💥 breaking: remove password_is_bad from ptth_server

The password checking is not necessary with the new process of generating
high-entropy Base64 passwords and then approving them on the relay.

The password file takes a lot of space and this doesn't need to be part
of ptth_server's public API, if there is one, anyway.
main
_ 2021-04-17 17:43:13 -05:00
parent d457feb35f
commit 86af3194e5
4 changed files with 12 additions and 49 deletions

2
Cargo.lock generated
View File

@ -1559,7 +1559,7 @@ dependencies = [
[[package]]
name = "ptth_server"
version = "1.2.1"
version = "2.0.0"
dependencies = [
"aho-corasick",
"always_equal",

View File

@ -1,7 +1,7 @@
[package]
name = "ptth_server"
version = "1.2.1"
version = "2.0.0"
authors = ["Trish"]
edition = "2018"
license = "AGPL-3.0"
@ -43,7 +43,7 @@ toml = "0.5.7"
uom = "0.30.0"
always_equal = { path = "../always_equal", version = "1.0.0" }
ptth_core = { path = "../ptth_core", version = "1.3.0" }
ptth_core = { path = "../ptth_core", version = "1.4.0" }
[dev-dependencies]

View File

@ -25,7 +25,6 @@ use always_equal::prod::AlwaysEqual;
use ptth_core::{
http_serde::Method,
prefix_match,
prelude::*,
};
@ -211,7 +210,7 @@ async fn serve_api (
// API versioning will be major-only, so I'll keep adding stuff to v1
// until I need to deprecate or break something.
if let Some (path) = prefix_match ("/v1/dir/", path) {
if let Some (path) = path.strip_prefix ("/v1/dir/") {
let encoded_path = &path [0..];
let path_s = percent_decode (encoded_path.as_bytes ()).decode_utf8 ().map_err (FileServerError::PathNotUtf8)?;
@ -283,11 +282,11 @@ pub async fn serve_all (
return Ok (Root);
}
if let Some (path) = prefix_match ("/api", path) {
if let Some (path) = path.strip_prefix ("/api") {
return serve_api (root, &uri, hidden_path, path).await;
}
let path = match prefix_match ("/files/", path) {
let path = match path.strip_prefix ("/files/") {
Some (x) => x,
None => return Ok (NotFound),
};

View File

@ -1,3 +1,9 @@
//! # PTTH Server
//!
//! The PTTH server makes an outgoing HTTP connection to a
//! PTTH relay, and then serves incoming HTTP requests through
//! the relay.
#![warn (clippy::pedantic)]
// I don't see the point in documenting the errors outside of where the
@ -34,21 +40,6 @@ pub mod load_toml;
use errors::ServerError;
// Thanks to https://github.com/robsheldon/bad-passwords-index
const BAD_PASSWORDS: &[u8] = include_bytes! ("bad_passwords.txt");
#[must_use]
pub fn password_is_bad (mut password: String) -> bool {
password.make_ascii_lowercase ();
let ac = aho_corasick::AhoCorasick::new (&[
password
]);
ac.find (BAD_PASSWORDS).is_some ()
}
struct State {
file_server: file_server::State,
config: Config,
@ -223,10 +214,6 @@ pub async fn run_server (
let asset_root = asset_root.unwrap_or_else (PathBuf::new);
if password_is_bad (config_file.api_key.clone ()) {
return Err (ServerError::WeakApiKey);
}
info! ("Server name is {}", config_file.name);
info! ("Tripcode is {}", config_file.tripcode ());
@ -374,27 +361,4 @@ mod tests {
assert_eq! (config.tripcode (), "A9rPwZyY89Ag4TJjMoyYA2NeGOm99Je6rq1s0rg8PfY=".to_string ());
}
#[test]
fn check_bad_passwords () {
for pw in &[
"",
" ",
"user",
"password",
"pAsSwOrD",
"secret",
"123123",
] {
assert! (password_is_bad (pw.to_string ()));
}
use rand::prelude::*;
let mut entropy = [0u8; 32];
thread_rng ().fill_bytes (&mut entropy);
let good_password = base64::encode (entropy);
assert! (! password_is_bad (good_password));
}
}