diff --git a/src/http_server/index_js.rs b/src/http_server/index_js.rs index a6cc096..b505977 100644 --- a/src/http_server/index_js.rs +++ b/src/http_server/index_js.rs @@ -8,8 +8,7 @@ use { serde::Deserialize, }; -const TEMPLATE: &str = r#" -const csrfToken = '{token}'; +pub const SCRIPT: &str = r#" // event subscribed by Verify Enclave window.addEventListener("message", (event) => { const attestationId = event.data @@ -42,9 +41,10 @@ pub(super) struct Params { } pub(super) async fn get(query: Query) -> Result { - if !CsrfToken::validate_format(&query.token) { + let token = &query.token; + if !CsrfToken::validate_format(token) { return Err(StatusCode::BAD_REQUEST); } - Ok(Html(TEMPLATE.replacen("{token}", &query.token, 1))) + Ok(Html(format!("const csrfToken = '{token}';{SCRIPT}"))) } diff --git a/src/http_server/mod.rs b/src/http_server/mod.rs index f06d568..b1bb76e 100644 --- a/src/http_server/mod.rs +++ b/src/http_server/mod.rs @@ -1,4 +1,5 @@ use { + self::index_js::SCRIPT, crate::{ ContextualCommand, Domain, @@ -38,9 +39,9 @@ use { tap::{Pipe, Tap}, tower_http::cors::{self, CorsLayer}, tracing::{info, instrument}, - wc::{ - geoip, - geoip::block::{middleware::GeoBlockLayer, BlockingPolicy as GeoBlockingPolicy}, + wc::geoip::{ + self, + block::{middleware::GeoBlockLayer, BlockingPolicy as GeoBlockingPolicy}, }, }; @@ -132,7 +133,7 @@ pub async fn run( .layer(cors_layer) .route("/health", get(health::get(health_provider))) .route("/attestation", post(attestation::post)) - .route("/index.js", get(index_js::get)) + .route("/index.js", get(index_js::get)) // TODO remove in next deploy .route("/:project_id", get(root)) .layer(metrics_layer) .with_state(Arc::new(state)); @@ -168,10 +169,7 @@ pub async fn run( } fn index_html(token: &str) -> String { - format!( - "" - ) + format!("") } const UNKNOWN_PROJECT_MSG: &str = "Project with the provided ID doesn't exist. Please, ensure \