AssetUrlKey: check

author Ian Jackson <ijackson@chiark.greenend.org.uk>

Tue, 4 May 2021 00:59:08 +0000 (01:59 +0100)

committer Ian Jackson <ijackson@chiark.greenend.org.uk>

Tue, 4 May 2021 11:27:11 +0000 (12:27 +0100)
author Ian Jackson <ijackson@chiark.greenend.org.uk>
Tue, 4 May 2021 00:59:08 +0000 (01:59 +0100)
committer Ian Jackson <ijackson@chiark.greenend.org.uk>
Tue, 4 May 2021 11:27:11 +0000 (12:27 +0100)
diff --git a/Cargo.lock b/Cargo.lock

index dda0ee9e990d617d2243911312c16b610987cd70..aa70b052c20079962d0f27b292da0be67f6cc0ab 100644 (file)
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2233,6 +2233,7 @@ dependencies = [
   "slotmap-fork-otter",
   "structopt",
   "strum",
+ "subtle",
   "tempfile",
   "tera",
   "toml 0.5.8",
diff --git a/Cargo.toml b/Cargo.toml

index dc43c5140d931a3cb7297293fef9b525b31539c9..4235854f5347393e834b6109fe9dac47637763d5 100644 (file)
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -68,6 +68,7 @@ rmp-serde="0.15"
  serde_with="1"
  structopt="0.3"
  sha2="0.9"
+subtle="2.4"
  tempfile="3"
  tera="0.11"
  toml="0.5"
diff --git a/src/bundles.rs b/src/bundles.rs

index 4bf8358bfc13e43b0a941460c52cbb6019530ee9..844eb17f11103691f65639016c1c2e25a4423208 100644 (file)
--- a/src/bundles.rs
+++ b/src/bundles.rs
@@ -93,6 +93,18 @@ impl AssetUrlKey {
      rmp_serde::encode::write(&mut dw, &v).expect("serialize failed!");
      AssetUrlToken(dw.finish().0)
    }
+
+  #[throws(BadAssetUrlToken)]
+  pub fn check<V>(&self, what: &str, v: &V, got: &AssetUrlToken)
+                  -> Authorisation<V>
+  where V: Serialize {
+    let exp = self.token(what, v);
+    if ! bool::from(ConstantTimeEq::ct_eq(
+      &exp.0[..],
+      &got.0[..],
+    )) { throw!(BadAssetUrlToken) }
+    else { Authorisation::authorised(v) }
+  }
  }
  impl Display for AssetUrlToken {
    #[throws(fmt::Error)]
diff --git a/src/prelude.rs b/src/prelude.rs

index 315830f0018a953c06020f0d9e8a078270d4a6a6..cc9dbe039a58a5f070b802bc823ff72ce8e34d3d 100644 (file)
--- a/src/prelude.rs
+++ b/src/prelude.rs
@@ -95,6 +95,7 @@ pub use sha2::{Sha512, Sha512Trunc256};
  pub use slotmap::{dense::DenseSlotMap, SparseSecondaryMap, Key as _};
  pub use strum::{EnumString, EnumIter, EnumProperty};
  pub use strum::{IntoEnumIterator, IntoStaticStr};
+pub use subtle::ConstantTimeEq;
  pub use tempfile::NamedTempFile;
  pub use thiserror::Error;
  pub use url::Url;
@@ -123,7 +124,7 @@ pub use crate::accounts::*;
  pub use crate::authproofs::{self, Authorisation, Unauthorised};
  pub use crate::authproofs::AuthorisationSuperuser;
  pub use crate::bundles::{self, InstanceBundles, MgmtBundleListExt};
-pub use crate::bundles::{AssetUrlKey, AssetUrlToken};
+pub use crate::bundles::{AssetUrlKey, AssetUrlToken, BadAssetUrlToken};
  pub use crate::commands::{AccessTokenInfo, AccessTokenReport, MgmtError};
  pub use crate::commands::{MgmtCommand, MgmtResponse};
  pub use crate::commands::{MgmtGameInstruction, MgmtGameResponse};
author	Ian Jackson <ijackson@chiark.greenend.org.uk>
	Tue, 4 May 2021 00:59:08 +0000 (01:59 +0100)
committer	Ian Jackson <ijackson@chiark.greenend.org.uk>
	Tue, 4 May 2021 11:27:11 +0000 (12:27 +0100)
Cargo.lock		patch \| blob \| history
Cargo.toml		patch \| blob \| history
src/bundles.rs		patch \| blob \| history
src/prelude.rs		patch \| blob \| history