feat: basic input validation

src/core/views.py

@@ -2,13 +2,17 @@ from django.shortcuts import render
 from django.http import HttpRequest, HttpResponse, FileResponse
 from django.conf import settings
 
-from epub2go.convert import get_all_books, Book, GBConvert
+from epub2go.convert import get_all_books, Book, GBConvert, allbooks_url
 
 import os
+from urllib.parse import urlparse
+import logging
+
+logger = logging.getLogger(__name__) #TODO configure logging
 
 converter = GBConvert(downloaddir=settings.MEDIA_ROOT)
-# TODO get from pickle
+books = get_all_books()# TODO get from pickle
-books = get_all_books()
+gbnetloc = urlparse(allbooks_url).netloc
 
 def index(request: HttpRequest):
     context = {
@@ -17,7 +21,7 @@ def index(request: HttpRequest):
     }
 
     targetParam = request.GET.get('t', None)
-    if targetParam:
+    if validateUrl(targetParam):
         epub = getEpub(targetParam)
         fname = os.path.join(settings.MEDIA_ROOT, epub)
         file =  open(fname, 'rb')
@@ -28,8 +32,15 @@ def index(request: HttpRequest):
 
     return render(request, 'index.html', context)
 
+def validateUrl(param)->bool :
+    if not param: return False
+
+    netloc = urlparse(param).netloc
+    if(netloc == gbnetloc): return True
+
+    return False
+
 def getEpub(param):
-    print(param)
     # TODO validate / sanitize input
     # TODO check for existing file and age
     #GBConvert(param,downloaddir=settings.MEDIA_ROOT).run()