shockrah/freechat
shockrah/freechat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* More explicit query string guard in /channels/list endpoint handler

Browse Source 
* rtc::make_url now builds websocket urls more robustly incase we have to percent
encode them
This commit is contained in:
shockrah 2021-04-10 16:45:13 -07:00
parent 283c201e96
commit 89bd257213
2 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
json-api/src/channels.rs
View File

@ -18,21 +18,19 @@ pub async fn list_channels(pool: &Pool, response: &mut Response<Body>, params: H
* @user-params -> for now none as i don't feel like dealing with it * @user-params -> for now none as i don't feel like dealing with it
*/ */
// Default to filtering for text channels only if let Some(chan_kind) = qs_param!(params, "kind", i32) {
let chan_type = match qs_param!(params, "kind", i32) { match db::Channel::filter(pool, chan_kind).await {
Some(ctype) => ctype, Ok(resp) => match resp {
None => db::channels::TEXT_CHANNEL db::Response::Set(channels) => set_json_body(response, json!({"channels": json!(channels)}) ),
}; _ => *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR
},
match db::Channel::filter(pool, chan_type).await { Err(e) => {
Ok(resp) => match resp { *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR;
db::Response::Set(channels) => set_json_body(response, json!({"channels": json!(channels)}) ), eprintln!("{}", e);
_ => *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR }
},
Err(e) => {
*response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR;
eprintln!("{}", e);
} }
} else {
*response.status_mut() = StatusCode::BAD_REQUEST;
} }
} }

11
json-api/src/rtc.rs
View File

@ -21,6 +21,7 @@ use serde_json::json;
use jsonwebtoken::{ use jsonwebtoken::{
Header, Algorithm, EncodingKey Header, Algorithm, EncodingKey
}; };
use url::Url;
lazy_static! { lazy_static! {
static ref HMAC_SECRET: Vec<u8> = { static ref HMAC_SECRET: Vec<u8> = {
@ -43,7 +44,7 @@ struct Claim {
} }
fn url() -> String { fn make_url() -> Url {
let claim = Claim { let claim = Claim {
nbf: SystemTime::now() nbf: SystemTime::now()
.duration_since(UNIX_EPOCH).unwrap() .duration_since(UNIX_EPOCH).unwrap()
@ -52,7 +53,10 @@ fn url() -> String {
let header = Header::new(Algorithm::HS512); let header = Header::new(Algorithm::HS512);
let jwt = jsonwebtoken::encode(&header, &claim, &WSS_KEY).unwrap(); let jwt = jsonwebtoken::encode(&header, &claim, &WSS_KEY).unwrap();
format!("ws://localhost:5648/jwt/{}", jwt) let base = "ws://localhost:5648/jwt";
let mut url = Url::parse(base).unwrap();
url.query_pairs_mut().append_pair("jwt", jwt.as_str());
url
} }
async fn notify<P>(event_name: &str, payload: P) async fn notify<P>(event_name: &str, payload: P)
@ -61,7 +65,8 @@ P: Serialize
{ {
// Flow: Connect -> Pick out stream -> Send Data over stream // Flow: Connect -> Pick out stream -> Send Data over stream
// The stream/connection is destroyed by the end of this call // The stream/connection is destroyed by the end of this call
let (ws, _) = connect_async(url().as_str()).await?; println!("NOTIFYING WSS");
let (ws, _) = connect_async(make_url()).await?;
let (mut write, _) = ws.split(); let (mut write, _) = ws.split();
let event = event!(event_name, &payload); let event = event!(event_name, &payload);
let msg = event.to_string(); let msg = event.to_string();