diff options
| author | Tyler Murphy <tylermurphy534@gmail.com> | 2023-01-29 19:28:48 -0500 |
|---|---|---|
| committer | Tyler Murphy <tylermurphy534@gmail.com> | 2023-01-29 19:28:48 -0500 |
| commit | ac58a612a3fe928793b77c592551fdd962b69064 (patch) | |
| tree | c746d9325a88447e3149891a2435bcb1f3ece67a /src/types/extract.rs | |
| parent | no mass rerendering html plus logging fix (diff) | |
| download | xssbook-ac58a612a3fe928793b77c592551fdd962b69064.tar.gz xssbook-ac58a612a3fe928793b77c592551fdd962b69064.tar.bz2 xssbook-ac58a612a3fe928793b77c592551fdd962b69064.zip | |
admin page
Diffstat (limited to 'src/types/extract.rs')
| -rw-r--r-- | src/types/extract.rs | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/src/types/extract.rs b/src/types/extract.rs index 4d92a3b..64a3e73 100644 --- a/src/types/extract.rs +++ b/src/types/extract.rs @@ -19,7 +19,7 @@ use crate::{ http::{ResponseCode, Result}, session::Session, user::User, - }, + }, admin, }; pub struct AuthorizedUser(pub User); @@ -53,6 +53,36 @@ where } } +pub struct AdminUser; + +#[async_trait] +impl<S> FromRequestParts<S> for AdminUser +where + S: Send + Sync, +{ + type Rejection = Response; + + async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self> { + let Ok(Some(cookies)) = Option::<TypedHeader<Cookie>>::from_request_parts(parts, state).await else { + return Err(ResponseCode::Forbidden.text("No cookies provided")) + }; + + let Some(secret) = cookies.get("admin") else { + return Err(ResponseCode::Forbidden.text("No admin secret provided")) + }; + + println!("{}", secret); + + let check = admin::get_secret().await; + + if check != secret { + return Err(ResponseCode::Unauthorized.text("Auth token invalid")) + } + + Ok(Self) + } +} + pub struct Log; #[async_trait] |