diff --git a/src/auth.go b/src/auth.go index 9973939..428ef8d 100644 --- a/src/auth.go +++ b/src/auth.go @@ -243,8 +243,15 @@ func parseLogFilter(r *http.Request) (*logFilter, error) { Offset: 0, } + validActions := map[string]bool{ + "add_temp": true, "delete_temp": true, + "add_perm": true, "delete_perm": true, "expire_temp": true, + } + if v := r.URL.Query().Get("action"); v != "" { - f.Action = v + if validActions[v] { + f.Action = v + } } if v := r.URL.Query().Get("ip"); v != "" { f.IP = v @@ -333,13 +340,13 @@ func statusHandler(db *sql.DB) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var permCount int var tempCount int - dbOK := false + dbOK := true - if err := db.QueryRow(`SELECT COUNT(*) FROM perm_whitelist`).Scan(&permCount); err == nil { - dbOK = true + if err := db.QueryRow(`SELECT COUNT(*) FROM perm_whitelist`).Scan(&permCount); err != nil { + dbOK = false } - if err := db.QueryRow(`SELECT COUNT(*) FROM temp_whitelist WHERE expires_at > ?`, time.Now().Format(time.RFC3339)).Scan(&tempCount); err == nil { - dbOK = true + if err := db.QueryRow(`SELECT COUNT(*) FROM temp_whitelist WHERE expires_at > ?`, time.Now().Format(time.RFC3339)).Scan(&tempCount); err != nil { + dbOK = false } health := map[string]interface{}{