diff options
| author | Yigit Sever | 2021-04-11 21:39:18 +0300 |
|---|---|---|
| committer | Yigit Sever | 2021-04-12 00:03:23 +0300 |
| commit | d3889bd5945b2ffc63d20942b7730b5a1d0e3a42 (patch) | |
| tree | a8b2dfcd416f308e7fae4baea95d6107a9871c43 /src/custom_filters.rs | |
| parent | 11b498dc44a7d2ed8f1acc62d64be7f114adc336 (diff) | |
| download | gradecoin-d3889bd5945b2ffc63d20942b7730b5a1d0e3a42.tar.gz gradecoin-d3889bd5945b2ffc63d20942b7730b5a1d0e3a42.tar.bz2 gradecoin-d3889bd5945b2ffc63d20942b7730b5a1d0e3a42.zip | |
Implement User handling and authentication
New struct: User, corresponds to a student
Blocks and users are persistent (written to a text file)
PostgreSQL would've been overkill, we have 30 students
AuthRequest is the representation for incoming register requests and
User is the inner representation
Students who are enrolled to the class are hardcoded, only they can
register new accounts
There are two new tests, one checks if a priviliged (=enrolled) user can
create an account and the other checks if a unpriviliged one cannot
There are quick verbose error messages that I'm not married to, might
move on to something better honestly
There's nothing stopping a malicious user to pre-register everyone with
mock public keys and effectively lock everyone out, what's a good secret
we can use?
Diffstat (limited to 'src/custom_filters.rs')
| -rw-r--r-- | src/custom_filters.rs | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/custom_filters.rs b/src/custom_filters.rs index 8c36d02..0806c6d 100644 --- a/src/custom_filters.rs +++ b/src/custom_filters.rs | |||
| @@ -3,19 +3,27 @@ | |||
| 3 | use std::convert::Infallible; | 3 | use std::convert::Infallible; |
| 4 | use warp::{Filter, Rejection}; | 4 | use warp::{Filter, Rejection}; |
| 5 | 5 | ||
| 6 | use crate::schema::{Block, Db, Transaction}; | 6 | use crate::schema::{Block, Db, Transaction, AuthRequest}; |
| 7 | 7 | ||
| 8 | // Database context for routes | 8 | // Database context for routes |
| 9 | pub fn with_db(db: Db) -> impl Filter<Extract = (Db,), Error = Infallible> + Clone { | 9 | pub fn with_db(db: Db) -> impl Filter<Extract = (Db,), Error = Infallible> + Clone { |
| 10 | warp::any().map(move || db.clone()) | 10 | warp::any().map(move || db.clone()) |
| 11 | } | 11 | } |
| 12 | 12 | ||
| 13 | // Accept only json encoded User body and reject big payloads | ||
| 14 | // TODO: find a good limit for this, (=e2482057; 8 char String + rsa pem) <11-04-21, yigit> // | ||
| 15 | pub fn auth_request_json_body() -> impl Filter<Extract = (AuthRequest,), Error = Rejection> + Clone { | ||
| 16 | warp::body::content_length_limit(1024 * 32).and(warp::body::json()) | ||
| 17 | } | ||
| 18 | |||
| 13 | // Accept only json encoded Transaction body and reject big payloads | 19 | // Accept only json encoded Transaction body and reject big payloads |
| 20 | // TODO: find a good limit for this <11-04-21, yigit> // | ||
| 14 | pub fn transaction_json_body() -> impl Filter<Extract = (Transaction,), Error = Rejection> + Clone { | 21 | pub fn transaction_json_body() -> impl Filter<Extract = (Transaction,), Error = Rejection> + Clone { |
| 15 | warp::body::content_length_limit(1024 * 32).and(warp::body::json()) | 22 | warp::body::content_length_limit(1024 * 32).and(warp::body::json()) |
| 16 | } | 23 | } |
| 17 | 24 | ||
| 18 | // Accept only json encoded Transaction body and reject big payloads | 25 | // Accept only json encoded Block body and reject big payloads |
| 26 | // TODO: find a good limit for this <11-04-21, yigit> // | ||
| 19 | pub fn block_json_body() -> impl Filter<Extract = (Block,), Error = Rejection> + Clone { | 27 | pub fn block_json_body() -> impl Filter<Extract = (Block,), Error = Rejection> + Clone { |
| 20 | warp::body::content_length_limit(1024 * 32).and(warp::body::json()) | 28 | warp::body::content_length_limit(1024 * 32).and(warp::body::json()) |
| 21 | } | 29 | } |