Skip to content

Commit

Permalink
improve shortlink input params validation
Browse files Browse the repository at this point in the history
  • Loading branch information
glendc committed Oct 23, 2023
1 parent 9d5085e commit e568746
Show file tree
Hide file tree
Showing 7 changed files with 24 additions and 3 deletions.
15 changes: 15 additions & 0 deletions src/router/link.rs
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,20 @@ pub async fn post(
) -> Response {
if let Some(cookie) = cookies.get(crate::services::COOKIE_NAME) {
if let Some(email) = state.auth.verify_cookie(cookie.value()) {
if params.long.is_empty() {
return (
StatusCode::BAD_REQUEST,
super::shared::ErrorTemplate {
title: "Long URL Missing".to_string(),
message: "The long URL must be specified.".to_string(),
back_path: "/link".to_string(),
},
)
.into_response();
}

// TODO: make actual short link, and handle possible failure...

return PostOkTemplate {
email,
long: params.long,
Expand All @@ -54,6 +68,7 @@ pub async fn post(
super::shared::ErrorTemplate {
title: "action forbidden".to_string(),
message: "You are not authorized for creating shortlinks.".to_string(),
back_path: "/".to_string(),
},
)
.into_response()
Expand Down
3 changes: 3 additions & 0 deletions src/router/login.rs
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ pub async fn post(
super::shared::ErrorTemplate {
title: "email is required".to_string(),
message: "Please enter your email address.".to_string(),
back_path: "/".to_string(),
},
)
.into_response();
Expand All @@ -73,6 +74,7 @@ pub async fn post(
super::shared::ErrorTemplate {
title: "failed to send magic link".to_string(),
message: msg,
back_path: "/".to_string(),
},
)
.into_response();
Expand All @@ -81,5 +83,6 @@ pub async fn post(
super::shared::InfoTemplate {
title: format!("email sent to {}", params.email),
message: format!("Magic link has been sent to {}. Please open the link in the email to login to this site.", params.email),
back_path: "/".to_string(),
}.into_response()
}
1 change: 1 addition & 0 deletions src/router/not_found.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ pub async fn any(request: Request<Body>) -> (StatusCode, ErrorTemplate) {
ErrorTemplate {
title: "404 — Not Found".to_string(),
message: format!("The page '{}' does not exist.", request.uri().path()),
back_path: "/".to_string(),
},
)
}
2 changes: 2 additions & 0 deletions src/router/shared.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,13 @@ use askama::Template;
pub struct InfoTemplate {
pub title: String,
pub message: String,
pub back_path: String,
}

#[derive(Template)]
#[template(path = "../templates/content/shared/error.html")]
pub struct ErrorTemplate {
pub title: String,
pub message: String,
pub back_path: String,
}
2 changes: 1 addition & 1 deletion static/js/bckt.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
function init() {
document.body.addEventListener('htmx:beforeSwap', (evt) => {
if ([400, 401, 404, 500].includes(evt.detail.xhr.status)) {
if ([400, 401, 403, 404, 500].includes(evt.detail.xhr.status)) {
evt.detail.shouldSwap = true;
evt.detail.isError = false;
}
Expand Down
2 changes: 1 addition & 1 deletion templates/content/shared/error.html
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<strong class="block titlebar" style="color: var(--custom-error-text); text-shadow: none;">{{ title }}</strong>
<p style="color: var(--bg);">{{ message }}</p>
<p>
<a href="/" class="<button> big" style="margin: 10px 0 0 0; float: right;" autofocus>↩ go back</a>
<a href="{{ back_path }}" class="<button> big" style="margin: 10px 0 0 0; float: right;" autofocus>↩ go back</a>
</p>
</div>
{% endblock %}
2 changes: 1 addition & 1 deletion templates/content/shared/info.html
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<strong class="block titlebar">{{ title }}</strong>
<p>{{ message }}</p>
<p>
<a href="/" class="<button> good big" style="margin: 10px 0 0 0; float: right;" autofocus>↩ go back</a>
<a href="{{ back_path }}" class="<button> good big" style="margin: 10px 0 0 0; float: right;" autofocus>↩ go back</a>
</p>
</div>
{% endblock %}

0 comments on commit e568746

Please sign in to comment.