phalaaxx
/
forms


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232
							package forms

import (
	"context"
	"errors"
	"fmt"
	"net/http"
	"net/mail"
	"strings"
	"unicode/utf8"
)

/* validation errors */
var (
	EInvalidInteger   = errors.New("not a valid integer value")
	EInvalidFloat     = errors.New("not a valid float value")
	ERequired         = errors.New("this field is required")
	EInvalidEmail     = errors.New("invalid email address")
	EInvalidDomain    = errors.New("invalid domain name")
	EInvalidDomainTLD = errors.New("invalid domain TLD")
)

/* A globaly defined set with valid domain TLDs */
var validTLDs = map[string]struct{}{
	/* general purpose domain names */
	"aero": {}, "asia": {}, "biz": {}, "cat": {}, "com": {}, "coop": {}, "info": {}, "int": {}, "jobs": {},
	"mobi": {}, "museum": {}, "name": {}, "net": {}, "org": {}, "pro": {}, "tel": {}, "travel": {}, "xxx": {},
	"edu": {}, "gov": {}, "mil": {},
	/* country code domain names */
	"ac": {}, "ad": {}, "ae": {}, "af": {}, "ag": {}, "ai": {}, "al": {}, "am": {}, "an": {}, "ao": {}, "aq": {},
	"ar": {}, "as": {}, "at": {}, "au": {}, "aw": {}, "ax": {}, "az": {}, "ba": {}, "bb": {}, "bd": {}, "be": {},
	"bf": {}, "bg": {}, "bh": {}, "bi": {}, "bj": {}, "bm": {}, "bn": {}, "bo": {}, "br": {}, "bs": {}, "bt": {},
	"bv": {}, "bw": {}, "by": {}, "bz": {}, "ca": {}, "cc": {}, "cd": {}, "cf": {}, "cg": {}, "ch": {}, "ci": {},
	"ck": {}, "cl": {}, "cm": {}, "cn": {}, "co": {}, "cr": {}, "cs": {}, "cu": {}, "cv": {}, "cx": {}, "cy": {},
	"cz": {}, "dd": {}, "de": {}, "dj": {}, "dk": {}, "dm": {}, "do": {}, "dz": {}, "ec": {}, "ee": {}, "eg": {},
	"eh": {}, "er": {}, "es": {}, "et": {}, "eu": {}, "fi": {}, "fj": {}, "fk": {}, "fm": {}, "fo": {}, "fr": {},
	"ga": {}, "gb": {}, "gd": {}, "ge": {}, "gf": {}, "gg": {}, "gh": {}, "gi": {}, "gl": {}, "gm": {}, "gn": {},
	"gp": {}, "gq": {}, "gr": {}, "gs": {}, "gt": {}, "gu": {}, "gw": {}, "gy": {}, "hk": {}, "hm": {}, "hn": {},
	"hr": {}, "ht": {}, "hu": {}, "id": {}, "ie": {}, "il": {}, "im": {}, "in": {}, "io": {}, "iq": {}, "ir": {},
	"is": {}, "it": {}, "je": {}, "jm": {}, "jo": {}, "jp": {}, "ke": {}, "kg": {}, "kh": {}, "ki": {}, "km": {},
	"kn": {}, "kp": {}, "kr": {}, "kw": {}, "ky": {}, "kz": {}, "la": {}, "lb": {}, "lc": {}, "li": {}, "lk": {},
	"lr": {}, "ls": {}, "lt": {}, "lu": {}, "lv": {}, "ly": {}, "ma": {}, "mc": {}, "md": {}, "me": {}, "mg": {},
	"mh": {}, "mk": {}, "ml": {}, "mm": {}, "mn": {}, "mo": {}, "mp": {}, "mq": {}, "mr": {}, "ms": {}, "mt": {},
	"mu": {}, "mv": {}, "mw": {}, "mx": {}, "my": {}, "mz": {}, "na": {}, "nc": {}, "ne": {}, "nf": {}, "ng": {},
	"ni": {}, "nl": {}, "no": {}, "np": {}, "nr": {}, "nu": {}, "nz": {}, "om": {}, "pa": {}, "pe": {}, "pf": {},
	"pg": {}, "ph": {}, "pk": {}, "pl": {}, "pm": {}, "pn": {}, "pr": {}, "ps": {}, "pt": {}, "pw": {}, "py": {},
	"qa": {}, "re": {}, "ro": {}, "rs": {}, "ru": {}, "rw": {}, "sa": {}, "sb": {}, "sc": {}, "sd": {}, "se": {},
	"sg": {}, "sh": {}, "si": {}, "sj": {}, "sk": {}, "sl": {}, "sm": {}, "sn": {}, "so": {}, "sr": {}, "ss": {},
	"st": {}, "su": {}, "sv": {}, "sy": {}, "sz": {}, "tc": {}, "td": {}, "tf": {}, "tg": {}, "th": {}, "tj": {},
	"tk": {}, "tl": {}, "tm": {}, "tn": {}, "to": {}, "tp": {}, "tr": {}, "tt": {}, "tv": {}, "tw": {}, "tz": {},
	"ua": {}, "ug": {}, "uk": {}, "us": {}, "uy": {}, "uz": {}, "va": {}, "vc": {}, "ve": {}, "vg": {}, "vi": {},
	"vn": {}, "vu": {}, "wf": {}, "ws": {}, "ye": {}, "yt": {}, "yu": {}, "za": {}, "zm": {}, "zw": {},
}

