1
0
Fork 0
forked from TWS/kalkutago

Compare commits

...

8 commits

21 changed files with 756 additions and 53 deletions

View file

@ -6,7 +6,8 @@ const router = createRouter({
history: createWebHistory(),
routes: [
{ path: '/', component: TableView },
{ path: '/new-track', component: NewTrackView }
{ path: '/new-track', component: NewTrackView },
{ path: '/login', component: import('./views/Login.vue') }
// for other pages:
// {path: '/', component: import('./views/TableView.vue')}
]

View file

@ -18,9 +18,19 @@ function dateQuery(date: Date): URLSearchParams {
return query
}
export const state = reactive({
tracks: new Array<Track>,
state: State.Unfetched,
interface LoggedInUser {
name: string
}
class AppState {
tracks: Array<Track>
state: State
user?: LoggedInUser
constructor() {
this.tracks = new Array<Track>
this.state = State.Unfetched
}
streamUpdatesFromServer() {
const source = new EventSource("/api/v1/updates")
source.addEventListener("open", () => console.debug("opened event source"))
@ -69,17 +79,17 @@ export const state = reactive({
window.location = window.location
})
window.addEventListener('beforeunload', () => source.close())
},
}
async repopulate() {
this.state = State.Fetching
this.tracks = await Track.fetchAll()
},
}
async populate() {
if (this.state != State.Unfetched) return
await this.repopulate()
this.streamUpdatesFromServer()
this.state = State.Fetched
},
}
async taskCompleted(track: Track, date: Date): Promise<Tick> {
const query = dateQuery(date)
const response: Response = await fetch(`/api/v1/tracks/${track.id}/ticked?${query.toString()}`, { method: "PATCH" })
@ -89,13 +99,13 @@ export const state = reactive({
throw new Error(`error setting tick for track ${track.id} ("${track.name}"): ${response.status} ${response.statusText}`)
}
return JSON.parse(body)
},
}
async taskMarkedIncomplete(track: Track, date: Date) {
const query = dateQuery(date)
const { ok, status, statusText } = await fetch(`/api/v1/tracks/${track.id}/all-ticks?${query.toString()}`, { method: 'DELETE' })
if (!ok)
error(`error deleting ticks for ${track.id}: ${statusText} (${status})`)
},
}
async addTrack(track: Track): Promise<boolean> {
const response = await fetch('/api/v1/tracks', {
method: "POST",
@ -105,9 +115,11 @@ export const state = reactive({
if (!response.ok)
error(`error submitting track: ${track}: ${response.statusText} (${response.status})`)
return response.ok
},
}
async removeTrack(trackID: number) {
const response = await fetch(`/api/v1/tracks/${trackID}`, { method: "DELETE" })
if (!response.ok) error(`error deleting track with ID ${trackID}: ${response.statusText} (${response.status})`)
}
})
}
export const state = reactive(new AppState)

View file

@ -0,0 +1,69 @@
<script setup lang="ts">
import { ref } from 'vue'
import { state } from '../state';
const name = ref("")
const password = ref("")
async function signUp() {
const $name = name.value
const result = await fetch("/api/v1/auth", {
method: 'POST',
body: JSON.stringify({ name: $name, password: password.value })
})
if (result.ok) {
state.user = { name: $name }
}
}
async function login() {
const $name = name.value
const result = await fetch("/api/v1/auth", {
method: 'PUT',
body: JSON.stringify({ name: $name, password: password.value })
})
if (result.ok) {
state.user = { name: $name }
}
}
</script>
<template>
<div class="modal is-active">
<div class="modal-background"></div>
<div class="modal-card">
<header class="modal-card-head">
<div class="modal-card-title">Log in or Sign up</div>
</header>
<section class="modal-card-body">
<div class="field">
<label for="username">Name</label>
<div class="control">
<input type="text" name="username" class="input" v-model="name" />
</div>
</div>
<div class="field">
<label for="password" class="label">Password</label>
<div class="control">
<input type="password" name="password" class="input" v-model="password" />
</div>
</div>
</section>
<footer class="modal-card-foot">
<button class="submit button is-success" @click="login">Log in</button>
<button class="submit button is-info" @click="signUp">Sign Up</button>
</footer>
</div>
</div>
</template>
<style scoped>
.modal-card-foot {
flex-direction: row-reverse;
}
.button.submit {
margin-left: 10px;
}
</style>

