making auth wall a little bit more lenient for now until testing has some reasonable methodology
This commit is contained in:
shockrah
parent
65ccf70091
commit
5c2c4abd76
@ -1,5 +1,6 @@
|
|||||||
use mysql_async::{Conn, Pool};
|
use mysql_async::Pool;
|
||||||
use mysql_async::prelude::{params, Queryable};
|
use mysql_async::prelude::{params, Queryable};
|
||||||
|
use crate::db_types::{UBigInt, Integer, VarChar};
|
||||||
|
|
||||||
use crate::routes;
|
use crate::routes;
|
||||||
|
|
||||||
@ -10,26 +11,10 @@ pub enum AuthReason {
|
|||||||
NoKey,
|
NoKey,
|
||||||
}
|
}
|
||||||
|
|
||||||
fn check_key_row(row: &Option<(i32, i32, u64)>) -> AuthReason {
|
|
||||||
// (limit, uses, _userid)
|
|
||||||
use self::AuthReason::*;
|
|
||||||
match row {
|
|
||||||
Some(data) => {
|
|
||||||
if data.1 > data.0 {
|
|
||||||
LimitPassed
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
Good
|
|
||||||
}
|
|
||||||
},
|
|
||||||
None => NoKey
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
fn open_route(path: &str) -> bool {
|
fn open_route(path: &str) -> bool {
|
||||||
return path == routes::INVITE_JOIN
|
return path == routes::INVITE_JOIN
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) -> Result<AuthReason, mysql_async::error::Error> {
|
pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) -> Result<AuthReason, mysql_async::error::Error> {
|
||||||
// Start by Checking if the api key is in our keystore
|
// Start by Checking if the api key is in our keystore
|
||||||
if open_route(path) {
|
if open_route(path) {
|
||||||
@ -39,12 +24,15 @@ pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) ->
|
|||||||
if let Some(key) = params.get("secret") {
|
if let Some(key) = params.get("secret") {
|
||||||
let conn = pool.get_conn().await?;
|
let conn = pool.get_conn().await?;
|
||||||
// (id, name, secret)
|
// (id, name, secret)
|
||||||
let (_con, row): (Conn, Option<(i32, i32, u64)>) = conn
|
let (_con, row): (_, Option<(UBigInt, VarChar)>) = conn
|
||||||
.first_exec(r"SELECT limit, uses, userid, FROM keys WHERE secret = :secret ", mysql_async::params!{ "secret" => key})
|
.first_exec(r"SELECT userid, name FROM keys WHERE secret = :secret ", mysql_async::params!{ "secret" => key})
|
||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
// Error case should probably have some kind of error checking
|
// yeayea i no
|
||||||
Ok(check_key_row(&row))
|
match row {
|
||||||
|
Some(_) => Ok(AuthReason::Good),
|
||||||
|
None => Ok(AuthReason::NoKey)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
Ok(AuthReason::NoKey)
|
Ok(AuthReason::NoKey)
|
||||||
|
|||||||
@ -5,6 +5,12 @@ use std::u8;
|
|||||||
|
|
||||||
pub async fn parse_params(body_raw: &mut Body) -> Result<Value, serde_json::error::Error> {
|
pub async fn parse_params(body_raw: &mut Body) -> Result<Value, serde_json::error::Error> {
|
||||||
let bytes: &[u8] = &*to_bytes(body_raw).await.unwrap(); // rarely fails
|
let bytes: &[u8] = &*to_bytes(body_raw).await.unwrap(); // rarely fails
|
||||||
let values: Value = serde_json::from_slice(bytes)?;
|
let values: Value;
|
||||||
|
if bytes.len() == 0 {
|
||||||
|
values = serde_json::from_str("{}")?;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
values = serde_json::from_slice(bytes)?;
|
||||||
|
}
|
||||||
Ok(values)
|
Ok(values)
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue
Block a user