xposedornot 1.0.1

Rust client library for the XposedOrNot data breach API
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

//! Utility functions for email validation and password hashing.

use percent_encoding::{AsciiSet, CONTROLS};
use sha3::{Digest, Keccak512};

use crate::errors::Error;

/// Characters that need encoding in URL path segments.
/// Encodes everything except unreserved chars (RFC 3986) and sub-delimiters.
pub const PATH_ENCODE_SET: &AsciiSet = &CONTROLS
    .add(b' ')
    .add(b'"')
    .add(b'#')
    .add(b'<')
    .add(b'>')
    .add(b'?')
    .add(b'`')
    .add(b'{')
    .add(b'}')
    .add(b'/')
    .add(b'@')
    .add(b'[')
    .add(b']')
    .add(b'%');

/// Characters that need encoding in URL query values.
pub const QUERY_ENCODE_SET: &AsciiSet = &CONTROLS
    .add(b' ')
    .add(b'"')
    .add(b'#')
    .add(b'<')
    .add(b'>')
    .add(b'&')
    .add(b'=')
    .add(b'+')
    .add(b'%');

/// Validates that the given string looks like a valid email address.
///
/// This performs a basic structural check (contains exactly one `@` with
/// non-empty local and domain parts, and the domain contains a `.`).
///
/// # Errors
///
/// Returns [`Error::Validation`] if the email is invalid.
///
/// # Examples
///
/// ```
/// use xposedornot::utils::validate_email;
///
/// assert!(validate_email("user@example.com").is_ok());
/// assert!(validate_email("not-an-email").is_err());
/// ```
pub fn validate_email(email: &str) -> Result<(), Error> {
    let trimmed = email.trim();
    if trimmed.is_empty() {
        return Err(Error::Validation {
            message: "email must not be empty".to_string(),
        });
    }

    let parts: Vec<&str> = trimmed.splitn(2, '@').collect();
    if parts.len() != 2 {
        return Err(Error::Validation {
            message: format!("invalid email address: {trimmed}"),
        });
    }

    let (local, domain) = (parts[0], parts[1]);
    if local.is_empty() || domain.is_empty() {
        return Err(Error::Validation {
            message: format!("invalid email address: {trimmed}"),
        });
    }

    if !domain.contains('.') {
        return Err(Error::Validation {
            message: format!("invalid email domain: {domain}"),
        });
    }

    Ok(())
}

/// Hashes a password with original Keccak-512 and returns the first 10
/// hex characters of the digest.
///
/// The XposedOrNot password API uses an anonymized k-anonymity approach:
/// only a short prefix of the hash is sent to the server, which responds
/// with matching entries so the client can check locally.
///
/// **Important:** This uses the *original* Keccak-512 algorithm, not the
/// FIPS 202 SHA3-512 variant.
///
/// # Examples
///
/// ```
/// use xposedornot::utils::keccak_hash_prefix;
///
/// let prefix = keccak_hash_prefix("password123");
/// assert_eq!(prefix.len(), 10);
/// ```
pub fn keccak_hash_prefix(password: &str) -> String {
    let mut hasher = Keccak512::new();
    hasher.update(password.as_bytes());
    let result = hasher.finalize();
    let hex = format!("{result:x}");
    hex[..10].to_string()
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_validate_email_valid() {
        assert!(validate_email("user@example.com").is_ok());
        assert!(validate_email("a@b.c").is_ok());
        assert!(validate_email("user+tag@example.co.uk").is_ok());
    }

    #[test]
    fn test_validate_email_invalid() {
        assert!(validate_email("").is_err());
        assert!(validate_email("noatsign").is_err());
        assert!(validate_email("@domain.com").is_err());
        assert!(validate_email("user@").is_err());
        assert!(validate_email("user@nodot").is_err());
    }

    #[test]
    fn test_keccak_hash_prefix_length() {
        let prefix = keccak_hash_prefix("test");
        assert_eq!(prefix.len(), 10);
    }

    #[test]
    fn test_keccak_hash_prefix_deterministic() {
        let a = keccak_hash_prefix("hello");
        let b = keccak_hash_prefix("hello");
        assert_eq!(a, b);
    }

    #[test]
    fn test_keccak_hash_prefix_different_inputs() {
        let a = keccak_hash_prefix("password1");
        let b = keccak_hash_prefix("password2");
        assert_ne!(a, b);
    }
}