View file

@ -14,7 +14,7 @@ services:
POSTGRES_USER: kalkutago
POSTGRES_DB: kalkutago
POSTGRES_HOST: database
secrets: [ postgres-password ]
secrets: [ postgres-password, cookie-secret ]
depends_on: [ database ]
expose: [ 8000 ]
# ports:
@ -25,6 +25,7 @@ services:
labels:
traefik.enable: true
traefik.http.routers.kalkutago_server.rule: 'Host(`kalkutago`) && PathPrefix(`/api`)'
database:
image: postgres
environment:
@ -65,6 +66,8 @@ services:
secrets:
postgres-password:
file: ./server/postgres.pw
cookie-secret:
file: ./server/cookie-secret.pw
networks:
internal:

View file

@ -32,6 +32,8 @@ services:
secrets:
postgres-password:
file: ./server/postgres.pw
cookie-secret:
file: ./server/cookie-secret.pw
networks:
internal:

150
server/Cargo.lock generated
View file

@ -8,6 +8,41 @@ version = "0.11.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3"
[[package]]
name = "aead"
version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0"
dependencies = [
"crypto-common",
"generic-array",
]
[[package]]
name = "aes"
version = "0.8.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "433cfd6710c9986c576a25ca913c39d66a6474107b406f34f91d4a8923395241"
dependencies = [
"cfg-if",
"cipher",
"cpufeatures",
]
[[package]]
name = "aes-gcm"
version = "0.10.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "209b47e8954a928e1d72e86eca7000ebb6655fe1436d33eefc2201cad027e237"
dependencies = [
"aead",
"aes",
"cipher",
"ctr",
"ghash",
"subtle",
]
[[package]]
name = "ahash"
version = "0.7.6"
@ -142,6 +177,19 @@ version = "0.21.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "604178f6c5c21f02dc555784810edfb88d34ac2c73b2eae109655649ee73ce3d"
[[package]]
name = "bcrypt"
version = "0.14.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9df288bec72232f78c1ec5fe4e8f1d108aa0265476e93097593c803c8c02062a"
dependencies = [
"base64 0.21.2",
"blowfish",
"getrandom",
"subtle",
"zeroize",
]
[[package]]
name = "bigdecimal"
version = "0.3.1"
@ -192,6 +240,16 @@ dependencies = [
"generic-array",
]
[[package]]
name = "blowfish"
version = "0.9.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7"
dependencies = [
"byteorder",
"cipher",
]
[[package]]
name = "borsh"
version = "0.10.3"
@ -305,6 +363,16 @@ dependencies = [
"winapi",
]
[[package]]
name = "cipher"
version = "0.4.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
dependencies = [
"crypto-common",
"inout",
]
[[package]]
name = "clap"
version = "3.2.25"
@ -347,7 +415,13 @@ version = "0.17.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7efb37c3e1ccb1ff97164ad95ac1606e8ccd35b3fa0a7d99a304c7f4a428cc24"
dependencies = [
"aes-gcm",
"base64 0.21.2",
"hkdf",
"percent-encoding",
"rand",
"sha2",
"subtle",
"time 0.3.22",
"version_check",
]
@ -393,9 +467,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
dependencies = [
"generic-array",
"rand_core",
"typenum",
]
[[package]]
name = "ctr"
version = "0.9.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835"
dependencies = [
"cipher",
]
[[package]]
name = "darling"
version = "0.14.4"
@ -462,6 +546,17 @@ dependencies = [
"syn 1.0.109",
]
[[package]]
name = "derive_deref"
version = "1.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dcdbcee2d9941369faba772587a565f4f534e42cb8d17e5295871de730163b2b"
dependencies = [
"proc-macro2",
"quote",
"syn 1.0.109",
]
[[package]]
name = "devise"
version = "0.4.1"
@ -756,6 +851,16 @@ dependencies = [
"wasi 0.11.0+wasi-snapshot-preview1",
]
[[package]]
name = "ghash"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d930750de5717d2dd0b8c0d42c076c0e884c81a73e6cab859bbd2339c71e3e40"
dependencies = [
"opaque-debug",
"polyval",
]
[[package]]
name = "glob"
version = "0.3.1"
@ -989,6 +1094,15 @@ version = "0.1.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c8fae54786f62fb2918dcfae3d568594e50eb9b5c25bf04371af6fe7516452fb"
[[package]]
name = "inout"
version = "0.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5"
dependencies = [
"generic-array",
]
[[package]]
name = "instant"
version = "0.1.12"
@ -1049,8 +1163,10 @@ dependencies = [
name = "kalkutago-server"
version = "0.1.0"
dependencies = [
"bcrypt",
"chrono",
"derive_builder",
"derive_deref",
"either",
"femme",
"log",
@ -1249,6 +1365,12 @@ version = "1.18.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d"
[[package]]
name = "opaque-debug"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
[[package]]
name = "os_str_bytes"
version = "6.5.1"
@ -1379,6 +1501,18 @@ version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
[[package]]
name = "polyval"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7ef234e08c11dfcb2e56f79fd70f6f2eb7f025c0ce2333e82f4f0518ecad30c6"
dependencies = [
"cfg-if",
"cpufeatures",
"opaque-debug",
"universal-hash",
]
[[package]]
name = "ppv-lite86"
version = "0.2.17"
@ -2699,6 +2833,16 @@ version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "39ec24b3121d976906ece63c9daad25b85969647682eee313cb5779fdd69e14e"
[[package]]
name = "universal-hash"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea"
dependencies = [
"crypto-common",
"subtle",
]
[[package]]
name = "untrusted"
version = "0.7.1"
@ -3010,3 +3154,9 @@ name = "yansi"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "09041cd90cf85f7f8b2df60c646f853b7f535ce68f85244eb6731cf89fa498ec"
[[package]]
name = "zeroize"
version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9"

