Merge pull request #4 from SunsetMkt/main

feat: add glob pattern support for ALLOWED_EMAILS
This commit is contained in:
qaz741wsd856 2025-12-04 20:19:04 +08:00 committed by GitHub
commit 8e1a5a23b8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 14 additions and 5 deletions

7
Cargo.lock generated
View file

@ -346,6 +346,12 @@ version = "0.31.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f"
[[package]]
name = "glob-match"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9985c9503b412198aa4197559e9a318524ebc4519c229bfa05a535828c950b9d"
[[package]]
name = "hex"
version = "0.4.3"
@ -1199,6 +1205,7 @@ dependencies = [
"console_log",
"constant_time_eq",
"getrandom 0.3.3",
"glob-match",
"hex",
"js-sys",
"jsonwebtoken",

View file

@ -48,3 +48,4 @@ log = "0.4"
thiserror = "1.0"
once_cell = "1.19"
console_log = "1.0.0"
glob-match = "0.2"

View file

@ -111,7 +111,7 @@ There are no immediate plans to implement these features. The primary goal of th
6. **Set environment variables** as `Secret`
- `ALLOWED_EMAILS` your-email@example.com
- `ALLOWED_EMAILS` your-email@example.com (supports glob patterns like `*@example.com`)
- `JWT_SECRET` a long random string
- `JWT_REFRESH_SECRET` a long random string
@ -156,7 +156,7 @@ Add the following secrets to your GitHub repository (`Settings > Secrets and var
4. **Monitor the deployment** in the Actions tab of your repository
5. **Set environment variables** in the Cloudflare console (following the command line deployment steps):
- `ALLOWED_EMAILS` your-email@example.com
- `ALLOWED_EMAILS` your-email@example.com (supports glob patterns like `*@example.com`)
- `JWT_SECRET` a long random string
- `JWT_REFRESH_SECRET` a long random string

View file

@ -1,5 +1,6 @@
use axum::{extract::State, Json};
use chrono::Utc;
use glob_match::glob_match;
use serde_json::{json, Value};
use std::sync::Arc;
use uuid::Uuid;
@ -88,9 +89,9 @@ pub async fn register(
.as_ref()
.as_string()
.ok_or_else(|| AppError::Internal)?;
if allowed_emails
.split(",")
.all(|email| email.trim() != payload.email)
if !allowed_emails
.split(',')
.any(|pattern| glob_match(pattern.trim(), &payload.email))
{
return Err(AppError::Unauthorized("Not allowed to signup".to_string()));
}