This commit is contained in:
@@ -22,10 +22,6 @@ pub struct AppConfig {
|
||||
#[clap(short = 'S', long, env, default_value = "")]
|
||||
secret: String,
|
||||
|
||||
/// Specify whether the cookie should be transmitted only over secure connections
|
||||
#[clap(long, env)]
|
||||
pub cookie_secure: bool,
|
||||
|
||||
/// Unsecure : for development, bypass authentication, using the account with the given
|
||||
/// email address by default
|
||||
#[clap(long, env)]
|
||||
@@ -161,23 +157,6 @@ impl AppConfig {
|
||||
self.unsecure_auto_login_email().is_some()
|
||||
}
|
||||
|
||||
/// Get auth cookie domain
|
||||
pub fn cookie_domain(&self) -> Option<String> {
|
||||
if cfg!(debug_assertions) {
|
||||
let domain = self.website_origin.split_once("://")?.1;
|
||||
Some(
|
||||
domain
|
||||
.split_once(':')
|
||||
.map(|s| s.0)
|
||||
.unwrap_or(domain)
|
||||
.to_string(),
|
||||
)
|
||||
} else {
|
||||
// In release mode, the web app is hosted on the same origin as the API
|
||||
None
|
||||
}
|
||||
}
|
||||
|
||||
/// Get app secret
|
||||
pub fn secret(&self) -> &str {
|
||||
let mut secret = self.secret.as_str();
|
||||
|
||||
@@ -63,21 +63,20 @@ pub async fn download(
|
||||
pub async fn serve_file(req: HttpRequest, file: &File, download_file: bool) -> HttpResult {
|
||||
if !download_file {
|
||||
// Check if the browser already knows the etag
|
||||
if let Some(c) = req.headers().get(header::IF_NONE_MATCH) {
|
||||
if c.to_str().unwrap_or("") == file.sha512.as_str() {
|
||||
return Ok(HttpResponse::NotModified().finish());
|
||||
}
|
||||
if let Some(c) = req.headers().get(header::IF_NONE_MATCH)
|
||||
&& c.to_str().unwrap_or("") == file.sha512.as_str()
|
||||
{
|
||||
return Ok(HttpResponse::NotModified().finish());
|
||||
}
|
||||
|
||||
// Check if the browser already knows the file by date
|
||||
if let Some(c) = req.headers().get(header::IF_MODIFIED_SINCE) {
|
||||
let date_str = c.to_str().unwrap_or("");
|
||||
if let Ok(date) = httpdate::parse_http_date(date_str) {
|
||||
if date.add(Duration::from_secs(1))
|
||||
if let Ok(date) = httpdate::parse_http_date(date_str)
|
||||
&& date.add(Duration::from_secs(1))
|
||||
>= time_utils::unix_to_system_time(file.time_create as u64)
|
||||
{
|
||||
return Ok(HttpResponse::NotModified().finish());
|
||||
}
|
||||
{
|
||||
return Ok(HttpResponse::NotModified().finish());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -64,10 +64,10 @@ pub async fn get_list_of_account(
|
||||
});
|
||||
}
|
||||
|
||||
if let Some(limit) = query.limit {
|
||||
if list.len() > limit {
|
||||
list = list[..limit].to_vec();
|
||||
}
|
||||
if let Some(limit) = query.limit
|
||||
&& list.len() > limit
|
||||
{
|
||||
list = list[..limit].to_vec();
|
||||
}
|
||||
|
||||
Ok(HttpResponse::Ok().json(list))
|
||||
|
||||
@@ -120,16 +120,16 @@ impl FromRequest for AuthExtractor {
|
||||
}
|
||||
|
||||
// Check IP restriction
|
||||
if let Some(net) = token.ip_net() {
|
||||
if !net.contains(&remote_ip.0) {
|
||||
log::error!(
|
||||
"Trying to use token {:?} from unauthorized IP address: {remote_ip:?}",
|
||||
token.id()
|
||||
);
|
||||
return Err(actix_web::error::ErrorForbidden(
|
||||
"This token cannot be used from this IP address!",
|
||||
));
|
||||
}
|
||||
if let Some(net) = token.ip_net()
|
||||
&& !net.contains(&remote_ip.0)
|
||||
{
|
||||
log::error!(
|
||||
"Trying to use token {:?} from unauthorized IP address: {remote_ip:?}",
|
||||
token.id()
|
||||
);
|
||||
return Err(actix_web::error::ErrorForbidden(
|
||||
"This token cannot be used from this IP address!",
|
||||
));
|
||||
}
|
||||
|
||||
// Check for write access
|
||||
@@ -163,10 +163,10 @@ impl FromRequest for AuthExtractor {
|
||||
};
|
||||
|
||||
// Update last use (if needed)
|
||||
if token.shall_update_time_used() {
|
||||
if let Err(e) = tokens_service::update_time_used(&token).await {
|
||||
log::error!("Failed to refresh last usage of token! {e}");
|
||||
}
|
||||
if token.shall_update_time_used()
|
||||
&& let Err(e) = tokens_service::update_time_used(&token).await
|
||||
{
|
||||
log::error!("Failed to refresh last usage of token! {e}");
|
||||
}
|
||||
|
||||
// Handle tokens expiration
|
||||
|
||||
@@ -23,10 +23,10 @@ impl UpdateInboxEntryQuery {
|
||||
let constraints = ServerConstraints::default();
|
||||
|
||||
// Check inbox entry label
|
||||
if let Some(label) = &self.label {
|
||||
if !constraints.inbox_entry_label.check_str(label) {
|
||||
return Ok(Some("Invalid inbox entry label length!"));
|
||||
}
|
||||
if let Some(label) = &self.label
|
||||
&& !constraints.inbox_entry_label.check_str(label)
|
||||
{
|
||||
return Ok(Some("Invalid inbox entry label length!"));
|
||||
}
|
||||
|
||||
// Check the referenced movement
|
||||
|
||||
@@ -55,12 +55,11 @@ impl UpdateMovementQuery {
|
||||
if let Ok(movement) =
|
||||
get_by_account_label_amount_time(self.account_id, &self.label, self.amount, self.time)
|
||||
.await
|
||||
&& Some(movement.id()) != ref_movement
|
||||
{
|
||||
if Some(movement.id()) != ref_movement {
|
||||
return Ok(Some(
|
||||
"A movement taken at the same time with the same label and the same amount already exists!",
|
||||
));
|
||||
}
|
||||
return Ok(Some(
|
||||
"A movement taken at the same time with the same label and the same amount already exists!",
|
||||
));
|
||||
}
|
||||
|
||||
Ok(None)
|
||||
|
||||
Reference in New Issue
Block a user