server: switch to hexadecimal form, use proper download token instead of session id as key, stop panicing on unavailable websocket

2025-12-05 23:14:53 -06:00 · 2024-12-23 21:10:33 -06:00
parent a4f8aa1f23
commit dc332d954b
1 changed files with 43 additions and 28 deletions
--- a/src/main.rs
+++ b/src/main.rs
@@ -178,7 +178,7 @@ pub async fn download(req: &mut Request, res: &mut Response, depot: &mut Depot)
    // Create a download for the session
    let session_download = session.add_download(executable);
    tracing::info!(session_id, type = download_id, dl_token = session_download.token, "Download created");
-    let data = executable.with_key(session_id.to_string().as_bytes());
+    let data = executable.with_key(session_download.token.to_string().as_bytes());

    if let Err(e) = res.write_body(data) {
        tracing::error!("Error writing body: {}", e);
@@ -210,10 +210,20 @@ pub async fn download(req: &mut Request, res: &mut Response, depot: &mut Depot)
 pub async fn notify(req: &mut Request, res: &mut Response) {
    let key = req.query::<String>("key");

-    match key {
-        Some(key) => {
+    if key.is_none() {
+        res.status_code(StatusCode::BAD_REQUEST);
+        return;
+    }
+
+    let key = key.unwrap();
+
+    if !key.starts_with("0x") {
+        res.status_code(StatusCode::BAD_REQUEST);
+        return;
+    }
+
    // Parse key into u32
-            let key = match key.parse::<u32>() {
+    let key = match u32::from_str_radix(key.trim_start_matches("0x"), 16) {
        Ok(k) => k,
        Err(e) => {
            tracing::error!("Error parsing key: {}", e);
@@ -223,14 +233,24 @@ pub async fn notify(req: &mut Request, res: &mut Response) {
    };

    let store = &mut *STORE.lock().await;
-            let session = store.sessions.get_mut(&key);

-            match session {
-                Some(session) => {
+    let target_session = store
+        .sessions
+        .iter_mut()
+        .find(|(_, session)| session.downloads.iter().find(|d| d.token == key).is_some());
+
+    match target_session {
+        Some((_, session)) => {
            let message = OutgoingMessage::TokenAlert { token: key };
-                    session
-                        .send_message(message)
-                        .expect("Failed to buffer token alert message");
+
+            if let Err(e) = session.send_message(message) {
+                tracing::warn!(
+                    error = e.to_string(),
+                    "Session did not have a receiving WebSocket available, notify ignored.",
+                );
+                res.status_code(StatusCode::NOT_MODIFIED);
+                return;
+            }

            res.render("Notification sent");
        }
@@ -240,11 +260,6 @@ pub async fn notify(req: &mut Request, res: &mut Response) {
            return;
        }
    }
-        }
-        None => {
-            res.status_code(StatusCode::BAD_REQUEST);
-        }
-    }
 }

 #[handler]