View file

@ -13,7 +13,9 @@ path = "src/main.rs"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
bcrypt = "0.14.0"
chrono = "0.4.26"
derive_deref = "1.1.1"
femme = "2.2.1"
log = { version = "0.4.19", features = ["kv_unstable", "kv_unstable_serde"] }
sea-orm-migration = "0.11.3"
@ -40,7 +42,7 @@ features = [
[dependencies.rocket]
git = "https://github.com/SergioBenitez/Rocket"
rev = "v0.5.0-rc.3"
features = ["json"]
features = ["json", "secrets"]
[dependencies.serde]
version = "1.0.163"

83
server/src/api/auth.rs Normal file
View file

@ -0,0 +1,83 @@
use derive_deref::Deref;
use log::warn;
use rocket::{
http::{Cookie, CookieJar, Status},
outcome::IntoOutcome,
request::{self, FromRequest},
serde::json::Json,
Request, State,
};
use sea_orm::{prelude::*, DatabaseConnection};
use serde::Deserialize;
use crate::{
api::error::ApiResult,
entities::{prelude::*, *},
error::Error,
};
#[derive(Clone, Deserialize)]
pub(super) struct LoginData {
name: String,
password: String,
}
#[put("/", data = "<user_data>", format = "application/json")]
pub(super) async fn login(
db: &State<DatabaseConnection>,
user_data: Json<LoginData>,
cookies: &CookieJar<'_>,
) -> ApiResult<Status> {
let users = User::find()
.filter(user::Column::Name.eq(&user_data.name))
.all(db as &DatabaseConnection)
.await
.map_err(Error::from)?;
if users.len() > 1 {
warn!(count = users.len(), name = &user_data.name; "multiple entries found in database for user");
}
let Some(user) = users.get(0) else {
return Ok(Status::Unauthorized);
};
cookies.add_private(Cookie::new(
"user",
serde_json::to_string(&user).map_err(Error::from)?,
));
Ok(Status::Ok)
}
#[post("/", data = "<user_data>", format = "application/json")]
pub(super) async fn sign_up(
db: &State<DatabaseConnection>,
user_data: Json<LoginData>,
cookies: &CookieJar<'_>,
) -> ApiResult<()> {
let user_data = user::ActiveModel::new(&user_data.name, &user_data.password)?
.insert(db as &DatabaseConnection)
.await
.map_err(Error::from)?;
cookies.add_private(Cookie::new(
"user",
serde_json::to_string(&user_data).map_err(Error::from)?,
));
Ok(())
}
/// Authentication guard
#[derive(Deref)]
pub(super) struct Auth(user::Model);
#[rocket::async_trait]
impl<'r> FromRequest<'r> for Auth {
type Error = ();
async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
let unauthorized = (Status::Unauthorized, ());
let Some(user) = request.cookies().get_private("user") else {
return request::Outcome::Failure(unauthorized);
};
serde_json::from_str(user.value())
.ok()
.map(|user| Auth(user))
.into_outcome(unauthorized)
}
}

