From 45c6c95a930b16309bc4f813e61dfef847bdbd06 Mon Sep 17 00:00:00 2001 From: array-in-a-matrix Date: Thu, 15 Aug 2024 15:03:07 -0400 Subject: [PATCH] use jsony --- src/glimpse.nim | 2 +- src/routes/upload.nim | 13 +++++-------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/src/glimpse.nim b/src/glimpse.nim index e05ad31..66820c1 100644 --- a/src/glimpse.nim +++ b/src/glimpse.nim @@ -1,4 +1,4 @@ -import std/[strutils, os, json, asyncdispatch, httpclient, logging] +import std/[strutils, os, asyncdispatch, httpclient, logging] import jester import checksums/sha3 diff --git a/src/routes/upload.nim b/src/routes/upload.nim index 7558342..d2f1b71 100644 --- a/src/routes/upload.nim +++ b/src/routes/upload.nim @@ -1,4 +1,4 @@ -import std/[strutils, os, json, logging] +import std/[strutils, os, logging] import jester import jsony import norm/model @@ -27,16 +27,13 @@ proc createUploadRoutes*(cfg: Cfg) = let fileName = request.formData["file"].fields["filename"] var fileTags: string - # this is a hack, I hate this - # convert to JsonNode to ensure we were given a proper JSON - # convert back to a string because db doesnt allow for JsonNode try: - fileTags = $parseJson(request.formData[ - "tags"].body) # TODO: sanitize, only an array of strings (e.g. remove nested objects/arrays) + # check if tags json sent is of seq[string], otherwise reject it. + fileTags = request.formData["tags"].body.fromJson(seq[string]).toJson() except KeyError: fileTags = "[]" - except: # "except JsonError:" doesn't work for some reason - respErr Http400, "Bad JSON.\n" + except JsonError: + respErr Http400, "Bad JSON, must be an array of strings.\n" # create needed directories if they don't exist already let directory = cfg.uploadDir & user.username & "/"