deblan-mirror/sncf
1
0
Fork 0
mirror of https://git.42l.fr/neil/sncf.git synced 2024-05-17 21:26:33 +02:00
Code Issues Releases Wiki Activity

Use await everywhere, do not declare a mutable variable if the body doesn't need to be edited, disable compression

Browse source
This commit is contained in:
neil 2020-08-29 19:55:03 +02:00
parent 44286ac8c5
commit 491ffb5537
4 changed files with 99 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
lang.json
View file

@ -235,6 +235,14 @@
"en": "Couldn't set the form's isAnonymous value.", "en": "Couldn't set the form's isAnonymous value.",
"fr": "Échec lors de la définition de la valeur isAnonymous du formulaire." "fr": "Échec lors de la définition de la valeur isAnonymous du formulaire."
}, },
"error_forward_clientresp_newform": {
"en": "Failed to send the response body (new form).",
"fr": "Échec lors de l'envoi du corps de la réponse (nouveau formulaire)."
},
"error_forward_clientresp_std": {
"en": "Failed to send the response body.",
"fr": "Échec lors de l'envoi du corps de la réponse."
},
"error_forwardlogin_db": { "error_forwardlogin_db": {
"en": "Couldn't connect to the local database.", "en": "Couldn't connect to the local database.",
"fr": "Échec lors de la connexion à la base de données locale." "fr": "Échec lors de la connexion à la base de données locale."
@ -315,6 +323,10 @@
"en": "The Nextcloud API returned an unexpected result.", "en": "The Nextcloud API returned an unexpected result.",
"fr": "L'API de Nextcloud a retourné un résultat inattendu." "fr": "L'API de Nextcloud a retourné un résultat inattendu."
}, },
"error_redirect": {
"en": "Failed to redirect.",
"fr": "La redirection a échoué."
},
"error_dirtyhacker": { "error_dirtyhacker": {
"en": "Attempt to access an unauthorized resource.", "en": "Attempt to access an unauthorized resource.",
"fr": "Tentative d'accès à une ressource non autorisée." "fr": "Tentative d'accès à une ressource non autorisée."
@ -322,5 +334,9 @@
"error_tplrender": { "error_tplrender": {
"en": "Template rendering failed.", "en": "Template rendering failed.",
"fr": "Le rendu du template a échoué." "fr": "Le rendu du template a échoué."
},
"error_tplrender_resp": {
"en": "Sending response failed.",
"fr": "L'envoi de la réponse a échoué."
} }
} }

116
src/forward.rs
View file

@ -31,7 +31,10 @@ pub async fn forward(
// They get redirected to the main page. // They get redirected to the main page.
if check_route(route) { if check_route(route) {
debug(&format!("Restricted route blocked: {}", route)); debug(&format!("Restricted route blocked: {}", route));
return Ok(web_redir("/")); return Ok(web_redir("/").await.map_err(|e| {
eprintln!("error_redirect: {}", e);
crash(get_lang(&req), "error_redirect")
})?);
} }
let forwarded_req = forge_from(route, &req, &url, &client); let forwarded_req = forge_from(route, &req, &url, &client);
@ -63,42 +66,57 @@ pub async fn forward(
{ {
client_resp.header(header_name.clone(), header_value.clone()); client_resp.header(header_name.clone(), header_value.clone());
} }
// retreive the body from the request result // sparing the use of a mutable body when not needed
let response_body = res.body().limit(PAYLOAD_LIMIT).await.map_err(|e| { // For now, the body only needs to be modified when the route
eprintln!("error_forward_resp: {}", e); // is "create a new form" route
crash(get_lang(&req), "error_forward_resp") if route == "/apps/forms/api/v1/form" {
})?; // retreive the body from the request result
let response_body = res.body().limit(PAYLOAD_LIMIT).await.map_err(|e| {
// if a new form is created, automatically set some fields. eprintln!("error_forward_resp: {}", e);
// this is very hackish but it works! for now. crash(get_lang(&req), "error_forward_resp")
let form_id = check_new_form(route, &response_body);
if form_id > 0 {
debug(&format!(
"New form. Forging request to set isAnonymous for id {}",
form_id
));
let forged_body = format!(
r#"{{"id":{},"keyValuePairs":{{"isAnonymous":true}}}}"#,
form_id
);
let update_req = forge_from("/apps/forms/api/v1/form/update", &req, &url, &client)
.set_header("content-length", forged_body.len())
.set_header("content-type", "application/json;charset=utf-8");
let res = update_req.send_body(forged_body).await.map_err(|e| {
eprintln!("error_forward_isanon: {}", e);
crash(get_lang(&req), "error_forward_isanon")
})?; })?;
debug(&format!("(new_form) Request returned {}", res.status()));
// if a new form is created, automatically set some fields.
// this is very hackish but it works! for now.
let form_id = check_new_form(&response_body);
if form_id > 0 {
debug(&format!(
"New form. Forging request to set isAnonymous for id {}",
form_id
));
let forged_body = format!(
r#"{{"id":{},"keyValuePairs":{{"isAnonymous":true}}}}"#,
form_id
);
let update_req = forge_from("/apps/forms/api/v1/form/update", &req, &url, &client)
.set_header("content-length", forged_body.len())
.set_header("content-type", "application/json;charset=utf-8");
let res = update_req.send_body(forged_body).await.map_err(|e| {
eprintln!("error_forward_isanon: {}", e);
crash(get_lang(&req), "error_forward_isanon")
})?;
debug(&format!("(new_form) Request returned {}", res.status()));
}
Ok(client_resp.body(response_body).await.map_err(|e| {
eprintln!("error_forward_clientresp_newform: {}", e);
crash(get_lang(&req), "error_forward_clientresp_newform")
})?)
}
else {
Ok(client_resp.body(res.body().limit(PAYLOAD_LIMIT).await.map_err(|e| {
eprintln!("error_forward_clientresp_newform: {}", e);
crash(get_lang(&req), "error_forward_clientresp_std")
})?))
} }
// check the response before returning it
if check_response(route, &response_body) { // check the response before returning it (unused)
/*if check_response(route, &response_body) {
return Ok(web_redir("/")); return Ok(web_redir("/"));
} }*/
Ok(client_resp.body(response_body))
} }
#[derive(Deserialize)] #[derive(Deserialize)]
@ -114,7 +132,10 @@ pub async fn forward_login(
) -> Result<HttpResponse, TrainCrash> { ) -> Result<HttpResponse, TrainCrash> {
// if the user is already logged in, redirect to the Forms app // if the user is already logged in, redirect to the Forms app
if is_logged_in(&req).is_some() { if is_logged_in(&req).is_some() {
return Ok(web_redir("/apps/forms/")); return Ok(web_redir("/apps/forms").await.map_err(|e| {
eprintln!("error_redirect (1:/apps/forms/): {}", e);
crash(get_lang(&req), "error_redirect")
})?);
} }
// check if the provided token seems valid. If not, early return. // check if the provided token seems valid. If not, early return.
@ -155,7 +176,10 @@ pub async fn forward_register(
// if the user is already logged in, redirect to the Forms app // if the user is already logged in, redirect to the Forms app
if is_logged_in(&req).is_some() { if is_logged_in(&req).is_some() {
return Ok(web_redir("/apps/forms/")); return Ok(web_redir("/apps/forms").await.map_err(|e| {
eprintln!("error_redirect (2:/apps/forms/): {}", e);
crash(get_lang(&req), "error_redirect")
})?);
} }
// if the user has already generated an admin token, redirect too // if the user has already generated an admin token, redirect too
@ -178,10 +202,14 @@ pub async fn forward_register(
.as_str(); .as_str();
// sanitize the token beforehand, cookies are unsafe // sanitize the token beforehand, cookies are unsafe
if check_token(&admin_token) { if check_token(&admin_token) {
return Ok(web_redir(&format!( return Ok(web_redir(
&format!(
"{}/admin/{}", "{}/admin/{}",
CONFIG.sncf_url, &admin_token CONFIG.sncf_url, &admin_token)
))); ).await.map_err(|e| {
eprintln!("error_redirect (admin): {}", e);
crash(get_lang(&req), "error_redirect")
})?);
} else { } else {
debug("Incorrect admin token given in cookies."); debug("Incorrect admin token given in cookies.");
debug(&format!("Token: {:#?}", &admin_token)); debug(&format!("Token: {:#?}", &admin_token));
@ -234,9 +262,12 @@ pub async fn forward_register(
.render() .render()
.map_err(|e| { .map_err(|e| {
eprintln!("error_tplrender (TplLink): {}", e); eprintln!("error_tplrender (TplLink): {}", e);
crash(lang, "error_tplrender") crash(lang.clone(), "error_tplrender")
})?, })?,
)) ).await.map_err(|e| {
eprintln!("error_tplrender_resp (TplLink): {}", e);
crash(lang, "error_tplrender_resp")
})?)
} }
// create a new query destined to the nextcloud instance // create a new query destined to the nextcloud instance
@ -281,5 +312,8 @@ pub async fn index(req: HttpRequest) -> Result<HttpResponse, TrainCrash> {
eprintln!("error_tplrender (TplIndex): {}", e); eprintln!("error_tplrender (TplIndex): {}", e);
crash(get_lang(&req), "error_tplrender") crash(get_lang(&req), "error_tplrender")
})?, })?,
)) ).await.map_err(|e| {
eprintln!("error_tplrender_resp (TplIndex): {}", e);
crash(get_lang(&req), "error_tplrender_resp")
})?)
} }

4
src/main.rs
View file

@ -9,7 +9,7 @@ extern crate diesel_migrations;
use actix_files::Files; use actix_files::Files;
use actix_web::client::Client; use actix_web::client::Client;
use actix_web::{middleware, web, App, FromRequest, HttpServer}; use actix_web::{web, App, FromRequest, HttpServer};
use diesel::prelude::*; use diesel::prelude::*;
use diesel::r2d2::{self, ConnectionManager}; use diesel::r2d2::{self, ConnectionManager};
use url::Url; use url::Url;
@ -67,7 +67,7 @@ async fn main() -> std::io::Result<()> {
.data(forward_url.clone()) .data(forward_url.clone())
/*.route("/mimolette", web::get().to(login))*/ /*.route("/mimolette", web::get().to(login))*/
/*.route("/login", web::post().to(forward))*/ /*.route("/login", web::post().to(forward))*/
.wrap(middleware::Compress::default()) /*.wrap(middleware::Compress::default())*/
.service(Files::new("/assets/", "./templates/assets/").index_file("index.html")) .service(Files::new("/assets/", "./templates/assets/").index_file("index.html"))
.route("/", web::get().to(index)) .route("/", web::get().to(index))
.route("/link", web::get().to(forward_register)) .route("/link", web::get().to(forward_register))

15
src/sniff.rs
View file

@ -32,22 +32,19 @@ fn rq_form_update(body: &web::Bytes) -> bool {
// checks to be done on responses from the Nextcloud instance // checks to be done on responses from the Nextcloud instance
// if it returns true, cancels the request // if it returns true, cancels the request
pub fn check_response(_route: &str, _body: &web::Bytes) -> bool { // NOTE: unused for now
/*pub fn check_response(_route: &str, _body: &web::Bytes) -> bool {
false false
} }*/
// checks if a form has been created. // checks if a form has been created.
// if it's the case, sets some parameters. // if it's the case, sets some parameters.
// this part may need code quality improvements // this part may need code quality improvements
pub fn check_new_form(route: &str, body: &web::Bytes) -> u64 { // the body MUST come from the "create new form" route
// (this is checked upstream)
pub fn check_new_form(body: &web::Bytes) -> u64 {
let req = String::from_utf8_lossy(body); let req = String::from_utf8_lossy(body);
let new_form_route = "/apps/forms/api/v1/form";
if route != new_form_route {
return 0;
}
// finds the form ID // finds the form ID
let v: Value = serde_json::from_str(&req).unwrap_or_else(|e| { let v: Value = serde_json::from_str(&req).unwrap_or_else(|e| {
eprintln!("check_new_form: failed to parse JSON: {}", e); eprintln!("check_new_form: failed to parse JSON: {}", e);