feat(api): defined and implemented return codes that allow for internal SQL injection checking

API.md

@@ -27,7 +27,7 @@ The verification request was sent.
 ##### 400 - Error: Bad Request
 The request was malformed.
 ##### 403 - Error: Forbidden
-The password is not matching the requirements.
+Blocked for security reasons.
 ##### 409 - Error: Conflict
 The requested username or email is already taken.
 
@@ -58,6 +58,8 @@ The account was verified. You can login now.
 ##### 400 - Error: Bad Request
 The request was malformed.
 ##### 403 - Error: Forbidden
+Blocked for security reasons.
+##### 404 - Error: Forbidden
 The provided token is unknown.
 
 ### `/account/authenticate` - POST
@@ -85,8 +87,10 @@ __Content - JSON:__
 
 ##### 400 - Error: Bad Request
 The request was malformed.
-##### 403 - Error: Forbidden
+##### 401 - Error: Unauthorized
 The provided password was wrong.
+##### 403 - Error: Forbidden
+Blocked for security reasons.
 ##### 404 - Error: Not Found
 The provided username was not found.
 
@@ -103,3 +107,5 @@ Deletes the account.
 The account was deleted.
 ##### 401 - Error: Unauthorized
 The provided token doesn't allow you to perform this operation.
+##### 403 - Error: Forbidden
+Blocked for security reasons.

src/api/account/calls.rs

@@ -12,9 +12,9 @@ async fn register(
     match handlers::register(body.into_inner()).await {
         Ok(resp) => match resp {
             data::RegisterResponse::Success => HttpResponse::Ok().finish(),
-            data::RegisterResponse::PasswordTooWeak => HttpResponse::Forbidden().finish(),
             data::RegisterResponse::Conflict(b) => HttpResponse::Conflict().json(web::Json(b)),
             data::RegisterResponse::MalformedEmail => HttpResponse::UnprocessableEntity().finish(),
+            data::RegisterResponse::Blocked => HttpResponse::Forbidden().finish(),
         },
         Err(e) => {
             error!("While handling register request: {e}");
@@ -28,7 +28,8 @@ async fn verify(data: web::Data<ApiState>, body: web::Json<data::VerifyRequest>)
     match handlers::verify(body.into_inner()).await {
         Ok(resp) => match resp {
             data::VerifyResponse::Success => HttpResponse::Ok().finish(),
-            data::VerifyResponse::TokenUnknown => HttpResponse::Forbidden().finish(),
+            data::VerifyResponse::TokenUnknown => HttpResponse::NotFound().finish(),
+            data::VerifyResponse::Blocked => HttpResponse::Forbidden().finish(),
         },
         Err(e) => {
             error!("While handling verify request: {e}");
@@ -45,8 +46,9 @@ async fn authenticate(
     match handlers::authenticate(body.into_inner()).await {
         Ok(resp) => match resp {
             data::AuthenticateResponse::Success(b) => HttpResponse::Ok().json(web::Json(b)),
-            data::AuthenticateResponse::WrongPassword => HttpResponse::Forbidden().finish(),
+            data::AuthenticateResponse::WrongPassword => HttpResponse::Unauthorized().finish(),
             data::AuthenticateResponse::UserNotFound => HttpResponse::NotFound().finish(),
+            data::AuthenticateResponse::Blocked => HttpResponse::Forbidden().finish(),
         },
         Err(e) => {
             error!("While handling authenticate request: {e}");
@@ -61,6 +63,7 @@ async fn delete(data: web::Data<ApiState>, auth: BearerAuth) -> impl Responder {
         Ok(resp) => match resp {
             data::DeleteResponse::Success => HttpResponse::Ok().finish(),
             data::DeleteResponse::Unauthorized => HttpResponse::Unauthorized().finish(),
+            data::DeleteResponse::Blocked => HttpResponse::Forbidden().finish(),
         },
         Err(e) => {
             error!("While handling delete request: {e}");

src/api/account/data.rs

@@ -17,9 +17,9 @@ pub enum RegisterConflict {
 #[derive(Debug)]
 pub enum RegisterResponse {
     Success,
-    PasswordTooWeak,
     Conflict(RegisterConflict),
     MalformedEmail,
+    Blocked,
 }
 
 #[derive(Debug, Deserialize)]
@@ -30,6 +30,7 @@ pub struct VerifyRequest {
 #[derive(Debug)]
 pub enum VerifyResponse {
     Success,
+    Blocked,
     TokenUnknown,
 }
 
@@ -49,10 +50,12 @@ pub enum AuthenticateResponse {
     Success(AuthenticateSuccess),
     WrongPassword,
     UserNotFound,
+    Blocked,
 }
 
 #[derive(Debug)]
 pub enum DeleteResponse {
     Success,
+    Blocked,
     Unauthorized,
 }