diff options
author | stuebinm | 2021-12-20 00:15:08 +0100 |
---|---|---|
committer | stuebinm | 2021-12-20 00:15:08 +0100 |
commit | 5060f68b9728bf94818ee985c16c25511f248143 (patch) | |
tree | bc1f938be559c5e9c723c18211888db618f2607d /lib/Uris.hs | |
parent | fc9f714d03a9d018ab9f2474affcf995eb60a4e2 (diff) |
disallow extended API variables in links
Diffstat (limited to 'lib/Uris.hs')
-rw-r--r-- | lib/Uris.hs | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/Uris.hs b/lib/Uris.hs index 5ad9180..e2d9a5f 100644 --- a/lib/Uris.hs +++ b/lib/Uris.hs @@ -9,7 +9,7 @@ module Uris where -import Control.Monad (unless) +import Control.Monad (unless, when) import Data.Aeson (FromJSON (..), Options (..), SumEncoding (UntaggedValue), defaultOptions, genericParseJSON) @@ -58,6 +58,7 @@ data SubstError = | IsBlocked | DomainDoesNotExist Text | WrongScope Text [Text] + | VarsDisallowed -- ^ This link's schema exists, but cannot be used in this scope. -- The second field contains a list of schemas that may be used instead. @@ -65,7 +66,10 @@ data SubstError = applySubst :: KnownSymbol s => Proxy s -> SchemaSet -> Text -> Either SubstError Text applySubst s substs uri = do + when (uri =~ "{{{.*}}}") + $ Left VarsDisallowed (schema, domain, rest) <- note NotALink $ parseUri uri + rules <- note (SchemaDoesNotExist schema) ( M.lookup schema substs) unless (symbolVal s `elem` scope rules) $ Left (WrongScope schema |