hulthe/stl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

server: Add optional password query parameter

Browse Source
This commit is contained in:
Joakim Hulthe
2022-05-01 02:04:37 +02:00
parent 590d58c152
commit 48c0c85962
1 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
server/src/auth.rs
View File

@ -17,6 +17,8 @@ impl From<String> for MasterPassword {
} }
} }
const AUTH_QUERY_KEY: &str = "pw";
const AUTH_COOKIE_KEY: &str = "authorized"; const AUTH_COOKIE_KEY: &str = "authorized";
const AUTH_COOKIE_VAL: &str = "true"; const AUTH_COOKIE_VAL: &str = "true";
@ -31,12 +33,40 @@ impl<'a> FromRequest<'a> for Authorized {
type Error = Unauthorized; type Error = Unauthorized;
async fn from_request(request: &'a Request<'_>) -> Outcome<Self, Self::Error> { async fn from_request(request: &'a Request<'_>) -> Outcome<Self, Self::Error> {
// Check if user has been authorized by cookie
let cookies = request.cookies(); let cookies = request.cookies();
match cookies.get_private(AUTH_COOKIE_KEY) { match cookies.get_private(AUTH_COOKIE_KEY) {
Some(cookie) if cookie.value() == AUTH_COOKIE_VAL => Outcome::Success(Authorized), Some(cookie) if cookie.value() == AUTH_COOKIE_VAL => {
_ => Outcome::Failure((Status::Unauthorized, Unauthorized)), return Outcome::Success(Authorized)
}
_ => {}
} }
request
.guard::<&State<MasterPassword>>()
.await
.map_failure(|_| (Status::Unauthorized, Unauthorized))
.and_then(|master_pass| {
// Check if query string contains password
request
.uri()
.query()
.iter()
.inspect(|q| eprintln!("1 {q:?}"))
.flat_map(|q| q.split('&'))
.flat_map(|q| q.percent_decode())
.inspect(|q| eprintln!("2 {q:?}"))
.flat_map(|kv| {
kv.split_once('=')
.map(|(k, v)| (k.to_owned(), v.to_owned()))
})
.inspect(|q| eprintln!("3 {q:?}"))
.filter(|(k, _)| k == AUTH_QUERY_KEY)
.filter(|(_, v)| v == &master_pass.0)
.map(|_| Outcome::Success(Authorized))
.next()
.unwrap_or(Outcome::Failure((Status::Unauthorized, Unauthorized)))
})
} }
} }