check if payload secrets match env variable secrets
This commit is contained in:
m0veax
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1 +1,2 @@
|
||||
/target
|
||||
.idea
|
||||
@@ -1,4 +1,16 @@
|
||||
#!/bin/sh
|
||||
|
||||
## starte server mit env vars passend zum ersten aufruf
|
||||
## TODO das muss noch gescripted werden
|
||||
|
||||
# should return 201
|
||||
curl -XPOST \
|
||||
-H "Content-Type: application/json" \
|
||||
--data '{"consumer_key": "","consumer_secret":"","aerie":true }' \
|
||||
http://localhost:3000/api/update
|
||||
--data '{"consumer_key": "test123","consumer_secret":"123test","aerie":true }' \
|
||||
http://localhost:3000/api/update -vvv
|
||||
|
||||
#should return 500
|
||||
curl -XPOST \
|
||||
-H "Content-Type: application/json" \
|
||||
--data '{"consumer_key": "test123","consumer_secret":"123test","aerie":true }' \
|
||||
http://localhost:3000/api/update -vvv
|
||||
22
src/main.rs
22
src/main.rs
@@ -1,5 +1,6 @@
|
||||
use std::fs::File;
|
||||
use std::io::prelude::*;
|
||||
use std::env;
|
||||
|
||||
use axum::{
|
||||
http::StatusCode,
|
||||
@@ -36,6 +37,18 @@ fn init_status() -> Status {
|
||||
status::status(sensors, state)
|
||||
}
|
||||
|
||||
// check given secret
|
||||
// https://www.youtube.com/watch?v=aHKWVLH-ibY
|
||||
fn check_secret(given_secret: String, given_key: String) -> bool {
|
||||
let consumer_secret = env::var("consumer_secret").unwrap();
|
||||
let consumer_key = env::var("consumer_key").unwrap();
|
||||
|
||||
if given_secret == consumer_secret && given_key == consumer_key {
|
||||
return true;
|
||||
}
|
||||
false
|
||||
}
|
||||
|
||||
// Write status to file and return JSON string.
|
||||
fn write_status(s: Status) -> String {
|
||||
let s = serde_json::to_string(&s).unwrap();
|
||||
@@ -59,11 +72,20 @@ async fn root() -> String {
|
||||
struct TheDoors {
|
||||
aerie: Option<bool>,
|
||||
cellar: Option<bool>,
|
||||
consumer_key: String,
|
||||
consumer_secret: String
|
||||
}
|
||||
|
||||
|
||||
// The door can see through your soul.
|
||||
// https://www.youtube.com/watch?v=bDQDp00oTP4
|
||||
async fn the_doors(Json(payload): Json<TheDoors>) -> StatusCode {
|
||||
|
||||
let check_secret = check_secret(payload.consumer_secret, payload.consumer_key);
|
||||
|
||||
if !check_secret { return StatusCode::FORBIDDEN; }
|
||||
|
||||
|
||||
let status: Status = if std::path::Path::new(STATUS_FILE).exists() {
|
||||
let contents = std::fs::read_to_string(STATUS_FILE).expect("FCKAFD");
|
||||
serde_json::from_str(&contents).unwrap_or_else(|_| init_status())
|
||||
|
||||
Reference in New Issue
Block a user