Rails update, request validation

2025-08-04 17:01:44 +02:00 · 2014-07-03 16:08:53 +03:00 · 2014-07-03 16:08:53 +03:00 · 4684b311a2
commit 4684b311a2
parent 4744a35dd9
13 changed files with 1047 additions and 70 deletions
--- a/app/controllers/concerns/epp/common.rb
+++ b/app/controllers/concerns/epp/common.rb
@ -3,6 +3,7 @@ module Epp::Common

  included do
    protect_from_forgery with: :null_session
+    before_action :validate_request, only: [:proxy]
  end

  def proxy
@ -25,4 +26,15 @@ module Epp::Common
  def current_epp_user
    @current_epp_user ||= EppUser.find(epp_session[:epp_user_id]) if epp_session[:epp_user_id]
  end
+
+  def validate_request
+    xsd = Nokogiri::XML::Schema(File.read('doc/schemas/epp-1.0.xsd'))
+    doc = Nokogiri::XML(params[:frame])
+    @extValues = xsd.validate(doc)
+    if @extValues.any?
+      @code = '2001'
+      @msg = 'Command syntax error'
+      render '/epp/error' and return
+    end
+  end
 end
--- a/app/controllers/epp/errors_controller.rb
+++ b/app/controllers/epp/errors_controller.rb
@ -2,6 +2,7 @@ class Epp::ErrorsController < ApplicationController
  include Epp::Common

  def error
+    @code, @msg = params[:code], params[:msg]
    render '/epp/error'
  end
 end
--- a/app/views/epp/error.xml.builder
+++ b/app/views/epp/error.xml.builder
@ -1,9 +1,19 @@
 xml.epp_head do
  xml.response do
-    xml.result('code' => params[:code]) do
-      xml.msg(params[:msg], 'lang' => 'en')
+    xml.result('code' => @code) do
+      xml.msg(@msg, 'lang' => 'en')
    end
  end

+  @extValues.each do |x|
+    xml.extValue do
+      xml.value do
+        # xml.tag!()
+        xml.reason x.to_s
+      end
+    end
+
+  end if @extValues && @extValues.any?
+
  xml << render('/epp/shared/trID')
 end