tracks are now relative to an authenticated user

Add entity and relations for user-tracks relationship
Add users-to-tracks many-to-many association
2023-06-27 06:11:44 -04:00 · 2023-06-27 06:11:44 -04:00 · 2023-06-27 06:11:44 -04:00 · 2023-06-27 06:11:44 -04:00 · 2023-06-27 06:11:44 -04:00
17 changed files with 515 additions and 46 deletions
--- a/docker-compose_dev.yml
+++ b/docker-compose_dev.yml
@ -14,7 +14,7 @@ services:
      POSTGRES_USER: kalkutago
      POSTGRES_DB: kalkutago
      POSTGRES_HOST: database
-    secrets: [ postgres-password ]
+    secrets: [ postgres-password, cookie-secret ]
    depends_on: [ database ]
    expose: [ 8000 ]
      # ports:
@ -25,6 +25,7 @@ services:
    labels:
      traefik.enable: true
      traefik.http.routers.kalkutago_server.rule: 'Host(`kalkutago`) && PathPrefix(`/api`)'
+
  database:
    image: postgres
    environment:
@ -65,6 +66,8 @@ services:
 secrets:
  postgres-password:
    file: ./server/postgres.pw
+  cookie-secret:
+    file: ./server/cookie-secret.pw

 networks:
  internal:
--- a/docker-compose_prod.yml
+++ b/docker-compose_prod.yml
@ -32,6 +32,8 @@ services:
 secrets:
  postgres-password:
    file: ./server/postgres.pw
+  cookie-secret:
+    file: ./server/cookie-secret.pw

 networks:
  internal:
--- a/server/Cargo.lock
+++ b/server/Cargo.lock
@ -8,6 +8,41 @@ version = "0.11.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3"

+[[package]]
+name = "aead"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0"
+dependencies = [
+ "crypto-common",
+ "generic-array",
+]
+
+[[package]]
+name = "aes"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "433cfd6710c9986c576a25ca913c39d66a6474107b406f34f91d4a8923395241"
+dependencies = [
+ "cfg-if",
+ "cipher",
+ "cpufeatures",
+]
+
+[[package]]
+name = "aes-gcm"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "209b47e8954a928e1d72e86eca7000ebb6655fe1436d33eefc2201cad027e237"
+dependencies = [
+ "aead",
+ "aes",
+ "cipher",
+ "ctr",
+ "ghash",
+ "subtle",
+]
+
 [[package]]
 name = "ahash"
 version = "0.7.6"
@ -380,7 +415,13 @@ version = "0.17.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7efb37c3e1ccb1ff97164ad95ac1606e8ccd35b3fa0a7d99a304c7f4a428cc24"
 dependencies = [
+ "aes-gcm",
+ "base64 0.21.2",
+ "hkdf",
 "percent-encoding",
+ "rand",
+ "sha2",
+ "subtle",
 "time 0.3.22",
 "version_check",
 ]
@ -426,9 +467,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
 dependencies = [
 "generic-array",
+ "rand_core",
 "typenum",
 ]

+[[package]]
+name = "ctr"
+version = "0.9.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835"
+dependencies = [
+ "cipher",
+]
+
 [[package]]
 name = "darling"
 version = "0.14.4"
@ -495,6 +546,17 @@ dependencies = [
 "syn 1.0.109",
 ]

+[[package]]
+name = "derive_deref"
+version = "1.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dcdbcee2d9941369faba772587a565f4f534e42cb8d17e5295871de730163b2b"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
 [[package]]
 name = "devise"
 version = "0.4.1"
@ -789,6 +851,16 @@ dependencies = [
 "wasi 0.11.0+wasi-snapshot-preview1",
 ]

+[[package]]
+name = "ghash"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d930750de5717d2dd0b8c0d42c076c0e884c81a73e6cab859bbd2339c71e3e40"
+dependencies = [
+ "opaque-debug",
+ "polyval",
+]
+
 [[package]]
 name = "glob"
 version = "0.3.1"
@ -1094,6 +1166,7 @@ dependencies = [
 "bcrypt",
 "chrono",
 "derive_builder",
+ "derive_deref",
 "either",
 "femme",
 "log",
@ -1292,6 +1365,12 @@ version = "1.18.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d"

+[[package]]
+name = "opaque-debug"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
+
 [[package]]
 name = "os_str_bytes"
 version = "6.5.1"
@ -1422,6 +1501,18 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"

+[[package]]
+name = "polyval"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7ef234e08c11dfcb2e56f79fd70f6f2eb7f025c0ce2333e82f4f0518ecad30c6"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "opaque-debug",
+ "universal-hash",
+]
+
 [[package]]
 name = "ppv-lite86"
 version = "0.2.17"
@ -2742,6 +2833,16 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39ec24b3121d976906ece63c9daad25b85969647682eee313cb5779fdd69e14e"

