Noratrieb/upload.files.noratrieb.dev
1
0
Fork 0
mirror of https://github.com/Noratrieb/upload.files.noratrieb.dev.git synced 2026-01-14 17:55:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

move password check to extractor

Browse source
This commit is contained in:
nora 2025-08-02 22:11:35 +02:00
parent 9068887037
commit 27c8420d61
1 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/main.rs
View file

@ -220,12 +220,12 @@ fn reject_auth(reason: &str) -> Response {
.into_response() .into_response()
} }
impl<S: Sync> FromRequestParts<S> for Auth { impl FromRequestParts<Config> for Auth {
type Rejection = Response; type Rejection = Response;
async fn from_request_parts( async fn from_request_parts(
parts: &mut axum::http::request::Parts, parts: &mut axum::http::request::Parts,
_: &S, config: &Config,
) -> Result<Self, Self::Rejection> { ) -> Result<Self, Self::Rejection> {
let Some(header) = parts.headers.get(header::AUTHORIZATION) else { let Some(header) = parts.headers.get(header::AUTHORIZATION) else {
return Err(reject_auth("missing authorization header")); return Err(reject_auth("missing authorization header"));
@ -252,6 +252,13 @@ impl<S: Sync> FromRequestParts<S> for Auth {
return Err(reject_auth("missing : between username and password")); return Err(reject_auth("missing : between username and password"));
}; };
if username != config.username {
return Err(reject_auth("invalid username"));
}
if subtle::ConstantTimeEq::ct_ne(password.as_bytes(), config.password.as_bytes()).into() {
return Err(reject_auth("invalid password"));
}
Ok(Auth { Ok(Auth {
username: username.to_owned(), username: username.to_owned(),
password: password.to_owned(), password: password.to_owned(),