What I learned about Rust while making pastebin in Rust
First iteration
Hello, I have recently started to make a pastebin to learn more about Rust and understand the underlying concept of Rust so I first made a very naive pastebin where I used axum to serve the files and used a TCPListener to handle file upload. I didn’t use axum to handle file upload because I didn’t know how to do it, so basically my program was listening to two different port 8080 and 3000 where on port 3000 I served the files and on 8080 I handle file upload using simple TCP connection. I also used a static variable to name the uploaded file, but in Rust mutable static variable considered unsafe since it could lead to race condition, but at that time I didn’t know much about Atomic variables so I wraped the code with unsafe.
Second iteration
I uploaded my code of First iteration to Lemmy, and people on Lemmy gave me a lot of suggestions, like using Atomic variable to eliminate the need of unsafe block and using axum to handle file upload. so I implemented that.
Third iteration
there are still some security issue like anyone can scrape entire pastebin since I was using an incremental file name. also if I rerun the pastebin It will reset the file name variable and it would overwrite previously uploaded files, to overcome this issue a person on Lemmy suggested that I should use uuid, that way it would solve those security issue.
Final thoughts
so yeah, that was it, I learned a lot about Rust and programming in general, thank you all on the Lemmy to teach me these cool stuff :D
You must log in or # to comment.
Another potential security issue is path traversal - can someone getting an uploaded paste pass in an ID that allows them to read files in other directories of the system, like
../cert.pem? Verifying that the ID is a valid UUID, if that’s the route you go, should solve this.Anyway, it was a lot of fun reading your posts the past few days. Seeing the improvements between the iterations was really cool. Feel free to keep sharing your adventures!