refactor(api): moved security checks into own mod

This commit is contained in:
antifallobst 2023-08-21 11:02:19 +02:00
parent 64edcd1d9e
commit 45cdf93536
Signed by: antifallobst
GPG Key ID: 2B4F402172791BAF
3 changed files with 18 additions and 17 deletions

View File

@ -1,6 +1,7 @@
use crate::{
accounts::Account,
api::account::data,
security::{is_sql_injection, AlphaExt},
tokens::{AuthToken, VerificationToken},
};
use anyhow::Result;
@ -8,23 +9,6 @@ use log::info;
use mail_send::{mail_builder::MessageBuilder, SmtpClientBuilder};
use sqlx::PgPool;
fn is_sql_injection(string: &String) -> bool {
match libinjection::sqli(string) {
Some((is_injection, _)) => is_injection,
None => true, // this could be a false positive, but that would be better than an SQLi
}
}
trait AlphaExt {
fn is_alpha(&self) -> bool;
}
impl AlphaExt for String {
fn is_alpha(&self) -> bool {
self.chars().all(|c| c.is_alphanumeric())
}
}
pub async fn register(
pool: &PgPool,
request: data::RegisterRequest,

View File

@ -1,5 +1,6 @@
mod accounts;
mod api;
mod security;
mod tokens;
use anyhow::Result;

16
src/security.rs Normal file
View File

@ -0,0 +1,16 @@
pub fn is_sql_injection(string: &String) -> bool {
match libinjection::sqli(string) {
Some((is_injection, _)) => is_injection,
None => true, // this could be a false positive, but that would be better than an SQLi
}
}
pub trait AlphaExt {
fn is_alpha(&self) -> bool;
}
impl AlphaExt for String {
fn is_alpha(&self) -> bool {
self.chars().all(|c| c.is_alphanumeric())
}
}