gourami

[UNMAINTAINED] Activitypub server in Rust
Log | Files | Refs | README | LICENSE

commit a1d2a3d2ed1169115d8cfa0a5d5ee3ccc576ff0c
parent 037431cb3314ac2bf5de3e76497b8393d8bb53bf
Author: alex wennerberg <alex@alexwennerberg.com>
Date:   Thu, 23 Apr 2020 01:27:40 -0500

Update dependencies, add password security validation

Diffstat:
MCargo.lock | 210+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------
MCargo.toml | 11++++++-----
MREADME.md | 3+++
Msrc/lib.rs | 15++++++++-------
4 files changed, 186 insertions(+), 53 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock @@ -149,6 +149,21 @@ dependencies = [ ] [[package]] +name = "bit-set" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e84c238982c4b1e1ee668d136c510c67a13465279c0cb367ea6baf6310620a80" +dependencies = [ + "bit-vec", +] + +[[package]] +name = "bit-vec" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f59bbe95d4e52a6398ec21238d31577f2b28a9d86807f06ca59d191d8440d0bb" + +[[package]] name = "bitflags" version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -231,9 +246,9 @@ checksum = "130aac562c0dd69c56b3b1cc8ffd2e17be31d0b6c25b61c96b76231aa23e39e1" [[package]] name = "cc" -version = "1.0.50" +version = "1.0.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95e28fa049fda1c330bcf9d723be7663a899c4679724b34c81e9f5a326aab8cd" +checksum = "c3d87b23d6a92cd03af510a5ade527033f6aa6fa92161e2d5863a907d4c5e31d" [[package]] name = "cfg-if" @@ -249,7 +264,7 @@ checksum = "80094f509cf8b5ae86a4966a39b3ff66cd7e2a3e594accec3743ff3fabeab5b2" dependencies = [ "num-integer", "num-traits", - "time 0.1.42", + "time 0.1.43", ] [[package]] @@ -267,7 +282,7 @@ version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0c60ef6d0bbf56ad2674249b6bb74f2c6aeb98b98dd57b5d3e37cace33011d69" dependencies = [ - "time 0.2.9", + "time 0.2.10", ] [[package]] @@ -287,6 +302,66 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b3a71ab494c0b5b860bdc8407ae08978052417070c2ced38573a9157ad75b8ac" [[package]] +name = "darling" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d706e75d87e35569db781a9b5e2416cff1236a47ed380831f959382ccd5f858" +dependencies = [ + "darling_core", + "darling_macro", +] + +[[package]] +name = "darling_core" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0c960ae2da4de88a91b2d920c2a7233b400bc33cb28453a2987822d8392519b" +dependencies = [ + "fnv", + "ident_case", + "proc-macro2 1.0.10", + "quote 1.0.3", + "strsim", + "syn 1.0.17", +] + +[[package]] +name = "darling_macro" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9b5a2f4ac4969822c62224815d069952656cadc7084fdca9751e6d959189b72" +dependencies = [ + "darling_core", + "quote 1.0.3", + "syn 1.0.17", +] + +[[package]] +name = "derive_builder" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2658621297f2cf68762a6f7dc0bb7e1ff2cfd6583daef8ee0fed6f7ec468ec0" +dependencies = [ + "darling", + "derive_builder_core", + "proc-macro2 1.0.10", + "quote 1.0.3", + "syn 1.0.17", +] + +[[package]] +name = "derive_builder_core" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2791ea3e372c8495c0bc2033991d76b512cd799d07491fbd6890124db9458bef" +dependencies = [ + "darling", + "proc-macro2 1.0.10", + "quote 1.0.3", + "syn 1.0.17", +] + +[[package]] name = "diesel" version = "1.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -331,6 +406,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4358a9e11b9a09cf52383b451b49a169e8d797b68aa02301ff586d70d9661ea3" [[package]] +name = "either" +version = "1.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb1f6b1ce1c140482ea30ddd3335fc0024ac7ee112895426e0a629a6c20adfe3" + +[[package]] name = "encoding_rs" version = "0.8.22" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -359,6 +440,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed" [[package]] +name = "fancy-regex" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b0e2de1b89ad299d536b7cefc5d177f5c005957fa2266ce58eca4d189e74bff5" +dependencies = [ + "bit-set", + "regex", +] + +[[package]] name = "fnv" version = "1.