Feat: validate input and guide against sql injection

Utilitycoder · Utilitycoder · commit 20c67180e564 · 2023-06-07T11:30:13.000+01:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -27,6 +27,7 @@ tracing-log = "0.1"
 secrecy = { version = "0.8", features = ["serde"] }
 tracing-actix-web = "0.5"
 sqlx = { version = "0.5.7", default-features = false, features = ["offline", "runtime-actix-rustls", "macros", "postgres", "uuid", "chrono", "migrate"] }
+unicode-segmentation = "1"
 
 [dev-dependencies]
 reqwest = "0.11.18"
diff --git a/spec.yaml b/spec.yaml
@@ -9,34 +9,50 @@ name: robust-rust
 region: fra
 services:
   - name: robust-rust
-  # Relative to the repository root
-  dockerfile_path: Dockerfile
-  source_dir: .
-  github:
-  # Depending on when you created the repository,
-  # the default branch on GitHub might have been named `master`
-  branch: main
-  # Deploy a new version on every commit to `main`!
-  # Continuous Deployment, here we come!
-  deploy_on_push: true
-  # !!! Fill in with your details
-  # e.g. LukeMathWalker/zero-to-production
-  repo: utilitycoder/robust-rust
-  # Active probe used by DigitalOcean's to ensure our application is healthy
-  health_check:
-  # The path to our health check endpoint!
-  # It turned out to be useful in the end!
-  http_path: /health_check
-  # The port the application will be listening on for incoming requests
-  # It should match what we specified in our configuration/production.yaml file!
-  http_port: 8000
-  # For production workloads we'd go for at least two!
-  # But let's try to keep the bill under control for now...
-  instance_count: 1
-  instance_size_slug: basic-xxs
-  # All incoming requests should be routed to our app
-  routes:
-  - path: /
+    # Relative to the repository root
+    dockerfile_path: Dockerfile
+    source_dir: .
+    github:
+      # Depending on when you created the repository,
+      # the default branch on GitHub might have been named `master`
+      branch: main
+      # Deploy a new version on every commit to `main`!
+      # Continuous Deployment, here we come!
+      deploy_on_push: true
+      # !!! Fill in with your details
+      # e.g. LukeMathWalker/zero-to-production
+      repo: utilitycoder/robust-rust
+    # Active probe used by DigitalOcean's to ensure our application is healthy
+    health_check:
+    # The path to our health check endpoint!
+    # It turned out to be useful in the end!
+    http_path: /health_check
+    # The port the application will be listening on for incoming requests
+    # It should match what we specified in our configuration/production.yaml file!
+    http_port: 8000
+    # For production workloads we'd go for at least two!
+    # But let's try to keep the bill under control for now...
+    instance_count: 1
+    instance_size_slug: basic-xxs
+    # All incoming requests should be routed to our app
+    routes:
+      - path: /
+    envs:
+      - key: APP_DATABASE__USERNAME
+        scope: RUN_TIME
+        value: ${newsletter.USERNAME}
+      - key: APP_DATABASE__PASSWORD
+        scope: RUN_TIME
+        value: ${newsletter.PASSWORD}
+      - key: APP_DATABASE__HOST
+        scope: RUN_TIME
+        value: ${newsletter.HOSTNAME}
+      - key: APP_DATABASE__PORT
+        scope: RUN_TIME
+        value: ${newsletter.PORT}
+      - key: APP_DATABASE__DATABASE_NAME
+        scope: RUN_TIME
+        value: ${newsletter.DATABASE}
 databases:
   # PG = Postgres
   - engine: PG
diff --git a/src/configuration.rs b/src/configuration.rs
@@ -1,6 +1,8 @@
 use secrecy::{ExposeSecret, Secret};
 use serde_aux::field_attributes::deserialize_number_from_string;
-use sqlx::postgres::PgConnectOptions;
+use sqlx::postgres::{PgConnectOptions, PgSslMode};
+use sqlx::ConnectOptions;
+use tracing_log::log;
 
 #[derive(serde::Deserialize)]
 pub struct Settings {
@@ -23,24 +25,28 @@ pub struct DatabaseSettings {
     pub port: u16,
     pub host: String,
     pub database_name: String,
+    pub require_ssl: bool,
 }
 
 impl DatabaseSettings {
-    pub fn with_db(&self) -> PgConnectOptions {
+    pub fn without_db(&self) -> PgConnectOptions {
+        let ssl_mode = if self.require_ssl {
+            PgSslMode::Require
+        } else {
+            PgSslMode::Prefer
+        };
         PgConnectOptions::new()
             .host(&self.host)
             .username(&self.username)
             .password(self.password.expose_secret())
             .port(self.port)
-            .database(&self.database_name)
+            .ssl_mode(ssl_mode)
     }
 
