🚑 Parse revoked tokens from hexadecimal

RemiBardon · Aug 10, 2024 · f120777 · f120777
1 parent 34f4817
commit f120777
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 7 deletions.
diff --git a/src/Cargo.lock b/src/Cargo.lock
diff --git a/src/Cargo.toml b/src/Cargo.toml
@@ -12,6 +12,7 @@ resolver = "2"
 base64 = "0.22"
 biscuit-auth = "5"
 chrono = "0.4"
+hex = "0.4"
 iso8601-duration = "0.2"
 lazy_static = "1"
 rocket = "0.5"

diff --git a/src/helpers/Cargo.toml b/src/helpers/Cargo.toml
@@ -7,6 +7,7 @@ edition = "2021"
 
 [dependencies]
 biscuit-auth = { workspace = true }
+hex = { workspace = true }
 lazy_static = { workspace = true }
 rocket = { workspace = true }
 serde_json = { workspace = true }

diff --git a/src/helpers/src/generate.rs b/src/helpers/src/generate.rs
@@ -12,7 +12,7 @@ use std::{
 };
 
 use lazy_static::lazy_static;
-use tracing::{debug, info, trace};
+use tracing::{debug, error, info, trace};
 
 use crate::{config::*, copy_directory, website_id::*};
 
@@ -141,15 +141,18 @@ fn _update_submodules() -> Result<(), Error> {
     }
 }
 
-fn read_file_to_set_(file: File) -> io::Result<HashSet<Vec<u8>>> {
+fn read_file_lines_as_hex_(file: File) -> io::Result<HashSet<Vec<u8>>> {
     let reader = BufReader::new(file);
 
     let mut set = HashSet::new();
 
     for line in reader.lines() {
         let line = line?;
         if !line.is_empty() {
-            set.insert(line.into_bytes());
+            set.insert(hex::decode(&line).unwrap_or_else(|err| {
+                error!("Could not parse `{line}` as hexadecimal: {err}");
+                line.into_bytes()
+            }));
         }
     }
 
@@ -166,7 +169,7 @@ pub fn read_revoked_tokens() -> Result<HashSet<Vec<u8>>, Error> {
         );
         return Ok(HashSet::new());
     };
-    let revoked_tokens = read_file_to_set_(revoked_tokens_file)?;
+    let revoked_tokens = read_file_lines_as_hex_(revoked_tokens_file)?;
     info!("Found {} revoked token(s).", revoked_tokens.len());
     Ok(revoked_tokens)
 }

diff --git a/src/orangutan-server/Cargo.toml b/src/orangutan-server/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "orangutan-server"
-version = "0.4.12"
+version = "0.4.13"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
@@ -9,6 +9,7 @@ edition = "2021"
 base64 = { workspace = true }
 biscuit-auth = { workspace = true }
 chrono = { workspace = true }
+hex = { workspace = true }
 lazy_static = { workspace = true }
 orangutan-helpers = { path = "../helpers" }
 orangutan-refresh-token = { path = "../orangutan-refresh-token" }

diff --git a/src/orangutan-server/src/routes/auth_routes.rs b/src/orangutan-server/src/routes/auth_routes.rs
@@ -50,7 +50,16 @@ fn handle_refresh_token(
     };
 
     // NOTE: This is just a hotfix. I had to quickly revoke a token. I'll improve this one day.
-    trace!("Checking if refresh token is revoked");
+    trace!("Checking if refresh token is revoked…");
+    trace!(
+        "Revocation identifiers: {}",
+        refresh_biscuit
+            .revocation_identifiers()
+            .into_iter()
+            .map(hex::encode)
+            .collect::<Vec<_>>()
+            .join(", "),
+    );
     let revoked_id = refresh_biscuit
         .revocation_identifiers()
         .into_iter()