Compare commits
2 Commits
590d58c152
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
5c11d5d091
|
|||
|
48c0c85962
|
@ -4,3 +4,5 @@ members = [
|
||||
"cli",
|
||||
"lib",
|
||||
]
|
||||
|
||||
resolver = "2"
|
||||
|
||||
@ -17,6 +17,8 @@ impl From<String> for MasterPassword {
|
||||
}
|
||||
}
|
||||
|
||||
const AUTH_QUERY_KEY: &str = "pw";
|
||||
|
||||
const AUTH_COOKIE_KEY: &str = "authorized";
|
||||
const AUTH_COOKIE_VAL: &str = "true";
|
||||
|
||||
@ -31,12 +33,40 @@ impl<'a> FromRequest<'a> for Authorized {
|
||||
type Error = Unauthorized;
|
||||
|
||||
async fn from_request(request: &'a Request<'_>) -> Outcome<Self, Self::Error> {
|
||||
// Check if user has been authorized by cookie
|
||||
let cookies = request.cookies();
|
||||
|
||||
match cookies.get_private(AUTH_COOKIE_KEY) {
|
||||
Some(cookie) if cookie.value() == AUTH_COOKIE_VAL => Outcome::Success(Authorized),
|
||||
_ => Outcome::Failure((Status::Unauthorized, Unauthorized)),
|
||||
Some(cookie) if cookie.value() == AUTH_COOKIE_VAL => {
|
||||
return Outcome::Success(Authorized)
|
||||
}
|
||||
_ => {}
|
||||
}
|
||||
|
||||
request
|
||||
.guard::<&State<MasterPassword>>()
|
||||
.await
|
||||
.map_failure(|_| (Status::Unauthorized, Unauthorized))
|
||||
.and_then(|master_pass| {
|
||||
// Check if query string contains password
|
||||
request
|
||||
.uri()
|
||||
.query()
|
||||
.iter()
|
||||
.inspect(|q| eprintln!("1 {q:?}"))
|
||||
.flat_map(|q| q.split('&'))
|
||||
.flat_map(|q| q.percent_decode())
|
||||
.inspect(|q| eprintln!("2 {q:?}"))
|
||||
.flat_map(|kv| {
|
||||
kv.split_once('=')
|
||||
.map(|(k, v)| (k.to_owned(), v.to_owned()))
|
||||
})
|
||||
.inspect(|q| eprintln!("3 {q:?}"))
|
||||
.filter(|(k, _)| k == AUTH_QUERY_KEY)
|
||||
.filter(|(_, v)| v == &master_pass.0)
|
||||
.map(|_| Outcome::Success(Authorized))
|
||||
.next()
|
||||
.unwrap_or(Outcome::Failure((Status::Unauthorized, Unauthorized)))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user