Created
September 8, 2025 04:07
-
-
Save NN---/cd89a05dff38d29bea5e2b00404ab219 to your computer and use it in GitHub Desktop.
Junior rust code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use axum::{ | |
| extract::Extension, | |
| response::Html, | |
| routing::get, | |
| Form, Router, | |
| }; | |
| use serde::Deserialize; | |
| use sqlx::{MySql, Pool, query}; | |
| use std::net::SocketAddr; | |
| use tokio; | |
| use tokio::net::TcpListener; | |
| #[derive(Deserialize)] | |
| struct ApproveForm { | |
| id: i32, | |
| } | |
| #[tokio::main] | |
| async fn main() -> Result<(), Box<dyn std::error::Error>> { | |
| let pool = sqlx::mysql::MySqlPoolOptions::new() | |
| .connect("mysql://lamer:weak_password@localhost/my_poor_db") | |
| .await?; | |
| let app = Router::new() | |
| .route( | |
| "/", | |
| get({ | |
| let pool = pool.clone(); | |
| move || { | |
| let pool = pool.clone(); | |
| async move { | |
| let orders = query!("SELECT id, sum, status FROM orders") | |
| .fetch_all(&pool) | |
| .await | |
| .unwrap_or_default(); | |
| let html = format!( | |
| r#" | |
| <h1>Orders</h1> | |
| {} | |
| "#, | |
| orders | |
| .into_iter() | |
| .map(|r| { | |
| format!( | |
| r#" | |
| <form method="post"> | |
| Order #{} ${} | |
| <input type="hidden" name="id" value="{}"> | |
| <button type="submit" onclick="return confirm('Sure?')">Approve</button> | |
| </form> | |
| "#, | |
| r.id, r.sum, r.id | |
| ) | |
| }) | |
| .collect::<Vec<_>>() | |
| .join("\n") | |
| ); | |
| Html(html) | |
| } | |
| } | |
| }) | |
| .post({ | |
| let pool = pool.clone(); | |
| move |Form(form): Form<ApproveForm>| { | |
| let pool = pool.clone(); | |
| async move { | |
| // sql-инъекция бережно сохранена | |
| let query_str = format!("UPDATE orders SET status='ok' WHERE id={}", form.id); | |
| let _ = sqlx::query(&query_str).execute(&pool).await; | |
| Html(r#"<script>alert('OK')</script>"#.to_string()) | |
| } | |
| } | |
| }), | |
| ) | |
| .layer(Extension(pool)); | |
| // Запуск сервера | |
| let addr = SocketAddr::from(([127, 0, 0, 1], 3000)); | |
| let listener = TcpListener::bind(&addr).await.unwrap(); | |
| println!("Сервер запущен на http://{}", addr); | |
| axum::serve(listener, app).await.unwrap(); | |
| Ok(()) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment