SUMMARY
At present, sitekey can be abused by installing it on a third-party
site as verifying the access token returned from CAPTCHA validation
doesn't require any authentication.
This fix uses account secret authentication to verify access tokens
credits: by @gusted
SUMMARY
The test suite was spinning up way too many database connections that what's
strictly needed and so the test suite was failing with[0]:
code: "53300", message: "sorry, too many clients already"
EXPERIMENTS
Tried sharing database connection pool across all tests with
async_once[0] but faced:
- IO errors
The connections were probably getting dropped in between tests
- actix Actor errors
The actor was probably not getting initialized before a
a reference to the async_once initialized app
context(crate::data::Data) is retrieved and used
FIX
crate::tests was spinning up an App context
instance(crate::data::Data) for most utility functions, which was
unnecessarily excessive.
Each test now creates an instance of the application context at the
beginning and shared a reference with all test utility functions. So
number of database connections/app context instance = number of unit
tests.
[0]: permanently fixes#22
[1]: https://docs.rs/async_once/latest/async_once/
release:
Routes 404'd when scope contained trailing slash like so:
let scope = "/api/v1/pow/";
web::scope(scope)//
So had to rm trailing slash in scope
