fgm
/
go__sqs_demo


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149
							package web

import (
	"net/http"
	"net/url"
	"strconv"
	"strings"

	"github.com/aws/aws-sdk-go-v2/aws/arn"
	"github.com/gin-contrib/sessions"
	"github.com/gin-gonic/gin"
	"github.com/google/uuid"
	csrf "github.com/utrack/gin-csrf"
)

type (
	// Level is an information level: danger | warning.
	Level string
	// QueueOp is an allowed operation or reserved error: delete|redrive|invalid.
	QueueOp string
)

const (
	LevelDanger  Level = "danger"
	LevelInfo    Level = "info"
	LevelWarning Level = "warning"

	OpDelete  QueueOp = "delete"
	OpRedrive QueueOp = "redrive"
	OpInvalid QueueOp = "invalid"
)

var confirms = map[QueueOp]struct {
	question, description string
	confirm               string
	Level                 // danger|warning
}{
	OpDelete: {
		confirm:     "Delete",
		description: "These messages cannot be recovered after that step",
		question:    "Do you confirm this deletion request?",
		Level:       LevelDanger,
	},
	OpRedrive: {
		confirm:     "Redrive",
		description: "These messages will be in their source queue after that step",
		question:    "Do you confirm this redriving request?",
		Level:       LevelWarning,
	},
	OpInvalid: {
		description: "The operation requested is invalid",
		Level:       LevelInfo,
	},
}

// getOp extracts the operation from the unsafe form data, returning a safe value.
func getOp(u *url.URL) QueueOp {
	q := u.Query()
	found := 0
	var res QueueOp
	for key := range q {
		switch op := QueueOp(strings.ToLower(key)); op {
		case OpDelete, OpRedrive:
			res = op
			found++
		default:
			continue
		}
	}
	if found != 1 {
		return OpInvalid
	}
	return res
}

type IDValidator func(in string) bool

// validateUint is an IDValidator for unsigned integer strings.
func validateUint(in string) bool {
	_, err := strconv.Atoi(in)
	return err == nil
}

// validateUUID is an IDValidator for UUID strings
func validateUUID(in string) bool {
	_, err := uuid.Parse(in)
	return err == nil
}

// validateARN is an IDValidator for ARN strings
func validateARN(in string) bool {
	return arn.IsARN(in)
}

func parseIDs(u *url.URL, isValid IDValidator) []string {
	const prefix = "id-"
	q := u.Query()
	var ids []string
	for k, vs := range q {
		// Weed out bad keys, bad value lengths, and non-matching checkbox statuses.
		if pos := strings.Index(k, prefix); pos == -1 || len(vs) != 1 || vs[0] != "on" {
			continue
		}
		b, a, found := strings.Cut(k, prefix)
		if b == "" && found && isValid(a) {
			ids = append(ids, a)
		}
	}
	return ids
}

func makeConfirmHandler() gin.HandlerFunc {
	return func(c *gin.Context) {
		u := c.Request.URL
		op := getOp(u)
		// For real data, probably use validateUUID or validateARN.
		ids := parseIDs(u, validateUint)
		if len(ids) == 0 {
			op = OpInvalid
		}

		data := confirms[op] // op is guaranteed to be valid by getOp().
		qName := c.Param("name")

		sess := sessions.Default(c)
		flashes := sess.Flashes()
		token := csrf.GetToken(c)
		sess.Save()

		h := gin.H{
			"cancel":      "Cancel",
			"cancelURL":   "/queue/" + qName,
			"confirm":     data.confirm,
			"csrf":        token,
			"description": data.description,
			"flashes":     flashes,
			"level":       data.Level,
			"list":        ids,
			"question":    data.question,
		}
		if qName == "" {
			h["cancelURL"] = "/"
		}
		if op == OpInvalid {
			h["list"] = nil
		}
		c.HTML(http.StatusOK, "confirm", h)
	}
}