From b4938c904e594f609de09f5e1327b644d7ae54aa Mon Sep 17 00:00:00 2001 From: m0veax Date: Fri, 28 Jun 2024 23:03:58 +0200 Subject: [PATCH] check if payload secrets match env variable secrets --- .gitignore | 1 + scripts/open_aerie.sh | 16 ++++++++++++++-- src/main.rs | 22 ++++++++++++++++++++++ 3 files changed, 37 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index ea8c4bf..2a0038a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /target +.idea \ No newline at end of file diff --git a/scripts/open_aerie.sh b/scripts/open_aerie.sh index 4870e29..050b54c 100644 --- a/scripts/open_aerie.sh +++ b/scripts/open_aerie.sh @@ -1,4 +1,16 @@ +#!/bin/sh + +## starte server mit env vars passend zum ersten aufruf +## TODO das muss noch gescripted werden + +# should return 201 curl -XPOST \ -H "Content-Type: application/json" \ - --data '{"consumer_key": "","consumer_secret":"","aerie":true }' \ - http://localhost:3000/api/update + --data '{"consumer_key": "test123","consumer_secret":"123test","aerie":true }' \ + http://localhost:3000/api/update -vvv + +#should return 500 +curl -XPOST \ + -H "Content-Type: application/json" \ + --data '{"consumer_key": "test123","consumer_secret":"123test","aerie":true }' \ + http://localhost:3000/api/update -vvv \ No newline at end of file diff --git a/src/main.rs b/src/main.rs index a301f58..ef18a72 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,5 +1,6 @@ use std::fs::File; use std::io::prelude::*; +use std::env; use axum::{ http::StatusCode, @@ -36,6 +37,18 @@ fn init_status() -> Status { status::status(sensors, state) } +// check given secret +// https://www.youtube.com/watch?v=aHKWVLH-ibY +fn check_secret(given_secret: String, given_key: String) -> bool { + let consumer_secret = env::var("consumer_secret").unwrap(); + let consumer_key = env::var("consumer_key").unwrap(); + + if given_secret == consumer_secret && given_key == consumer_key { + return true; + } + false +} + // Write status to file and return JSON string. fn write_status(s: Status) -> String { let s = serde_json::to_string(&s).unwrap(); @@ -59,11 +72,20 @@ async fn root() -> String { struct TheDoors { aerie: Option, cellar: Option, + consumer_key: String, + consumer_secret: String } + // The door can see through your soul. // https://www.youtube.com/watch?v=bDQDp00oTP4 async fn the_doors(Json(payload): Json) -> StatusCode { + + let check_secret = check_secret(payload.consumer_secret, payload.consumer_key); + + if !check_secret { return StatusCode::FORBIDDEN; } + + let status: Status = if std::path::Path::new(STATUS_FILE).exists() { let contents = std::fs::read_to_string(STATUS_FILE).expect("FCKAFD"); serde_json::from_str(&contents).unwrap_or_else(|_| init_status())