From b4938c904e594f609de09f5e1327b644d7ae54aa Mon Sep 17 00:00:00 2001
From: m0veax <patrick.kilter@gmail.com>
Date: Fri, 28 Jun 2024 23:03:58 +0200
Subject: [PATCH] check if payload secrets match env variable secrets

---
 .gitignore            |  1 +
 scripts/open_aerie.sh | 16 ++++++++++++++--
 src/main.rs           | 22 ++++++++++++++++++++++
 3 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index ea8c4bf..2a0038a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 /target
+.idea
\ No newline at end of file
diff --git a/scripts/open_aerie.sh b/scripts/open_aerie.sh
index 4870e29..050b54c 100644
--- a/scripts/open_aerie.sh
+++ b/scripts/open_aerie.sh
@@ -1,4 +1,16 @@
+#!/bin/sh
+
+## starte server mit env vars passend zum ersten aufruf
+## TODO das muss noch gescripted werden
+
+# should return 201
 curl -XPOST \
   -H "Content-Type: application/json" \
-  --data '{"consumer_key": "","consumer_secret":"","aerie":true }' \
-  http://localhost:3000/api/update
+  --data '{"consumer_key": "test123","consumer_secret":"123test","aerie":true }' \
+  http://localhost:3000/api/update -vvv
+
+#should return 500
+curl -XPOST \
+  -H "Content-Type: application/json" \
+  --data '{"consumer_key": "test123","consumer_secret":"123test","aerie":true }' \
+  http://localhost:3000/api/update -vvv
\ No newline at end of file
diff --git a/src/main.rs b/src/main.rs
index a301f58..ef18a72 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,5 +1,6 @@
 use std::fs::File;
 use std::io::prelude::*;
+use std::env;
 
 use axum::{
     http::StatusCode,
@@ -36,6 +37,18 @@ fn init_status() -> Status {
     status::status(sensors, state)
 }
 
+// check given secret
+// https://www.youtube.com/watch?v=aHKWVLH-ibY
+fn check_secret(given_secret: String, given_key: String) -> bool {
+    let consumer_secret = env::var("consumer_secret").unwrap();
+    let consumer_key = env::var("consumer_key").unwrap();
+
+    if given_secret == consumer_secret && given_key == consumer_key {
+        return true;
+    }
+    false
+}
+
 // Write status to file and return JSON string.
 fn write_status(s: Status) -> String {
     let s = serde_json::to_string(&s).unwrap();
@@ -59,11 +72,20 @@ async fn root() -> String {
 struct TheDoors {
     aerie: Option<bool>,
     cellar: Option<bool>,
+    consumer_key: String,
+    consumer_secret: String
 }
 
+
 // The door can see through your soul.
 // https://www.youtube.com/watch?v=bDQDp00oTP4
 async fn the_doors(Json(payload): Json<TheDoors>) -> StatusCode {
+
+    let check_secret = check_secret(payload.consumer_secret, payload.consumer_key);
+
+    if !check_secret { return StatusCode::FORBIDDEN; }
+
+
     let status: Status = if std::path::Path::new(STATUS_FILE).exists() {
         let contents = std::fs::read_to_string(STATUS_FILE).expect("FCKAFD");
         serde_json::from_str(&contents).unwrap_or_else(|_| init_status())