fix(register): fix CORS, nonce update and error reporting

2025-10-31 02:31:37 +00:00 · 2024-09-17 21:41:05 -04:00 · 2024-09-17 21:41:05 -04:00 · 3af64f35a5
commit 3af64f35a5
parent cb72d049e0
2 changed files with 9 additions and 4 deletions
--- a/blahd/src/lib.rs
+++ b/blahd/src/lib.rs
@ -5,7 +5,7 @@ use std::time::{Duration, SystemTime};
 use anyhow::Result;
 use axum::extract::ws;
 use axum::extract::{Path, Query, State, WebSocketUpgrade};
-use axum::http::{header, HeaderMap, StatusCode};
+use axum::http::{header, HeaderMap, HeaderName, StatusCode};
 use axum::response::{IntoResponse, Response};
 use axum::routing::{get, post};
 use axum::{Json, Router};
@ -13,7 +13,7 @@ use axum_extra::extract::WithRejection as R;
 use blah_types::{
    ChatPayload, CreateGroup, CreatePeerChat, CreateRoomPayload, Id, MemberPermission, RoomAdminOp,
    RoomAdminPayload, RoomAttrs, RoomMetadata, ServerPermission, Signed, SignedChatMsg, Signee,
-    UserKey, UserRegisterPayload, WithMsgId,
+    UserKey, UserRegisterPayload, WithMsgId, X_BLAH_DIFFICULTY, X_BLAH_NONCE,
 };
 use database::ConnectionExt;
 use ed25519_dalek::SIGNATURE_LENGTH;
@ -147,7 +147,11 @@ pub fn router(st: Arc<AppState>) -> Router {
        // correct CORS headers. Also `Authorization` must be explicitly included besides `*`.
        .layer(
            tower_http::cors::CorsLayer::permissive()
-                .allow_headers([header::HeaderName::from_static("*"), header::AUTHORIZATION]),
+                .allow_headers([HeaderName::from_static("*"), header::AUTHORIZATION])
+                .expose_headers([
+                    HeaderName::from_static(X_BLAH_NONCE),
+                    HeaderName::from_static(X_BLAH_DIFFICULTY),
+                ]),
        )
        .with_state(st)
 }
--- a/blahd/src/register.rs
+++ b/blahd/src/register.rs
@ -107,6 +107,7 @@ impl State {
            } else {
                OsRng.next_u32()
            };
+            n.update_period = cur_period;
            n.nonce = OsRng.next_u32();
            [n.nonce, n.prev_nonce]
        }
@ -353,7 +354,7 @@ fn validate_id_desc(
            }
            Ok(())
        })()
-        .with_context(|| format!("in act_key {} {}", i, kdesc.act_key))?;
+        .map_err(|err| anyhow!("invalid act_key[{}] {}: {}", i, kdesc.act_key, err))?;
    }

    ensure!(profile_signed, "profile is not signed by valid act_keys");