From 301183f6fc225ccef590cff6e2e6ee7af2323234 Mon Sep 17 00:00:00 2001 From: nickfarrow Date: Tue, 8 Nov 2022 23:23:10 +1100 Subject: [PATCH 1/2] Serve files from root instead of /pj/static Keep the payjoin POST /pj and other endpoints the same. Now we don't have to prefix with /pj/static to use every file from html. Access the index page from the host without /pj. Match convention on umbrel with access at ip:port --- src/http.rs | 12 +++++++----- static/favicons/favicon.ico | Bin 12014 -> 0 bytes static/index.html | 21 ++++++++++----------- 3 files changed, 17 insertions(+), 16 deletions(-) delete mode 100644 static/favicons/favicon.ico diff --git a/src/http.rs b/src/http.rs index 1cfc681..b5dc28a 100644 --- a/src/http.rs +++ b/src/http.rs @@ -47,10 +47,10 @@ async fn handle_web_req( endpoint: url::Url, ) -> Result, hyper::Error> { let result = match (req.method(), req.uri().path()) { - (&Method::GET, "/pj") => handle_index().await, - (&Method::GET, path) if path.starts_with("/pj/static/") => handle_static(path).await, + (&Method::GET, "/") => handle_index().await, (&Method::POST, "/pj") => handle_pj(scheduler, req).await, - (&Method::POST, "/pj/schedule") => handle_pj_schedule(scheduler, endpoint, req).await, + (&Method::POST, "/schedule") => handle_schedule(scheduler, endpoint, req).await, + (&Method::GET, path) => handle_static(path).await, _ => handle_404().await, }; @@ -72,7 +72,9 @@ async fn handle_index() -> Result, HttpError> { } async fn handle_static(path: &str) -> Result, HttpError> { - let directory_traversal_vulnerable_path = &path[("/pj/static/".len())..]; + // A path argument to PathBuf::join(&self, path) with a leading slash + // is treated as an absolute path, so we strip it in preparation. + let directory_traversal_vulnerable_path = &path[("/".len())..]; match std::fs::read(Path::new(STATIC_DIR).join(directory_traversal_vulnerable_path)) { Ok(file) => Response::builder() .status(200) @@ -104,7 +106,7 @@ async fn handle_pj(scheduler: Scheduler, req: Request) -> Result, diff --git a/static/favicons/favicon.ico b/static/favicons/favicon.ico deleted file mode 100644 index 3edd3c1d3123c2c22812625ba535bfea48a8b9c6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12014 