philipp/hacky-ruadat
1
0
Fork 0
forked from Ruderverein-Donau-Linz/rowt
Code Issues Pull Requests Actions Activity

no funny business w/ get params

Browse Source
This commit is contained in:
Philipp Hofer
2025-04-16 10:56:57 +02:00
parent 2b79df8e42
commit dc2ee38aa0
1 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/tera/mod.rs
View File

@@ -30,6 +30,7 @@ use crate::{
},
SCHECKBUCH,
};
use base64::alphabet::STANDARD;
pub(crate) mod admin;
mod auth;
@@ -136,35 +137,35 @@ impl<'r> FromRequest<'r> for BasicAuth {
// Get the Authorization header
let auth_header = match request.headers().get_one("Authorization") {
Some(h) => h,
None => return Outcome::Failure((Status::Unauthorized, ())),
None => return Outcome::Error((Status::Unauthorized, ())),
};
// Check if it's a Basic auth header
if !auth_header.starts_with("Basic ") {
return Outcome::Failure((Status::Unauthorized, ()));
return Outcome::Error((Status::Unauthorized, ()));
}
// Decode the base64 credentials
let credentials = match BASE64.decode(auth_header[6..].as_bytes()) {
let credentials = match base64::decode(&auth_header[6..]) {
Ok(c) => c,
Err(_) => return Outcome::Failure((Status::Unauthorized, ())),
Err(_) => return Outcome::Error((Status::Unauthorized, ())),
};
// Convert to UTF-8 string
let credentials_str = match str::from_utf8(&credentials) {
let credentials_str = match std::str::from_utf8(&credentials) {
Ok(s) => s,
Err(_) => return Outcome::Failure((Status::Unauthorized, ())),
Err(_) => return Outcome::Error((Status::Unauthorized, ())),
};
// Split into username and password
let mut parts = credentials_str.splitn(2, ':');
let username = match parts.next() {
Some(u) => u.to_string(),
None => return Outcome::Failure((Status::Unauthorized, ())),
None => return Outcome::Error((Status::Unauthorized, ())),
};
let password = match parts.next() {
Some(p) => p.to_string(),
None => return Outcome::Failure((Status::Unauthorized, ())),
None => return Outcome::Error((Status::Unauthorized, ())),
};
Outcome::Success(BasicAuth { username, password })