feat: update dependencies, enhance upload rate limiting, and improve UI elements

src/api.rs

@@ -6,7 +6,7 @@ use serde_json::json;
 
 use crate::{
     LOG_FILE_NAME,
-    data_mgt::{Asset, AssetTracker},
+    data_mgt::{AppState, Asset},
     logs::{LogEvent, LogEventType, log_event},
 };
 
@@ -21,8 +21,24 @@ pub struct UploadRequest {
 async fn api_upload(
     req: HttpRequest,
     body: web::Json<UploadRequest>,
-    assets: web::Data<AssetTracker>,
+    app_state: web::Data<AppState>,
 ) -> Result<HttpResponse, actix_web::Error> {
+    // Check for rate limiting
+    let connection_info = req.connection_info();
+
+    let uploader_ip = connection_info
+        .realip_remote_addr()
+        .map(|s| s.to_string())
+        .or_else(|| connection_info.peer_addr().map(|value| value.to_string()))
+        .ok_or_else(|| actix_web::error::ErrorBadRequest("Cannot determine client ip"))?;
+
+    match app_state.connection_tracker.is_allowed(&uploader_ip).await {
+        true => {}
+        false => {
+            return Ok(HttpResponse::TooManyRequests().body("Upload limit exceeded"));
+        }
+    }
+
     // Convert to bytes
     let content_bytes = if body.content_type == "text/plain" {
         body.content.as_bytes().to_vec()
@@ -32,12 +48,6 @@ async fn api_upload(
             Err(_) => return Ok(HttpResponse::BadRequest().body("Invalid base64 payload")),
         }
     };
-    let connection_info = req.connection_info();
-    let uploader_ip = connection_info
-        .realip_remote_addr()
-        .or_else(|| connection_info.peer_addr())
-        .unwrap_or("-")
-        .to_string();
 
     let asset = crate::data_mgt::Asset::new(
         body.duration,
@@ -48,7 +58,7 @@ async fn api_upload(
 
     let id = asset.id();
     log_event(LogEventType::AssetUploaded(asset.to_value()));
-    assets.add_asset(asset).await;
+    app_state.assets.add_asset(asset).await;
     let response_body = json!({ "link": format!("/bhs/{}", id) });
     Ok(HttpResponse::Ok().json(response_body))
 }
@@ -57,11 +67,11 @@ async fn api_upload(
 async fn api_get_asset(
     req: HttpRequest,
     path: web::Path<String>,
-    assets: web::Data<AssetTracker>,
+    app_state: web::Data<AppState>,
 ) -> Result<HttpResponse, actix_web::Error> {
     log_event(LogEventType::HttpRequest(req.into()));
 
-    match assets.get_asset(&path.into_inner()).await {
+    match app_state.assets.get_asset(&path.into_inner()).await {
         None => Ok(HttpResponse::NotFound().body("Asset not found")),
         Some(asset) => Ok(HttpResponse::Ok()
             .content_type(asset.mime())
@@ -90,11 +100,11 @@ struct ActivityItem {
 }
 
 #[get("/api/stats")]
-async fn api_stats(assets: web::Data<AssetTracker>) -> Result<HttpResponse, actix_web::Error> {
+async fn api_stats(app_state: web::Data<AppState>) -> Result<HttpResponse, actix_web::Error> {
     use crate::LOG_DIR;
     use std::fs;
 
-    let (active_assets, storage_bytes, image_count, text_count) = assets.stats_summary().await;
+    let (active_assets, storage_bytes, image_count, text_count) = app_state.assets.stats_summary().await;
 
     let mut total_uploads = 0;
     let mut total_deleted = 0;