| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Forgot that `include_str!` existed. Certainly makes things a lot cleaner
this way.
|
|
If the purchaser coming from POST params is found in the database,
generate a license for the purchaser, zip the license, and send a
response containing the zipped data.
zip:
Change the writer input to a mutable reference to enable us to use the
zip data when writing to the response. Otherwise we get a borrow error.
|
|
Use POST params `name`, `email`, and `secret` to get a purchaser from
the database.
If none exists, we should probably send a 404, otherwise we'll generate
a license for that purchaser and send it in the response as a Zip
archive.
|
|
|
|
This binary will show a thank-you page to purchasers. I had also planned
to make a third binary to send the license file as a Zip archive, but
now I think I'm going to do that here too, working out the routing
inside this program.
|
|
We want another route for a thank-you page, and a third for a Zip
download of the license.
|
|
This will enable us to use the logging code in other binaries.
|
|
|
|
|
|
Binary to generate a license plist.
|
|
So we can use them from outside the crate.
|
|
Want a `license-generator` binary with a hyphen. Normally I'd name my
Rust files with underscores, but I didn't want to add `[[bin]]` sections
to `Cargo.toml`.
|
|
Want to make another binary to generate license files.
|
|
Makes it stand out a bit differently.
|
|
|
|
It was too blurry.
|
|
Ensure that nothing leaves the viewable page area and that no elements
collide with one another.
|
|
This reverts commit efa10ba02a7e45eae9bbedd134719842a02dfe5c.
Huh, looks like "to bottom" is the correct syntax. I thought it was a
faulty search-and-replace in my editor.
|
|
Not sure how that happened.
|
|
Needed to adjust some positioning styles and fix the padding on the
button.
|
|
Use `.button` only for base button traits.
|
|
* Move Lucida Grande font stack to a variable
* Add buttons styles for a magenta gradiented button
|
|
Like what I did in edf6fceedd9b4169ceb63172c60733ef84d78951 for 500
errors, extract these errors to functions also.
Doesn't give us any gains in terms of reusability like it did before, as
we're only responding with each of these errors once, but it does clean
up the code in the `main()` function a bit.
|
|
Clean up the `main()` function by extracting all these similar lines to
a function.
|
|
Otherwise we get a borrow error:
error[E0373]: closure may outlive the current function, but it borrows `pool`, which is owned by the current function
--> src/main.rs:67:18
|
67 | fastcgi::run(|mut req| {
| ^^^^^^^^^ may outlive borrowed value `pool`
...
123 | let mut cx = match pool.get_conn() {
| ---- `pool` is borrowed here
help: to force the closure to take ownership of `pool` (and any other referenced variables), use the `move` keyword
|
67 | fastcgi::run(move |mut req| {
| ^^^^^^^^^^^^^^
|
|
This way we can ask the pool for a connection on each request instead of
trying to reuse a single connection.
|
|
This currently errors on a borrow problem with the `cx` in the closure.
Here we get the purchaser name and email from the POST params and insert
them as a record in the database.
If all goes well, we respond with a 200. Otherwise we log errors and
respond with 500.
|
|
Move the call to `params::parse()` from `request::verified()` into
`main()`. This enables us to access values from POST params inside the
`main()` function. We'll need this to store purchaser name and email
address.
|
|
|
|
Log incomming requests to the program's log file.
Remove the 500 error when failing to read stdin to a string. I think it
should be safe to ignore that error. Now that I think about it, we
should be logging it though.
|
|
Previously we were responding with a 200 if all else checked out. This
seems too permissive. Only the authorised webhook requester should
receive a 200. All other requesters should be denied access. Swap the
last two responses to reflect this.
|
|
`run` target runs a `lighttpd` server and watches the executable for
updates with `entr`.
|
|
* If no `REQUEST_METHOD` is found, send a 500 error
* If the `REQUEST_METHOD` is not "POST", send a 405
* If POST params could not be read from stdin, send 500
* If an error occurred during request verification, send 500
* If the request didn't pass verification, send 403
* Otherwise send 200
|
|
Make it easier on users by not requiring them to pass a signature into
the method. This means they don't have to extract the `p_signature`
param and base64 decode it themselves.
Essentially, we want to move the code from `request` that removes the
`p_signature` key and base64 decodes it into the
`paddle::verify_signature()` function.
We need to make the string-like type params in `verify_signature()`
conform additionally to `PartialEq<str>` and `PartialOrd`. Doing so
allows us to find the key "p_signature".
To remove the `p_signature` param from the iterator, we partition it
into two iterators: one for the `p_signature` entry, and another for the
rest. We then extract the value of `p_signature` and base64 decode it
for verification.
Add a new error type in case no `p_signature` entry is found in the
iterator.
|
|
I think I was doing it in the wrong direction. Previously, I had added
the signature from the POST param to the verifier, and verified against
the serialized params.
Seems like I was instead supposed to add the serialized params to the
verifier, and verify against the input signature.
It works correctly now against a request from Paddle.
|
|
In the POST param, the signature is a base64 string, but when we verify
it, it needs to be decoded to bytes.
|
|
In order to verify the signature, it needs to be encoded as bytes.
|
|
Before it only used `%H:%M:%S`. We need a date. Use
> %+ 2001-07-08T00:34:60.026490+09:30 ISO 8601 / RFC 3339 date & time format.
(https://docs.rs/chrono/0.4.0/chrono/format/strftime/index.html#specifiers)
|
|
Stop writing this information to the response text and instead put it in
the program log file. Don't want to send back unnecessary information
when testing the Paddle webhook.
|
|
Return a `Result` from the function to pass errors through.
|
|
Use `AsRef<str>` instead of `&str` to offer a more flexible interface.
We need this because `url::form_urlencoded::parse()` gives us an
iterator of `(Cow<_, str>, Cow<_, str>)`, and we want to pass that into
`verify_signature()`.
Also change `key.len()` and `value.len()` to `.chars().count()` because
I was having a hard time getting the `len()` method from a trait (`str`
doesn't implement `ExactSizeIterator`), and I learned this:
> This length is in bytes, not chars or graphemes. In other words, it
> may not be what a human considers the length of the string.
(https://doc.rust-lang.org/std/primitive.str.html#method.len)
Also:
https://stackoverflow.com/questions/46290655/get-the-string-length-in-characters-in-rust/46290728#46290728
I assume the PHP serializer uses character count instead of byte length.
|
|
The new `request::verified()` takes POST params as a string as does all
the work needed to call `paddle::verify_signature()`.
This involves extracting the `p_signature` POST parameter to get the
signature, and getting the public key PEM.
Change `params::parse()` to return a
`BTreeMap<Cow<'a, str>, Cow<'a, str>>` instead of `String` keys &
values. This is because `paddle::verify_signature()` needs a `(<&str,
&str)` iterator. Actually, it still doesn't solve the problem because
the types don't match. We need to modify the input type of
`verify_signature()`, but at least this change gives us references.
Make `params` private to the crate because we no longer need to use it
in `main()`.
|
|
We want a dictionary to be able to remove the Paddle `p_signature` entry.
|
|
|
|
|
|
Otherwise it doesn't indicate the name of the environment variable in
the result output:
Error: Error(EnvVar(NotPresent), State { next_error: None, backtrace: InternalBacktrace { backtrace: None } })
|
|
* Set web environment variables
* Set 404 file
* Rewrite `/license-generator` to run the `license-generator.fcgi`
program
* Rewrite all other requests to look for a .html file with the path as a
filename
|
|
Add some styles to make the "404" text gigantic and positioned
appropriately.
|
|
|
