feat: ajouter une validation regex pour les paramètres de requête uti…

…lisateur
constructions-incongrues · Nov 9, 2024 · 7f53469 · 7f53469
1 parent 139a0c9
commit 7f53469
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -53,6 +53,8 @@ dashboard:
   rules:
     query:
       admin: "true"
+      user:
+        regex: "/^user[0-9]+$/"
 ```
 
 ## Diagrammes C4

diff --git a/config/bundles.yaml b/config/bundles.yaml
@@ -7,11 +7,12 @@ homepage:
     extensions: [css]
   rules:
     pathContains: /homepage
-
 dashboard:
   javascript:
     directories: [dashboard/js]
     extensions: [js]
   rules:
     query:
       admin: true
+      user:
+        regex: /^user[0-9]+$/
diff --git a/src/AssetGatherer.php b/src/AssetGatherer.php
@@ -66,8 +66,14 @@ private function bundleMatchesRequest(array $rules, ServerRequestInterface $requ
                 case 'query':
                     $queryParams = $request->getQueryParams();
                     foreach ($ruleValue as $queryKey => $queryValue) {
-                        if (($queryParams[$queryKey] ?? '') !== $queryValue) {
-                            return false;
+                        if (is_array($queryValue)) {
+                            if (!isset($queryParams[$queryKey]) || !preg_match($queryValue['regex'], $queryParams[$queryKey])) {
+                                return false;
+                            }
+                        } else {
+                            if (($queryParams[$queryKey] ?? '') !== $queryValue) {
+                                return false;
+                            }
                         }
                     }
                     break;