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -545,6 +636,7 @@ dependencies = [ "serde_json", "tokio", "warp", + "zxcvbn", ] [[package]] @@ -579,7 +671,7 @@ dependencies = [ "http", "mime 0.3.16", "sha-1", - "time 0.1.42", + "time 0.1.43", ] [[package]] @@ -593,9 +685,9 @@ dependencies = [ [[package]] name = "hermit-abi" -version = "0.1.10" +version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "725cf19794cf90aa94e65050cb4191ff5d8fa87a498383774c47b332e3af952e" +checksum = "8a0d737e0f947a1864e93d33fdef4af8445a00d1ed8dc0c8ddb73139ea6abf15" dependencies = [ "libc", ] @@ -658,9 +750,9 @@ dependencies = [ [[package]] name = "hyper" -version = "0.13.4" +version = "0.13.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed6081100e960d9d74734659ffc9cc91daf1c0fc7aceb8eaa94ee1a3f5046f2e" +checksum = "96816e1d921eca64d208a85aab4f7798455a8e34229ee5a88c935bdee1b78b14" dependencies = [ "bytes", "futures-channel", @@ -674,7 +766,7 @@ dependencies = [ "log 0.4.8", "net2", "pin-project", - "time 0.1.42", + "time 0.1.43", "tokio", "tower-service", "want", @@ -694,6 +786,12 @@ dependencies = [ ] [[package]] +name = "ident_case" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" + +[[package]] name = "idna" version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -732,6 +830,15 @@ dependencies = [ ] [[package]] +name = "itertools" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f56a2d0bc861f9165be4eb3442afd3c236d8a98afd426f65d92324ae1091a484" +dependencies = [ + "either", +] + +[[package]] name = "itoa" version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -764,9 +871,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.68" +version = "0.2.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dea0c0405123bba743ee3f91f49b1c7cfb684eef0da0a50110f758ccf24cdff0" +checksum = "99e85c08494b21a9054e7fe1374a732aeadaff3980b6990b94bfd3a70f690005" [[package]] name = "libsqlite3-sys" @@ -1059,9 +1166,9 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.7.1" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e136c1904604defe99ce5fd71a28d473fa60a12255d511aa78a9ddf11237aeb" +checksum = "d58c7c768d4ba344e3e8d72518ac13e259d7c7ade24167003b8488e10b6740a3" dependencies = [ "cfg-if", "cloudabi", @@ -1156,18 +1263,18 @@ dependencies = [ [[package]] name = "pin-project" -version = "0.4.8" +version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7804a463a8d9572f13453c516a5faea534a2403d7ced2f0c7e100eeff072772c" +checksum = "6f6a7f5eee6292c559c793430c55c00aea9d3b3d1905e855806ca4d7253426a2" dependencies = [ "pin-project-internal", ] [[package]] name = "pin-project-internal" -version = "0.4.8" +version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "385322a45f2ecf3410c68d2a549a4a2685e8051d0f278e39743ff4e451cb9b3f" +checksum = "8988430ce790d8682672117bc06dda364c0be32d3abd738234f19f3240bad99a" dependencies = [ "proc-macro2 1.0.10", "quote 1.0.3", @@ -1182,9 +1289,9 @@ checksum = "237844750cfbb86f67afe27eee600dfbbcb6188d734139b534cbfbf4f96792ae" [[package]] name = "pin-utils" -version = "0.1.0-alpha.4" +version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5894c618ce612a3fa23881b152b608bafb8c56cfc22f434a3ba3120b40f7b587" +checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pkg-config" @@ -1443,9 +1550,9 @@ checksum = "2439c63f3f6139d1b57529d16bc3b8bb855230c8efcc5d3a896c8bea7c3b1e84" [[package]] name = "regex" -version = "1.3.6" +version = "1.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f6946991529684867e47d86474e3a6d0c0ab9b82d5821e314b1ede31fa3a4b3" +checksum = "a6020f034922e3194c711b82a627453881bc4682166cabb07134a10c26ba7692" dependencies = [ "aho-corasick", "memchr", @@ -1493,7 +1600,7 @@ dependencies = [ "pin-project-lite", "serde", "serde_urlencoded", - "time 0.1.42", + "time 0.1.43", "tokio", "tokio-tls", "url", @@ -1525,9 +1632,9 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.3" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "535622e6be132bccd223f4bb2b8ac8d53cda3c7a6394944d3b2b33fb974f9d76" +checksum = "ed3d612bc64430efeb3f7ee6ef26d590dce0c43249217bddc62112540c7941e1" [[package]] name = "safemem" @@ -1691,9 +1798,9 @@ checksum = "05720e22615919e4734f6a99ceae50d00226c3c5aca406e102ebc33298214e0a" [[package]] name = "standback" -version = "0.2.2" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee531c64ad0f80d289504bd32fb047f42a9e957cda584276ab96eb587e9abac3" +checksum = "898341a519ec30272f8665dd05fb00156254310e99df3dc1e0cb096883d8656c" [[package]] name = "stdweb" @@ -1770,6 +1877,12 @@ dependencies = [ ] [[package]] +name = "strsim" +version = "0.