make session key unguessable
This commit is contained in:
Joe Ardent
parent
d985211b66
commit
5e8d2d398f
|
|
@ -466,6 +466,12 @@ dependencies = [
|
||||||
"syn 1.0.109",
|
"syn 1.0.109",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "lazy_static"
|
||||||
|
version = "1.4.0"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "libc"
|
name = "libc"
|
||||||
version = "0.2.153"
|
version = "0.2.153"
|
||||||
|
|
@ -674,6 +680,8 @@ dependencies = [
|
||||||
"askama_axum",
|
"askama_axum",
|
||||||
"axum",
|
"axum",
|
||||||
"justerror",
|
"justerror",
|
||||||
|
"lazy_static",
|
||||||
|
"rand",
|
||||||
"serde",
|
"serde",
|
||||||
"thiserror",
|
"thiserror",
|
||||||
"time",
|
"time",
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,8 @@ askama = { version = "0.12", default-features = false, features = ["with-axum",
|
||||||
askama_axum = { version = "0.4.0", default-features = false }
|
askama_axum = { version = "0.4.0", default-features = false }
|
||||||
axum = { version = "0.7", default-features = false, features = ["tokio", "http1", "form"] }
|
axum = { version = "0.7", default-features = false, features = ["tokio", "http1", "form"] }
|
||||||
justerror = { version = "1" }
|
justerror = { version = "1" }
|
||||||
|
lazy_static = "1.4.0"
|
||||||
|
rand = { version = "0.8.5", default-features = false, features = ["getrandom"] }
|
||||||
serde = { version = "1", default-features = false, features = ["derive"] }
|
serde = { version = "1", default-features = false, features = ["derive"] }
|
||||||
thiserror = { version = "1" }
|
thiserror = { version = "1" }
|
||||||
time = { version = "0.3.34", default-features = false }
|
time = { version = "0.3.34", default-features = false }
|
||||||
|
|
|
||||||
|
|
@ -5,19 +5,22 @@ use axum::{
|
||||||
http::StatusCode,
|
http::StatusCode,
|
||||||
response::{IntoResponse, Redirect, Response},
|
response::{IntoResponse, Redirect, Response},
|
||||||
};
|
};
|
||||||
|
use rand::random;
|
||||||
use serde::Deserialize;
|
use serde::Deserialize;
|
||||||
use tower_sessions::Session;
|
use tower_sessions::Session;
|
||||||
use unicode_segmentation::UnicodeSegmentation;
|
use unicode_segmentation::UnicodeSegmentation;
|
||||||
|
|
||||||
use crate::{templates::*, User};
|
use crate::{templates::*, User};
|
||||||
|
|
||||||
const SIGNUP_KEY: &str = "meow";
|
|
||||||
|
|
||||||
const PASSWORD_LEN: RangeInclusive<usize> = 4..=100;
|
const PASSWORD_LEN: RangeInclusive<usize> = 4..=100;
|
||||||
const USERNAME_LEN: RangeInclusive<usize> = 1..=50;
|
const USERNAME_LEN: RangeInclusive<usize> = 1..=50;
|
||||||
const DISPLAYNAME_LEN: RangeInclusive<usize> = 0..=100;
|
const DISPLAYNAME_LEN: RangeInclusive<usize> = 0..=100;
|
||||||
const EMAIL_LEN: RangeInclusive<usize> = 4..=50;
|
const EMAIL_LEN: RangeInclusive<usize> = 4..=50;
|
||||||
|
|
||||||
|
lazy_static! {
|
||||||
|
static ref SIGNUP_KEY: String = format!("meow-{}", random::<u128>());
|
||||||
|
}
|
||||||
|
|
||||||
#[Error(desc = "Could not create user.")]
|
#[Error(desc = "Could not create user.")]
|
||||||
#[non_exhaustive]
|
#[non_exhaustive]
|
||||||
pub struct CreateUserError(#[from] CreateUserErrorKind);
|
pub struct CreateUserError(#[from] CreateUserErrorKind);
|
||||||
|
|
@ -66,7 +69,7 @@ pub async fn post_signup(
|
||||||
Form(form): Form<SignupForm>,
|
Form(form): Form<SignupForm>,
|
||||||
) -> Result<impl IntoResponse, CreateUserError> {
|
) -> Result<impl IntoResponse, CreateUserError> {
|
||||||
let user = validate_signup(&form).await?;
|
let user = validate_signup(&form).await?;
|
||||||
session.insert(SIGNUP_KEY, user).await.unwrap();
|
session.insert(&SIGNUP_KEY, user).await.unwrap();
|
||||||
|
|
||||||
Ok(Redirect::to(
|
Ok(Redirect::to(
|
||||||
"https://buy.stripe.com/test_eVa6rrb7ygjNbwk000",
|
"https://buy.stripe.com/test_eVa6rrb7ygjNbwk000",
|
||||||
|
|
@ -89,7 +92,7 @@ pub async fn post_edit_signup(
|
||||||
|
|
||||||
/// Called from Stripe with the receipt of payment.
|
/// Called from Stripe with the receipt of payment.
|
||||||
pub async fn payment_success(session: Session, receipt: Option<Path<String>>) -> impl IntoResponse {
|
pub async fn payment_success(session: Session, receipt: Option<Path<String>>) -> impl IntoResponse {
|
||||||
let user: User = session.get(SIGNUP_KEY).await.unwrap().unwrap_or_default();
|
let user: User = session.get(&SIGNUP_KEY).await.unwrap().unwrap_or_default();
|
||||||
if user == User::default() {
|
if user == User::default() {
|
||||||
return SignupErrorPage("who you?".to_string()).into_response();
|
return SignupErrorPage("who you?".to_string()).into_response();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,9 @@ use tower_sessions::{Expiry, MemoryStore, SessionManagerLayer};
|
||||||
#[macro_use]
|
#[macro_use]
|
||||||
extern crate justerror;
|
extern crate justerror;
|
||||||
|
|
||||||
|
#[macro_use]
|
||||||
|
extern crate lazy_static;
|
||||||
|
|
||||||
mod handlers;
|
mod handlers;
|
||||||
use handlers::{get_signup, payment_success, post_signup};
|
use handlers::{get_signup, payment_success, post_signup};
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue