Imbus/FrostByte
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Beefing up security and cleaning up state

Browse source
This commit is contained in:
Imbus 2024-03-24 23:45:22 +01:00
parent 630f19f82c
commit 81303d31cd
2 changed files with 18 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
server/src/main.rs
View file

@ -5,6 +5,7 @@ use actix_web::middleware;
use actix_web::web::Data; use actix_web::web::Data;
use actix_web::{web::scope, App, HttpServer}; use actix_web::{web::scope, App, HttpServer};
use log::info; use log::info;
use rand::Rng;
mod db; mod db;
mod jwt; mod jwt;
@ -32,21 +33,23 @@ async fn main() -> std::io::Result<()> {
let data = ServerState::new().await; let data = ServerState::new().await;
let capt_db = CaptchaState::new(); let capt_db = CaptchaState::new();
let auth = Authentication::new("secret".as_bytes());
#[cfg(debug_assertions)] // 32 random bytes for the auth key should be enough
{ let mut rng = rand::thread_rng();
for _ in 0..10 { let random_bytes = (0..32).map(|_| rng.gen::<u8>()).collect::<Vec<u8>>();
let s = hex_string(10); let auth = Authentication::new(&random_bytes);
info!("Adding captcha key: {}", &s);
capt_db.capthca_db.lock().unwrap().insert(s); for _ in 0..10 {
} let s = hex_string(10);
info!("Adding captcha key: {}", &s);
capt_db.capthca_db.lock().unwrap().insert(s);
} }
info!("Spinning up server on http://localhost:8080"); info!("Spinning up server on http://localhost:8080");
HttpServer::new(move || { HttpServer::new(move || {
let cors = Cors::default() let cors = Cors::default()
.allowed_origin("https://shitpost.se") .allowed_origin("https://shitpost.se")
.allowed_origin("http://localhost:8080")
.allowed_methods(vec!["GET", "POST"]) .allowed_methods(vec!["GET", "POST"])
.max_age(3600); .max_age(3600);

26
server/src/state.rs
View file

@ -9,7 +9,6 @@ use sqlx::PgPool;
#[derive(Clone)] #[derive(Clone)]
pub struct CaptchaState { pub struct CaptchaState {
// pub capthca_db: Arc<Mutex<BTreeMap<i32, String>>>,
pub capthca_db: Arc<Mutex<BTreeSet<String>>>, pub capthca_db: Arc<Mutex<BTreeSet<String>>>,
} }
@ -45,27 +44,13 @@ impl ServerState {
sqlx::migrate!("./migrations").run(&pool).await.unwrap(); sqlx::migrate!("./migrations").run(&pool).await.unwrap();
match crate::db::db_new_user("imbus".to_string(), "kartellen1234".to_string(), &pool).await
{
Some(u) => info!("Created default user {}", u.username),
None => error!("Failed to create default user..."),
}
match crate::db::db_new_user("hollgy".to_string(), "yomomonpizza".to_string(), &pool).await
{
Some(u) => info!("Created default user {}", u.username),
None => error!("Failed to create default user..."),
}
match crate::db::db_new_user("demouser".to_string(), "demopw".to_string(), &pool).await {
Some(u) => info!("Created default user {}", u.username),
None => error!("Failed to create default user..."),
}
// We want dummy posts
lipsum_setup(&pool).await.unwrap();
#[cfg(debug_assertions)] #[cfg(debug_assertions)]
debug_setup(&pool).await.unwrap(); debug_setup(&pool).await.unwrap();
// We want dummy posts
#[cfg(debug_assertions)]
lipsum_setup(&pool).await.unwrap();
Self { pool } Self { pool }
} }
} }
@ -80,6 +65,7 @@ async fn debug_setup(pool: &PgPool) -> Result<(), sqlx::Error> {
} }
/// Inserts a bunch of dummy posts into the database /// Inserts a bunch of dummy posts into the database
#[allow(dead_code)]
async fn lipsum_setup(pool: &PgPool) -> Result<(), sqlx::Error> { async fn lipsum_setup(pool: &PgPool) -> Result<(), sqlx::Error> {
use lipsum::lipsum; use lipsum::lipsum;
use rand::prelude::*; use rand::prelude::*;
@ -118,6 +104,8 @@ async fn lipsum_setup(pool: &PgPool) -> Result<(), sqlx::Error> {
.await?; .await?;
} }
} }
} else {
error!("No users in the database, skipping lipsum setup");
} }
Ok(()) Ok(())