• 0 Posts
  • 5 Comments
Joined 2 years ago
Cake day: July 2nd, 2023
  • beeb@lemm.eetoRust@programming.devpastebin code is reduced to 42 lines :D
    1·
    3 hours ago

    Note that there are many security concerns with this, notably the fact that there is no input validation on the id path segment which means you can get the content of any file (e.g. http://localhost:3000/src%2Fmain.rs). It’s also very easy to scrape the content of all the files because the IDs are easy to predict. When the server reboots, you will overwrite previously written files because the counter starts back at zero. Using a UUID would probably mostly solve both these issues.

  • beeb@lemm.eetoRust@programming.devpastebin code is reduced to 42 lines :D
    1·
    2 hours ago

    Here’s a slightly more idiomatic version:

    use std::{
    fs,
    sync::atomic::{AtomicUsize, Ordering},
};

use axum::{extract::Path, http::StatusCode, routing::get, routing::post, Router};

const MAX_FILE_SIZE: usize = 1024 * 1024 * 10;
static FILE_COUNT: AtomicUsize = AtomicUsize::new(0);

async fn handle(Path(id): Path<String>) -> (StatusCode, String) {
    match fs::read_to_string(id) {
        Ok(content) => (StatusCode::OK, content),
        Err(e) => (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()),
    }
}

async fn submit_handle(bytes: String) -> (StatusCode, String) {
    dbg!(&bytes);
    if bytes.len() > MAX_FILE_SIZE {
        // Don't store the file if it exceeds max size
        return (
            StatusCode::BAD_REQUEST,
            "ERROR: max size exceeded".to_string(),
        );
    }
    let path = FILE_COUNT.fetch_add(1, Ordering::SeqCst);
    if let Err(e) = fs::write(path.to_string(), bytes) {
        return (StatusCode::INTERNAL_SERVER_ERROR, e.to_string());
    }
    (StatusCode::CREATED, format!("http://localhost:3000/%7Bpath%7D"))
}

#[tokio::main]
async fn main() {
    let app = Router::new()
        .route("/", get(|| async { "Paste something in pastebin! use curl -X POST http://localhost:3000/submit -d 'this is some data'" }))
        .route("/{id}", get(handle))
        .route("/submit", post(submit_handle));

    let listener = tokio::net::TcpListener::bind("127.0.0.1:3000")
        .await
        .unwrap();
    axum::serve(listener, app).await.unwrap();
}

    Note that there are no unwrap in the handlers which would absolutely want to avoid (it would crash your server). The endpoints now also return the correct HTTP code for each case. Some minor changes regarding creating the string values (use of format! and to_string() on string slices). Lemmy messes with the curly braces in the format! macro, there should be curly braces around the path variable name.