From 14fd04a467b579814c773d1355d8118bcdc1d891 Mon Sep 17 00:00:00 2001
From: philipp <philipp@hofer.link>
Date: Tue, 30 May 2023 14:12:08 +0200
Subject: [PATCH] move rss key to config file

---
 README.md             | 1 -
 src/rest/admin/mod.rs | 8 +++-----
 src/rest/mod.rs       | 9 +++++++++
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index c7d96a1..5c18b37 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,6 @@
 - [] exactly same time -> deny registration
 - [] automatically add regular planned trip
 - [] User sync w/ nextcloud
-- [] remove key from src/rest/admin/rss.rs (line 8); at least before putting code somewhere public
 - [] Rocket tests for /rest
 - [] same day+time: aggregate stats (x people, of which y cox and z rower)
 
diff --git a/src/rest/admin/mod.rs b/src/rest/admin/mod.rs
index 211f0fc..521c54d 100644
--- a/src/rest/admin/mod.rs
+++ b/src/rest/admin/mod.rs
@@ -1,17 +1,15 @@
 use rocket::{get, routes, Route, State};
 use sqlx::SqlitePool;
 
-use crate::model::log::Log;
+use crate::{model::log::Log, rest::Config};
 
 pub mod planned_event;
 pub mod user;
 
 #[get("/rss?<key>")]
-async fn rss(db: &State<SqlitePool>, key: Option<&str>) -> String {
+async fn rss(db: &State<SqlitePool>, key: Option<&str>, config: &State<Config>) -> String {
     match key {
-        Some(key) if key.eq("G9h/f2MFEr408IaB4Yd67/maVSsnAJNjcaZ2Tzl5Vo=") => {
-            Log::generate_feed(db).await
-        }
+        Some(key) if key.eq(&config.rss_key) => Log::generate_feed(db).await,
         _ => "Not allowed".to_string(),
     }
 }
diff --git a/src/rest/mod.rs b/src/rest/mod.rs
index da9fa94..3fca91f 100644
--- a/src/rest/mod.rs
+++ b/src/rest/mod.rs
@@ -1,6 +1,7 @@
 use chrono::{Datelike, Duration, Local, NaiveDate};
 use rocket::{
     catch, catchers,
+    fairing::AdHoc,
     fs::FileServer,
     get,
     request::FlashMessage,
@@ -8,6 +9,7 @@ use rocket::{
     routes, Build, Rocket, State,
 };
 use rocket_dyn_templates::{tera::Context, Template};
+use serde::Deserialize;
 use sqlx::SqlitePool;
 
 use crate::model::{
@@ -135,6 +137,12 @@ fn unauthorized_error() -> Redirect {
     Redirect::to("/auth")
 }
 
+#[derive(Deserialize)]
+#[serde(crate = "rocket::serde")]
+pub struct Config {
+    rss_key: String,
+}
+
 pub fn start(db: SqlitePool) -> Rocket<Build> {
     rocket::build()
         .manage(db)
@@ -146,6 +154,7 @@ pub fn start(db: SqlitePool) -> Rocket<Build> {
         .mount("/public", FileServer::from("static/"))
         .register("/", catchers![unauthorized_error])
         .attach(Template::fairing())
+        .attach(AdHoc::config::<Config>())
 }
 
 //#[cfg(test)]