fix(play): don't panic on to short id (#273)

src/api/error.rs

@@ -55,6 +55,8 @@ pub enum PlaygroundError {
     CryptError(#[from] aes_gcm::Error),
     #[error("Crypt decoding error: {0}")]
     DecodeError(#[from] base64::DecodeError),
+    #[error("No nonce error")]
+    NoNonceError,
     #[error("Crypt utf error: {0}")]
     UtfDecodeError(#[from] FromUtf8Error),
     #[error("Playground error: no settings")]

src/api/play.rs

@@ -75,6 +75,9 @@ fn encrypt(gist_id: &str) -> Result<String, PlaygroundError> {
 fn decrypt(encoded: &str) -> Result<String, PlaygroundError> {
     if let Some(cipher) = &*CIPHER {
         let data = STANDARD.decode(encoded)?;
+        if NONCE_LEN > data.len() {
+            return Err(PlaygroundError::NoNonceError);
+        }
         let (enc, nonce) = data.split_at(data.len() - NONCE_LEN);
         let nonce = Nonce::from_slice(nonce);
         let data = cipher.decrypt(nonce, enc)?;

tests/api/play.rs

@@ -2,6 +2,7 @@ use crate::helpers::app::test_app_with_login;
 use crate::helpers::db::reset;
 use crate::helpers::http_client::TestHttpClient;
 use crate::helpers::{read_json, wait_for_stubr};
+use actix_http::StatusCode;
 use actix_web::test;
 use anyhow::Error;
 use assert_json_diff::assert_json_eq;
@@ -63,3 +64,17 @@ async fn test_playground() -> Result<(), Error> {
     assert_eq!(playground.deleted_user_id, Some(user_id));
     Ok(())
 }
+
+#[actix_rt::test]
+#[stubr::mock(port = 4321)]
+async fn test_invalid_id() -> Result<(), Error> {
+    let pool = reset()?;
+    wait_for_stubr().await?;
+    let app = test_app_with_login(&pool).await?;
+    let service = test::init_service(app).await;
+    let mut client = TestHttpClient::new(service).await;
+    let res = client.get("/api/v1/play/sssieddidxsx", None).await;
+    // This used to panic, now it should just 500
+    assert_eq!(res.status(), StatusCode::INTERNAL_SERVER_ERROR);
+    Ok(())
+}