expand/CCash
1
0
Fork 0
mirror of https://github.com/Expand-sys/CCash synced 2025-12-16 08:12:12 +11:00
Code Issues Projects Releases Packages Wiki Activity Actions

🐎 made each endpoint share the same name/pass intrusion strings

Browse source
This commit is contained in:
EntireTwix 2021-07-09 21:04:01 -07:00
parent 386a140255
commit 408ea473d5
3 changed files with 31 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
include/str_intrusion.h
View file

@ -4,6 +4,7 @@
struct StrFromSV_Wrapper struct StrFromSV_Wrapper
{ {
std::string str; std::string str;
StrFromSV_Wrapper() noexcept;
StrFromSV_Wrapper(std::string_view sv) noexcept; StrFromSV_Wrapper(std::string_view sv) noexcept;
~StrFromSV_Wrapper() noexcept; ~StrFromSV_Wrapper() noexcept;
}; };

53
src/bank_api.cpp
View file

@ -11,23 +11,28 @@
static thread_local const auto body = temp_req ? *temp_req : Json::Value() static thread_local const auto body = temp_req ? *temp_req : Json::Value()
static thread_local ondemand::parser parser; static thread_local ondemand::parser parser;
#define SIMD_JSON_GEN \ static thread_local simdjson::padded_string input;
static thread_local simdjson::padded_string input(req->getBody()); \ static thread_local ondemand::document doc;
static thread_local ondemand::document doc = parser.iterate(input) #define SIMD_JSON_GEN \
input = req->getBody(); \
doc = parser.iterate(input)
#define RESPONSE_PARSE(R) \ thread_local static drogon::HttpResponsePtr resp;
static thread_local const auto &resp = HttpResponse::newCustomHttpResponse(R); \ #define RESPONSE_PARSE(R) \
CORS; \ resp = HttpResponse::newCustomHttpResponse(R); \
CORS; \
callback(resp) callback(resp)
#define RESPOND_TRUE \ #define RESPOND_TRUE \
static thread_local const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k200OK, "true")); \ resp = HttpResponse::newCustomHttpResponse(BankResponse(k200OK, "true")); \
CORS; \ CORS; \
CACHE_FOREVER; \ CACHE_FOREVER; \
callback(resp) callback(resp)
#define NAME_PARAM req->getParameter("name") #define NAME_PARAM req->getParameter("name")
static thread_local StrFromSV_Wrapper name_val, pass_val;
api::api(Bank &b) noexcept : bank(b) api::api(Bank &b) noexcept : bank(b)
{ {
} }
@ -47,7 +52,7 @@ void api::GetLogs(req_args)
} }
else else
{ {
static thread_local const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k404NotFound, "\"Logs are Disabled\"")); resp = HttpResponse::newCustomHttpResponse(BankResponse(k404NotFound, "\"Logs are Disabled\""));
CORS; CORS;
CACHE_FOREVER; CACHE_FOREVER;
callback(resp); callback(resp);
@ -65,7 +70,7 @@ void api::SendFunds(req_args) const
} }
else else
{ {
static thread_local StrFromSV_Wrapper name_val(name.value()); name_val = name.value();
res = bank.SendFunds(NAME_PARAM, name_val.str, amount.value()); res = bank.SendFunds(NAME_PARAM, name_val.str, amount.value());
} }
RESPONSE_PARSE(std::move(res)); RESPONSE_PARSE(std::move(res));
@ -84,7 +89,7 @@ void api::ChangePassword(req_args) const
} }
else else
{ {
static thread_local StrFromSV_Wrapper pass_val(pass.value()); pass_val = pass.value();
bank.ChangePassword(NAME_PARAM, std::move(pass_val.str)); bank.ChangePassword(NAME_PARAM, std::move(pass_val.str));
} }
RESPOND_TRUE; RESPOND_TRUE;
@ -101,8 +106,8 @@ void api::AdminChangePassword(req_args) const
} }
else else
{ {
static thread_local StrFromSV_Wrapper name_val(name.value()); name_val = name.value();
