From d3889bd5945b2ffc63d20942b7730b5a1d0e3a42 Mon Sep 17 00:00:00 2001 From: Yigit Sever Date: Sun, 11 Apr 2021 21:39:18 +0300 Subject: Implement User handling and authentication New struct: User, corresponds to a student Blocks and users are persistent (written to a text file) PostgreSQL would've been overkill, we have 30 students AuthRequest is the representation for incoming register requests and User is the inner representation Students who are enrolled to the class are hardcoded, only they can register new accounts There are two new tests, one checks if a priviliged (=enrolled) user can create an account and the other checks if a unpriviliged one cannot There are quick verbose error messages that I'm not married to, might move on to something better honestly There's nothing stopping a malicious user to pre-register everyone with mock public keys and effectively lock everyone out, what's a good secret we can use? --- src/custom_filters.rs | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'src/custom_filters.rs') diff --git a/src/custom_filters.rs b/src/custom_filters.rs index 8c36d02..0806c6d 100644 --- a/src/custom_filters.rs +++ b/src/custom_filters.rs @@ -3,19 +3,27 @@ use std::convert::Infallible; use warp::{Filter, Rejection}; -use crate::schema::{Block, Db, Transaction}; +use crate::schema::{Block, Db, Transaction, AuthRequest}; // Database context for routes pub fn with_db(db: Db) -> impl Filter + Clone { warp::any().map(move || db.clone()) } +// Accept only json encoded User body and reject big payloads +// TODO: find a good limit for this, (=e2482057; 8 char String + rsa pem) <11-04-21, yigit> // +pub fn auth_request_json_body() -> impl Filter + Clone { + warp::body::content_length_limit(1024 * 32).and(warp::body::json()) +} + // Accept only json encoded Transaction body and reject big payloads +// TODO: find a good limit for this <11-04-21, yigit> // pub fn transaction_json_body() -> impl Filter + Clone { warp::body::content_length_limit(1024 * 32).and(warp::body::json()) } -// Accept only json encoded Transaction body and reject big payloads +// Accept only json encoded Block body and reject big payloads +// TODO: find a good limit for this <11-04-21, yigit> // pub fn block_json_body() -> impl Filter + Clone { warp::body::content_length_limit(1024 * 32).and(warp::body::json()) } -- cgit v1.2.3-70-g09d2