Security and performance hardening from rust-engineer audit

hiteshjoshi · hiteshjoshi · commit e33c19d5ca94 · 2026-03-08T05:34:31.000+05:30
Stop echoing magic link code in response, reject short codes early,
use synchronous=FULL for crash-safe vault durability, fix clippy lints.
diff --git a/src/credentials.rs b/src/credentials.rs
@@ -41,6 +41,7 @@ impl std::fmt::Debug for Credentials {
 }
 
 impl Credentials {
+    #[allow(clippy::too_many_arguments)]
     pub fn new(
         domain: String,
         signing_key: &SigningKey,
diff --git a/src/crypto/signing.rs b/src/crypto/signing.rs
@@ -39,7 +39,7 @@ pub fn decode_public_key(encoded: &str) -> Result<VerifyingKey> {
 
 pub fn encode_private_key(signing_key: &SigningKey) -> String {
     let key_bytes = Zeroizing::new(signing_key.to_bytes());
-    BASE64.encode(&*key_bytes)
+    BASE64.encode(*key_bytes)
 }
 
 pub fn decode_private_key(encoded: &str) -> Result<SigningKey> {
diff --git a/src/db.rs b/src/db.rs
@@ -23,7 +23,7 @@ pub fn open() -> Result<Connection> {
 
     // WAL mode: fast reads, lets multiple processes access the file
     conn.pragma_update(None, "journal_mode", "WAL")?;
-    conn.pragma_update(None, "synchronous", "NORMAL")?;
+    conn.pragma_update(None, "synchronous", "FULL")?;
     conn.pragma_update(None, "cache_size", "-2000")?;
 
     // CREATE TABLE IF NOT EXISTS is idempotent — safe to run every time
diff --git a/src/server.rs b/src/server.rs
@@ -70,7 +70,6 @@ struct DepositResponse {
 #[derive(Serialize)]
 struct MagicLinkResponse {
     status: &'static str,
-    code: String,
 }
 
 /// Max deposit body size: 1 MB
@@ -299,6 +298,11 @@ async fn handle_magic_link(
         return StatusCode::TOO_MANY_REQUESTS.into_response();
     }
 
+    // Reject obviously short codes before touching the DB (host() enforces >= 20 chars)
+    if code.len() < 20 {
+        return StatusCode::NOT_FOUND.into_response();
+    }
+
     let state_clone = state.clone();
     let code_clone = code;
     let result = tokio::task::spawn_blocking(move || {
@@ -308,8 +312,8 @@ async fn handle_magic_link(
     }).await;
 
     match result {
-        Ok(Ok(Some(verified_code))) => {
-            let resp = MagicLinkResponse { status: "verified", code: verified_code };
+        Ok(Ok(Some(_))) => {
+            let resp = MagicLinkResponse { status: "verified" };
             match serde_json::to_string(&resp) {
                 Ok(json) => (StatusCode::OK, [(header::CONTENT_TYPE, "application/json")], json).into_response(),
                 Err(_) => StatusCode::INTERNAL_SERVER_ERROR.into_response(),

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@ impl std::fmt::Debug for Credentials {`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`impl Credentials {`
	`44`	`+ #[allow(clippy::too_many_arguments)]`
`44`	`45`	`pub fn new(`
`45`	`46`	`domain: String,`
`46`	`47`	`signing_key: &SigningKey,`
Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ pub fn decode_public_key(encoded: &str) -> Result<VerifyingKey> {`
`39`	`39`
`40`	`40`	`pub fn encode_private_key(signing_key: &SigningKey) -> String {`
`41`	`41`	`let key_bytes = Zeroizing::new(signing_key.to_bytes());`
`42`		`- BASE64.encode(&*key_bytes)`
	`42`	`+ BASE64.encode(*key_bytes)`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`pub fn decode_private_key(encoded: &str) -> Result<SigningKey> {`