static thread_local StrFromSV_Wrapper pass_val(pass.value()); pass_val = pass.value();
bank.ChangePassword(name_val.str, std::move(pass_val.str)); bank.ChangePassword(name_val.str, std::move(pass_val.str));
} }
RESPOND_TRUE; RESPOND_TRUE;
@ -119,7 +124,7 @@ void api::SetBal(req_args) const
} }
else else
{ {
static thread_local StrFromSV_Wrapper name_val(name.value()); name_val = name.value();
res = bank.SetBal(name_val.str, amount.value()); res = bank.SetBal(name_val.str, amount.value());
} }
RESPONSE_PARSE(std::move(res)); RESPONSE_PARSE(std::move(res));
@ -136,7 +141,7 @@ void api::ImpactBal(req_args) const
} }
else else
{ {
static thread_local StrFromSV_Wrapper name_val(name.value()); name_val = name.value();
res = bank.ImpactBal(name_val.str, amount.value()); res = bank.ImpactBal(name_val.str, amount.value());
} }
RESPONSE_PARSE(std::move(res)); RESPONSE_PARSE(std::move(res));
@ -145,7 +150,7 @@ void api::ImpactBal(req_args) const
//System Usage //System Usage
void api::Help(req_args) const void api::Help(req_args) const
{ {
static thread_local const auto &resp = HttpResponse::newRedirectionResponse("https://github.com/EntireTwix/CCash/blob/Refractor/README.md"); resp = HttpResponse::newRedirectionResponse("https://github.com/EntireTwix/CCash/blob/Refractor/README.md");
CACHE_FOREVER; CACHE_FOREVER;
callback(resp); callback(resp);
} }
@ -177,7 +182,7 @@ void api::ApiProperties(req_args) const
temp["return_on_del_acc"] = return_account; temp["return_on_del_acc"] = return_account;
} }
auto resp = HttpResponse::newHttpJsonResponse(std::move(temp)); resp = HttpResponse::newHttpJsonResponse(std::move(temp));
CORS; CORS;
CACHE_FOREVER; CACHE_FOREVER;
callback(resp); callback(resp);
@ -194,8 +199,8 @@ void api::AddUser(req_args) const
} }
else else
{ {
StrFromSV_Wrapper name_val(name.value()); name_val = name.value();
StrFromSV_Wrapper pass_val(pass.value()); pass_val = pass.value();
res = bank.AddUser(std::move(name_val.str), 0, std::move(pass_val.str)); res = bank.AddUser(std::move(name_val.str), 0, std::move(pass_val.str));
} }
RESPONSE_PARSE(std::move(res)); RESPONSE_PARSE(std::move(res));
@ -213,8 +218,8 @@ void api::AdminAddUser(req_args) const
} }
else else
{ {
static thread_local StrFromSV_Wrapper name_val(name.value()); name_val = name.value();
static thread_local StrFromSV_Wrapper pass_val(pass.value()); pass_val = pass.value();
res = bank.AddUser(std::move(name_val.str), amount.value(), std::move(pass_val.str)); res = bank.AddUser(std::move(name_val.str), amount.value(), std::move(pass_val.str));
} }
RESPONSE_PARSE(std::move(res)); RESPONSE_PARSE(std::move(res));
@ -234,7 +239,7 @@ void api::AdminDelUser(req_args) const
} }
else else
{ {
static thread_local StrFromSV_Wrapper name_val(name.value()); name_val = name.value();
res = bank.DelUser(name_val.str); res = bank.DelUser(name_val.str);
} }
RESPONSE_PARSE(std::move(res)); RESPONSE_PARSE(std::move(res));

1
src/str_intrusion.cpp
View file

@ -32,6 +32,7 @@ struct string_data
}; };
template class rob<string_data, &std::string::_M_data>; template class rob<string_data, &std::string::_M_data>;
StrFromSV_Wrapper::StrFromSV_Wrapper() noexcept {}
StrFromSV_Wrapper::StrFromSV_Wrapper(std::string_view sv) noexcept StrFromSV_Wrapper::StrFromSV_Wrapper(std::string_view sv) noexcept
{ {
(str.*result<string_data>::ptr)((char *)sv.data()); (str.*result<string_data>::ptr)((char *)sv.data());