From 8e96b9edc47db308a996ca801329036e55001edd Mon Sep 17 00:00:00 2001 From: Joris Guyonvarch Date: Sat, 21 Mar 2026 22:15:16 +0100 Subject: Hash key with bcrypt --- src/routes.rs | 93 ++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 51 insertions(+), 42 deletions(-) (limited to 'src/routes.rs') diff --git a/src/routes.rs b/src/routes.rs index ca1cc41..f5deeb4 100644 --- a/src/routes.rs +++ b/src/routes.rs @@ -59,52 +59,61 @@ async fn upload_file( authorized_key: String, files_dir: &Path, ) -> Result>> { - let key = get_header(&request, "X-Key"); - if key != Some(authorized_key) { - log::info!("Unauthorized file upload"); - Ok(response(StatusCode::UNAUTHORIZED, "Unauthorized")) - } else { - let file_id = model::generate_file_id(); - let filename = get_header(&request, "X-Filename").map(|s| util::sanitize_filename(&s)); - let expiration_days: Option = - get_header(&request, "X-Expiration").and_then(|s| s.parse().ok()); - let content_length: Option = - get_header(&request, "Content-Length").and_then(|s| s.parse().ok()); - - match (filename, expiration_days, content_length) { - (Some(filename), Some(expiration_days), Some(content_length)) => { - let _ = fs::create_dir(files_dir).await; - let path = files_dir.join(&file_id); - let mut file = File::create(&path).await.unwrap(); - - let mut incoming = request.into_body(); - while let Some(frame) = incoming.frame().await { - if let Ok(data) = frame { - let _ = file.write_all(&data.into_data().unwrap()).await; - let _ = file.flush().await; - } - } - - let file = model::File { - id: file_id.clone(), - name: filename, - expires_at: model::local_time().add(Duration::days(expiration_days)), - content_length, - }; - - match db::files::insert(&db_conn, file.clone()).await { - Ok(_) => Ok(response(StatusCode::OK, file_id)), - Err(msg) => { - log::error!("Insert file: {msg}"); - if let Err(msg) = fs::remove_file(path).await { - log::error!("Remove file: {msg}"); + match get_header(&request, "X-Key") { + None => { + log::info!("Unauthorized file upload"); + Ok(response(StatusCode::UNAUTHORIZED, "Unauthorized")) + } + Some(key) => match bcrypt::verify(key, &authorized_key) { + Ok(true) => { + let file_id = model::generate_file_id(); + let filename = + get_header(&request, "X-Filename").map(|s| util::sanitize_filename(&s)); + let expiration_days: Option = + get_header(&request, "X-Expiration").and_then(|s| s.parse().ok()); + let content_length: Option = + get_header(&request, "Content-Length").and_then(|s| s.parse().ok()); + + match (filename, expiration_days, content_length) { + (Some(filename), Some(expiration_days), Some(content_length)) => { + let _ = fs::create_dir(files_dir).await; + let path = files_dir.join(&file_id); + let mut file = File::create(&path).await.unwrap(); + + let mut incoming = request.into_body(); + while let Some(frame) = incoming.frame().await { + if let Ok(data) = frame { + let _ = file.write_all(&data.into_data().unwrap()).await; + let _ = file.flush().await; + } + } + + let file = model::File { + id: file_id.clone(), + name: filename, + expires_at: model::local_time().add(Duration::days(expiration_days)), + content_length, }; - Ok(internal_server_error()) + + match db::files::insert(&db_conn, file.clone()).await { + Ok(_) => Ok(response(StatusCode::OK, file_id)), + Err(msg) => { + log::error!("Insert file: {msg}"); + if let Err(msg) = fs::remove_file(path).await { + log::error!("Remove file: {msg}"); + }; + Ok(internal_server_error()) + } + } } + _ => Ok(bad_request()), } } - _ => Ok(bad_request()), - } + _ => { + log::info!("Unauthorized file upload"); + Ok(response(StatusCode::UNAUTHORIZED, "Unauthorized")) + } + }, } } -- cgit v1.2.3