Update deps + better html escaping stratergy

MikeMoolenaar · Mar 20, 2024 · 6f1849a · 6f1849a
1 parent df0fbdd
commit 6f1849a
Show file tree

Hide file tree

Showing 8 changed files with 117 additions and 123 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -7,21 +7,21 @@ edition = "2021"
 
 [dependencies]
 axum = { version = "0.7.4", features = ["form", "macros"] }
-tokio = { version = "1.36.0", features = ["full"] }
+tokio = { version = "1.36.0", features = ["macros", "rt-multi-thread"] }
 tower-http = { version = "0.5", features = ["fs","set-header"] }
-serde = { version = "1.0.196", features = ["derive"] }
+serde = { version = "1.0.197", features = ["derive"] }
 rand = "0.8"
-chrono = "0.4.33"
-html-escape = "0.2.13"
+chrono = "0.4.35"
 dotenv = "0.15.0"
-tower = { version = "0.4.13" }
-tower_governor = { version = "0.3.1" }
-minijinja = { version = "1.0.12", features = ["loader", "v_htmlescape", "multi_template"] }
+tower = "0.4.13"
+tower_governor = "0.3.2"
+tower-sessions = "0.10.2"
+tower-sessions-libsql-store = "0.1.0"
+tower-livereload = "0.9.2"
+minijinja = { version = "1.0.14", features = ["loader", "v_htmlescape", "multi_template"] }
 axum-htmx = "0.5.0"
-tower-livereload = "0.9.1"
 argon2 = "0.5.3"
-tower-sessions = "0.10.1"
-tower-sessions-libsql-store = "0.1.0"
-time = "0.3.33"
+time = "0.3.34"
 minify-html = "0.15.0"
 libsql = "0.3.1"
+v_htmlescape = "0.15.8"
diff --git a/README.md b/README.md
@@ -45,6 +45,7 @@ npm run tailwind
 - [x] Improve code for render_html.rs
 - [x] Setup build via GH actions
 - [x] Migrate from SQLX/PostgreSQL to Libsql/Turso (sqlx doesn't support turso yet... such a shame)
+- [ ] Use minijinja autoreload https://docs.rs/minijinja-autoreload/latest/minijinja_autoreload/
 - [ ] Rename to RATH stack, Rust Axum Turso Hhtmx
 
 ## Handy commands

diff --git a/src/filters.rs b/src/filters.rs
@@ -1,8 +1,8 @@
-use chrono::NaiveDateTime;
+use chrono::DateTime;
 
 pub fn date_string(timestamp: String) -> String {
     let timestamp = timestamp.parse::<i64>().expect("timestamp to be a avalid integer");
-    let date_formatted: String = NaiveDateTime::from_timestamp_opt(timestamp, 0)
+    let date_formatted: String = DateTime::from_timestamp(timestamp, 0)
         .unwrap()
         .format("%d-%m-%Y")
         .to_string();

diff --git a/src/models/todo_item.rs b/src/models/todo_item.rs
@@ -5,7 +5,6 @@ use serde::{Deserialize, Serialize};
 pub struct TodoItemRequest {
     #[serde(default)]
     pub id: i64,
-    #[serde(deserialize_with = "serde_converters::html_encode")]
     pub title: String,
     #[serde(deserialize_with = "serde_converters::date_to_timestamp")]
     pub date: i64,

diff --git a/src/render_html.rs b/src/render_html.rs
@@ -26,6 +26,17 @@ pub fn render_block<S: Serialize>(template_name: &str, block_name: &str, context
     }
 }
 
+// TODO: Improve error handling
+pub fn render_html_str<S: Serialize>(template_raw: &str, context: S) -> Result<Html<String>, Box<dyn Error>> {
+    let template = SHARED_JINJA_ENV
+        .get()
+        .expect("Jinja environment not initialized!")
+        .render_str(template_raw, context)?;
+    // Minijiinja does not escape html when using render()
+    let str = v_htmlescape::escape(template.as_str());
+    return Ok(Html(str.to_string()));
+}
+
 fn render<S: Serialize>(
     template_name: &str,
     block_name: &str,

diff --git a/src/routes/todos/create_todo.rs b/src/routes/todos/create_todo.rs
@@ -1,17 +1,19 @@
 use crate::{
     models::{todo_item::TodoItemRequest, user::User},
+    render_html::render_html_str,
     AppState,
 };
-use axum::{extract::State, http::StatusCode, response::IntoResponse, Form};
+use axum::{extract::State, http::StatusCode, response::Html, Form};
 use libsql::params;
+use minijinja::context;
 use std::sync::Arc;
 use tower_sessions::Session;
 
 pub async fn create_todo(
     session: Session,
     State(state): State<Arc<AppState>>,
     Form(form): Form<TodoItemRequest>,
-) -> Result<impl IntoResponse, (StatusCode, String)> {
+) -> Result<Html<String>, (StatusCode, String)> {
     let title_clone = form.title.clone();
     let user = session.get::<User>("user").await.unwrap().unwrap();
 
@@ -28,5 +30,11 @@ pub async fn create_todo(
         return Err((StatusCode::INTERNAL_SERVER_ERROR, String::from("Unknown error")));
     }
 
-    return Ok(format!("Todo item '{}' succesfuly added", title_clone));
+    return Ok(render_html_str(
+        "Todo item '{{ title_clone }}' succesfuly added!",
+        context! {
+            title_clone
+        },
+    )
+    .unwrap());
 }
diff --git a/src/serde_converters.rs b/src/serde_converters.rs
@@ -7,15 +7,6 @@ where
 {
     let s = String::deserialize(deserializer)?;
     let dt = NaiveDate::parse_from_str(&s, "%Y-%m-%d").map_err(serde::de::Error::custom)?;
-    let ts = dt.and_hms_opt(0, 0, 0).unwrap().timestamp();
+    let ts = dt.and_hms_opt(0, 0, 0).unwrap().and_utc().timestamp();
     return Ok(ts);
 }
-
-pub fn html_encode<'de, D>(deserializer: D) -> Result<String, D::Error>
-where
-    D: Deserializer<'de>,
-{
-    let s = String::deserialize(deserializer)?;
-    let s = html_escape::encode_text(&s);
-    return Ok(s.to_string());
-}