diff --git a/Cargo.lock b/Cargo.lock index f8d36bc..5a12a8a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -346,6 +346,12 @@ version = "0.31.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" +[[package]] +name = "glob-match" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9985c9503b412198aa4197559e9a318524ebc4519c229bfa05a535828c950b9d" + [[package]] name = "hex" version = "0.4.3" @@ -1199,6 +1205,7 @@ dependencies = [ "console_log", "constant_time_eq", "getrandom 0.3.3", + "glob-match", "hex", "js-sys", "jsonwebtoken", diff --git a/Cargo.toml b/Cargo.toml index 187ec75..75c3786 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -48,3 +48,4 @@ log = "0.4" thiserror = "1.0" once_cell = "1.19" console_log = "1.0.0" +glob-match = "0.2" diff --git a/README.md b/README.md index 780e05f..c0d042d 100644 --- a/README.md +++ b/README.md @@ -111,7 +111,7 @@ There are no immediate plans to implement these features. The primary goal of th 6. **Set environment variables** as `Secret` -- `ALLOWED_EMAILS` your-email@example.com +- `ALLOWED_EMAILS` your-email@example.com (supports glob patterns like `*@example.com`) - `JWT_SECRET` a long random string - `JWT_REFRESH_SECRET` a long random string @@ -156,7 +156,7 @@ Add the following secrets to your GitHub repository (`Settings > Secrets and var 4. **Monitor the deployment** in the Actions tab of your repository 5. **Set environment variables** in the Cloudflare console (following the command line deployment steps): - - `ALLOWED_EMAILS` your-email@example.com + - `ALLOWED_EMAILS` your-email@example.com (supports glob patterns like `*@example.com`) - `JWT_SECRET` a long random string - `JWT_REFRESH_SECRET` a long random string diff --git a/src/handlers/accounts.rs b/src/handlers/accounts.rs index deb99d9..dae6472 100644 --- a/src/handlers/accounts.rs +++ b/src/handlers/accounts.rs @@ -1,5 +1,6 @@ use axum::{extract::State, Json}; use chrono::Utc; +use glob_match::glob_match; use serde_json::{json, Value}; use std::sync::Arc; use uuid::Uuid; @@ -88,9 +89,9 @@ pub async fn register( .as_ref() .as_string() .ok_or_else(|| AppError::Internal)?; - if allowed_emails - .split(",") - .all(|email| email.trim() != payload.email) + if !allowed_emails + .split(',') + .any(|pattern| glob_match(pattern.trim(), &payload.email)) { return Err(AppError::Unauthorized("Not allowed to signup".to_string())); }