zcmeHN2Y3`mmVUmyz1zFnyYq!Ln4FQwFj+Z*G&yQUVUz$x6i^O;q>(^bLJ}Z>P(T8K zz&6N$3EuOPO%w)!022iwn&8DY1{=e@p6;3H8I1(HSi0}KZ|nP~r@FeT-aoHus=NNz z0Pn$XV8#r<@4>KX7yugpMvbD*e-CgC%ie#VIR70){1#xDEr1Qy!6p!lAEKQ;4JE(m z$61rK{|A^7G$(PlSJsyZ$>mHFZfGO^79ZUNLJFq zv#uVQJ*+Dk6Z;p;$(q>-+Xc%`36`EBC>dD!R$gJ)qBqQ~Pf#%W6U>Q9_lS*x{C0wm z0VFGR)&Xm#<%|ja2v=>jprD=LLxEx?DL(7vQ`XZobG)?w;3(7y3r`CRP74UM(};C=kRbR+5qqMMRVJe#VKIJ>aY?lvG|IAunm?M>MjhXnI!bt%Nhp zkDq-|RD1>@Bw@}fpysBFN=Qsv(J9aW(p^=+njp5Q zZ*j`9m3wFG6_uV9l^9@RMY(H!?M>!*p+!ULbS$4~4p-lD$%=~v2ufzGB$b`AicV?H zK4 zYw1eFB{NofcZo{d6*0?VQgw^-O6JC8O42t-DmrClXS^fUai*$VRE6T@=f&lSa|Tv= zVwA5s$PtX(@Q`OCr5iQR&t{FGz?q^DSDqvIkT9~+yGvAfL>rmZef#!nLn^7N5oLXf zln7K_5HIf}_>ky@m89(a{F38Fi&iqDJy`~L&RZj^zKoC}Rv}EpB$em=!jr!L{(A!# z;``;xm;TX<4F5!em6(JzR^%WC)ON{(R~ju^%XqLx6W~r$N>_BsYOWA4vLc8PtYqh=)CjP4?QMGa!qrpM0gK+<9_M>p1J z0<)tUWvj2sR$n1NvZ^6`g^;W`AD6Bp37}7^s;WFZJd{dhdwY9vUO0KrO6jAC^~l(F%^p~IxP zhK7b2hUD(+7AIoOF51$V*7Lyu4f_5=BKtb$55iXXN!jNj?Py1%$u! zDKs=RCN0-uk@sKQ6<)B9J<_pnIPiiLb=MVjHxRwCQpFd3_uY4--B+((ZQHgjKR8crPS=iP>^mbuoJLBe`DzdxS&Z5G>xQsPEE)pk&EPKZv4b zpVv2UB2AOWpMLr&A|W#@A&Wf4!D28N$cMw>;J?q)(^C;!XtBtr?|kkwUBVt=*EbXm zH}xPX>5oQMv_VwGEn^ZI@ZJbz<4pykC#!mMchz2%rL7H&%L-1&l_yn6S9apm@{i3j@_F{`88XSt z%*4@DMdw&7@===~2E?vq59huS%5}GtjRGMkv>H6O<@cbYfkK9;~z*?j&sgv!?MT^-o-LMH7*FtGk<| zbn)V)fXHM~$r0KLk4yb!-}$-Kmz(1aXWVwJ4=B5j4I7Wt?xk0Nq+aE3A82CC-U6eWt7-dDY_ z%G~=bwq!47C<9?PlBbMo@U8E4)iM&x-2J0mnNGHP<59K#Hc}#3HR~N^jTJe&@K|v0 zrT@Gl&d`}g@J6r{k*oabuhEuM{e8!<$ZHz9^1gWKIMKz}r0h~;HwcJ&0K=i_jHi#K}e@L!A#2GT}jS#7q z_^r8!BdBh;S+M`rY_9T+O^g+MTJHHEC5n}v809N;n%N*09)1}bTgClw%3DIHUJ|zQ zWY)GjydhKHvI$o6*?5nDo)tli@Rb#JX~E+yKOoR2EC1H}6(?RRL=oIU6Z#wKE#Ig&lb~1;?lO%aF}tF+e_L_l zmGd|jchLC$hI-3Gf>NKX(*Ea%yidO7eK2+ap!w(_qAymh_Y02v9GBa|`(VrfK=bh< z%|{3$D@%9zZTY6E{k5Map7)2*0|0s~>~Hyj_W%*69EBej{21eu7}K;&rU2ou5wLU= z7m?9NH+ebL^RE}=<2WYq_0c;?{#VSY!DRH#JZARS$MD$9aH4aJe&rmK=NzMT`zr*! znA3vzix21nT0}I9AKYk)W=&Kv-VID!jaSl6V>C!o*kQ*CH}(0BL7<6BkMI^Mz@v{j zsf#1Sj4qQsOAcqGBF~NQ|_&!_70*tj}?% z%bVaC*(^@o>C9hD)S;F4%-gvv)CVy1(!3#t;lJ`KbAr^oGV1jdcn*;Uk@SMRvQwI| z%ib>1c$J>vvOFkOAd@)k|b$BN=p-XS%d$x83E z&q!rlMC$c~EKbA^0&8#CP4O{yXvk0^xM1;Klh&*k<>du`TGhB2H74AaA3AzUmb;6R zN=*W;QGX|*6d@HI)^u$`M0WB_&}+3uQ5$vti@J(Nx&{$fuufcl)^AC3a&c3@k|qmD zU0QL$C!*epG&~ALVRvEfpUkw^>dTt!O%ESF!u~5NDjXdhi;9ZUO4lVWt$zCSDHh(n zcVC;m-tcn>?LMfk+tq#^3wyJKi;EzYR8$Q+Z9;cWEN;erE?>TERNoRZP3kIM%CByr zCYxT1k7&Hb8jS+3rDn<=?IJEbLhPaqx-DrXcU3EP(%IRG{iDtp85y}_*Iq2yw{M?7 zAc%>HsjS;XDWR1YWL1}f7qwYcKiy=D%(OgG^jvc-efb9L4HN3EsFB4arayoF97RS~ zS6A{E#ii#O14V(2w}p~4_DF}GkSuSfbVIt1S$o|#@1xsyC_%Yp>+a~BRcMRUE1jL4 zbvj*0YO!%X$834To8WF$5HyHx24Ra50SR}_UADexO>0s~ld|++NbWi$k0$o)*%KBP zmRC?BD?X$TpL~rHTh#KSy$Nat#mXS<(KJw$WqnY((hrTa{OGPf9w7Yn`gKR=rJ&pv z<9rTkx~&c^We;atg-L`mQ|ri|b0c}@)4=qN+M07{MVr61sCIL9)ds)(t@N1|zx7*J zhO9S@$xM=<1URE6*rog8g`=%IXXq?1?->6Tr-_+hKGWo@ucowI#|piHP(UnnBFf4w z&HCGmTd#12&M?BmIoQAAINeH6^PRb=>x>n8W@w5AsYV%epLMswKYkdMv!$mL;_ejS zUv`AF65sZ%aCTVFI>r*ST{odn7_^C|?&RH1)xH_r4^d^X0ynnYx8&fWwg+~@8CENh zg$CV0zr80F2T})VzMXgAh5L-zeX9m`!)Nwgf!gv>B7$CX(Oc29++DW&9(StERi8bu2P21Od$$P&K49$M`T`RQ%q-~W+O(E~l3qD8i?i*2Z zQ)j-TdItVw z`(gd=lOW1I3JhC6U`!7Me9!}&%n;h#1?rWjLFf?-cuNLR+7}=Qs|S3<1h0S!NJ+~8 zP3r@2SC&KE_Q$Y9mk+p314he0QGWwM8*f5H=2}o-8H)Vy;NfFXW4W^I1mH6^;QtLU z@BwxX5wNi79H^38Af#{~U|1Xct2%)*${zR&8erGqvw-hA0Oosu8=!y$xL5+dT?AF@KZDGs!?1bpaX?`YFz^i_czx^Et)Nc% z1n|BC7#af6yat%<76tee4o<>sc>LtgU^j*ftjWHBw;0gItO9(s3=|3lp!f>79sp~S z5`1c}0BTU+IKc@pq6HX92WjPbKrs&-Y+L~ℜZkfG^JgKAV9AKN#f)ynlgk(SE?? z6V!{gfp7U?nBROI>={~+mv;h2?V;(jqks>-fU*gA#cl;vNju>E7G}>|1Gqy2RDmF= zstxeo0P|NK27J#06zWBA>+S>KP7(u#sc94FZ`uD39+*l?|M=T~n>xpo{vlEK-*bXY zY02nW0YUhXN+mbV`|k+^v9a!1|2{W1Hr98M!|!}zWAkT6#(1VM{$pHx95X#FKYwA) zpzvjde!p=X6=7q$aN)utr+?M{y*yaxD$bB9ii?XUbF)>`z5a8A{Rc6_)Pn~P{%}ST zS2QIr!G31=kV$MdTRC>YjHG{_m&y7U?Zn}j_ - - - - - - - + + + + + + - + nolooking // Lightning PayJoin @@ -27,7 +26,7 @@

🎃 Halloween Alpha [experimental] | Avoid sp👀ks<

Queue batches of lightning channels to open in a single transaction

-
Config @@ -47,7 +46,7 @@

Queue batches of lightning channels to open in a single transaction

- +
@@ -125,7 +124,7 @@

PayJoin here to open these channels