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6446ced80d6c486436db5c078dde11a9f73d42b57fb273121e160b84f63d894c" + +[[package]] name = "syn" version = "0.15.44" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1856,20 +1969,19 @@ dependencies = [ [[package]] name = "time" -version = "0.1.42" +version = "0.1.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db8dcfca086c1143c9270ac42a2bbd8a7ee477b78ac8e45b19abfb0cbede4b6f" +checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438" dependencies = [ "libc", - "redox_syscall", "winapi 0.3.8", ] [[package]] name = "time" -version = "0.2.9" +version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6329a7835505d46f5f3a9a2c237f8d6bf5ca6f0015decb3698ba57fcdbb609ba" +checksum = "cacbd5ebf7b211db6d9500b8b033c20b6e333a68368a9e8d3a1d073bb1f0a12a" dependencies = [ "cfg-if", "libc", @@ -1892,21 +2004,22 @@ dependencies = [ [[package]] name = "time-macros-impl" -version = "0.1.0" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e987cfe0537f575b5fc99909de6185f6c19c3ad8889e2275e686a873d0869ba1" +checksum = "e5c3be1edfad6027c69f5491cf4cb310d1a71ecd6af742788c6ff8bced86b8fa" dependencies = [ "proc-macro-hack", "proc-macro2 1.0.10", "quote 1.0.3", + "standback", "syn 1.0.17", ] [[package]] name = "tokio" -version = "0.2.17" +version = "0.2.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39fb9142eb6e9cc37f4f29144e62618440b149a138eee01a7bbe9b9226aaf17c" +checksum = "34ef16d072d2b6dc8b4a56c70f5c5ced1a37752116f8e7c1e80c659aa7cb6713" dependencies = [ "bytes", "fnv", @@ -2019,9 +2132,9 @@ dependencies = [ [[package]] name = "typenum" -version = "1.11.2" +version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d2783fe2d6b8c1101136184eb41be8b1ad379e4657050b8aaff0c79ee7575f9" +checksum = "373c8a200f9e67a0c95e62a4f52fbf80c23b4381c05a17845531982fa99e6b33" [[package]] name = "unicase" @@ -2262,9 +2375,9 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.4" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa515c5163a99cc82bab70fd3bfdd36d827be85de63737b40fcef2ce084a436e" +checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" dependencies = [ "winapi 0.3.8", ] @@ -2303,5 +2416,20 @@ dependencies = [ "log 0.4.8", "mac", "markup5ever", - "time 0.1.42", + "time 0.1.43", +] + +[[package]] +name = "zxcvbn" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7b69cd8a6484379ef04457ba1c00aaadad166c693b1b6a625b01bcc694b212b" +dependencies = [ + "chrono", + "derive_builder", + "fancy-regex", + "itertools", + "lazy_static", + "quick-error", + "regex", ] diff --git a/Cargo.toml b/Cargo.toml @@ -16,13 +16,14 @@ lazy_static = "1.4.0" log = "0.4.8" rand = "0.7.3" reqwest = "0.10.4" -serde = { version = "1.0", features = ["derive"] } -serde_json = "1.0" -tokio = { version = "0.2.17", features = ["macros"] } +serde = { version = "1.0.106", features = ["derive"] } +serde_json = "1.0.51" +tokio = { version = "0.2.18", features = ["macros"] } warp = "0.2.2" -hyper = "0.13" -regex = "1.3.6" +hyper = "0.13.5" +regex = "1.3.7" ammonia = "3.1.0" maplit = "1.0.2" +zxcvbn = "2.0.1" [dev-dependencies] diff --git a/README.md b/README.md @@ -6,6 +6,9 @@ An intentionally small, ultra-lightweight social media network (ActivityPub inte Link to doc, summary here +* Invite-only +* Closed by default + ## Dependencies: sqlite3 diff --git a/src/lib.rs b/src/lib.rs @@ -6,6 +6,7 @@ extern crate diesel; #[macro_use] extern crate maplit; use std::convert::Infallible; +use zxcvbn::zxcvbn; use warp::{Reply, Filter, Rejection}; use warp::http; @@ -169,14 +170,11 @@ struct RegisterForm { impl RegisterForm { - fn validate(self) -> Result<Self, &'static str> { - if self.email.is_empty() { - Err("A email must be given") - } else if self.password.len() < 3 { - Err("Please use a better password") - } else { - Ok(self) + fn validate(&self) -> Result<(), &'static str> { + if zxcvbn(&self.password, &[]).unwrap().score() < 1 { + return Err("Please come up with a more secure password.") } + Ok(()) } } @@ -184,6 +182,9 @@ impl RegisterForm { fn do_register(form: RegisterForm, query_params: serde_json::Value) -> impl Reply { let conn = &POOL.get().unwrap(); use db::schema::users::dsl::*; + if form.validate().is_err(){ // TODO catch better + return do_login(LoginForm{username: form.username, password: form.password}) + } if let Some(k) = query_params.get("key") { let k_string = &k.as_str().unwrap(); let keyed = RegistrationKey::is_valid(conn, k_string);