Added an internal token mechanism

The internal token is a shared secret that can update and delete any posts stored in the database. It is intended for use in webmention endpoints to update posts with latest webmentions. Please keep it safe.
author: Vika Shleina <vika@fireburn.ru> 2021-07-21 06:25:15 +0300
committer: Vika <vika@fireburn.ru> 2021-07-27 01:47:59 +0300
commit: 758fe3ef8baa68e71f766ae5499dfa6988d0d72a (patch)
tree: 51905753c1abcf8ddde28601ea2d3dbd92607f5e /src/indieauth.rs
parent: c98e370326102dac0c7c16c9b556da018b41803b (diff)
download: kittybox-758fe3ef8baa68e71f766ae5499dfa6988d0d72a.tar.zst
1 files changed, 11 insertions, 0 deletions
diff --git a/src/indieauth.rs b/src/indieauth.rs
index 27e545d..aea7e4d 100644
--- a/src/indieauth.rs
+++ b/src/indieauth.rs
@@ -166,6 +166,17 @@ where
                     .build())
             }
             Some(value) => {
+                match (&req.state().internal_token) {
+                    Some(token) => if token == &value.last().to_string().split(" ").skip(1).collect::<String>() {
+                        req.set_ext::<User>(User::new(
+                            "", // no user ID here
+                            "https://kittybox.fireburn.ru/",
+                            "update delete undelete media kittybox_internal:do_what_thou_wilt"
+                        ));
+                        return Ok(next.run(req).await)
+                    }
+                    None => {}
+                }
                 let endpoint = &req.state().token_endpoint;
                 let http_client = &req.state().http_client;
                 let token = value.last().to_string();
author	Vika Shleina <vika@fireburn.ru>	2021-07-21 06:25:15 +0300
committer	Vika <vika@fireburn.ru>	2021-07-27 01:47:59 +0300
commit	758fe3ef8baa68e71f766ae5499dfa6988d0d72a (patch)
tree	51905753c1abcf8ddde28601ea2d3dbd92607f5e /src/indieauth.rs
parent	c98e370326102dac0c7c16c9b556da018b41803b (diff)
download	kittybox-758fe3ef8baa68e71f766ae5499dfa6988d0d72a.tar.zst