forked from 2sys/shoutdotdev
add query validation to /say endpoint
This commit is contained in:
parent
35a4d00e77
commit
4c61bd6786
4 changed files with 85 additions and 4 deletions
53
Cargo.lock
generated
53
Cargo.lock
generated
|
|
@ -2083,6 +2083,28 @@ dependencies = [
|
|||
"vcpkg",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "proc-macro-error-attr2"
|
||||
version = "2.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "proc-macro-error2"
|
||||
version = "2.0.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802"
|
||||
dependencies = [
|
||||
"proc-macro-error-attr2",
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "proc-macro2"
|
||||
version = "1.0.89"
|
||||
|
|
@ -2614,6 +2636,7 @@ dependencies = [
|
|||
"tracing",
|
||||
"tracing-subscriber",
|
||||
"uuid",
|
||||
"validator",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
|
@ -3187,6 +3210,36 @@ dependencies = [
|
|||
"wasm-bindgen",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "validator"
|
||||
version = "0.20.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "43fb22e1a008ece370ce08a3e9e4447a910e92621bb49b85d6e48a45397e7cfa"
|
||||
dependencies = [
|
||||
"idna 1.0.3",
|
||||
"once_cell",
|
||||
"regex",
|
||||
"serde",
|
||||
"serde_derive",
|
||||
"serde_json",
|
||||
"url",
|
||||
"validator_derive",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "validator_derive"
|
||||
version = "0.20.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b7df16e474ef958526d1205f6dda359fdfab79d9aa6d54bafcb92dcd07673dca"
|
||||
dependencies = [
|
||||
"darling",
|
||||
"once_cell",
|
||||
"proc-macro-error2",
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "valuable"
|
||||
version = "0.1.0"
|
||||
|
|
|
|||
|
|
@ -34,3 +34,4 @@ regex = "1.11.1"
|
|||
lettre = { version = "0.11.12", features = ["tokio1", "serde", "tracing", "tokio1-native-tls"] }
|
||||
clap = { version = "4.5.31", features = ["derive"] }
|
||||
diesel_migrations = { version = "2.2.0", features = ["postgres"] }
|
||||
validator = { version = "0.20.0", features = ["derive"] }
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ use std::fmt::{self, Display};
|
|||
|
||||
use axum::http::StatusCode;
|
||||
use axum::response::{IntoResponse, Redirect, Response};
|
||||
use validator::ValidationErrors;
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct AuthRedirectInfo {
|
||||
|
|
@ -24,6 +25,12 @@ impl AppError {
|
|||
pub fn auth_redirect_from_base_path(base_path: String) -> Self {
|
||||
Self::AuthRedirect(AuthRedirectInfo { base_path })
|
||||
}
|
||||
|
||||
pub fn from_validation_errors(errs: ValidationErrors) -> Self {
|
||||
Self::BadRequestError(
|
||||
serde_json::to_string(&errs).unwrap_or("validation error".to_string()),
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
// Tell axum how to convert `AppError` into a response.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
use std::sync::LazyLock;
|
||||
use anyhow::Context;
|
||||
use axum::{
|
||||
extract::Query,
|
||||
|
|
@ -7,9 +8,11 @@ use axum::{
|
|||
};
|
||||
use chrono::TimeDelta;
|
||||
use diesel::{dsl::insert_into, prelude::*, update};
|
||||
use regex::Regex;
|
||||
use serde::Deserialize;
|
||||
use serde_json::json;
|
||||
use uuid::Uuid;
|
||||
use validator::Validate;
|
||||
|
||||
use crate::{
|
||||
api_keys::ApiKey,
|
||||
|
|
@ -24,22 +27,39 @@ use crate::{
|
|||
const TEAM_GOVERNOR_DEFAULT_WINDOW_SIZE_SEC: i64 = 300;
|
||||
const TEAM_GOVERNOR_DEFAULT_MAX_COUNT: i32 = 50;
|
||||
|
||||
static RE_PROJECT_NAME: LazyLock<Regex> =
|
||||
LazyLock::new(|| Regex::new(r"^[a-z0-9_-]{1,100}$").unwrap());
|
||||
|
||||
pub fn new_router(state: AppState) -> Router<AppState> {
|
||||
Router::new().route("/say", get(say_get)).with_state(state)
|
||||
}
|
||||
|
||||
#[derive(Deserialize)]
|
||||
#[derive(Deserialize, Validate)]
|
||||
struct SayQuery {
|
||||
#[serde(alias = "k")]
|
||||
key: Uuid,
|
||||
#[serde(alias = "p")]
|
||||
#[validate(regex(
|
||||
path = *RE_PROJECT_NAME,
|
||||
message = "may be no more than 100 characters and contain only alphanumerics, -, and _",
|
||||
))]
|
||||
project: String,
|
||||
#[serde(alias = "m")]
|
||||
#[validate(length(
|
||||
min = 1,
|
||||
max = 2048,
|
||||
message = "message must be non-empty and no larger than 2KiB"
|
||||
))]
|
||||
message: String,
|
||||
}
|
||||
|
||||
async fn say_get(
|
||||
DbConn(db_conn): DbConn,
|
||||
Query(query): Query<SayQuery>,
|
||||
Query(mut query): Query<SayQuery>,
|
||||
) -> Result<impl IntoResponse, AppError> {
|
||||
// TODO: do some validation of message contents
|
||||
query.project = query.project.to_lowercase().replace(" ", "_");
|
||||
query.validate().map_err(AppError::from_validation_errors)?;
|
||||
|
||||
let api_key = {
|
||||
let query_key = query.key.clone();
|
||||
db_conn
|
||||
|
|
@ -57,7 +77,7 @@ async fn say_get(
|
|||
};
|
||||
|
||||
let project = {
|
||||
let project_name = query.project.to_lowercase();
|
||||
let project_name = query.project.clone();
|
||||
db_conn
|
||||
.interact::<_, Result<Project, AppError>>(move |conn| {
|
||||
conn.transaction(move |conn| {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue