feat(api): defined and implemented return codes that allow for internal SQL injection checking
This commit is contained in:
parent
9db5c04cb6
commit
c87803d479
10
API.md
10
API.md
|
@ -27,7 +27,7 @@ The verification request was sent.
|
||||||
##### 400 - Error: Bad Request
|
##### 400 - Error: Bad Request
|
||||||
The request was malformed.
|
The request was malformed.
|
||||||
##### 403 - Error: Forbidden
|
##### 403 - Error: Forbidden
|
||||||
The password is not matching the requirements.
|
Blocked for security reasons.
|
||||||
##### 409 - Error: Conflict
|
##### 409 - Error: Conflict
|
||||||
The requested username or email is already taken.
|
The requested username or email is already taken.
|
||||||
|
|
||||||
|
@ -58,6 +58,8 @@ The account was verified. You can login now.
|
||||||
##### 400 - Error: Bad Request
|
##### 400 - Error: Bad Request
|
||||||
The request was malformed.
|
The request was malformed.
|
||||||
##### 403 - Error: Forbidden
|
##### 403 - Error: Forbidden
|
||||||
|
Blocked for security reasons.
|
||||||
|
##### 404 - Error: Forbidden
|
||||||
The provided token is unknown.
|
The provided token is unknown.
|
||||||
|
|
||||||
### `/account/authenticate` - POST
|
### `/account/authenticate` - POST
|
||||||
|
@ -85,8 +87,10 @@ __Content - JSON:__
|
||||||
|
|
||||||
##### 400 - Error: Bad Request
|
##### 400 - Error: Bad Request
|
||||||
The request was malformed.
|
The request was malformed.
|
||||||
##### 403 - Error: Forbidden
|
##### 401 - Error: Unauthorized
|
||||||
The provided password was wrong.
|
The provided password was wrong.
|
||||||
|
##### 403 - Error: Forbidden
|
||||||
|
Blocked for security reasons.
|
||||||
##### 404 - Error: Not Found
|
##### 404 - Error: Not Found
|
||||||
The provided username was not found.
|
The provided username was not found.
|
||||||
|
|
||||||
|
@ -103,3 +107,5 @@ Deletes the account.
|
||||||
The account was deleted.
|
The account was deleted.
|
||||||
##### 401 - Error: Unauthorized
|
##### 401 - Error: Unauthorized
|
||||||
The provided token doesn't allow you to perform this operation.
|
The provided token doesn't allow you to perform this operation.
|
||||||
|
##### 403 - Error: Forbidden
|
||||||
|
Blocked for security reasons.
|
|
@ -12,9 +12,9 @@ async fn register(
|
||||||
match handlers::register(body.into_inner()).await {
|
match handlers::register(body.into_inner()).await {
|
||||||
Ok(resp) => match resp {
|
Ok(resp) => match resp {
|
||||||
data::RegisterResponse::Success => HttpResponse::Ok().finish(),
|
data::RegisterResponse::Success => HttpResponse::Ok().finish(),
|
||||||
data::RegisterResponse::PasswordTooWeak => HttpResponse::Forbidden().finish(),
|
|
||||||
data::RegisterResponse::Conflict(b) => HttpResponse::Conflict().json(web::Json(b)),
|
data::RegisterResponse::Conflict(b) => HttpResponse::Conflict().json(web::Json(b)),
|
||||||
data::RegisterResponse::MalformedEmail => HttpResponse::UnprocessableEntity().finish(),
|
data::RegisterResponse::MalformedEmail => HttpResponse::UnprocessableEntity().finish(),
|
||||||
|
data::RegisterResponse::Blocked => HttpResponse::Forbidden().finish(),
|
||||||
},
|
},
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
error!("While handling register request: {e}");
|
error!("While handling register request: {e}");
|
||||||
|
@ -28,7 +28,8 @@ async fn verify(data: web::Data<ApiState>, body: web::Json<data::VerifyRequest>)
|
||||||
match handlers::verify(body.into_inner()).await {
|
match handlers::verify(body.into_inner()).await {
|
||||||