+[[package]]
+name = "universal-hash"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea"
+dependencies = [
+ "crypto-common",
+ "subtle",
+]
+
 [[package]]
 name = "untrusted"
 version = "0.7.1"
--- a/server/Cargo.toml
+++ b/server/Cargo.toml
@ -15,6 +15,7 @@ path = "src/main.rs"
 [dependencies]
 bcrypt = "0.14.0"
 chrono = "0.4.26"
+derive_deref = "1.1.1"
 femme = "2.2.1"
 log = { version = "0.4.19", features = ["kv_unstable", "kv_unstable_serde"] }
 sea-orm-migration = "0.11.3"
@ -41,7 +42,7 @@ features = [
 [dependencies.rocket]
 git = "https://github.com/SergioBenitez/Rocket"
 rev = "v0.5.0-rc.3"
-features = ["json"]
+features = ["json", "secrets"]

 [dependencies.serde]
 version = "1.0.163"
--- a/server/src/api/auth.rs
+++ b/server/src/api/auth.rs
@ -0,0 +1,83 @@
+use derive_deref::Deref;
+use log::warn;
+use rocket::{
+    http::{Cookie, CookieJar, Status},
+    outcome::IntoOutcome,
+    request::{self, FromRequest},
+    serde::json::Json,
+    Request, State,
+};
+use sea_orm::{prelude::*, DatabaseConnection};
+use serde::Deserialize;
+
+use crate::{
+    api::error::ApiResult,
+    entities::{prelude::*, *},
+    error::Error,
+};
+
+#[derive(Clone, Deserialize)]
+pub(super) struct LoginData {
+    name: String,
+    password: String,
+}
+
+#[put("/", data = "<user_data>", format = "application/json")]
+pub(super) async fn login(
+    db: &State<DatabaseConnection>,
+    user_data: Json<LoginData>,
+    cookies: &CookieJar<'_>,
+) -> ApiResult<Status> {
+    let users = User::find()
+        .filter(user::Column::Name.eq(&user_data.name))
+        .all(db as &DatabaseConnection)
+        .await
+        .map_err(Error::from)?;
+    if users.len() > 1 {
+        warn!(count = users.len(), name = &user_data.name; "multiple entries found in database for user");
+    }
+    let Some(user) = users.get(0) else {
+        return Ok(Status::Unauthorized);
+    };
+    cookies.add_private(Cookie::new(
+        "user",
+        serde_json::to_string(&user).map_err(Error::from)?,
+    ));
+    Ok(Status::Ok)
+}
+
+#[post("/", data = "<user_data>", format = "application/json")]
+pub(super) async fn sign_up(
+    db: &State<DatabaseConnection>,
+    user_data: Json<LoginData>,
+    cookies: &CookieJar<'_>,
+) -> ApiResult<()> {
+    let user_data = user::ActiveModel::new(&user_data.name, &user_data.password)?
+        .insert(db as &DatabaseConnection)
+        .await
+        .map_err(Error::from)?;
+    cookies.add_private(Cookie::new(
+        "user",
+        serde_json::to_string(&user_data).map_err(Error::from)?,
+    ));
+    Ok(())
+}
+
+/// Authentication guard
+#[derive(Deref)]
+pub(super) struct Auth(user::Model);
+
+#[rocket::async_trait]
+impl<'r> FromRequest<'r> for Auth {
+    type Error = ();
+    async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
+        let unauthorized = (Status::Unauthorized, ());
+        let Some(user) = request.cookies().get_private("user") else {
+            return request::Outcome::Failure(unauthorized);
+        };
+        serde_json::from_str(user.value())
+            .ok()
+            .map(|user| Auth(user))
+            .into_outcome(unauthorized)
+    }
+}
--- a/server/src/api/mod.rs
+++ b/server/src/api/mod.rs
@ -1,3 +1,4 @@
+mod auth;
 mod error;
 mod groups;
 #[cfg(feature = "unsafe_import")]
@ -8,11 +9,13 @@ pub(crate) mod update;

 use std::{
    default::default,
+    env, fs,
    net::{IpAddr, Ipv4Addr},
 };

 use crate::error::Error;
 use rocket::{
+    config::SecretKey,
    fs::{FileServer, NamedFile},
    response::stream::EventStream,
    routes, Build, Config, Rocket, State,
@ -61,6 +64,16 @@ async fn spa_index_redirect() -> ApiResult<NamedFile> {
        .map_err(Error::from)?)
 }

