Skip to content

Commit

Permalink
SQL-215 generic scanner function support
Browse files Browse the repository at this point in the history
  • Loading branch information
@milt
milt committed Nov 8, 2023
1 parent 754e197 commit f170ca4
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 14 deletions.
22 changes: 22 additions & 0 deletions src/main/com/yetanalytics/lrs/pedestal/interceptor/xapi/statements.cljc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,28 @@
{:status 400
:body {:error {:message "No Statement Data Provided"}}}))))})

(defn scan-attachments
"Scan attachment files with a user-provided function."
[file-scanner]
{:name ::scan-attachments
:enter
(fn [ctx]
(let [attachments (get-in ctx [:xapi :xapi.statements/attachments])]
(if-let [attachment-errors (some-> attachments
(->> (keep (fn [{:keys [content]}]
(file-scanner content))))
not-empty)]
(do
(attachment/delete-attachments! attachments)
(assoc (chain/terminate ctx)
:response
{:status 400
:body {:error {:message
(format "Scan failed, Errors: %s"
(cs/join ", "
(map :message attachment-errors)))}}}))
ctx)))})

(def set-consistent-through
{:name ::set-consistent-through
:leave
Expand Down
38 changes: 24 additions & 14 deletions src/main/com/yetanalytics/lrs/pedestal/routes.cljc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,10 +93,14 @@
:path-prefix - defines the prefix from root for xAPI routes, default /xapi
:wrap-interceptors - a vector of interceptors to apply to every route.
The default vector includes an error interceptor which should be replaced
if this setting is provided."
if this setting is provided.
:file-scanner - a function that takes the content of any arbitrary
user-submitted file and returns nil if it is safe, or a map with :message
describing why it is unsafe. If unsafe the request will fail with a 400."
[{:keys [lrs
path-prefix
wrap-interceptors]
wrap-interceptors
file-scanner]
:or {path-prefix "/xapi"
wrap-interceptors [i/error-interceptor]}}]
(let [lrs-i (i/lrs-interceptor lrs)
Expand Down Expand Up @@ -150,19 +154,25 @@
statements/handle-get)
:route-name :com.yetanalytics.lrs.xapi.statements/head]
[(format "%s/statements" path-prefix)
:put (conj protected-interceptors
statements-i/set-consistent-through
(xapi-i/params-interceptor
:xapi.statements.PUT.request/params)
statements-i/parse-multiparts
statements-i/validate-request-statements
statements/handle-put)]
:put (-> protected-interceptors
(into [statements-i/set-consistent-through
(xapi-i/params-interceptor
:xapi.statements.PUT.request/params)
statements-i/parse-multiparts
statements-i/validate-request-statements])
(cond->
file-scanner
(conj (statements-i/scan-attachments file-scanner)))
(conj statements/handle-put))]
[(format "%s/statements" path-prefix)
:post (conj protected-interceptors
statements-i/set-consistent-through
statements-i/parse-multiparts
statements-i/validate-request-statements
statements/handle-post)]
:post (-> protected-interceptors
(into [statements-i/set-consistent-through
statements-i/parse-multiparts
statements-i/validate-request-statements])
(cond->
file-scanner
(conj (statements-i/scan-attachments file-scanner)))
(conj statements/handle-post))]
[(format "%s/statements" path-prefix)
:any method-not-allowed
:route-name :com.yetanalytics.lrs.xapi.statements/any]
Expand Down

0 comments on commit f170ca4

Please sign in to comment.