From d18cf1ac37cff02b2cd299af09d8ed0e0c376a46 Mon Sep 17 00:00:00 2001 From: Valentin Tolmer Date: Mon, 10 Apr 2023 18:32:31 +0200 Subject: [PATCH] server: decode graphql parameter --- Cargo.lock | 19 +++++++++---------- server/Cargo.toml | 5 +++-- server/src/infra/graphql/query.rs | 2 ++ 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index fc9fcc0..d7ff474 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2404,7 +2404,8 @@ dependencies = [ "tracing-forest", "tracing-log", "tracing-subscriber", - "uuid 0.8.2", + "urlencoding", + "uuid 1.3.0", "webpki-roots", ] @@ -2530,12 +2531,6 @@ dependencies = [ "digest 0.10.6", ] -[[package]] -name = "md5" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "490cc448043f947bae3cbee9c203358d62dbee0db12107a74be5c30ccfd09771" - [[package]] name = "memchr" version = "2.5.0" @@ -4399,14 +4394,17 @@ dependencies = [ "percent-encoding", ] +[[package]] +name = "urlencoding" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e8db7427f936968176eaa7cdf81b7f98b980b18495ec28f1b5791ac3bfe3eea9" + [[package]] name = "uuid" version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7" -dependencies = [ - "md5", -] [[package]] name = "uuid" @@ -4415,6 +4413,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1674845326ee10d37ca60470760d4288a6f80f304007d92e5c53bab78c9cfd79" dependencies = [ "getrandom 0.2.8", + "md-5", ] [[package]] diff --git a/server/Cargo.toml b/server/Cargo.toml index e79c451..c069131 100644 --- a/server/Cargo.toml +++ b/server/Cargo.toml @@ -32,7 +32,9 @@ ldap3_proto = ">=0.3.1" log = "*" orion = "0.17" rustls = "0.20" +rustls-pemfile = "1" serde = "*" +serde_bytes = "0.11" serde_json = "1" sha2 = "0.10" thiserror = "*" @@ -44,8 +46,7 @@ tracing = "*" tracing-actix-web = "0.7" tracing-attributes = "^0.1.21" tracing-log = "*" -rustls-pemfile = "1" -serde_bytes = "0.11" +urlencoding = "2" webpki-roots = "*" [dependencies.chrono] diff --git a/server/src/infra/graphql/query.rs b/server/src/infra/graphql/query.rs index 6422844..1eb2f5e 100644 --- a/server/src/infra/graphql/query.rs +++ b/server/src/infra/graphql/query.rs @@ -124,10 +124,12 @@ impl Query { } pub async fn user(context: &Context, user_id: String) -> FieldResult> { + use anyhow::Context; let span = debug_span!("[GraphQL query] user"); span.in_scope(|| { debug!(?user_id); }); + let user_id = urlencoding::decode(&user_id).context("Invalid user parameter")?; let user_id = UserId::new(&user_id); let handler = context .get_readable_handler(&user_id)