View file

@ -2,11 +2,11 @@ use crate::error::Error;
#[derive(Responder)]
#[response(status = 500, content_type = "json")]
pub(crate) struct ErrorResponder {
pub struct ErrorResponder {
message: String,
}
pub(crate) type ApiResult<T> = Result<T, ErrorResponder>;
pub type ApiResult<T> = Result<T, ErrorResponder>;
// The following impl's are for easy conversion of error types.

View file

@ -1,3 +1,4 @@
mod auth;
mod error;
mod groups;
#[cfg(feature = "unsafe_import")]
@ -8,11 +9,13 @@ pub(crate) mod update;
use std::{
default::default,
env, fs,
net::{IpAddr, Ipv4Addr},
};
use crate::error::Error;
use rocket::{
config::SecretKey,
fs::{FileServer, NamedFile},
response::stream::EventStream,
routes, Build, Config, Rocket, State,
@ -61,6 +64,16 @@ async fn spa_index_redirect() -> ApiResult<NamedFile> {
.map_err(Error::from)?)
}
fn get_secret() -> [u8; 32] {
let path =
env::var("COOKIE_SECRET_FILE").unwrap_or_else(|_| "/run/secrets/cookie-secret".into());
let file_contents =
fs::read(&path).unwrap_or_else(|err| panic!("failed to read from {path:?}: {err:?}"));
let mut data = [0u8; 32];
data.copy_from_slice(&file_contents);
data
}
pub(crate) fn start_server(db: DatabaseConnection) -> Rocket<Build> {
use groups::*;
use ticks::*;
@ -69,6 +82,7 @@ pub(crate) fn start_server(db: DatabaseConnection) -> Rocket<Build> {
let it = rocket::build()
.configure(Config {
address: IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)),
secret_key: SecretKey::derive_from(&get_secret()),
..default()
})
.register("/", catchers![spa_index_redirect])
@ -98,6 +112,7 @@ pub(crate) fn start_server(db: DatabaseConnection) -> Rocket<Build> {
"/api/v1/groups",
routes![all_groups, group, insert_group, update_group, delete_group],
)
.mount("/api/v1/auth", routes![auth::login, auth::sign_up])
.mount("/", FileServer::from("/src/public"));
#[cfg(feature = "unsafe_import")]

View file

@ -1,51 +1,72 @@
use std::convert::Infallible;
use std::default::default;
use crate::api::auth::Auth;
use crate::api::{self, error::ApiResult};
use crate::entities::{prelude::*, *};
use crate::error::Error;
use either::Either::{self, Left, Right};
use rocket::http::Status;
use rocket::{serde::json::Json, State};
use sea_orm::{prelude::*, DatabaseConnection};
use sea_orm::{prelude::*, DatabaseConnection, IntoActiveModel, Statement, TryIntoModel};
use tokio::sync::broadcast::Sender;
use super::update::Update;
use super::ErrorResponder;
#[get("/")]
pub(super) async fn all_tracks(
db: &State<DatabaseConnection>,
authorized_user: Auth,
) -> ApiResult<Json<Vec<tracks::Model>>> {
let db = db as &DatabaseConnection;
let tracks = Tracks::find().all(db).await.unwrap();
let tracks = authorized_user
.find_related(Tracks)
.all(db)
.await
.map_err(Error::from)?;
Ok(Json(tracks))
}
async fn get_track_check_user(
db: &DatabaseConnection,
track_id: i32,
user: &user::Model,
) -> Result<Json<tracks::Model>, Either<Status, api::ErrorResponder>> {
if let Some(Some(user)) = user
.find_related(Tracks)
.filter(tracks::Column::Id.eq(track_id))
.one(db)
.await
.transpose()
.map(|it| it.ok())
{
Ok(Json(user))
} else {
Err(Left(Status::NotFound))
}
}
#[get("/<id>")]
pub(super) async fn track(
db: &State<DatabaseConnection>,
id: i32,
auth: Auth,
) -> Result<Json<tracks::Model>, Either<Status, api::ErrorResponder>> {
let db = db as &DatabaseConnection;
match Tracks::find_by_id(id).one(db).await {
Ok(Some(track)) => Ok(Json(track)),
Ok(None) => Err(Left(Status::NotFound)),
Err(err) => Err(Right(Error::from(err).into())),
}
get_track_check_user(db, id, &*auth).await
}
#[get("/<id>/ticks")]
pub(super) async fn ticks_for_track(
db: &State<DatabaseConnection>,
id: i32,
auth: Auth,
) -> Result<Json<Vec<ticks::Model>>, Either<Status, api::ErrorResponder>> {
let db = db as &DatabaseConnection;
match Tracks::find_by_id(id).one(db).await {
Ok(Some(track)) => {
let result = track.find_related(Ticks).all(db).await;
match result {
Ok(ticks) => Ok(Json(ticks)),
Err(err) => Err(Right(Error::from(err).into())),
}
}
Ok(None) => Err(Left(Status::NotFound)),
let track = get_track_check_user(db, id, &*auth).await?;
let result = track.find_related(Ticks).all(db).await;
match result {
Ok(ticks) => Ok(Json(ticks)),
Err(err) => Err(Right(Error::from(err).into())),
}
}
@ -55,13 +76,59 @@ pub(super) async fn insert_track(
db: &State<DatabaseConnection>,
tx: &State<Sender<Update>>,
track: Json<serde_json::Value>,
) -> ApiResult<Json<tracks::Model>> {
let track = track.0;
let db = db as &DatabaseConnection;
let model = tracks::ActiveModel::from_json(track).map_err(Error::from)?;
let track = model.insert(db).await.map_err(Error::from)?;
auth: Auth,
) -> Result<Json<tracks::Model>, Either<Status, ErrorResponder>> {
fn bad() -> Either<Status, ErrorResponder> {
Left(Status::BadRequest)
}
let track = track.0.as_object().ok_or_else(bad)?;
let Some(track_id) = db
.query_one(Statement::from_sql_and_values(
sea_orm::DatabaseBackend::Postgres,
"insert into $1 (user_id, track_id) values (
$2, (
insert into $3 (
name, description, icon, enabled, multiple_entries_per_day,
color, order
) values (
$4, $5, $6, $7, $8, $9, $10,
) returning id
)
) returning track_id;",
[
user_tracks::Entity::default().table_name().into(),
auth.id.into(),
tracks::Entity::default().table_name().into(),
track.get("name").ok_or_else(bad)?.as_str().ok_or_else(bad)?.into(),
track
.get("description")
.ok_or_else(bad)?
.as_str()
.ok_or_else(bad)?
.into(),
track.get("icon").ok_or_else(bad)?.as_str().ok_or_else(bad)?.into(),
track.get("enabled").ok_or_else(bad)?.as_i64().into(),
track
.get("multiple_entries_per_day")
.ok_or_else(bad)?
.as_i64()
.into(),
track.get("color").ok_or_else(bad)?.as_i64().into(),
track.get("order").ok_or_else(bad)?.as_i64().into(),
],
))
.await
.map_err(|err| Right(Error::from(err).into()))? else {
return Err(Right("no value returned from track insertion query".into()));
};
let track_id = track_id
.try_get_by_index(0)
