Improve auth logging + configurable body size

src/bin/server.rs

@@ -6,7 +6,7 @@ use log::{debug, error, info};
 use serde_json::json;
 
 use axum::{
- extract::Path,
+ extract::{Path, DefaultBodyLimit},
  http::{HeaderMap, StatusCode},
  response::IntoResponse,
  routing::{get, on, on_service, post, MethodFilter},
@@ -175,7 +175,7 @@ async fn main() -> Result<(), anyhow::Error> {
  }
 
  })
- )
+ ).route_layer(DefaultBodyLimit::max(site_config.micropub.media_endpoint_max_upload_length))
  .route(
  "/tag/:tag",
  on(

src/config.rs

@@ -30,7 +30,7 @@ pub struct MicropubConfig {
  pub host_website: String,
  pub media_endpoint: String,
  #[serde(default = "default_max_upload_length")]
- pub media_endpoint_max_upload_length: u64, // XXX currently unused
+ pub media_endpoint_max_upload_length: usize,
  pub micropub_endpoint: String,
 }
 
@@ -42,6 +42,6 @@ fn default_auth_endpoint() -> String {
  crate::DEFAULT_AUTH_ENDPOINT.into()
 }
 
-fn default_max_upload_length() -> u64 {
+fn default_max_upload_length() -> usize {
  crate::DEFAULT_MAX_CONTENT_LENGTH
 }

src/constants.rs

@@ -1,3 +1,3 @@
-pub const DEFAULT_MAX_CONTENT_LENGTH: u64 = 1024 * 1024 * 50; // 50 megabytes
+pub const DEFAULT_MAX_CONTENT_LENGTH: usize = 1024 * 1024 * 50; // 50 megabytes
 pub const DEFAULT_AUTH_TOKEN_ENDPOINT: &str = "https://tokens.indieauth.com/token";
 pub const DEFAULT_AUTH_ENDPOINT: &str = "https://indieauth.com/auth";

src/handlers/micropub.rs

@@ -468,6 +468,11 @@ pub async fn handle_post(
  ).await?;
 
  if validate_response.me != site_config.micropub.host_website {
+ error!(
+ "mismatched authorization: me: {} host_website: {}",
+ validate_response.me,
+ site_config.micropub.host_website
+ );
  return Err(StatusCode::FORBIDDEN);
  }