+fn get_secret() -> [u8; 32] {
+    let path =
+        env::var("COOKIE_SECRET_FILE").unwrap_or_else(|_| "/run/secrets/cookie-secret".into());
+    let file_contents =
+        fs::read(&path).unwrap_or_else(|err| panic!("failed to read from {path:?}: {err:?}"));
+    let mut data = [0u8; 32];
+    data.copy_from_slice(&file_contents);
+    data
+}
+
 pub(crate) fn start_server(db: DatabaseConnection) -> Rocket<Build> {
    use groups::*;
    use ticks::*;
@ -69,6 +82,7 @@ pub(crate) fn start_server(db: DatabaseConnection) -> Rocket<Build> {
    let it = rocket::build()
        .configure(Config {
            address: IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)),
+            secret_key: SecretKey::derive_from(&get_secret()),
            ..default()
        })
        .register("/", catchers![spa_index_redirect])
@ -98,6 +112,7 @@ pub(crate) fn start_server(db: DatabaseConnection) -> Rocket<Build> {
            "/api/v1/groups",
            routes![all_groups, group, insert_group, update_group, delete_group],
        )
+        .mount("/api/v1/auth", routes![auth::login, auth::sign_up])
        .mount("/", FileServer::from("/src/public"));

    #[cfg(feature = "unsafe_import")]
--- a/server/src/api/tracks.rs
+++ b/server/src/api/tracks.rs
@ -1,51 +1,72 @@
+use std::convert::Infallible;
+use std::default::default;
+
+use crate::api::auth::Auth;
 use crate::api::{self, error::ApiResult};
 use crate::entities::{prelude::*, *};
 use crate::error::Error;
 use either::Either::{self, Left, Right};
 use rocket::http::Status;
 use rocket::{serde::json::Json, State};
-use sea_orm::{prelude::*, DatabaseConnection};
+use sea_orm::{prelude::*, DatabaseConnection, IntoActiveModel, Statement, TryIntoModel};
 use tokio::sync::broadcast::Sender;

 use super::update::Update;
+use super::ErrorResponder;

 #[get("/")]
 pub(super) async fn all_tracks(
    db: &State<DatabaseConnection>,
+    authorized_user: Auth,
 ) -> ApiResult<Json<Vec<tracks::Model>>> {
    let db = db as &DatabaseConnection;
-    let tracks = Tracks::find().all(db).await.unwrap();
+    let tracks = authorized_user
+        .find_related(Tracks)
+        .all(db)
+        .await
+        .map_err(Error::from)?;
    Ok(Json(tracks))
 }

+async fn get_track_check_user(
+    db: &DatabaseConnection,
+    track_id: i32,
+    user: &user::Model,
+) -> Result<Json<tracks::Model>, Either<Status, api::ErrorResponder>> {
+    if let Some(Some(user)) = user
+        .find_related(Tracks)
+        .filter(tracks::Column::Id.eq(track_id))
+        .one(db)
+        .await
+        .transpose()
+        .map(|it| it.ok())
+    {
+        Ok(Json(user))
+    } else {
+        Err(Left(Status::NotFound))
+    }
+}
+
 #[get("/<id>")]
 pub(super) async fn track(
    db: &State<DatabaseConnection>,
    id: i32,
+    auth: Auth,
 ) -> Result<Json<tracks::Model>, Either<Status, api::ErrorResponder>> {
-    let db = db as &DatabaseConnection;
-    match Tracks::find_by_id(id).one(db).await {
-        Ok(Some(track)) => Ok(Json(track)),
-        Ok(None) => Err(Left(Status::NotFound)),
-        Err(err) => Err(Right(Error::from(err).into())),
-    }
+    get_track_check_user(db, id, &*auth).await
 }