link.innerHTML = bip21; var address = bip21.split("bitcoin:")[1].split("?")[0]; - document.getElementById("qrcode").innerHTML = ``; + document.getElementById("qrcode").innerHTML = ``; document.getElementById("queue").classList.add("invisible"); document.getElementById("queued").classList.remove("invisible"); }) From 9aa13617da504ecec6b414cd29aa9d9c772db9f8 Mon Sep 17 00:00:00 2001 From: DanGould Date: Fri, 11 Nov 2022 16:20:08 -0500 Subject: [PATCH 2/2] Move static to public Because QR codes generate in the folder, it is not static. The name "public" is a rails convention for this folder that makes sense to me. --- .gitignore | 2 +- public/.DS_Store | Bin 0 -> 6148 bytes public/favicon.ico | Bin 0 -> 12014 bytes .../favicons/android-chrome-192x192.png | Bin .../favicons/android-chrome-512x512.png | Bin .../favicons/apple-touch-icon.png | Bin {static => public}/favicons/browserconfig.xml | 0 {static => public}/favicons/favicon-16x16.png | Bin {static => public}/favicons/favicon-32x32.png | Bin {static => public}/favicons/mstile-144x144.png | Bin {static => public}/favicons/mstile-150x150.png | Bin {static => public}/favicons/mstile-310x150.png | Bin {static => public}/favicons/mstile-310x310.png | Bin {static => public}/favicons/mstile-70x70.png | Bin .../favicons/safari-pinned-tab.svg | 0 {static => public}/favicons/site.webmanifest | 0 {static => public}/index.html | 0 {static => public}/qr_codes/.gitignore | 0 {static => public}/spookyloin.png | Bin {static => public}/spookyloin2.png | Bin {static => public}/style.css | 0 src/http.rs | 16 ++++++++-------- 22 files changed, 9 insertions(+), 9 deletions(-) create mode 100644 public/.DS_Store create mode 100644 public/favicon.ico rename {static => public}/favicons/android-chrome-192x192.png (100%) rename {static => public}/favicons/android-chrome-512x512.png (100%) rename {static => public}/favicons/apple-touch-icon.png (100%) rename {static => public}/favicons/browserconfig.xml (100%) rename {static => public}/favicons/favicon-16x16.png (100%) rename {static => public}/favicons/favicon-32x32.png (100%) rename {static => public}/favicons/mstile-144x144.png (100%) rename {static => public}/favicons/mstile-150x150.png (100%) rename {static => public}/favicons/mstile-310x150.png (100%) rename {static => public}/favicons/mstile-310x310.png (100%) rename {static => public}/favicons/mstile-70x70.png (100%) rename {static => public}/favicons/safari-pinned-tab.svg (100%) rename {static => public}/favicons/site.webmanifest (100%) rename {static => public}/index.html (100%) rename {static => public}/qr_codes/.gitignore (100%) rename {static => public}/spookyloin.png (100%) rename {static => public}/spookyloin2.png (100%) rename {static => public}/style.css (100%) diff --git a/.gitignore b/.gitignore index a2a4503..7cb3a88 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ /target tests/compose/nginx/ssl/localhost-key.pem tests/compose/nginx/ssl/localhost.pem -static/qr_codes/*.png +public/qr_codes/*.png diff --git a/public/.DS_Store b/public/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..de18fe7226da93c77deebf2380262008b39c173f GIT binary patch literal 6148 zcmeHK%Sr=55Ukc57QE!>ael!+7()Dl{D2{15M%?2Iq%8u^3$w-Acl>XfETHT?waZ8 znq}*-y$!%t?~ixD62L%r#D|Bu`MLYdt}0_hI`7!wfDv!U&FeU;KA&*zfG2Em#Pd)7 z%VFH-z2}L_N&zV#1*Cu!kOCJe;JueN+$1VW0VyB_z7_EAL!&$P!YMI69Sku75Eo2` zaUHV+v3Y{n3#UY8XqHrBQmsY|OFHwd>U!anm~>bTA68GcnoumB&ih-G!+N5k6p#X^ z3S8%Q>HYtn{>%J-O43dWNP&N)fGyUW^@^`ly><3--fJ8Ef$lY*bT_Vp!VvA4810xF fZ^yS$ly%M5Jnw~5V$hinI#E9Zu8T|x{IvpK=NJ{G literal 0 HcmV?d00001 diff --git a/public/favicon.ico b/public/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..3edd3c1d3123c2c22812625ba535bfea48a8b9c6 GIT binary patch literal 12014 zcmeHN2Y3`mmVUmyz1zFnyYq!Ln4FQwFj+Z*G&yQUVUz$x6i^O;q>(^bLJ}Z>P(T8K zz&6N$3EuOPO%w)!022iwn&8DY1{=e@p6;3H8I1(HSi0}KZ|nP~r@FeT-aoHus=NNz z0Pn$XV8#r<@4>KX7yugpMvbD*e-CgC%ie#VIR70){1#xDEr1Qy!6p!lAEKQ;4JE(m z$61rK{|A^7G$(PlSJsyZ$>mHFZfGO^79ZUNLJFq zv#uVQJ*+Dk6Z;p;$(q>-+Xc%`36`EBC>dD!R$gJ)qBqQ~Pf#%W6U>Q9_lS*x{C0wm z0VFGR)&Xm#<%|ja2v=>jprD=LLxEx?DL(7vQ`XZobG)?w;3(7y3r`CRP74UM(};C=kRbR+5qqMMRVJe#VKIJ>aY?lvG|IAunm?M>MjhXnI!bt%Nhp zkDq-|RD1>@Bw@}fpysBFN=Qsv(J9aW(p^=+njp5Q zZ*j`9m3wFG6_uV9l^9@RMY(H!?M>!*p+!ULbS$4~4p-lD$%=~v2ufzGB$b`AicV?H zK4 zYw1eFB{NofcZo{d6*0?VQgw^-O6JC8O42t-DmrClXS^fUai*$VRE6T@=f&lSa|Tv= zVwA5s$PtX(@Q`OCr5iQR&t{FGz?q^DSDqvIkT9~+yGvAfL>rmZef#!nLn^7N5oLXf zln7K_5HIf}_>ky@m89(a{F38Fi&iqDJy`~L&RZj^zKoC}Rv}EpB$em=!jr!L{(A!# z;``;xm;TX<4F5!em6(JzR^%WC)ON{(R~ju^%XqLx6W~r$N>_BsYOWA4vLc8PtYqh=)CjP4?QMGa!qrpM0gK+<9_M>p1J z0<)tUWvj2sR$n1NvZ^6`g^;W`AD6Bp37}7^s;WFZJd{dhdwY9vUO0KrO6jAC^~l(F%^p~IxP zhK7b2hUD(+7AIoOF51$V*7Lyu4f_5=BKtb$55iXXN!jNj?Py1%$u! zDKs=RCN0-uk@sKQ6<)B9J<_pnIPiiLb=MVjHxRwCQpFd3_uY4--B+((ZQHgjKR8crPS=iP>^mbuoJLBe`DzdxS&Z5G>xQsPEE)pk&EPKZv4b zpVv2UB2AOWpMLr&A|W#@A&Wf4!D28N$cMw>;J?q)(^C;!XtBtr?