* More explicit query string guard in /channels/list endpoint handler

* rtc::make_url now builds websocket urls more robustly incase we have to percent encode them
2021-04-10 16:45:13 -07:00 · 2021-04-10 16:45:13 -07:00 · 89bd257213
commit 89bd257213
parent 283c201e96
2 changed files with 20 additions and 17 deletions
--- a/json-api/src/channels.rs
+++ b/json-api/src/channels.rs
@ -18,21 +18,19 @@ pub async fn list_channels(pool: &Pool, response: &mut Response<Body>, params: H
     * @user-params -> for now none as i don't feel like dealing with it
    */

-    // Default to filtering for text channels only
-    let chan_type = match qs_param!(params, "kind", i32) {
-        Some(ctype) => ctype,
-        None => db::channels::TEXT_CHANNEL
-    };
-
-    match db::Channel::filter(pool, chan_type).await {
-        Ok(resp) => match resp {
-            db::Response::Set(channels) => set_json_body(response, json!({"channels": json!(channels)}) ),
-            _ => *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR
-        },
-        Err(e) => {
-            *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR;
-            eprintln!("{}", e);
+    if let Some(chan_kind) = qs_param!(params, "kind", i32) {
+        match db::Channel::filter(pool, chan_kind).await {
+            Ok(resp) => match resp {
+                db::Response::Set(channels) => set_json_body(response, json!({"channels": json!(channels)}) ),
+                _ => *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR
+            },
+            Err(e) => {
+                *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR;
+                eprintln!("{}", e);
+            }
        }
+    } else {
+        *response.status_mut() = StatusCode::BAD_REQUEST;
    }
 }

--- a/json-api/src/rtc.rs
+++ b/json-api/src/rtc.rs
@ -21,6 +21,7 @@ use serde_json::json;
 use jsonwebtoken::{
    Header, Algorithm, EncodingKey
 };
+use url::Url;

 lazy_static! {
    static ref HMAC_SECRET: Vec<u8> = {
@ -43,7 +44,7 @@ struct Claim {
 }


-fn url() -> String {
+fn make_url() -> Url {
    let claim = Claim {
        nbf: SystemTime::now()
            .duration_since(UNIX_EPOCH).unwrap()
@ -52,7 +53,10 @@ fn url() -> String {

    let header = Header::new(Algorithm::HS512);
    let jwt = jsonwebtoken::encode(&header, &claim, &WSS_KEY).unwrap();
-    format!("ws://localhost:5648/jwt/{}", jwt)
+    let base = "ws://localhost:5648/jwt";
+    let mut url = Url::parse(base).unwrap();
+    url.query_pairs_mut().append_pair("jwt", jwt.as_str());
+    url
 }

 async fn notify<P>(event_name: &str, payload: P) 
@ -61,7 +65,8 @@ P: Serialize
 {
    // Flow: Connect -> Pick out stream -> Send Data over stream
    // The stream/connection is destroyed by the end of this call
-    let (ws, _) = connect_async(url().as_str()).await?;
+    println!("NOTIFYING WSS");
+    let (ws, _) = connect_async(make_url()).await?;
    let (mut write, _) = ws.split();
    let event = event!(event_name, &payload);
    let msg = event.to_string();