Mirroristas/mCaptcha
2
0
Fork 0
mirror of https://github.com/mCaptcha/mCaptcha.git synced 2025-11-24 06:25:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: upload secret route

Browse Source
This commit is contained in:
Aravinth Manivannan 2023-10-18 12:28:09 +05:30
parent f933a30e7e
commit d5617c7ec7
No known key found for this signature in database
GPG Key ID: F8F50389936984FF
1 changed files with 77 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
src/api/v1/survey.rs
View File

@ -23,6 +23,7 @@ use crate::AppData;
pub fn services(cfg: &mut ServiceConfig) { pub fn services(cfg: &mut ServiceConfig) {
cfg.service(download); cfg.service(download);
cfg.service(secret);
} }
pub mod routes { pub mod routes {
@ -35,7 +36,7 @@ pub mod routes {
pub const fn new() -> Self { pub const fn new() -> Self {
Self { Self {
download: "/api/v1/survey/{survey_id}/get", download: "/api/v1/survey/{survey_id}/get",
secret: "/api/v1/survey/{survey_id}/secret", secret: "/api/v1/survey/secret",
} }
} }
@ -76,25 +77,100 @@ async fn download(
Ok(HttpResponse::Ok().json(data)) Ok(HttpResponse::Ok().json(data))
} }
#[derive(Serialize, Deserialize)]
struct SurveySecretUpload {
secret: String,
auth_token: String,
}
/// mCaptcha/survey upload secret route
#[my_codegen::post(path = "crate::V1_API_ROUTES.survey.secret")]
async fn secret(
data: AppData,
payload: web::Json<SurveySecretUpload>,
) -> ServiceResult<impl Responder> {
match data.survey_secrets.get(&payload.auth_token) {
Some(survey_instance_url) => {
let payload = payload.into_inner();
data.survey_secrets.set(survey_instance_url, payload.secret);
data.survey_secrets.rm(&payload.auth_token);
Ok(HttpResponse::Ok())
}
None => Err(ServiceError::WrongPassword),
}
}
#[cfg(test)] #[cfg(test)]
pub mod tests { pub mod tests {
use actix_web::{http::StatusCode, test, App}; use actix_web::{http::StatusCode, test, App};
use super::*;
use crate::api::v1::mcaptcha::get_random;
use crate::tests::*; use crate::tests::*;
use crate::*; use crate::*;
#[actix_rt::test] #[actix_rt::test]
async fn survey_works_pg() { async fn survey_works_pg() {
let data = crate::tests::pg::get_data().await; let data = crate::tests::pg::get_data().await;
survey_registration_works(data.clone()).await;
survey_works(data).await; survey_works(data).await;
} }
#[actix_rt::test] #[actix_rt::test]
async fn survey_works_maria() { async fn survey_works_maria() {
let data = crate::tests::maria::get_data().await; let data = crate::tests::maria::get_data().await;
survey_registration_works(data.clone()).await;
survey_works(data).await; survey_works(data).await;
} }
pub async fn survey_registration_works(data: ArcData) {
let data = &data;
let app = get_app!(data).await;
let survey_instance_url = "http://survey_registration_works.survey.example.org";
let key = get_random(20);
let msg = SurveySecretUpload {
auth_token: key.clone(),
secret: get_random(32),
};
// should fail with ServiceError::WrongPassword since auth token is not loaded into
// keystore
bad_post_req_test_no_auth(
data,
V1_API_ROUTES.survey.secret,
&msg,
errors::ServiceError::WrongPassword,
)
.await;
// load auth token into key store, should succeed
data.survey_secrets
.set(key.clone(), survey_instance_url.to_owned());
let resp = test::call_service(
&app,
post_request!(&msg, V1_API_ROUTES.survey.secret).to_request(),
)
.await;
assert_eq!(resp.status(), StatusCode::OK);
// uploaded secret must be in keystore
assert_eq!(
data.survey_secrets.get(survey_instance_url).unwrap(),
msg.secret
);
// should fail since mCaptcha/survey secret upload auth tokens are single-use
bad_post_req_test_no_auth(
data,
V1_API_ROUTES.survey.secret,
&msg,
errors::ServiceError::WrongPassword,
)
.await;
}
pub async fn survey_works(data: ArcData) { pub async fn survey_works(data: ArcData) {
const NAME: &str = "survetuseranalytics"; const NAME: &str = "survetuseranalytics";
const PASSWORD: &str = "longpassworddomain"; const PASSWORD: &str = "longpassworddomain";