安全性を向上

2026-01-13 16:23:55 +09:00
parent 5b10b90bf5
commit fee5d7c846
4 changed files with 244 additions and 10 deletions
--- a/internal/handler/assignment_handler.go
+++ b/internal/handler/assignment_handler.go
@@ -9,6 +9,7 @@ import (
 	"homework-manager/internal/middleware"
 	"homework-manager/internal/models"
 	"homework-manager/internal/service"
+	"homework-manager/internal/validation"

 	"github.com/gin-gonic/gin"
 )
@@ -126,6 +127,22 @@ func (h *AssignmentHandler) Create(c *gin.Context) {
 	priority := c.PostForm("priority")
 	dueDateStr := c.PostForm("due_date")

+	if err := validation.ValidateAssignmentInput(title, description, subject, priority); err != nil {
+		role, _ := c.Get(middleware.UserRoleKey)
+		name, _ := c.Get(middleware.UserNameKey)
+		RenderHTML(c, http.StatusOK, "assignments/new.html", gin.H{
+			"title":       "課題登録",
+			"error":       err.Error(),
+			"formTitle":   title,
+			"description": description,
+			"subject":     subject,
+			"priority":    priority,
+			"isAdmin":     role == "admin",
+			"userName":    name,
+		})
+		return
+	}
+
 	reminderEnabled := c.PostForm("reminder_enabled") == "on"
 	reminderAtStr := c.PostForm("reminder_at")
 	var reminderAt *time.Time
@@ -298,6 +315,11 @@ func (h *AssignmentHandler) Update(c *gin.Context) {
 	priority := c.PostForm("priority")
 	dueDateStr := c.PostForm("due_date")

+	if err := validation.ValidateAssignmentInput(title, description, subject, priority); err != nil {
+		c.Redirect(http.StatusFound, "/assignments")
+		return
+	}
+
 	reminderEnabled := c.PostForm("reminder_enabled") == "on"
 	reminderAtStr := c.PostForm("reminder_at")
 	var reminderAt *time.Time