From eff65aa05c74e93533c2504b8141b0474011e68c Mon Sep 17 00:00:00 2001
From: Chris <ccbrown112@gmail.com>
Date: Wed, 7 Feb 2018 11:05:46 -0600
Subject: ABC-132: sign error page parameters (#8197)

* sign error page parameters

* add comments
---
 api/api.go     | 6 +++++-
 api/context.go | 6 +++---
 api/file.go    | 4 ++--
 3 files changed, 10 insertions(+), 6 deletions(-)

(limited to 'api')

diff --git a/api/api.go b/api/api.go
index 2d65bb216..70f36db85 100644
--- a/api/api.go
+++ b/api/api.go
@@ -109,7 +109,7 @@ func Init(a *app.App, root *mux.Router) *API {
 	api.InitReaction()
 
 	// 404 on any api route before web.go has a chance to serve it
-	root.Handle("/api/{anything:.*}", http.HandlerFunc(Handle404))
+	root.Handle("/api/{anything:.*}", http.HandlerFunc(api.Handle404))
 
 	a.InitEmailBatching()
 
@@ -120,6 +120,10 @@ func Init(a *app.App, root *mux.Router) *API {
 	return api
 }
 
+func (api *API) Handle404(w http.ResponseWriter, r *http.Request) {
+	Handle404(api.App, w, r)
+}
+
 func ReturnStatusOK(w http.ResponseWriter) {
 	m := make(map[string]string)
 	m[model.STATUS] = model.STATUS_OK
diff --git a/api/context.go b/api/context.go
index b28a24731..a8ff2b694 100644
--- a/api/context.go
+++ b/api/context.go
@@ -229,7 +229,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			if c.Err.StatusCode == http.StatusUnauthorized {
 				http.Redirect(w, r, c.GetTeamURL()+"/?redirect="+url.QueryEscape(r.URL.Path), http.StatusTemporaryRedirect)
 			} else {
-				utils.RenderWebError(c.Err, w, r)
+				utils.RenderWebAppError(w, r, c.Err, c.App.AsymmetricSigningKey())
 			}
 		}
 
@@ -434,7 +434,7 @@ func IsApiCall(r *http.Request) bool {
 	return strings.Index(r.URL.Path, "/api/") == 0
 }
 
-func Handle404(w http.ResponseWriter, r *http.Request) {
+func Handle404(a *app.App, w http.ResponseWriter, r *http.Request) {
 	err := model.NewAppError("Handle404", "api.context.404.app_error", nil, "", http.StatusNotFound)
 
 	l4g.Debug("%v: code=404 ip=%v", r.URL.Path, utils.GetIpAddress(r))
@@ -444,7 +444,7 @@ func Handle404(w http.ResponseWriter, r *http.Request) {
 		err.DetailedError = "There doesn't appear to be an api call for the url='" + r.URL.Path + "'.  Typo? are you missing a team_id or user_id as part of the url?"
 		w.Write([]byte(err.ToJson()))
 	} else {
-		utils.RenderWebError(err, w, r)
+		utils.RenderWebAppError(w, r, err, a.AsymmetricSigningKey())
 	}
 }
 
diff --git a/api/file.go b/api/file.go
index 2d626304e..3b8984816 100644
--- a/api/file.go
+++ b/api/file.go
@@ -174,12 +174,12 @@ func getPublicFile(c *Context, w http.ResponseWriter, r *http.Request) {
 
 		if hash != correctHash {
 			c.Err = model.NewAppError("getPublicFile", "api.file.get_file.public_invalid.app_error", nil, "", http.StatusBadRequest)
-			http.Redirect(w, r, c.GetSiteURLHeader()+"/error?message="+utils.T(c.Err.Message), http.StatusTemporaryRedirect)
+			utils.RenderWebAppError(w, r, c.Err, c.App.AsymmetricSigningKey())
 			return
 		}
 	} else {
 		c.Err = model.NewAppError("getPublicFile", "api.file.get_file.public_invalid.app_error", nil, "", http.StatusBadRequest)
-		http.Redirect(w, r, c.GetSiteURLHeader()+"/error?message="+utils.T(c.Err.Message), http.StatusTemporaryRedirect)
+		utils.RenderWebAppError(w, r, c.Err, c.App.AsymmetricSigningKey())
 		return
 	}
 
-- 
cgit v1.2.3-1-g7c22