.map_err(|err| Right(Error::from(err).into()))?;
let track = auth.authorized_track(track_id, db).await.ok_or_else(|| {
Right(format!("failed to fetch freshly inserted track with id {track_id}").into())
})?;
tx.send(Update::track_added(track.clone()))
.map_err(Error::from)?;
.map_err(|err| Right(Error::from(err).into()))?;
Ok(Json(track))
}
@ -69,16 +136,21 @@ pub(super) async fn insert_track(
pub(super) async fn update_track(
db: &State<DatabaseConnection>,
tx: &State<Sender<Update>>,
track: Json<serde_json::Value>,
) -> ApiResult<Json<tracks::Model>> {
track: Json<tracks::Model>,
authorized_user: Auth,
) -> Result<Json<tracks::Model>, Either<Status, api::ErrorResponder>> {
let db = db as &DatabaseConnection;
let track = tracks::ActiveModel::from_json(track.0)
.map_err(Error::from)?
let track = track.0;
if !authorized_user.is_authorized_for(track.id, db).await {
return Err(Left(Status::Forbidden));
}
let track = track
.into_active_model()
.update(db)
.await
.map_err(Error::from)?;
.map_err(|err| Right(Error::from(err).into()))?;
tx.send(Update::track_changed(track.clone()))
.map_err(Error::from)?;
.map_err(|err| Right(Error::from(err).into()))?;
Ok(Json(track))
}
@ -87,11 +159,13 @@ pub(super) async fn delete_track(
db: &State<DatabaseConnection>,
tx: &State<Sender<Update>>,
id: i32,
authorized_user: Auth,
) -> ApiResult<Status> {
let db = db as &DatabaseConnection;
let Some(track) = Tracks::find_by_id(id).one(db).await.map_err(Error::from)? else {
let Some(track) = authorized_user.authorized_track(id, db).await else {
return Ok(Status::NotFound);
};
track.clone().delete(db).await.map_err(Error::from)?;
tx.send(Update::track_removed(track)).map_err(Error::from)?;
Ok(Status::Ok)
}
@ -101,15 +175,20 @@ pub(super) async fn ticked(
db: &State<DatabaseConnection>,
tx: &State<Sender<Update>>,
id: i32,
) -> ApiResult<Json<ticks::Model>> {
authorized_user: Auth,
) -> Result<Json<ticks::Model>, Either<Status, api::ErrorResponder>> {
if !authorized_user.is_authorized_for(id, db).await {
return Err(Left(Status::Forbidden));
}
let tick = ticks::ActiveModel::now(id);
let tick = tick
.insert(db as &DatabaseConnection)
.await
.map_err(Error::from)?
.map_err(|err| Right(Error::from(err).into()))?
.to_owned();
tx.send(Update::tick_added(tick.clone()))
.map_err(Error::from)?;
.map_err(|err| Right(Error::from(err).into()))?;
Ok(Json(tick))
}
@ -121,7 +200,12 @@ pub(super) async fn ticked_on_date(
year: i32,
month: u32,
day: u32,
authorized_user: Auth,
) -> ApiResult<Either<Json<ticks::Model>, Status>> {
if !authorized_user.is_authorized_for(id, db).await {
return Ok(Right(Status::Forbidden));
}
let Some(date) = Date::from_ymd_opt(year, month, day) else {
return Ok(Right(Status::BadRequest));
};
@ -141,10 +225,14 @@ pub(super) async fn clear_all_ticks(
db: &State<DatabaseConnection>,
tx: &State<Sender<Update>>,
id: i32,
authorized_user: Auth,
) -> ApiResult<Either<Status, Json<Vec<ticks::Model>>>> {
let db = db as &DatabaseConnection;
let Some(track) = Tracks::find_by_id(id).one(db).await.map_err(Error::from)? else {
info!(track_id = id; "couldn't drop all ticks for track; track not found");
let Some(track) = authorized_user.authorized_track(id, db).await else {
info!(
track_id = id, user_id = authorized_user.id;
"couldn't drop all ticks for track; track not found or user not authorized"
);
return Ok(Left(Status::NotFound));
};
let ticks = track
@ -167,8 +255,12 @@ pub(super) async fn clear_all_ticks_on_day(
year: i32,
month: u32,
day: u32,
) -> ApiResult<Json<Vec<ticks::Model>>> {
authorized_user: Auth,
) -> ApiResult<Either<Status, Json<Vec<ticks::Model>>>> {
let db = db as &DatabaseConnection;
if !authorized_user.is_authorized_for(id, db).await {
return Ok(Left(Status::Forbidden));
}
let ticks = Ticks::find()
.filter(ticks::Column::TrackId.eq(id))
.filter(ticks::Column::Year.eq(year))
@ -181,5 +273,5 @@ pub(super) async fn clear_all_ticks_on_day(
tick.clone().delete(db).await.map_err(Error::from)?;
Update::tick_cancelled(tick).send(&tx)?;
}
Ok(Json(ticks))
Ok(Right(Json(ticks)))
}

