diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/args.rs | 32 | ||||
| -rw-r--r-- | src/auth.rs | 19 | ||||
| -rw-r--r-- | src/main.rs | 9 |
3 files changed, 37 insertions, 23 deletions
diff --git a/src/args.rs b/src/args.rs index 516e0b6..5a0b5db 100644 --- a/src/args.rs +++ b/src/args.rs @@ -77,13 +77,35 @@ fn parse_interface(src: &str) -> Result<IpAddr, std::net::AddrParseError> { /// Checks wether the auth string is valid, i.e. it follows the syntax username:password fn parse_auth(src: &str) -> Result<(String, String), String> { - match src.find(':') { - Some(_) => { - let split = src.split(':').collect::<Vec<_>>(); - Ok((split[0].to_owned(), split[1].to_owned())) + let mut split = src.splitn(2, ':'); + + let username = match split.next() { + Some(username) => username, + None => { + return Err( + "Invalid credentials string, expected format is username:password".to_owned(), + ) } - None => Err("Correct format is username:password".to_owned()), + }; + + let password = match split.next() { + // This allows empty passwords, as the spec does not forbid it + Some(password) => password, + None => { + return Err( + "Invalid credentials string, expected format is username:password".to_owned(), + ) + } + }; + + // To make it Windows-compatible,the password needs to be shorter than 255 characters. + // After 255 characters, Windows will truncate the value. + // As for the username, the spec does not mention a limit in length + if password.len() > 255 { + return Err("Password length cannot exceed 255 characters".to_owned()); } + + Ok((username.to_owned(), password.to_owned())) } /// Parses the command line arguments diff --git a/src/auth.rs b/src/auth.rs index e8600fb..10e7a4a 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -7,7 +7,6 @@ pub struct Auth; /// HTTP Basic authentication errors pub enum BasicAuthError { Base64DecodeError, - InvalidUsernameFormat, } #[derive(Clone, Debug)] @@ -24,13 +23,14 @@ pub fn parse_basic_auth( let basic_removed = authorization_header.to_str().unwrap().replace("Basic ", ""); let decoded = base64::decode(&basic_removed).map_err(|_| BasicAuthError::Base64DecodeError)?; let decoded_str = String::from_utf8_lossy(&decoded); - let strings: Vec<&str> = decoded_str.splitn(2, ':').collect(); - if strings.len() != 2 { - return Err(BasicAuthError::InvalidUsernameFormat); - } + let credentials: Vec<&str> = decoded_str.splitn(2, ':').collect(); + + // If argument parsing went fine, it means the HTTP credentials string is well formatted + // So we can safely unpack the username and the password + Ok(BasicAuthParams { - username: strings[0].to_owned(), - password: strings[1].to_owned(), + username: credentials[0].to_owned(), + password: credentials[1].to_owned(), }) } @@ -50,11 +50,6 @@ impl Middleware<crate::MiniserveConfig> for Auth { auth_headers.to_str().unwrap() )))); } - Err(BasicAuthError::InvalidUsernameFormat) => { - return Ok(Response::Done( - HttpResponse::BadRequest().body("Invalid basic auth format"), - )); - } }; if auth_req.username != required_auth.username || auth_req.password != required_auth.password diff --git a/src/main.rs b/src/main.rs index fce9cf6..2a43780 100644 --- a/src/main.rs +++ b/src/main.rs @@ -134,15 +134,12 @@ fn main() { )) .bold() )); - let random_route = miniserve_config.clone().random_route; - if random_route.is_some() { + + if let Some(random_route) = miniserve_config.clone().random_route { addresses.push_str(&format!( "{}", Color::Green - .paint(format!( - "/{random_route}", - random_route = random_route.unwrap(), - )) + .paint(format!("/{random_route}", random_route = random_route,)) .bold() )); } |