simon/adl-support
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Improved massage-params

Browse source
This commit is contained in:
Simon Brooke 2018-07-24 17:53:58 +01:00
parent 710bfbef81
commit e17a79e7c7
2 changed files with 36 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
project.clj
View file

@ -5,6 +5,7 @@
:url "https://opensource.org/licenses/MIT"} :url "https://opensource.org/licenses/MIT"}
:dependencies [[org.clojure/clojure "1.8.0"] :dependencies [[org.clojure/clojure "1.8.0"]
[org.clojure/core.memoize "0.7.1"]
[org.clojure/math.numeric-tower "0.0.4"] [org.clojure/math.numeric-tower "0.0.4"]
[org.clojure/tools.logging "0.3.1"] [org.clojure/tools.logging "0.3.1"]
[selmer "1.10.6"]] [selmer "1.10.6"]]

56
src/adl_support/core.clj
View file

@ -1,5 +1,6 @@
(ns adl-support.core (ns adl-support.core
(:require [clojure.java.io :as io] (:require [clojure.core.memoize :as memo]
[clojure.java.io :as io]
[clojure.string :refer [split]])) [clojure.string :refer [split]]))
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -66,31 +67,44 @@
{(keyword k) v}))) {(keyword k) v})))
(defn massage-params (defn raw-massage-params
"Sending empty strings, or numbers as strings, to the database often isn't "Sending empty strings, or numbers as strings, to the database often isn't
helpful. Massage these `params` and `form-params` to eliminate these problems. helpful. Massage these `params` and `form-params` to eliminate these problems.
We must take key field values out of just params, but we should take all other We must take key field values out of just params, but we should take all other
values out of form-params - because we need the key to load the form in values out of form-params - because we need the key to load the form in
the first place, but just accepting values of other params would allow spoofing." the first place, but just accepting values of other params would allow spoofing."
[params form-params key-fields] ([params form-params key-fields]
(let (let
[ks (set (map keyword key-fields))] [ks (set (map keyword key-fields))]
(reduce (reduce
merge merge
;; do the keyfields first, from params ;; do the keyfields first, from params
(reduce (reduce
merge merge
{} {}
(map (map
#(massage-value % params) #(massage-value % params)
(filter (filter
#(ks (keyword %)) #(ks (keyword %))
(keys params)))) (keys params))))
;; then merge in everything from form-params, potentially overriding what ;; then merge in everything from form-params, potentially overriding what
;; we got from params. ;; we got from params.
(map (map
#(massage-value % form-params) #(massage-value % form-params)
(keys form-params))))) (keys form-params)))))
([request key-fields]
(raw-massage-params (:params request) (:form-params request) key-fields))
([request]
(raw-massage-params (:params request) (:form-params request) #{})))
(def massage-params
"Sending empty strings, or numbers as strings, to the database often isn't
helpful. Massage these `params` and `form-params` to eliminate these problems.
We must take key field values out of just params, but we should take all other
values out of form-params - because we need the key to load the form in
the first place, but just accepting values of other params would allow spoofing."
(memo/ttl raw-massage-params {} :ttl/threshold 5000))
(defn (defn