View file

@ -6,3 +6,5 @@ pub mod groups;
pub mod ticks;
pub mod track2_groups;
pub mod tracks;
pub mod user;
pub mod user_tracks;

View file

@ -4,3 +4,5 @@ pub use super::groups::Entity as Groups;
pub use super::ticks::Entity as Ticks;
pub use super::track2_groups::Entity as Track2Groups;
pub use super::tracks::Entity as Tracks;
pub use super::user::Entity as User;
pub use super::user_tracks::Entity as UserTracks;

View file

@ -24,6 +24,8 @@ pub enum Relation {
Ticks,
#[sea_orm(has_many = "super::track2_groups::Entity")]
Track2Groups,
#[sea_orm(has_many = "super::user_tracks::Entity")]
UserTracks,
}
impl Related<super::ticks::Entity> for Entity {
@ -38,4 +40,19 @@ impl Related<super::track2_groups::Entity> for Entity {
}
}
impl Related<super::user_tracks::Entity> for Entity {
fn to() -> RelationDef {
Relation::UserTracks.def()
}
}
impl Related<super::user::Entity> for Entity {
fn to() -> RelationDef {
super::user_tracks::Relation::User.def()
}
fn via() -> Option<RelationDef> {
Some(super::user_tracks::Relation::Tracks.def().rev())
}
}
impl ActiveModelBehavior for ActiveModel {}

View file

@ -0,0 +1,99 @@
//! `SeaORM` Entity. Generated by sea-orm-codegen 0.11.3
use std::default::default;
use bcrypt::*;
// TODO Add option for argon2 https://docs.rs/argon2/latest/argon2/
use either::Either::{self, Left, Right};
use rocket::response::status::Unauthorized;
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
use crate::{
api::ErrorResponder,
error::{self, Error},
};
use super::tracks;
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "user")]
pub struct Model {
#[sea_orm(primary_key)]
#[serde(skip_deserializing)]
pub id: i32,
pub name: String,
pub password_hash: String,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(has_many = "super::user_tracks::Entity")]
UserTracks,
}
impl Related<super::user_tracks::Entity> for Entity {
fn to() -> RelationDef {
Relation::UserTracks.def()
}
}
impl Related<super::tracks::Entity> for Entity {
fn to() -> RelationDef {
super::user_tracks::Relation::Tracks.def()
}
fn via() -> Option<RelationDef> {
Some(super::user_tracks::Relation::User.def().rev())
}
}
impl ActiveModelBehavior for ActiveModel {}
impl ActiveModel {
pub fn new(name: impl AsRef<str>, password: impl AsRef<str>) -> error::Result<Self> {
use sea_orm::ActiveValue::Set;
let name = Set(name.as_ref().to_string());
let password_hash = Set(hash(password.as_ref(), DEFAULT_COST + 2)?);
Ok(Self {
name,
password_hash,
..default()
})
}
}
impl Model {
pub fn check_password(
self,
password: String,
) -> std::result::Result<Self, Either<Unauthorized<()>, ErrorResponder>> {
match verify(password, &self.password_hash) {
Ok(true) => Ok(self),
Ok(false) => Err(Left(Unauthorized(None))),
Err(err) => Err(Right(Error::from(err).into())),
}
}
pub async fn authorized_track(
&self,
track_id: i32,
db: &DatabaseConnection,
) -> Option<tracks::Model> {
self.find_related(super::prelude::Tracks)
.filter(tracks::Column::Id.eq(track_id))
.one(db)
.await
.ok()
.flatten()
}
pub async fn is_authorized_for(&self, track_id: i32, db: &DatabaseConnection) -> bool {
self.authorized_track(track_id, db).await.is_some()
}
pub async fn authorized_tracks(&self, db: &DatabaseConnection) -> Vec<tracks::Model> {
self.find_related(super::prelude::Tracks)
.all(db)
.await
.unwrap_or_default()
}
}

