readonly/mirror-chhoto-url
1
0
Fork 0
mirror of https://github.com/minoplhy/chhoto-url.git synced 2024-11-24 09:46:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: auth::apikey_validate connection instead of AppState

Browse Source
This commit is contained in:
minoplhy 2024-11-23 12:15:17 +07:00
parent fdeeffb567
commit bd6c8e6199
Signed by: minoplhy
GPG Key ID: 41D406044E2434BF
2 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
actix/src/auth.rs
View File

@ -2,11 +2,11 @@
// SPDX-License-Identifier: MIT // SPDX-License-Identifier: MIT
use actix_session::Session; use actix_session::Session;
use actix_web::{web, HttpRequest}; use actix_web::HttpRequest;
use rusqlite::Connection;
use std::{env, time::SystemTime}; use std::{env, time::SystemTime};
use crate::database::get_api_key; use crate::database;
use crate::AppState;
// Validate a given password // Validate a given password
pub fn validate(session: Session) -> bool { pub fn validate(session: Session) -> bool {
@ -27,11 +27,11 @@ pub fn validate(session: Session) -> bool {
} }
// Validate x-api-header to match the key in database // Validate x-api-header to match the key in database
pub fn apikey_validate(httprequest: HttpRequest, data: web::Data<AppState>) -> bool { pub fn apikey_validate(httprequest: HttpRequest, db: &Connection) -> bool {
httprequest.headers() httprequest.headers()
.get("x-api-key") .get("x-api-key")
.and_then(|h| h.to_str().ok()) .and_then(|h| h.to_str().ok())
.map(|key| key == get_api_key(&data.db)) .map(|key| key == database::get_api_key(&db))
.unwrap_or(false) .unwrap_or(false)
} }

12
actix/src/services.rs
View File

@ -8,7 +8,7 @@ use actix_web::{
}; };
use std::env; use std::env;
use crate::auth::{self, apikey_validate}; use crate::auth;
use crate::database; use crate::database;
use crate::utils; use crate::utils;
use crate::AppState; use crate::AppState;
@ -26,7 +26,7 @@ pub async fn add_link(
session: Session, session: Session,
httprequest: HttpRequest) httprequest: HttpRequest)
-> HttpResponse { -> HttpResponse {
if env::var("public_mode") == Ok(String::from("Enable")) || auth::validate(session) || apikey_validate(httprequest, data.clone()) { if env::var("public_mode") == Ok(String::from("Enable")) || auth::validate(session) || auth::apikey_validate(httprequest, &data.db) {
let out = utils::add_link(req, &data.db); let out = utils::add_link(req, &data.db);
if out.0 { if out.0 {
HttpResponse::Created().body(out.1) HttpResponse::Created().body(out.1)
@ -45,7 +45,7 @@ pub async fn getall(
session: Session, session: Session,
httprequest: HttpRequest httprequest: HttpRequest
) -> HttpResponse { ) -> HttpResponse {
if auth::validate(session) || apikey_validate(httprequest, data.clone()) { if auth::validate(session) || auth::apikey_validate(httprequest, &data.db) {
HttpResponse::Ok().body(utils::getall(&data.db)) HttpResponse::Ok().body(utils::getall(&data.db))
} else { } else {
let body = if env::var("public_mode") == Ok(String::from("Enable")) { let body = if env::var("public_mode") == Ok(String::from("Enable")) {
@ -126,7 +126,7 @@ pub async fn login(req: String, session: Session) -> HttpResponse {
// Create API Key // Create API Key
#[post("/api/key")] #[post("/api/key")]
pub async fn gen_api_key(session: Session, httprequest: HttpRequest, data: web::Data<AppState>) -> HttpResponse { pub async fn gen_api_key(session: Session, httprequest: HttpRequest, data: web::Data<AppState>) -> HttpResponse {
if auth::validate(session) || apikey_validate(httprequest, data.clone()) { if auth::validate(session) || auth::apikey_validate(httprequest, &data.db) {
let key = utils::gen_api_key(&data.db); let key = utils::gen_api_key(&data.db);
if key.0 { if key.0 {
HttpResponse::Ok().body(key.1) HttpResponse::Ok().body(key.1)
@ -157,7 +157,7 @@ pub async fn edit_link(
session: Session, session: Session,
httprequest: HttpRequest, httprequest: HttpRequest,
) -> HttpResponse { ) -> HttpResponse {
if auth::validate(session) || apikey_validate(httprequest, data.clone()) { if auth::validate(session) || auth::apikey_validate(httprequest, &data.db) {
let out = utils::edit_link(req, shortlink.to_string(), &data.db); let out = utils::edit_link(req, shortlink.to_string(), &data.db);
if out.0 { if out.0 {
HttpResponse::Created().body(out.1) HttpResponse::Created().body(out.1)
@ -177,7 +177,7 @@ pub async fn delete_link(
session: Session, session: Session,
httprequest: HttpRequest, httprequest: HttpRequest,
) -> HttpResponse { ) -> HttpResponse {
if auth::validate(session) || apikey_validate(httprequest, data.clone()) { if auth::validate(session) || auth::apikey_validate(httprequest, &data.db) {
if utils::delete_link(shortlink.to_string(), &data.db) { if utils::delete_link(shortlink.to_string(), &data.db) {
HttpResponse::Ok().body(format!("Deleted {shortlink}")) HttpResponse::Ok().body(format!("Deleted {shortlink}"))
} else { } else {