Improved massage-params
This commit is contained in:
parent
710bfbef81
commit
e17a79e7c7
|
|
@ -5,6 +5,7 @@
|
|||
:url "https://opensource.org/licenses/MIT"}
|
||||
|
||||
:dependencies [[org.clojure/clojure "1.8.0"]
|
||||
[org.clojure/core.memoize "0.7.1"]
|
||||
[org.clojure/math.numeric-tower "0.0.4"]
|
||||
[org.clojure/tools.logging "0.3.1"]
|
||||
[selmer "1.10.6"]]
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
(ns adl-support.core
|
||||
(:require [clojure.java.io :as io]
|
||||
(:require [clojure.core.memoize :as memo]
|
||||
[clojure.java.io :as io]
|
||||
[clojure.string :refer [split]]))
|
||||
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
|
|
@ -66,31 +67,44 @@
|
|||
{(keyword k) v})))
|
||||
|
||||
|
||||
(defn massage-params
|
||||
(defn raw-massage-params
|
||||
"Sending empty strings, or numbers as strings, to the database often isn't
|
||||
helpful. Massage these `params` and `form-params` to eliminate these problems.
|
||||
We must take key field values out of just params, but we should take all other
|
||||
values out of form-params - because we need the key to load the form in
|
||||
the first place, but just accepting values of other params would allow spoofing."
|
||||
[params form-params key-fields]
|
||||
(let
|
||||
[ks (set (map keyword key-fields))]
|
||||
(reduce
|
||||
merge
|
||||
;; do the keyfields first, from params
|
||||
(reduce
|
||||
merge
|
||||
{}
|
||||
(map
|
||||
#(massage-value % params)
|
||||
(filter
|
||||
#(ks (keyword %))
|
||||
(keys params))))
|
||||
;; then merge in everything from form-params, potentially overriding what
|
||||
;; we got from params.
|
||||
(map
|
||||
#(massage-value % form-params)
|
||||
(keys form-params)))))
|
||||
([params form-params key-fields]
|
||||
(let
|
||||
[ks (set (map keyword key-fields))]
|
||||
(reduce
|
||||
merge
|
||||
;; do the keyfields first, from params
|
||||
(reduce
|
||||
merge
|
||||
{}
|
||||
(map
|
||||
#(massage-value % params)
|
||||
(filter
|
||||
#(ks (keyword %))
|
||||
(keys params))))
|
||||
;; then merge in everything from form-params, potentially overriding what
|
||||
;; we got from params.
|
||||
(map
|
||||
#(massage-value % form-params)
|
||||
(keys form-params)))))
|
||||
([request key-fields]
|
||||
(raw-massage-params (:params request) (:form-params request) key-fields))
|
||||
([request]
|
||||
(raw-massage-params (:params request) (:form-params request) #{})))
|
||||
|
||||
|
||||
(def massage-params
|
||||
"Sending empty strings, or numbers as strings, to the database often isn't
|
||||
helpful. Massage these `params` and `form-params` to eliminate these problems.
|
||||
We must take key field values out of just params, but we should take all other
|
||||
values out of form-params - because we need the key to load the form in
|
||||
the first place, but just accepting values of other params would allow spoofing."
|
||||
(memo/ttl raw-massage-params {} :ttl/threshold 5000))
|
||||
|
||||
|
||||
(defn
|
||||
|
|
|
|||
Loading…
Reference in a new issue