From 52a0c7e560035b25c1727daecade550c0d93dd62 Mon Sep 17 00:00:00 2001
From: kelvinqian00 <kelvinqian2@gmail.com>
Date: Tue, 17 Dec 2024 15:48:02 -0500
Subject: [PATCH] Add url-prefix restrictions to config spec

---
 src/main/lrsql/spec/config.clj | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/main/lrsql/spec/config.clj b/src/main/lrsql/spec/config.clj
index 23645e92c..fb41baf07 100644
--- a/src/main/lrsql/spec/config.clj
+++ b/src/main/lrsql/spec/config.clj
@@ -1,5 +1,6 @@
 (ns lrsql.spec.config
   (:require [clojure.spec.alpha :as s]
+            [clojure.string :as cstr]
             [xapi-schema.spec :as xs]
             [lrsql.spec.util :as u]))
 
@@ -107,6 +108,14 @@
            [{:keys [pool-validation-timeout pool-connection-timeout]}]
            (< pool-validation-timeout pool-connection-timeout))))
 
+(defn- prefix? [s]
+  (cstr/starts-with? s "/"))
+
+(defn- not-admin-prefix? [s]
+  (not (cstr/starts-with? s "/admin")))
+
+(s/def ::stmt-url-prefix (s/and string? prefix? not-admin-prefix?))
+
 (s/def ::admin-user-default string?)
 (s/def ::admin-pass-default string?)
 
@@ -147,6 +156,7 @@
 (s/def ::http-host string?)
 (s/def ::http-port nat-int?)
 (s/def ::ssl-port nat-int?)
+(s/def ::url-prefix ::stmt-url-prefix)
 
 (s/def ::allow-all-origins boolean?)
 (s/def ::allowed-origins (s/nilable (s/coll-of string?)))