|kkwUBVt=*EbXm zH}xPX>5oQMv_VwGEn^ZI@ZJbz<4pykC#!mMchz2%rL7H&%L-1&l_yn6S9apm@{i3j@_F{`88XSt z%*4@DMdw&7@===~2E?vq59huS%5}GtjRGMkv>H6O<@cbYfkK9;~z*?j&sgv!?MT^-o-LMH7*FtGk<| zbn)V)fXHM~$r0KLk4yb!-}$-Kmz(1aXWVwJ4=B5j4I7Wt?xk0Nq+aE3A82CC-U6eWt7-dDY_ z%G~=bwq!47C<9?PlBbMo@U8E4)iM&x-2J0mnNGHP<59K#Hc}#3HR~N^jTJe&@K|v0 zrT@Gl&d`}g@J6r{k*oabuhEuM{e8!<$ZHz9^1gWKIMKz}r0h~;HwcJ&0K=i_jHi#K}e@L!A#2GT}jS#7q z_^r8!BdBh;S+M`rY_9T+O^g+MTJHHEC5n}v809N;n%N*09)1}bTgClw%3DIHUJ|zQ zWY)GjydhKHvI$o6*?5nDo)tli@Rb#JX~E+yKOoR2EC1H}6(?RRL=oIU6Z#wKE#Ig&lb~1;?lO%aF}tF+e_L_l zmGd|jchLC$hI-3Gf>NKX(*Ea%yidO7eK2+ap!w(_qAymh_Y02v9GBa|`(VrfK=bh< z%|{3$D@%9zZTY6E{k5Map7)2*0|0s~>~Hyj_W%*69EBej{21eu7}K;&rU2ou5wLU= z7m?9NH+ebL^RE}=<2WYq_0c;?{#VSY!DRH#JZARS$MD$9aH4aJe&rmK=NzMT`zr*! znA3vzix21nT0}I9AKYk)W=&Kv-VID!jaSl6V>C!o*kQ*CH}(0BL7<6BkMI^Mz@v{j zsf#1Sj4qQsOAcqGBF~NQ|_&!_70*tj}?% z%bVaC*(^@o>C9hD)S;F4%-gvv)CVy1(!3#t;lJ`KbAr^oGV1jdcn*;Uk@SMRvQwI| z%ib>1c$J>vvOFkOAd@)k|b$BN=p-XS%d$x83E z&q!rlMC$c~EKbA^0&8#CP4O{yXvk0^xM1;Klh&*k<>du`TGhB2H74AaA3AzUmb;6R zN=*W;QGX|*6d@HI)^u$`M0WB_&}+3uQ5$vti@J(Nx&{$fuufcl)^AC3a&c3@k|qmD zU0QL$C!*epG&~ALVRvEfpUkw^>dTt!O%ESF!u~5NDjXdhi;9ZUO4lVWt$zCSDHh(n zcVC;m-tcn>?LMfk+tq#^3wyJKi;EzYR8$Q+Z9;cWEN;erE?>TERNoRZP3kIM%CByr zCYxT1k7&Hb8jS+3rDn<=?IJEbLhPaqx-DrXcU3EP(%IRG{iDtp85y}_*Iq2yw{M?7 zAc%>HsjS;XDWR1YWL1}f7qwYcKiy=D%(OgG^jvc-efb9L4HN3EsFB4arayoF97RS~ zS6A{E#ii#O14V(2w}p~4_DF}GkSuSfbVIt1S$o|#@1xsyC_%Yp>+a~BRcMRUE1jL4 zbvj*0YO!%X$834To8WF$5HyHx24Ra50SR}_UADexO>0s~ld|++NbWi$k0$o)*%KBP zmRC?BD?X$TpL~rHTh#KSy$Nat#mXS<(KJw$WqnY((hrTa{OGPf9w7Yn`gKR=rJ&pv z<9rTkx~&c^We;atg-L`mQ|ri|b0c}@)4=qN+M07{MVr61sCIL9)ds)(t@N1|zx7*J zhO9S@$xM=<1URE6*rog8g`=%IXXq?1?->6Tr-_+hKGWo@ucowI#|piHP(UnnBFf4w z&HCGmTd#12&M?BmIoQAAINeH6^PRb=>x>n8W@w5AsYV%epLMswKYkdMv!$mL;_ejS zUv`AF65sZ%aCTVFI>r*ST{odn7_^C|?&RH1)xH_r4^d^X0ynnYx8&fWwg+~@8CENh zg$CV0zr80F2T})VzMXgAh5L-zeX9m`!)Nwgf!gv>B7$CX(Oc29++DW&9(StERi8bu2P21Od$$P&K49$M`T`RQ%q-~W+O(E~l3qD8i?i*2Z zQ)j-TdItVw z`(gd=lOW1I3JhC6U`!7Me9!}&%n;h#1?rWjLFf?-cuNLR+7}=Qs|S3<1h0S!NJ+~8 zP3r@2SC&KE_Q$Y9mk+p314he0QGWwM8*f5H=2}o-8H)Vy;NfFXW4W^I1mH6^;QtLU z@BwxX5wNi79H^38Af#{~U|1Xct2%)*${zR&8erGqvw-hA0Oosu8=!y$xL5+dT?AF@KZDGs!?1bpaX?