {
|
|
return ValidationError{
|
|
Field: "filename",
|
|
Message: "Filename is required",
|
|
Code: "required",
|
|
}
|
|
}
|
|
|
|
if len(filename) > 255 {
|
|
return ValidationError{
|
|
Field: "filename",
|
|
Message: "Filename must be 255 characters or less",
|
|
Code: "too_long",
|
|
}
|
|
}
|
|
|
|
if !utf8.ValidString(filename) {
|
|
return ValidationError{
|
|
Field: "filename",
|
|
Message: "Filename must be valid UTF-8",
|
|
Code: "invalid_encoding",
|
|
}
|
|
}
|
|
|
|
// Check for dangerous characters
|
|
dangerous := []string{"..", "/", "\\", ":", "*", "?", "\"", "<", ">", "|"}
|
|
for _, char := range dangerous {
|
|
if strings.Contains(filename, char) {
|
|
return ValidationError{
|
|
Field: "filename",
|
|
Message: fmt.Sprintf("Filename cannot contain '%s' character", char),
|
|
Code: "invalid_character",
|
|
}
|
|
}
|
|
}
|
|
|
|
// Check for control characters
|
|
for _, r := range filename {
|
|
if r < 32 && r != 9 { // Allow tab but not other control chars
|
|
return ValidationError{
|
|
Field: "filename",
|
|
Message: "Filename cannot contain control characters",
|
|
Code: "invalid_character",
|
|
}
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// ValidateAccessLevel validates file access level
|
|
func ValidateAccessLevel(level string) error {
|
|
if level == "" {
|
|
return ValidationError{
|
|
Field: "access_level",
|
|
Message: "Access level is required",
|
|
Code: "required",
|
|
}
|
|
}
|
|
|
|
validLevels := []string{"public", "private"}
|
|
for _, valid := range validLevels {
|
|
if level == valid {
|
|
return nil
|
|
}
|
|
}
|
|
|
|
return ValidationError{
|
|
Field: "access_level",
|
|
Message: "Access level must be either 'public' or 'private'",
|
|
Code: "invalid_value",
|
|
}
|
|
}
|
|
|
|
// ValidateNostrPubkey validates a Nostr public key
|
|
func ValidateNostrPubkey(pubkey string) error {
|
|
if pubkey == "" {
|
|
return ValidationError{
|
|
Field: "pubkey",
|
|
Message: "Public key is required",
|
|
Code: "required",
|
|
}
|
|
}
|
|
|
|
if len(pubkey) != 64 {
|
|
return ValidationError{
|
|
Field: "pubkey",
|
|
Message: "Public key must be exactly 64 characters long",
|
|
Code: "invalid_length",
|
|
}
|
|
}
|
|
|
|
// Check if it's valid hexadecimal
|
|
matched, _ := regexp.MatchString("^[a-fA-F0-9]+$", pubkey)
|
|
if !matched {
|
|
return ValidationError{
|
|
Field: "pubkey",
|
|
Message: "Public key must contain only hexadecimal characters (0-9, a-f)",
|
|
Code: "invalid_format",
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// ValidateBunkerURL validates a NIP-46 bunker URL
|
|
func ValidateBunkerURL(url string) error {
|
|
if url == "" {
|
|
return ValidationError{
|
|
Field: "bunker_url",
|
|
Message: "Bunker URL is required",
|
|
Code: "required",
|
|
}
|
|
}
|
|
|
|
if !strings.HasPrefix(url, "bunker://") && !strings.HasPrefix(url, "nostrconnect://") {
|
|
return ValidationError{
|
|
Field: "bunker_url",
|
|
Message: "Bunker URL must start with 'bunker://' or 'nostrconnect://'",
|
|
Code: "invalid_format",
|
|
}
|
|
}
|
|
|
|
if len(url) > 1000 {
|
|
return ValidationError{
|
|
Field: "bunker_url",
|
|
Message: "Bunker URL is too long (max 1000 characters)",
|
|
Code: "too_long",
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// ValidateFileSize validates file size against limits
|
|
func ValidateFileSize(size int64, maxSize int64) error {
|
|
if size <= 0 {
|
|
return ValidationError{
|
|
Field: "file_size",
|
|
Message: "File size must be greater than 0",
|
|
Code: "invalid_value",
|
|
}
|
|
}
|
|
|
|
if maxSize > 0 && size > maxSize {
|
|
return ValidationError{
|
|
Field: "file_size",
|
|
Message: fmt.Sprintf("File size (%d bytes) exceeds maximum allowed size (%d bytes)", size, maxSize),
|
|
Code: "too_large",
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// SanitizeInput removes dangerous characters from user input
|
|
func SanitizeInput(input string) string {
|
|
// Remove null bytes and control characters except tab, newline, carriage return
|
|
result := strings.Map(func(r rune) rune {
|
|
if r == 0 || (r < 32 && r != 9 && r != 10 && r != 13) {
|
|
return -1
|
|
}
|
|
return r
|
|
}, input)
|
|
|
|
// Trim whitespace
|
|
result = strings.TrimSpace(result)
|
|
|
|
return result
|
|
}
|
|
|
|
// ValidateMultipleFields validates multiple fields and returns all errors
|
|
func ValidateMultipleFields(validators map[string]func() error) []ValidationError {
|
|
var errors []ValidationError
|
|
|
|
for field, validator := range validators {
|
|
if err := validator(); err != nil {
|
|
if valErr, ok := err.(ValidationError); ok {
|
|
errors = append(errors, valErr)
|
|
} else {
|
|
errors = append(errors, ValidationError{
|
|
Field: field,
|
|
Message: err.Error(),
|
|
Code: "validation_failed",
|
|
})
|
|
}
|
|
}
|
|
}
|
|
|
|
return errors
|
|
}
|
|
|
|
// FormatValidationErrors formats multiple validation errors into user-friendly message
|
|
func FormatValidationErrors(errors []ValidationError) string {
|
|
if len(errors) == 0 {
|
|
return ""
|
|
}
|
|
|
|
if len(errors) == 1 {
|
|
return errors[0].Message
|
|
}
|
|
|
|
var messages []string
|
|
for _, err := range errors {
|
|
messages = append(messages, fmt.Sprintf("• %s", err.Message))
|
|
}
|
|
|
|
return fmt.Sprintf("Please fix the following issues:\n%s", strings.Join(messages, "\n"))
|
|
} |