feat: improve route validation

tigerwill90 · Nov 30, 2024 · 9b79004 · 9b79004
1 parent 87ab461
commit 9b79004
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 13 deletions.
diff --git a/error.go b/error.go
@@ -20,6 +20,8 @@ var (
 	ErrNoClientIPResolver      = errors.New("no client ip resolver")
 	ErrReadOnlyTxn             = errors.New("write on read-only transaction")
 	ErrSettledTxn              = errors.New("transaction settled")
+	ErrParamKeyTooLarge        = errors.New("parameter key too large")
+	ErrTooManyParams           = errors.New("too many params")
 )
 
 // RouteConflictError is a custom error type used to represent conflicts when

diff --git a/fox.go b/fox.go
@@ -643,11 +643,6 @@ func (fox *Router) parseRoute(url string) (uint32, int, error) {
 				}
 				inParam = false
 
-				paramLen := len(url[startParam:i])
-				if paramLen > int(fox.maxParamKeyBytes) {
-					return 0, -1, fmt.Errorf("%w: parameter key too large: max=%d got=%d", ErrInvalidRoute, fox.maxParamKeyBytes, paramLen)
-				}
-
 				if i+1 < len(url) && url[i+1] != delim && url[i+1] != '/' {
 					return 0, -1, fmt.Errorf("%w: illegal character '%s' after '{param}'", ErrInvalidRoute, string(url[i+1]))
 				}
@@ -663,6 +658,10 @@ func (fox *Router) parseRoute(url string) (uint32, int, error) {
 				continue
 			}
 
+			if i-startParam > int(fox.maxParamKeyBytes) {
+				return 0, -1, fmt.Errorf("%w: %w", ErrInvalidRoute, ErrParamKeyTooLarge)
+			}
+
 			if url[i] == delim || url[i] == '/' || url[i] == '*' || url[i] == '{' {
 				return 0, -1, fmt.Errorf("%w: illegal character '%s' in '{param}'", ErrInvalidRoute, string(url[i]))
 			}
@@ -675,11 +674,6 @@ func (fox *Router) parseRoute(url string) (uint32, int, error) {
 				}
 				inParam = false
 
-				paramLen := len(url[startParam:i])
-				if paramLen > int(fox.maxParamKeyBytes) {
-					return 0, -1, fmt.Errorf("%w: parameter key too large: max=%d got=%d", ErrInvalidRoute, fox.maxParamKeyBytes, paramLen)
-				}
-
 				if i+1 < len(url) && url[i+1] != '/' {
 					return 0, -1, fmt.Errorf("%w: illegal character '%s' after '*{param}'", ErrInvalidRoute, string(url[i+1]))
 				}
@@ -695,6 +689,10 @@ func (fox *Router) parseRoute(url string) (uint32, int, error) {
 				continue
 			}
 
+			if i-startParam > int(fox.maxParamKeyBytes) {
+				return 0, -1, fmt.Errorf("%w: %w", ErrInvalidRoute, ErrParamKeyTooLarge)
+			}
+
 			if url[i] == '/' || url[i] == '*' || url[i] == '{' {
 				return 0, -1, fmt.Errorf("%w: illegal character '%s' in '*{param}'", ErrInvalidRoute, string(url[i]))
 			}
@@ -708,15 +706,15 @@ func (fox *Router) parseRoute(url string) (uint32, int, error) {
 
 			if url[i] == '{' {
 				state = stateParam
-				startParam = i + 1
+				startParam = i
 				paramCnt++
 			} else if url[i] == '*' {
 				if i < endHost {
 					return 0, -1, fmt.Errorf("%w: catch-all wildcard not supported in hostname", ErrInvalidRoute)
 				}
 				state = stateCatchAll
 				i++
-				startParam = i + 1
+				startParam = i
 				paramCnt++
 			} else {
 				countStatic++
@@ -758,7 +756,7 @@ func (fox *Router) parseRoute(url string) (uint32, int, error) {
 			}
 
 			if paramCnt > uint32(fox.maxParams) {
-				return 0, -1, fmt.Errorf("%w: too many params: max=%d got=%d", ErrInvalidRoute, fox.maxParams, paramCnt)
+				return 0, -1, fmt.Errorf("%w: %w", ErrInvalidRoute, ErrTooManyParams)
 			}
 
 			i++