-    pub fn without_db(&self) -> PgConnectOptions {
-        PgConnectOptions::new()
-            .host(&self.host)
-            .username(&self.username)
-            .password(self.password.expose_secret())
-            .port(self.port)
+    pub fn with_db(&self) -> PgConnectOptions {
+        let mut options = self.without_db().database(&self.database_name);
+        options.log_statements(log::LevelFilter::Trace);
+        options
     }
 }
 
diff --git a/src/domain.rs b/src/domain.rs
@@ -0,0 +1,28 @@
+pub struct NewSubscriber {
+    pub email: String,
+    pub name: SubscriberName,
+}
+
+pub struct SubscriberName(String);
+
+impl SubscriberName {
+    pub fn inner_ref(&self) -> &str {
+        &self.0
+    }
+
+    pub fn parse(s: String) -> SubscriberName {
+        let is_empty_or_whitespace = s.trim().is_empty();
+        let is_too_long = s.len() > 256;
+        let forbidden_characters = ['/', '(', ')', '"', '<', '>', '\\', '{', '}'];
+        let contains_forbidden_characters = s.chars().any(|char| forbidden_characters.contains(&char));
+        if is_empty_or_whitespace || is_too_long || contains_forbidden_characters {
+            panic!(
+                "`{}` is not a valid subscriber name. Subscriber name cannot be empty, more than 256 characters long, or contain the following characters: {:?}",
+                s,
+                forbidden_characters,
+            )
+        } else {
+            Self(s)
+        }
+    }
+}
diff --git a/src/lib.rs b/src/lib.rs
@@ -1,4 +1,5 @@
 pub mod configuration;
+pub mod domain;
 pub mod routes;
 pub mod startup;
 pub mod telemetry;
diff --git a/src/routes/subscriptions.rs b/src/routes/subscriptions.rs
@@ -2,7 +2,7 @@ use actix_web::{web, HttpResponse};
 use chrono::Utc;
 use sqlx::types::Uuid;
 use sqlx::PgPool;
-// use uuid::Uuid;
+use crate::domain::{NewSubscriber, SubscriberName};
 
 #[allow(dead_code)]
 #[derive(serde::Deserialize)]
@@ -21,7 +21,11 @@ pub struct FormData {
 )]
 
 pub async fn subscribe(form: web::Form<FormData>, pool: web::Data<PgPool>) -> HttpResponse {
-    match insert_subscriber(&form, &pool).await {
+    let new_subscriber = NewSubscriber {
+        email: form.0.email,
+        name: SubscriberName::parse(form.0.name),
+    };
+    match insert_subscriber(&new_subscriber, &pool).await {
         Ok(_) => HttpResponse::Ok().finish(),
         Err(e) => {
             tracing::error!("Failed to execute query: {:?}", e);
@@ -32,18 +36,18 @@ pub async fn subscribe(form: web::Form<FormData>, pool: web::Data<PgPool>) -> Ht
 
 #[tracing::instrument(
     name = "Saving a new subscriber details in the database",
-    skip(form, pool)
+    skip(new_subscriber, pool)
 )]
-async fn insert_subscriber(form: &FormData, pool: &PgPool) -> Result<(), sqlx::Error> {
+async fn insert_subscriber(new_subscriber: &NewSubscriber, pool: &PgPool) -> Result<(), sqlx::Error> {
     let subscribe_id = Uuid::new_v4();
     sqlx::query!(
         r#"
         INSERT INTO subscriptions (id, email, name, subscribed_at)
         VALUES ($1, $2, $3, $4)
         "#,
         subscribe_id,
-        form.email,
-        form.name,
+        new_subscriber.email,
+        new_subscriber.name.inner_ref(),
         Utc::now()
     )
     .execute(pool)
diff --git a/tests/health_check.rs b/tests/health_check.rs
@@ -147,3 +147,36 @@ async fn subscribe_returns_a_400_when_data_is_missing() {
         );
     }
 }
+
+#[tokio::test]
+async fn subscribe_returns_a_400_when_fields_are_present_but_empty() {
+    // Arrange
+    let app_details = spawn_app().await;
+    let client = reqwest::Client::new();
+    let test_cases = vec![
+        ("name=&email=ursula_le_guin%40gmail.com", "empty name"),
+        ("name=le%20guin&email=", "empty email"),
+        (
+            "name=le%20guin&email=definitely_not_an_email",
+            "invalid email",
+        ),
+    ];
+    for (invalid_body, error_message) in test_cases {
+        // Act
+        let response = client
+            .post(&format!("{}/subscriptions", &app_details.address))
+            .header("Content-Type", "application/x-www-form-urlencoded")
+            .body(invalid_body)
+            .send()
+            .await
+            .expect("Failed to execute request.");
+        // Assert
+        assert_eq!(
+            200,
+            response.status().as_u16(),
+            // Additional customised error message on test failure
+            "The API did not return a 200 OK when the payload was {}.",
+            error_message
+        );
+    }
+}
