X-Git-Url: http://git.scottworley.com/voter/blobdiff_plain/fbcdf3ed7708b5b153a7f562f933d446ffc2d951..ae9be1b6ecd0c0823129bf6bb41149bd9404e902:/src/main.rs diff --git a/src/main.rs b/src/main.rs index 700cce0..9d8daa5 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,9 +1,10 @@ +use rand::prelude::*; use std::io::prelude::*; use std::path::{Path, PathBuf}; const DATA_PATH: &str = "/var/lib/voter"; const COOKIE_NAME: &[u8] = b"__Secure-id"; -const COOKIE_LENGTH: usize = 32; +const COOKIE_LENGTH: usize = 12; fn validate_path(path: &str) -> Result { let invalid_path = || cgi::text_response(404, "Invalid path"); @@ -43,8 +44,42 @@ fn get_voter(request: &cgi::Request) -> Result<&[u8], cgi::Response> { } } +fn make_random_id() -> [u8; COOKIE_LENGTH] { + std::iter::from_fn(random) + .filter(|c| { + (b'A'..=b'Z').contains(c) || (b'a'..=b'z').contains(c) || (b'0'..=b'9').contains(c) + }) + .take(COOKIE_LENGTH) + .collect::>() + .try_into() + .unwrap() +} + +fn set_cookie(mut response: cgi::Response, path: &str) -> Result { + response.headers_mut().append( + cgi::http::header::SET_COOKIE, + cgi::http::header::HeaderValue::from_bytes( + &[ + COOKIE_NAME, + b"=", + &make_random_id(), + b"; Secure HttpOnly SameSite=Strict Max-Age=30000000 Path=", + path.as_bytes(), + ] + .concat(), + ) + .map_err(|_| cgi::text_response(503, "Couldn't make cookie"))?, + ); + Ok(response) +} + fn prompt_for_vote(dir: PathBuf, request: cgi::Request) -> Result { - Err(cgi::text_response(503, "Not Implemented")) + let voter = get_voter(&request); + let mut response = cgi::html_response(200, "You should vote"); + if voter.is_err() { + response = set_cookie(response, request.uri().path())? + } + Ok(response) } fn write_vote(dir: PathBuf, voter: &[u8], vote: &[u8]) -> std::io::Result<()> {