From 1201664c7bd6fc9cffa68b37678a4d3ee5135d68 Mon Sep 17 00:00:00 2001 From: Steven Rhodes Date: Sun, 1 Sep 2024 14:50:45 -0700 Subject: [PATCH] Really fix protocol --- src/auth.rs | 34 +++++++++++++++++++--------------- src/bin/cecvol.rs | 11 ++++++----- 2 files changed, 25 insertions(+), 20 deletions(-) diff --git a/src/auth.rs b/src/auth.rs index 5ef75b9..f5928fa 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -87,13 +87,13 @@ struct Claims { fn self_uri(req: &Request) -> String { if let Some(host) = req.header("Host") { - let prefix = - if !req.is_secure() && !host.starts_with("localhost") && !host.starts_with("127.0.0.1") - { - "http://" - } else { - "https://" - }; + let prefix = if !req.is_secure() + && (host.starts_with("localhost") || host.starts_with("127.0.0.1")) + { + "http://" + } else { + "https://" + }; format!("{prefix}{host}") } else { "".into() @@ -150,9 +150,11 @@ impl Authorizer { Some(s) => s, None => return Response::text("missing state").with_status_code(400), }; - let nonces = self.nonces.lock().unwrap(); - if !nonces.contains(&state) { - return Response::text("unknown state").with_status_code(400); + { + let nonces = self.nonces.lock().unwrap(); + if !nonces.contains(&state) { + return Response::text("unknown state").with_status_code(400); + } } let code = match req.get_param("code") { Some(c) => c, @@ -184,12 +186,14 @@ impl Authorizer { let claims: Claims = serde_json::from_slice(&jsonclaims).unwrap(); // Check nonces - let nonce = claims.nonce.unwrap_or_default(); - let mut nonces = self.nonces.lock().unwrap(); - if !nonces.contains(&nonce) { - return Response::text("reused nonce").with_status_code(400); + { + let nonce = claims.nonce.unwrap_or_default(); + let mut nonces = self.nonces.lock().unwrap(); + if !nonces.contains(&nonce) { + return Response::text("reused nonce").with_status_code(400); + } + nonces.remove(&nonce); } - nonces.remove(&nonce); let email = claims.email.unwrap_or_default(); diff --git a/src/bin/cecvol.rs b/src/bin/cecvol.rs index 7ea5b32..cf4f32a 100644 --- a/src/bin/cecvol.rs +++ b/src/bin/cecvol.rs @@ -323,6 +323,11 @@ fn main() -> Result<(), Box> { info!("Starting server..."); rouille::start_server(&args.http_addr, move |request| { + info!( + "{method} {url}", + method = request.method(), + url = request.raw_url(), + ); let route = |req: &Request| { router!(req, (GET) (/) => {index()}, @@ -335,11 +340,7 @@ fn main() -> Result<(), Box> { Some(a) => a.ensure_authorized(request, route), None => route(request), }; - info!( - "{request} {status}", - request = request.url(), - status = resp.status_code, - ); + info!("... {status}", status = resp.status_code,); resp }); }