validateQueryParams checks if all query parameters are in the allowed list Returns true if validation passes, false if validation fails (and proxies upstream)
(w http.ResponseWriter, r *http.Request, allowedParams map[string]struct{}, endpoint string)
| 950 | // validateQueryParams checks if all query parameters are in the allowed list |
| 951 | // Returns true if validation passes, false if validation fails (and proxies upstream) |
| 952 | func (h *Handler) validateQueryParams(w http.ResponseWriter, r *http.Request, allowedParams map[string]struct{}, endpoint string) bool { |
| 953 | ctx := r.Context() |
| 954 | instanceID := GetInstanceIDFromContext(ctx) |
| 955 | clientAPIKey := GetClientAPIKeyFromContext(ctx) |
| 956 | queryParams := r.URL.Query() |
| 957 | |
| 958 | for key := range queryParams { |
| 959 | if _, ok := allowedParams[strings.ToLower(key)]; !ok { |
| 960 | log.Trace(). |
| 961 | Int("instanceId", instanceID). |
| 962 | Str("client", clientAPIKey.ClientName). |
| 963 | Str("endpoint", endpoint). |
| 964 | Str("param", key). |
| 965 | Str("value", queryParams.Get(key)). |
| 966 | Msg("Unsupported query parameter, proxying upstream") |
| 967 | h.ServeHTTP(w, r) |
| 968 | return false |
| 969 | } |
| 970 | } |
| 971 | return true |
| 972 | } |
| 973 | |
| 974 | func parseCSVQueryValues(queryParams url.Values, keys ...string) []string { |
| 975 | if len(keys) == 0 { |
no test coverage detected