View file

@ -0,0 +1,46 @@
//! `SeaORM` Entity. Generated by sea-orm-codegen 0.11.3
use sea_orm::entity::prelude::*;
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq)]
#[sea_orm(table_name = "user_tracks")]
pub struct Model {
#[sea_orm(primary_key)]
pub id: i32,
pub user_id: i32,
pub track_id: i32,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(
belongs_to = "super::tracks::Entity",
from = "Column::TrackId",
to = "super::tracks::Column::Id",
on_update = "NoAction",
on_delete = "NoAction"
)]
Tracks,
#[sea_orm(
belongs_to = "super::user::Entity",
from = "Column::UserId",
to = "super::user::Column::Id",
on_update = "NoAction",
on_delete = "NoAction"
)]
User,
}
impl Related<super::tracks::Entity> for Entity {
fn to() -> RelationDef {
Relation::Tracks.def()
}
}
impl Related<super::user::Entity> for Entity {
fn to() -> RelationDef {
Relation::User.def()
}
}
impl ActiveModelBehavior for ActiveModel {}

View file

@ -1,5 +1,6 @@
use std::string;
use bcrypt::BcryptError;
use derive_builder::UninitializedFieldError;
#[derive(Debug, thiserror::Error)]
@ -18,6 +19,10 @@ pub enum Error {
Utf8(#[from] string::FromUtf8Error),
#[error(transparent)]
ChannelSendError(#[from] tokio::sync::broadcast::error::SendError<crate::api::update::Update>),
#[error(transparent)]
Bcrypt(#[from] BcryptError),
#[error(transparent)]
SerdeJson(#[from] serde_json::Error),
}
pub type Result<T> = std::result::Result<T, Error>;

View file

@ -1,4 +1,4 @@
#![feature(default_free_fn, proc_macro_hygiene, decl_macro)]
#![feature(default_free_fn, proc_macro_hygiene, decl_macro, never_type)]
#[macro_use]
extern crate rocket;
mod api;

View file

@ -0,0 +1,42 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.create_table(
Table::create()
.table(User::Table)
.if_not_exists()
.col(
ColumnDef::new(User::Id)
.integer()
.not_null()
.auto_increment()
.primary_key(),
)
.col(ColumnDef::new(User::Name).string().not_null())
.col(ColumnDef::new(User::PasswordHash).string().not_null())
.to_owned(),
)
.await
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.drop_table(Table::drop().table(User::Table).to_owned())
.await
}
}
/// Learn more at https://docs.rs/sea-query#iden
#[derive(Iden)]
pub(crate) enum User {
Table,
Id,
Name,
PasswordHash,
}

View file

@ -0,0 +1,57 @@
use super::{
m20230606_000001_create_tracks_table::Tracks, m20230626_083036_create_users_table::User,
};
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.create_table(
Table::create()
.table(UserTracks::Table)
.if_not_exists()
.col(
ColumnDef::new(UserTracks::Id)
.integer()
.not_null()
.primary_key()
.auto_increment(),
)
.col(ColumnDef::new(UserTracks::UserId).integer().not_null())
.col(ColumnDef::new(UserTracks::TrackId).integer().not_null())
.foreign_key(
ForeignKey::create()
.name("fk-user_tracks-user_id")
.from(UserTracks::Table, UserTracks::UserId)
.to(User::Table, User::Id),
)
.foreign_key(
ForeignKey::create()
.name("fk-user_tracks-track_id")
.from(UserTracks::Table, UserTracks::TrackId)
.to(Tracks::Table, Tracks::Id),
)
.to_owned(),
)
.await
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.drop_table(Table::drop().table(UserTracks::Table).to_owned())
.await
}
}
/// Learn more at https://docs.rs/sea-query#iden
#[derive(Iden)]
enum UserTracks {
Table,
Id,
UserId,
TrackId,
}

View file

@ -2,6 +2,8 @@ mod m20230606_000001_create_tracks_table;
mod m20230606_000002_create_ticks_table;
mod m20230606_000003_create_groups_table;
mod m20230606_000004_create_track2groups_table;
mod m20230626_083036_create_users_table;
mod m20230626_150551_associate_users_and_tracks;
use sea_orm_migration::prelude::*;
@ -15,6 +17,8 @@ impl MigratorTrait for Migrator {
Box::new(m20230606_000002_create_ticks_table::Migration),
Box::new(m20230606_000003_create_groups_table::Migration),
Box::new(m20230606_000004_create_track2groups_table::Migration),
Box::new(m20230626_083036_create_users_table::Migration),
Box::new(m20230626_150551_associate_users_and_tracks::Migration),
]
}
}