diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/model.rs | 15 | ||||
| -rw-r--r-- | src/routes.rs | 11 |
2 files changed, 16 insertions, 10 deletions
diff --git a/src/model.rs b/src/model.rs index ed4fbf8..12b0433 100644 --- a/src/model.rs +++ b/src/model.rs @@ -1,6 +1,5 @@ -use base64::{engine::general_purpose::URL_SAFE, Engine as _}; use chrono::{DateTime, Local, NaiveDateTime, TimeZone}; -use rand_core::{OsRng, RngCore}; +use rand::{distributions::Alphanumeric, Rng}; #[derive(Debug, Clone, PartialEq, Eq)] pub struct File { @@ -18,15 +17,17 @@ pub fn local_time() -> DateTime<Local> { } } -// Using 20 bytes (160 bits) to file identifiers +// Using 28 Base 62 characters, which corresponds to 166 bits of entropy // https://owasp.org/www-community/vulnerabilities/Insufficient_Session-ID_Length // https://www.rfc-editor.org/rfc/rfc6749.html#section-10.10 -const FILE_ID_BYTES: usize = 20; +const FILE_ID_CHARS: usize = 28; pub fn generate_file_id() -> String { - let mut token = [0u8; FILE_ID_BYTES]; - OsRng.fill_bytes(&mut token); - URL_SAFE.encode(token) + rand::thread_rng() + .sample_iter(&Alphanumeric) + .take(FILE_ID_CHARS) + .map(char::from) + .collect() } const FORMAT: &str = "%Y-%m-%d %H:%M:%S"; diff --git a/src/routes.rs b/src/routes.rs index 3b3fc9a..ae97b7a 100644 --- a/src/routes.rs +++ b/src/routes.rs @@ -23,11 +23,12 @@ pub async fn routes( authorized_key: String, files_dir: String, ) -> Result<Response<BoxBody<Bytes, std::io::Error>>> { - let path = &request.uri().path().split('/').collect::<Vec<&str>>()[1..]; + let path = remove_trailing_slash(request.uri().path()); + let path_parts = &path.split('/').collect::<Vec<&str>>()[1..]; let files_dir = Path::new(&files_dir); - match (request.method(), path) { - (&Method::GET, [""]) => Ok(html(templates::INDEX)), + match (request.method(), path_parts) { + (&Method::GET, []) => Ok(html(templates::INDEX)), (&Method::GET, ["static", "main.js"]) => Ok(static_file( include_str!("static/main.js"), "application/javascript", @@ -48,6 +49,10 @@ pub async fn routes( } } +fn remove_trailing_slash(str: &str) -> String { + str.to_string().strip_suffix("/").unwrap_or(str).to_string() +} + async fn upload_file( request: Request<Incoming>, db_conn: Connection, |