t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases 4 Packages Wiki Activity Actions

fix: register page captcha

Browse source
This commit is contained in:
trisua 2025-07-05 11:58:51 -04:00
parent e5b6b5a4d4
commit 9ba6320d46
3 changed files with 9 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
crates/app/src/main.rs
View file

@ -130,7 +130,7 @@ async fn main() {
) )
.layer(SetResponseHeaderLayer::if_not_present( .layer(SetResponseHeaderLayer::if_not_present(
HeaderName::from_static("content-security-policy"), HeaderName::from_static("content-security-policy"),
HeaderValue::from_static("default-src 'self' *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' *; script-src 'self' 'unsafe-inline' *; object-src 'self' *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self'; frame-ancestors 'self'"), HeaderValue::from_static("default-src 'self' *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' *; script-src 'self' 'unsafe-inline' *; object-src 'self' *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self' *.cloudflare.com; frame-ancestors 'self'"),
)) ))
.layer(CatchPanicLayer::new()); .layer(CatchPanicLayer::new());

2
crates/app/src/routes/pages/journals.rs
View file

@ -365,7 +365,7 @@ pub async fn global_view_request(
Ok(( Ok((
[( [(
"content-security-policy", "content-security-policy",
"default-src 'self' *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' *; script-src 'self' 'unsafe-inline' *; object-src 'self' *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self'; frame-ancestors *", "default-src 'self' *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' *; script-src 'self' 'unsafe-inline' *; object-src 'self' *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self' *.cloudflare.com; frame-ancestors *",
)], )],
Html(data.1.render("journals/app.html", &context).unwrap()), Html(data.1.render("journals/app.html", &context).unwrap()),
)) ))

4
crates/core/src/database/invite_codes.rs
View file

@ -103,12 +103,14 @@ impl DataManager {
/// # Arguments /// # Arguments
/// * `data` - a mock [`InviteCode`] object to insert /// * `data` - a mock [`InviteCode`] object to insert
pub async fn create_invite_code(&self, data: InviteCode, user: &User) -> Result<InviteCode> { pub async fn create_invite_code(&self, data: InviteCode, user: &User) -> Result<InviteCode> {
// check account creation date // check account creation date (if we aren't a supporter OR this is a purchased account)
if !user.permissions.check(FinePermission::SUPPORTER) | user.was_purchased {
if unix_epoch_timestamp() - user.created < Self::MINIMUM_ACCOUNT_AGE_FOR_INVITE_CODES { if unix_epoch_timestamp() - user.created < Self::MINIMUM_ACCOUNT_AGE_FOR_INVITE_CODES {
return Err(Error::MiscError( return Err(Error::MiscError(
"Your account is too young to do this".to_string(), "Your account is too young to do this".to_string(),
)); ));
} }
}
// ... // ...
if !user.permissions.check(FinePermission::SUPPORTER) { if !user.permissions.check(FinePermission::SUPPORTER) {