feat(api): defined and implemented return codes that allow for internal SQL injection checking
This commit is contained in:
parent
9db5c04cb6
commit
c87803d479
12
API.md
12
API.md
|
@ -27,7 +27,7 @@ The verification request was sent.
|
|||
##### 400 - Error: Bad Request
|
||||
The request was malformed.
|
||||
##### 403 - Error: Forbidden
|
||||
The password is not matching the requirements.
|
||||
Blocked for security reasons.
|
||||
##### 409 - Error: Conflict
|
||||
The requested username or email is already taken.
|
||||
|
||||
|
@ -58,6 +58,8 @@ The account was verified. You can login now.
|
|||
##### 400 - Error: Bad Request
|
||||
The request was malformed.
|
||||
##### 403 - Error: Forbidden
|
||||
Blocked for security reasons.
|
||||
##### 404 - Error: Forbidden
|
||||
The provided token is unknown.
|
||||
|
||||
### `/account/authenticate` - POST
|
||||
|
@ -85,8 +87,10 @@ __Content - JSON:__
|
|||
|
||||
##### 400 - Error: Bad Request
|
||||
The request was malformed.
|
||||
##### 403 - Error: Forbidden
|
||||
##### 401 - Error: Unauthorized
|
||||
The provided password was wrong.
|
||||
##### 403 - Error: Forbidden
|
||||
Blocked for security reasons.
|
||||
##### 404 - Error: Not Found
|
||||
The provided username was not found.
|
||||
|
||||
|
@ -102,4 +106,6 @@ Deletes the account.
|
|||
##### 200 - Success
|
||||
The account was deleted.
|
||||
##### 401 - Error: Unauthorized
|
||||
The provided token doesn't allow you to perform this operation.
|
||||
The provided token doesn't allow you to perform this operation.
|
||||
##### 403 - Error: Forbidden
|
||||
Blocked for security reasons.
|
|
@ -12,9 +12,9 @@ async fn register(
|
|||
match handlers::register(body.into_inner()).await {
|
||||
Ok(resp) => match resp {
|
||||
data::RegisterResponse::Success => HttpResponse::Ok().finish(),
|
||||
data::RegisterResponse::PasswordTooWeak => HttpResponse::Forbidden().finish(),
|
||||
data::RegisterResponse::Conflict(b) => HttpResponse::Conflict().json(web::Json(b)),
|
||||
data::RegisterResponse::MalformedEmail => HttpResponse::UnprocessableEntity().finish(),
|
||||
data::RegisterResponse::Blocked => HttpResponse::Forbidden().finish(),
|
||||
},
|
||||
Err(e) => {
|
||||
error!("While handling register request: {e}");
|
||||
|
@ -28,7 +28,8 @@ async fn verify(data: web::Data<ApiState>, body: web::Json<data::VerifyRequest>)
|
|||
match handlers::verify(body.into_inner()).await {
|
||||
Ok(resp) => match resp {
|
||||
data::VerifyResponse::Success => HttpResponse::Ok().finish(),
|
||||
data::VerifyResponse::TokenUnknown => HttpResponse::Forbidden().finish(),
|
||||
data::VerifyResponse::TokenUnknown => HttpResponse::NotFound().finish(),
|
||||
data::VerifyResponse::Blocked => HttpResponse::Forbidden().finish(),
|
||||
},
|
||||
Err(e) => {
|
||||
error!("While handling verify request: {e}");
|
||||
|
@ -45,8 +46,9 @@ async fn authenticate(
|
|||
match handlers::authenticate(body.into_inner()).await {
|
||||
Ok(resp) => match resp {
|
||||
data::AuthenticateResponse::Success(b) => HttpResponse::Ok().json(web::Json(b)),
|
||||
data::AuthenticateResponse::WrongPassword => HttpResponse::Forbidden().finish(),
|
||||
data::AuthenticateResponse::WrongPassword => HttpResponse::Unauthorized().finish(),
|
||||
data::AuthenticateResponse::UserNotFound => HttpResponse::NotFound().finish(),
|
||||
data::AuthenticateResponse::Blocked => HttpResponse::Forbidden().finish(),
|
||||
},
|
||||
Err(e) => {
|
||||
error!("While handling authenticate request: {e}");
|
||||
|
@ -61,6 +63,7 @@ async fn delete(data: web::Data<ApiState>, auth: BearerAuth) -> impl Responder {
|
|||
Ok(resp) => match resp {
|
||||
data::DeleteResponse::Success => HttpResponse::Ok().finish(),
|
||||
data::DeleteResponse::Unauthorized => HttpResponse::Unauthorized().finish(),
|
||||
data::DeleteResponse::Blocked => HttpResponse::Forbidden().finish(),
|
||||
},
|
||||
Err(e) => {
|
||||
error!("While handling delete request: {e}");
|
||||
|
|
|
@ -17,9 +17,9 @@ pub enum RegisterConflict {
|
|||
#[derive(Debug)]
|
||||
pub enum RegisterResponse {
|
||||
Success,
|
||||
PasswordTooWeak,
|
||||
Conflict(RegisterConflict),
|
||||
MalformedEmail,
|
||||
Blocked,
|
||||
}
|
||||
|
||||
#[derive(Debug, Deserialize)]
|
||||
|
@ -30,6 +30,7 @@ pub struct VerifyRequest {
|
|||
#[derive(Debug)]
|
||||
pub enum VerifyResponse {
|
||||
Success,
|
||||
Blocked,
|
||||
TokenUnknown,
|
||||
}
|
||||
|
||||
|
@ -49,10 +50,12 @@ pub enum AuthenticateResponse {
|
|||
Success(AuthenticateSuccess),
|
||||
WrongPassword,
|
||||
UserNotFound,
|
||||
Blocked,
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
pub enum DeleteResponse {
|
||||
Success,
|
||||
Blocked,
|
||||
Unauthorized,
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue