mirror of
https://git.42l.fr/neil/sncf.git
synced 2024-06-17 06:55:05 +02:00
87 lines
2.3 KiB
Rust
87 lines
2.3 KiB
Rust
use actix_web::web;
|
|
use serde_json::Value;
|
|
|
|
use crate::debug;
|
|
|
|
// checks to be done on user requests
|
|
// if it returns true, cancels the request
|
|
pub fn check_request(route: &str, body: &web::Bytes) -> bool {
|
|
match route {
|
|
"/apps/forms/api/v1/form/update" => rq_form_update(body),
|
|
_ => false,
|
|
}
|
|
}
|
|
|
|
// prevents the user from doing anything other than link sharing.
|
|
fn rq_form_update(body: &web::Bytes) -> bool {
|
|
let req = String::from_utf8_lossy(body);
|
|
|
|
// try to serialize the body.
|
|
// If the parsing fails, drop the request
|
|
let v: Value = serde_json::from_str(&req).unwrap_or_else(|e| {
|
|
eprintln!("check_request: failed to parse JSON: {}", e);
|
|
Value::Null
|
|
});
|
|
// if the type or isAnonymous is set (isn't null),
|
|
// drop the request.
|
|
// Also drop if v is null because of parsing fail.
|
|
v == Value::Null
|
|
|| v["keyValuePairs"]["isAnonymous"] != Value::Null
|
|
|| v["keyValuePairs"]["access"]["type"] != Value::Null
|
|
}
|
|
|
|
// checks to be done on responses from the Nextcloud instance
|
|
// if it returns true, cancels the request
|
|
pub fn check_response(_route: &str, _body: &web::Bytes) -> bool {
|
|
false
|
|
}
|
|
|
|
// checks if a form has been created.
|
|
// if it's the case, sets some parameters.
|
|
// this part may need code quality improvements
|
|
pub fn check_new_form(route: &str, body: &web::Bytes) -> u64 {
|
|
let req = String::from_utf8_lossy(body);
|
|
|
|
let new_form_route = "/apps/forms/api/v1/form";
|
|
|
|
if route != new_form_route {
|
|
return 0;
|
|
}
|
|
|
|
// finds the form ID
|
|
let v: Value = serde_json::from_str(&req).unwrap_or_else(|e| {
|
|
eprintln!("check_new_form: failed to parse JSON: {}", e);
|
|
Value::Null
|
|
});
|
|
|
|
if v != Value::Null && v["id"] != Value::Null && v["isAnonymous"] == Value::Null {
|
|
v["id"].as_u64().unwrap_or_else(|| {
|
|
eprintln!("check_new_form: failed to parse formid: {}", v);
|
|
0
|
|
})
|
|
} else {
|
|
0
|
|
}
|
|
}
|
|
|
|
const BLOCKED_ROUTES: &'static [&'static str] = &[
|
|
"/apps/settings",
|
|
"/login",
|
|
"/settings",
|
|
"/ocs/v",
|
|
"/remote.php",
|
|
];
|
|
|
|
// checks if the accessed route is allowed for the user.
|
|
// if it returns true, redirects elsewhere
|
|
pub fn check_route(route: &str) -> bool {
|
|
debug(route);
|
|
|
|
for r in BLOCKED_ROUTES {
|
|
if route.starts_with(r) {
|
|
return true;
|
|
}
|
|
}
|
|
false
|
|
}
|