Ok(resp) => match resp {
|
Ok(resp) => match resp {
|
||||||
data::VerifyResponse::Success => HttpResponse::Ok().finish(),
|
data::VerifyResponse::Success => HttpResponse::Ok().finish(),
|
||||||
data::VerifyResponse::TokenUnknown => HttpResponse::Forbidden().finish(),
|
data::VerifyResponse::TokenUnknown => HttpResponse::NotFound().finish(),
|
||||||
|
data::VerifyResponse::Blocked => HttpResponse::Forbidden().finish(),
|
||||||
},
|
},
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
error!("While handling verify request: {e}");
|
error!("While handling verify request: {e}");
|
||||||
|
@ -45,8 +46,9 @@ async fn authenticate(
|
||||||
match handlers::authenticate(body.into_inner()).await {
|
match handlers::authenticate(body.into_inner()).await {
|
||||||
Ok(resp) => match resp {
|
Ok(resp) => match resp {
|
||||||
data::AuthenticateResponse::Success(b) => HttpResponse::Ok().json(web::Json(b)),
|
data::AuthenticateResponse::Success(b) => HttpResponse::Ok().json(web::Json(b)),
|
||||||
data::AuthenticateResponse::WrongPassword => HttpResponse::Forbidden().finish(),
|
data::AuthenticateResponse::WrongPassword => HttpResponse::Unauthorized().finish(),
|
||||||
data::AuthenticateResponse::UserNotFound => HttpResponse::NotFound().finish(),
|
data::AuthenticateResponse::UserNotFound => HttpResponse::NotFound().finish(),
|
||||||
|
data::AuthenticateResponse::Blocked => HttpResponse::Forbidden().finish(),
|
||||||
},
|
},
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
error!("While handling authenticate request: {e}");
|
error!("While handling authenticate request: {e}");
|
||||||
|
@ -61,6 +63,7 @@ async fn delete(data: web::Data<ApiState>, auth: BearerAuth) -> impl Responder {
|
||||||
Ok(resp) => match resp {
|
Ok(resp) => match resp {
|
||||||
data::DeleteResponse::Success => HttpResponse::Ok().finish(),
|
data::DeleteResponse::Success => HttpResponse::Ok().finish(),
|
||||||
data::DeleteResponse::Unauthorized => HttpResponse::Unauthorized().finish(),
|
data::DeleteResponse::Unauthorized => HttpResponse::Unauthorized().finish(),
|
||||||
|
data::DeleteResponse::Blocked => HttpResponse::Forbidden().finish(),
|
||||||
},
|
},
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
error!("While handling delete request: {e}");
|
error!("While handling delete request: {e}");
|
||||||
|
|
|
@ -17,9 +17,9 @@ pub enum RegisterConflict {
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub enum RegisterResponse {
|
pub enum RegisterResponse {
|
||||||
Success,
|
Success,
|
||||||
PasswordTooWeak,
|
|
||||||
Conflict(RegisterConflict),
|
Conflict(RegisterConflict),
|
||||||
MalformedEmail,
|
MalformedEmail,
|
||||||
|
Blocked,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Deserialize)]
|
#[derive(Debug, Deserialize)]
|
||||||
|
@ -30,6 +30,7 @@ pub struct VerifyRequest {
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub enum VerifyResponse {
|
pub enum VerifyResponse {
|
||||||
Success,
|
Success,
|
||||||
|
Blocked,
|
||||||
TokenUnknown,
|
TokenUnknown,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -49,10 +50,12 @@ pub enum AuthenticateResponse {
|
||||||
Success(AuthenticateSuccess),
|
Success(AuthenticateSuccess),
|
||||||
WrongPassword,
|
WrongPassword,
|
||||||
UserNotFound,
|
UserNotFound,
|
||||||
|
Blocked,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub enum DeleteResponse {
|
pub enum DeleteResponse {
|
||||||
Success,
|
Success,
|
||||||
|
Blocked,
|
||||||
Unauthorized,
|
Unauthorized,
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue