From d5fb59c572bf1d34508ec221890d4ef429d8ea06 Mon Sep 17 00:00:00 2001 From: Jan Ole Zabel <jan.zabel@posteo.de> Date: Sat, 15 Oct 2022 14:39:42 +0200 Subject: [PATCH 1/2] Merge two item loops --- src/endpoints.rs | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/src/endpoints.rs b/src/endpoints.rs index 6e44a05..7f4270f 100644 --- a/src/endpoints.rs +++ b/src/endpoints.rs @@ -252,12 +252,16 @@ pub async fn transfer( // Retrieve all items let mut items = Vec::new(); - for item in &transfer.bought_items { - match db.get_item(*item).await { + for item_id in &transfer.bought_items { + match db.get_item(*item_id).await { Ok(item) => { if item.location != transfer.receiver { return Err(Custom(Status::Forbidden, ())) } + if item.price < 0 { + error!("Refusing purchase of item {item_id} which has negative price"); + return Err(Custom(Status::Forbidden, ())) + } items.push(item) }, @@ -289,13 +293,6 @@ pub async fn transfer( return Err(Custom(Status::PaymentRequired, ())); } - for item in &transfer.bought_items { - let item = db.get_item(*item).await.expect("Failed to fetch item"); - if item.price < 0 { - return Err(Custom(Status::Forbidden, ())) - } - } - // transfer the money db.transfer(sender.clone(), receiver.clone(), amount, transfer.bought_items.clone()) .await -- GitLab From 69485a482e06a1ad18b2d448e813a7fc1fc5e0fc Mon Sep 17 00:00:00 2001 From: Jan Ole Zabel <jan.zabel@posteo.de> Date: Sat, 15 Oct 2022 14:46:50 +0200 Subject: [PATCH 2/2] Add information how to test without Oauth --- README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README.md b/README.md index 5ec8d44..f91c170 100644 --- a/README.md +++ b/README.md @@ -16,3 +16,20 @@ compile and start the application: ``` cargo run ``` + +## Test without fiddling with OAuth: +Insert fake tokens into your local test DB to bypass Oauth: +```sql +INSERT INTO accounts VALUES ('joz',0); +INSERT INTO accounts VALUES ('mzb',0); +INSERT INTO tokens(token,username,timestamp) VALUES('Hallo','joz',0) +INSERT INTO tokens(token,username,timestamp) VALUES('Hallöchen','mzb',0) +``` +```bash +sqlite3 database.sqlite "UPDATE tokens SET timestamp=$(date +%s)" +``` +Do something with the API: +```sh +curl -X POST -H 'MATEPAY-TOKEN: Hallöchen' -d '{"to_account": "joz", "amount": 1000}' http://localhost:8000/api/v1/central-bank-transfer +``` +It is also wise to insert the token cookie into your browser. -- GitLab