borekon/disposable-mailbox
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

better input validation

Browse Source
This commit is contained in:
Synox 2018-03-06 22:59:15 +01:00
parent cbfa9571cd
commit df8559fe3b
4 changed files with 38 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/controller.php
View File

@ -18,25 +18,12 @@ abstract class Controller {
function invoke(ImapClient $imapClient) { function invoke(ImapClient $imapClient) {
} }
function if_invalid_redirect_to_random(User $user, array $config_domains) { function validate_user(User $user, array $config_domains) {
if ($user->isInvalid($config_domains)) { if ($user->isInvalid($config_domains)) {
$this->redirect_to_random($config_domains); $this->viewHandler->invalid_input($config_domains);
exit(); exit();
} }
} }
function redirect_to_random(array $domains) {
$wordLength = rand(3, 8);
$container = new PronounceableWord_DependencyInjectionContainer();
$generator = $container->getGenerator();
$word = $generator->generateWordOfGivenLength($wordLength);
$nr = rand(51, 91);
$name = $word . $nr;
$domain = $domains[array_rand($domains)];
$this->viewHandler->newAddress("$name@$domain");
}
} }
class RedirectToAddressController extends Controller { class RedirectToAddressController extends Controller {
@ -73,7 +60,7 @@ class DownloadEmailController extends Controller {
function invoke(ImapClient $imapClient) { function invoke(ImapClient $imapClient) {
$user = User::parseDomain($this->address, $this->config_blocked_usernames); $user = User::parseDomain($this->address, $this->config_blocked_usernames);
$this->if_invalid_redirect_to_random($user, $this->config_domains); $this->validate_user($user, $this->config_domains);
$download_email_id = filter_var($this->email_id, FILTER_SANITIZE_NUMBER_INT); $download_email_id = filter_var($this->email_id, FILTER_SANITIZE_NUMBER_INT);
$full_email = $imapClient->load_one_email_fully($download_email_id, $user); $full_email = $imapClient->load_one_email_fully($download_email_id, $user);
@ -102,7 +89,7 @@ class DeleteEmailController extends Controller {
function invoke(ImapClient $imapClient) { function invoke(ImapClient $imapClient) {
$user = User::parseDomain($this->address, $this->config_blocked_usernames); $user = User::parseDomain($this->address, $this->config_blocked_usernames);
$this->if_invalid_redirect_to_random($user, $this->config_domains); $this->validate_user($user, $this->config_domains);
$delete_email_id = filter_var($this->email_id, FILTER_SANITIZE_NUMBER_INT); $delete_email_id = filter_var($this->email_id, FILTER_SANITIZE_NUMBER_INT);
if ($imapClient->delete_email($delete_email_id, $user)) { if ($imapClient->delete_email($delete_email_id, $user)) {
@ -121,7 +108,8 @@ class RedirectToRandomAddressController extends Controller {
} }
function invoke(ImapClient $imapClient) { function invoke(ImapClient $imapClient) {
$this->redirect_to_random($this->config_domains); $address = User::get_random_address($this->config_domains);
$this->viewHandler->newAddress($address);
} }
} }
@ -135,11 +123,10 @@ class DisplayEmailsController extends Controller {
$this->config = $config; $this->config = $config;
} }
function invoke(ImapClient $imapClient) { function invoke(ImapClient $imapClient) {
// print emails with html template // print emails with html template
$user = User::parseDomain($this->address, $this->config['blocked_usernames']); $user = User::parseDomain($this->address, $this->config['blocked_usernames']);
$this->if_invalid_redirect_to_random($user, $this->config['domains']); $this->validate_user($user, $this->config['domains']);
$emails = $imapClient->get_emails($user); $emails = $imapClient->get_emails($user);
$this->viewHandler->displayEmails($emails, $this->config, $user); $this->viewHandler->displayEmails($emails, $this->config, $user);

16
src/json-api.php
View File

@ -13,20 +13,24 @@ require_once 'router.php';
class RestRouter extends Router { class RestRouter extends Router {
function route(): Controller { function route(): Controller {
if ($this->action === "download_email" if ($this->method === "GET"
&& $this->action === "download_email"
&& isset($this->get_vars['email_id']) && isset($this->get_vars['email_id'])
&& isset($this->get_vars['address'])) { && isset($this->get_vars['address'])) {
return new DownloadEmailController($this->get_vars['email_id'], $this->get_vars['address'], $this->config['domains'], $this->config['blocked_usernames']); return new DownloadEmailController($this->get_vars['email_id'], $this->get_vars['address'], $this->config['domains'], $this->config['blocked_usernames']);
} elseif ($this->action === "delete_email" } elseif ($this->method === "DELETE"
&& isset($this->get_vars['email_id']) && isset($this->get_vars['email_id'])
&& isset($this->get_vars['address'])) { && isset($this->get_vars['address'])) {
return new DeleteEmailController($this->get_vars['email_id'], $this->get_vars['address'], $this->config['domains'], $this->config['blocked_usernames']); return new DeleteEmailController($this->get_vars['email_id'], $this->get_vars['address'], $this->config['domains'], $this->config['blocked_usernames']);
} elseif ($this->action === 'get_random_username') { } elseif ($this->method === "GET"
&& $this->action === 'random_username') {
return new RedirectToRandomAddressController($this->config['domains']); return new RedirectToRandomAddressController($this->config['domains']);
} elseif ($this->action === 'get_emails' && isset($this->get_vars['address'])) { } elseif ($this->method === "GET"
&& $this->action === 'emails'
&& isset($this->get_vars['address'])) {
return new DisplayEmailsController($this->get_vars['address'], $this->config); return new DisplayEmailsController($this->get_vars['address'], $this->config);
} else { } else {
@ -68,6 +72,10 @@ class JsonViewHandler implements ViewHandler {
function downloadEmailAsRfc822($full_email, $filename) { function downloadEmailAsRfc822($full_email, $filename) {
$this->json(array('status' => "success", 'body' => $full_email)); $this->json(array('status' => "success", 'body' => $full_email));
} }
function invalid_input($config_domains) {
$this->error(400, 'Bad Request');
}
} }

12
src/user.php
View File

@ -5,6 +5,18 @@ class User {
public $username; public $username;
public $domain; public $domain;
public static function get_random_address(array $domains): string {
$wordLength = rand(3, 8);
$container = new PronounceableWord_DependencyInjectionContainer();
$generator = $container->getGenerator();
$word = $generator->generateWordOfGivenLength($wordLength);
$nr = rand(51, 91);
$name = $word . $nr;
$domain = $domains[array_rand($domains)];
return "$name@$domain";
}
public function isInvalid(array $config_domains): bool { public function isInvalid(array $config_domains): bool {
if (empty($this->username) || empty($this->domain)) { if (empty($this->username) || empty($this->domain)) {
return true; return true;

7
src/view.php
View File

@ -15,6 +15,8 @@ interface ViewHandler {
function newAddress($string); function newAddress($string);
function downloadEmailAsRfc822($full_email, $filename); function downloadEmailAsRfc822($full_email, $filename);
function invalid_input($config_domains);
} }
@ -42,4 +44,9 @@ class ServerRenderViewHandler implements ViewHandler {
header("Content-Disposition: attachment; filename=\"$filename\""); header("Content-Disposition: attachment; filename=\"$filename\"");
print $full_email; print $full_email;
} }
function invalid_input($config_domains) {
$address = User::get_random_address($config_domains);
$this->newAddress($address);
}
} }