Validate decoded query and required params

Signed-off-by: Sean Du <do4suki@gmail.com>
This commit is contained in:
2026-04-28 11:44:56 +08:00
parent ae847f5e29
commit eeaf1d9c73
+14 -3
View File
@@ -3,6 +3,7 @@ package account
import (
"encoding/base64"
"encoding/json"
"errors"
"fmt"
unitmodel "honoka-chan/internal/model/unit"
usermodel "honoka-chan/internal/model/user"
@@ -43,9 +44,19 @@ func login(ctx *gin.Context) {
return
}
queryStr, _ := url.QueryUnescape(string(decryptedData))
params, _ := url.ParseQuery(queryStr)
phone, password := params.Get("phone"), params.Get("password")
queryStr, err := url.QueryUnescape(string(decryptedData))
if ss.CheckErr(err) {
return
}
params, err := url.ParseQuery(queryStr)
if ss.CheckErr(err) {
return
}
phone, password := strings.TrimSpace(params.Get("phone")), params.Get("password")
if phone == "" || password == "" {
ss.Abort(errors.New("invalid login params"))
return
}
var userID int
var pass, autoKey, ticket string