diff --git a/scripts/open_aerie.sh b/scripts/open_aerie.sh index 3123526..7d75e1f 100644 --- a/scripts/open_aerie.sh +++ b/scripts/open_aerie.sh @@ -9,8 +9,8 @@ curl -XPOST \ --data '{"consumer_key": "test123","consumer_secret":"123test","aerie":true }' \ http://localhost:3000/api/update -vvv -#should return 500 +#should return 403 curl -XPOST \ -H "Content-Type: application/json" \ --data '{"consumer_key": "foo","consumer_secret":"bar","aerie":true }' \ - http://localhost:3000/api/update -vvv \ No newline at end of file + http://localhost:3000/api/update -vvv diff --git a/src/main.rs b/src/main.rs index ef18a72..1b93caf 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,6 +1,7 @@ -use std::fs::File; -use std::io::prelude::*; use std::env; +use std::fs::{read_to_string, File}; +use std::io::prelude::*; +use std::path::Path; use axum::{ http::StatusCode, @@ -17,6 +18,13 @@ const STATUS_FILE: &str = "status.json"; #[tokio::main] async fn main() { + if env::var("consumer_key").is_err() { + panic!("env var consumer_key must be set"); + } + if env::var("consumer_secret").is_err() { + panic!("env var consumer_secret must be set"); + } + let app = Router::new() .route("/status.json", get(root)) .route("/api/update", post(the_doors)); @@ -39,14 +47,11 @@ fn init_status() -> Status { // check given secret // https://www.youtube.com/watch?v=aHKWVLH-ibY -fn check_secret(given_secret: String, given_key: String) -> bool { +fn auth(p: &TheDoors) -> bool { let consumer_secret = env::var("consumer_secret").unwrap(); let consumer_key = env::var("consumer_key").unwrap(); - if given_secret == consumer_secret && given_key == consumer_key { - return true; - } - false + p.consumer_secret == consumer_secret && p.consumer_key == consumer_key } // Write status to file and return JSON string. @@ -61,10 +66,10 @@ fn write_status(s: Status) -> String { // It may cease to or not yet exist. Then create an initial status and persist. async fn root() -> String { if std::path::Path::new(STATUS_FILE).exists() { - return std::fs::read_to_string(STATUS_FILE).unwrap_or(String::from("KAPOTT")); + read_to_string(STATUS_FILE).unwrap_or(String::from("KAPOTT")) + } else { + write_status(init_status()) } - let s = init_status(); - write_status(s) } // Input type for the API: Both fields are optional. @@ -73,21 +78,18 @@ struct TheDoors { aerie: Option, cellar: Option, consumer_key: String, - consumer_secret: String + consumer_secret: String, } - // The door can see through your soul. // https://www.youtube.com/watch?v=bDQDp00oTP4 async fn the_doors(Json(payload): Json) -> StatusCode { + if !auth(&payload) { + return StatusCode::FORBIDDEN; + } - let check_secret = check_secret(payload.consumer_secret, payload.consumer_key); - - if !check_secret { return StatusCode::FORBIDDEN; } - - - let status: Status = if std::path::Path::new(STATUS_FILE).exists() { - let contents = std::fs::read_to_string(STATUS_FILE).expect("FCKAFD"); + let status: Status = if Path::new(STATUS_FILE).exists() { + let contents = read_to_string(STATUS_FILE).expect("FCKAFD"); serde_json::from_str(&contents).unwrap_or_else(|_| init_status()) } else { init_status()