`YFz^i_czx^Et)Nc% z1n|BC7#af6yat%<76tee4o<>sc>LtgU^j*ftjWHBw;0gItO9(s3=|3lp!f>79sp~S z5`1c}0BTU+IKc@pq6HX92WjPbKrs&-Y+L~ℜZkfG^JgKAV9AKN#f)ynlgk(SE?? z6V!{gfp7U?nBROI>={~+mv;h2?V;(jqks>-fU*gA#cl;vNju>E7G}>|1Gqy2RDmF= zstxeo0P|NK27J#06zWBA>+S>KP7(u#sc94FZ`uD39+*l?|M=T~n>xpo{vlEK-*bXY zY02nW0YUhXN+mbV`|k+^v9a!1|2{W1Hr98M!|!}zWAkT6#(1VM{$pHx95X#FKYwA) zpzvjde!p=X6=7q$aN)utr+?M{y*yaxD$bB9ii?XUbF)>`z5a8A{Rc6_)Pn~P{%}ST zS2QIr!G31=kV$MdTRC>YjHG{_m&y7U?Zn}j_.png` +/// Create QR code and save to `PUBLIC_DIR/qr_codes/.png` fn create_qr_code(qr_string: &str, name: &str) { - let filename = format!("{}/qr_codes/{}.png", STATIC_DIR, name); + let filename = format!("{}/qr_codes/{}.png", PUBLIC_DIR, name); qrcode_generator::to_png_to_file(qr_string, QrCodeEcc::Low, 512, filename.clone()) .expect(&format!("Saved QR code: {}", filename)); } @@ -50,7 +50,7 @@ async fn handle_web_req( (&Method::GET, "/") => handle_index().await, (&Method::POST, "/pj") => handle_pj(scheduler, req).await, (&Method::POST, "/schedule") => handle_schedule(scheduler, endpoint, req).await, - (&Method::GET, path) => handle_static(path).await, + (&Method::GET, path) => serve_public_file(path).await, _ => handle_404().await, }; @@ -67,15 +67,15 @@ async fn handle_404() -> Result, HttpError> { } async fn handle_index() -> Result, HttpError> { - let index = std::fs::read(Path::new(STATIC_DIR).join("index.html")).expect("can't open index"); + let index = std::fs::read(Path::new(PUBLIC_DIR).join("index.html")).expect("can't open index"); Ok(Response::new(Body::from(index))) } -async fn handle_static(path: &str) -> Result, HttpError> { +async fn serve_public_file(path: &str) -> Result, HttpError> { // A path argument to PathBuf::join(&self, path) with a leading slash // is treated as an absolute path, so we strip it in preparation. let directory_traversal_vulnerable_path = &path[("/".len())..]; - match std::fs::read(Path::new(STATIC_DIR).join(directory_traversal_vulnerable_path)) { + match std::fs::read(Path::new(PUBLIC_DIR).join(directory_traversal_vulnerable_path)) { Ok(file) => Response::builder() .status(200) .header("Cache-Control", "max-age=604800")