rhombus 0.2.21

Next generation extendable CTF framework with batteries included
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

use std::{fmt::Write, sync::Arc, task::Poll};

use async_hash::{Digest, Sha256};
use axum::{
    body::Body,
    extract::{Request, State},
    response::IntoResponse,
    Extension,
};
use pin_project_lite::pin_project;
use reqwest::StatusCode;
use tokio::io::AsyncRead;
use tower_http::services::ServeFile;

use crate::{
    internal::{auth::MaybeUser, upload_provider::validate_simple_filename},
    LocalUploadProvider,
};

pub type LocalUploadProviderState = Arc<LocalUploadProvider>;

pub async fn route_local_download(
    state: State<LocalUploadProviderState>,
    Extension(maybe_user): Extension<MaybeUser>,
    axum::extract::Path(path): axum::extract::Path<String>,
    req: Request<Body>,
) -> impl IntoResponse {
    if !validate_simple_filename(&path) {
        return (StatusCode::BAD_REQUEST, "Invalid path".to_owned()).into_response();
    }

    let (_, filename) = if let Some(parts) = path.split_once('-') {
        parts
    } else {
        return (StatusCode::BAD_REQUEST, "Invalid path".to_owned()).into_response();
    };

    let filepath = std::path::Path::new(&state.base_path).join(&path);

    let filepath = match filepath.canonicalize() {
        Ok(path) => path,
        Err(_) => {
            return (StatusCode::NOT_FOUND, "Not Found").into_response();
        }
    };

    tracing::info!(
        path = filepath.to_str().unwrap(),
        user_id = maybe_user.map(|u| u.id),
        "Downloading from local file"
    );

    let mut response = ServeFile::new(&filepath).try_call(req).await.unwrap();
    response.headers_mut().insert(
        "Content-Disposition",
        format!("attachment; filename={}", &filename)
            .parse()
            .unwrap(),
    );
    response.into_response()
}

pub fn slice_to_hex_string(slice: &[u8]) -> String {
    slice.iter().fold(String::new(), |mut output, b| {
        let _ = write!(output, "{b:02x}");
        output
    })
}

pin_project! {
    pub struct HashRead<T> {
        #[pin]
        read: T,

        hasher: Sha256,
    }
}

impl<T> HashRead<T> {
    pub fn new(read: T) -> Self {
        Self {
            read,
            hasher: Sha256::new(),
        }
    }

    pub fn hash(self) -> Vec<u8> {
        self.hasher.finalize().as_slice().into()
    }
}

impl<T> AsyncRead for HashRead<T>
where
    T: AsyncRead,
{
    fn poll_read(
        self: std::pin::Pin<&mut Self>,
        cx: &mut std::task::Context<'_>,
        buf: &mut tokio::io::ReadBuf<'_>,
    ) -> std::task::Poll<std::io::Result<()>> {
        let this = self.project();
        let before_len = buf.filled().len();

        match this.read.poll_read(cx, buf) {
            Poll::Pending => Poll::Pending,
            Poll::Ready(Err(e)) => Poll::Ready(Err(e)),
            Poll::Ready(Ok(())) => {
                let filled = buf.filled();
                let after_len = filled.len();

                if after_len > before_len {
                    let new = &filled[before_len..];
                    this.hasher.update(new);
                }

                Poll::Ready(Ok(()))
            }
        }
    }
}