/* ValidLettersGeneric is a validator generator for checking for valid letters in field */
func ValidLettersGeneric(Letters string, Error error) ValidatorFunc {
	Callback := func(field *FormField, ctx context.Context) error {
		for _, Rune := range field.GetString() {
			if strings.IndexRune(Letters, Rune) == -1 {
				return Error
			}
		}
		return nil
	}
	return Callback
}

/* ValidLength makes sure that a string length is between specified min and max values. */
func ValidLength(min, max int) ValidatorFunc {
	var ELength = errors.New(
		fmt.Sprintf("must be a string between %d and %d characters in length", min, max))
	return func(field *FormField, ctx context.Context) error {
		if len(field.GetString()) != 0 && (len(field.GetString()) < min || len(field.GetString()) > max) {
			return ELength
		}
		return nil
	}
}

/* ValidFieldIn verifies if item is within the list of items */
func ValidFieldIn(list []string) ValidatorFunc {
	var EInvalidValue = errors.New(
		fmt.Sprintf(
			"field value must be one of: %s",
			strings.Join(list, ","),
		),
	)
	return func(field *FormField, ctx context.Context) error {
		for _, item := range list {
			if item == field.GetString() {
				return nil
			}
		}
		return EInvalidValue
	}
}

/* ValidInt returns error if field does not contain a valid integer value */
func ValidInt(field *FormField, ctx context.Context) error {
	_, err := field.GetInt()
	if err != nil {
		return EInvalidInteger
	}
	return nil
}

/* ValidBetween makes sure that field is integer value within the specified range. */
func ValidBetween(min, max int) ValidatorFunc {
	var EInvalidInterval = errors.New(
		fmt.Sprintf("must be integer between %d and %d", min, max))
	return func(field *FormField, ctx context.Context) error {
		value, err := field.GetInt()
		if err != nil {
			return EInvalidInteger
		}
		if value < min || value > max {
			return EInvalidInterval
		}
		return nil
	}
}

/* ValidFloat returns error if field does not contain a valid integer value */
func ValidFloat(field *FormField, ctx context.Context) error {
	_, err := field.GetFloat()
	if err != nil {
		return EInvalidFloat
	}
	return nil
}

/* ValidBetweenFloat32 makes sure field is float64 value within the specified range. */
func ValidBetweenFloat(min, max float64) ValidatorFunc {
	var EInvalidInterval = errors.New(
		fmt.Sprintf("must be float value between %.2f and %.2f", min, max))
	return func(field *FormField, ctx context.Context) error {
		value, err := field.GetFloat()
		if err != nil {
			return err
		}
		if value < min || value > max {
			return EInvalidInterval
		}
		return nil
	}
}

/* ValidFieldEqualTo is a validator that checks if two fields have the same value. */
func ValidFieldEqualTo(Other *FormField, err error) ValidatorFunc {
	return func(field *FormField, ctx context.Context) error {
		if field.GetString() != Other.GetString() {
			return err
		}
		return nil
	}
}

/* validDomainNameStr performs checks if the domain name stored in *FormField is valid */
func validDomainNameStr(domain string) error {
	domain = strings.ToLower(strings.TrimSpace(domain))
	domainLen := len(domain)
	/* common domain name checks */
	if domainLen == 0 || domainLen > 253 || strings.ContainsAny(domain, " \t\r\n") {
		return EInvalidDomain
	}
	if domain[0] == '.' || domain[domainLen-1] == '.' {
		return EInvalidDomain
	}
	/* make sure domain name only contains allowed letters */
	for _, r := range domain {
		if (r >= 'a' && r <= 'z') || (r >= '0' && r <= '9') || r == '.' || r == '-' {
			continue
		}
		return EInvalidDomain
	}
	/* split to levels (tld, domain[, subdomain...] */
	levels := strings.Split(domain, ".")
	levelsLen := len(levels)
	if levelsLen < 2 {
		return EInvalidDomain
	}
	/* perform common checks on levels */
	for _, level := range levels {
		levelLen := len(level)
		if levelLen == 0 || levelLen > 63 {
			return EInvalidDomain
		}
		if level[0] == '-' || level[levelLen-1] == '-' {
			return EInvalidDomain
		}

	}
	/* make sure tld has proper size and is whitelisted */
	domainTLD := levels[len(levels)-1]
	if len(domainTLD) < 2 {
		return EInvalidDomainTLD
	}
	if _, ok := validTLDs[domainTLD]; !ok {
		return EInvalidDomainTLD
	}
	return nil
}

/* ValidEmail checks if field contains a valid email address */
func ValidEmail(field *FormField, ctx context.Context) error {
	/* sanitize input */
	addrStr := strings.TrimSpace(field.GetString())
	if addrStr == "" || !utf8.ValidString(addrStr) || strings.ContainsAny(addrStr, " \t\r\n") {
		return EInvalidEmail
	}
	/* use mail.ParseAddress on the sanitized text */
	addr, err := mail.ParseAddress(addrStr)
	if err != nil || addr.Address != addrStr {
		return EInvalidEmail
	}
	/* make sure email address has a valid domain name */
	parts := strings.Split(addrStr, "@")
	if err := validDomainNameStr(parts[len(parts)-1]); err != nil {
		return EInvalidEmail
	}
	return nil
}

/* ValidCSRF checks if CSRF token is valid */
func ValidCSRF(r *http.Request) ValidatorFunc {
	return func(field *FormField, ctx context.Context) error {
		if !csrfVerify(r) {
			return EInvalidCSRF
		}
		return nil
	}
}