refactor(api): moved security checks into own mod

2023-08-21 11:02:19 +02:00 · 2023-08-21 11:02:19 +02:00 · 45cdf93536
parent 64edcd1d9e
commit 45cdf93536
3 changed files with 18 additions and 17 deletions
--- a/src/api/account/handlers.rs
+++ b/src/api/account/handlers.rs
@ -1,6 +1,7 @@
 use crate::{
    accounts::Account,
    api::account::data,
+    security::{is_sql_injection, AlphaExt},
    tokens::{AuthToken, VerificationToken},
 };
 use anyhow::Result;
@ -8,23 +9,6 @@ use log::info;
 use mail_send::{mail_builder::MessageBuilder, SmtpClientBuilder};
 use sqlx::PgPool;

-fn is_sql_injection(string: &String) -> bool {
-    match libinjection::sqli(string) {
-        Some((is_injection, _)) => is_injection,
-        None => true, // this could be a false positive, but that would be better than an SQLi
-    }
-}
-
-trait AlphaExt {
-    fn is_alpha(&self) -> bool;
-}
-
-impl AlphaExt for String {
-    fn is_alpha(&self) -> bool {
-        self.chars().all(|c| c.is_alphanumeric())
-    }
-}
-
 pub async fn register(
    pool: &PgPool,
    request: data::RegisterRequest,
--- a/src/main.rs
+++ b/src/main.rs
@ -1,5 +1,6 @@
 mod accounts;
 mod api;
+mod security;
 mod tokens;

 use anyhow::Result;
--- a/src/security.rs
+++ b/src/security.rs
@ -0,0 +1,16 @@
+pub fn is_sql_injection(string: &String) -> bool {
+    match libinjection::sqli(string) {
+        Some((is_injection, _)) => is_injection,
+        None => true, // this could be a false positive, but that would be better than an SQLi
+    }
+}
+
+pub trait AlphaExt {
+    fn is_alpha(&self) -> bool;
+}
+
+impl AlphaExt for String {
+    fn is_alpha(&self) -> bool {
+        self.chars().all(|c| c.is_alphanumeric())
+    }
+}