What I learned about Rust while making pastebin
from kionite231@lemmy.ca to rust@programming.dev on 11 Jan 06:15
https://lemmy.ca/post/36903762

What I learned about Rust while making pastebin in Rust

First iteration

Hello, I have recently started to make a pastebin to learn more about Rust and understand the underlying concept of Rust so I first made a very naive pastebin where I used axum to serve the files and used a TCPListener to handle file upload. I didn’t use axum to handle file upload because I didn’t know how to do it, so basically my program was listening to two different port 8080 and 3000 where on port 3000 I served the files and on 8080 I handle file upload using simple TCP connection. I also used a static variable to name the uploaded file, but in Rust mutable static variable considered unsafe since it could lead to race condition, but at that time I didn’t know much about Atomic variables so I wraped the code with unsafe.

Second iteration

I uploaded my code of First iteration to Lemmy, and people on Lemmy gave me a lot of suggestions, like using Atomic variable to eliminate the need of unsafe block and using axum to handle file upload. so I implemented that.

Third iteration

there are still some security issue like anyone can scrape entire pastebin since I was using an incremental file name. also if I rerun the pastebin It will reset the file name variable and it would overwrite previously uploaded files, to overcome this issue a person on Lemmy suggested that I should use uuid, that way it would solve those security issue.

Final thoughts

so yeah, that was it, I learned a lot about Rust and programming in general, thank you all on the Lemmy to teach me these cool stuff :D

#rust

threaded - newest

TehPers@beehaw.org on 11 Jan 21:39 collapse

Another potential security issue is path traversal - can someone getting an uploaded paste pass in an ID that allows them to read files in other directories of the system, like …/cert.pem? Verifying that the ID is a valid UUID, if that’s the route you go, should solve this.

Anyway, it was a lot of fun reading your posts the past few days. Seeing the improvements between the iterations was really cool. Feel free to keep sharing your adventures!