 #[get("/<id>/ticks")]
 pub(super) async fn ticks_for_track(
    db: &State<DatabaseConnection>,
    id: i32,
+    auth: Auth,
 ) -> Result<Json<Vec<ticks::Model>>, Either<Status, api::ErrorResponder>> {
    let db = db as &DatabaseConnection;
-    match Tracks::find_by_id(id).one(db).await {
-        Ok(Some(track)) => {
-            let result = track.find_related(Ticks).all(db).await;
-            match result {
-                Ok(ticks) => Ok(Json(ticks)),
-                Err(err) => Err(Right(Error::from(err).into())),
-            }
-        }
-        Ok(None) => Err(Left(Status::NotFound)),
+    let track = get_track_check_user(db, id, &*auth).await?;
+    let result = track.find_related(Ticks).all(db).await;
+    match result {
+        Ok(ticks) => Ok(Json(ticks)),
        Err(err) => Err(Right(Error::from(err).into())),
    }
 }
@ -55,13 +76,59 @@ pub(super) async fn insert_track(
    db: &State<DatabaseConnection>,
    tx: &State<Sender<Update>>,
    track: Json<serde_json::Value>,
-) -> ApiResult<Json<tracks::Model>> {
-    let track = track.0;
-    let db = db as &DatabaseConnection;
-    let model = tracks::ActiveModel::from_json(track).map_err(Error::from)?;
-    let track = model.insert(db).await.map_err(Error::from)?;
+    auth: Auth,
+) -> Result<Json<tracks::Model>, Either<Status, ErrorResponder>> {
+    fn bad() -> Either<Status, ErrorResponder> {
+        Left(Status::BadRequest)
+    }
+    let track = track.0.as_object().ok_or_else(bad)?;
+    let Some(track_id) = db
+        .query_one(Statement::from_sql_and_values(
+            sea_orm::DatabaseBackend::Postgres,
+            "insert into $1 (user_id, track_id) values (
+                $2, (
+                    insert into $3 (
+                        name, description, icon, enabled, multiple_entries_per_day,
+                        color, order
+                    ) values (
+                        $4, $5, $6, $7, $8, $9, $10,
+                    ) returning id
+                )
+            ) returning track_id;",
+            [
+                user_tracks::Entity::default().table_name().into(),
+                auth.id.into(),
+                tracks::Entity::default().table_name().into(),
+                track.get("name").ok_or_else(bad)?.as_str().ok_or_else(bad)?.into(),
+                track
+                    .get("description")
+                    .ok_or_else(bad)?
+                    .as_str()
+                    .ok_or_else(bad)?
+                    .into(),
+                track.get("icon").ok_or_else(bad)?.as_str().ok_or_else(bad)?.into(),
+                track.get("enabled").ok_or_else(bad)?.as_i64().into(),
+                track
+                    .get("multiple_entries_per_day")
+                    .ok_or_else(bad)?
+                    .as_i64()
+                    .into(),
+                track.get("color").ok_or_else(bad)?.as_i64().into(),
+                track.get("order").ok_or_else(bad)?.as_i64().into(),
+            ],
+        ))
+        .await
+        .map_err(|err| Right(Error::from(err).into()))? else {
+            return Err(Right("no value returned from track insertion query".into()));
+        };
+    let track_id = track_id
+        .try_get_by_index(0)
+        .map_err(|err| Right(Error::from(err).into()))?;
+    let track = auth.authorized_track(track_id, db).await.ok_or_else(|| {
+        Right(format!("failed to fetch freshly inserted track with id {track_id}").into())
+    })?;
    tx.send(Update::track_added(track.clone()))
-        .map_err(Error::from)?;
+        .map_err(|err| Right(Error::from(err).into()))?;
    Ok(Json(track))
 }

@ -69,16 +136,21 @@ pub(super) async fn insert_track(
 pub(super) async fn update_track(
    db: &State<DatabaseConnection>,
    tx: &State<Sender<Update>>,
-    track: Json<serde_json::Value>,
-) -> ApiResult<Json<tracks::Model>> {
+    track: Json<tracks::Model>,
+    authorized_user: Auth,
+) -> Result<Json<tracks::Model>, Either<Status, api::ErrorResponder>> {
    let db = db as &DatabaseConnection;
-    let track = tracks::ActiveModel::from_json(track.0)
-        .map_err(Error::from)?
+    let track = track.0;
+    if !authorized_user.is_authorized_for(track.id, db).await {
+        return Err(Left(Status::Forbidden));
+    }
+    let track = track
+        .into_active_model()
        .update(db)
        .await
-        .map_err(Error::from)?;
+        .map_err(|err| Right(Error::from(err).into()))?;
    tx.send(Update::track_changed(track.clone()))
-        .map_err(Error::from)?;
+        .map_err(|err| Right(Error::from(err).into()))?;
    Ok(Json(track))
 }

@ -87,11 +159,13 @@ pub(super) async fn delete_track(
    db: &State<DatabaseConnection>,
    tx: &State<Sender<Update>>,
    id: i32,
+    authorized_user: Auth,
 ) -> ApiResult<Status> {
    let db = db as &DatabaseConnection;
-    let Some(track) = Tracks::find_by_id(id).one(db).await.map_err(Error::from)? else {
+    let Some(track) = authorized_user.authorized_track(id, db).await else {
        return Ok(Status::NotFound);
    };
+    track.clone().delete(db).await.map_err(Error::from)?;
    tx.send(Update::track_removed(track)).map_err(Error::from)?;
    Ok(Status::Ok)
 }
@ -101,15 +175,20 @@ pub(super) async fn ticked(
    db: &State<DatabaseConnection>,
    tx: &State<Sender<Update>>,
    id: i32,
-) -> ApiResult<Json<ticks::Model>> {
+    authorized_user: Auth,
+) -> Result<Json<ticks::Model>, Either<Status, api::ErrorResponder>> {
+    if !authorized_user.is_authorized_for(id, db).await {
+        return Err(Left(Status::Forbidden));
+    }
+
    let tick = ticks::ActiveModel::now(id);
    let tick = tick
        .insert(db as &DatabaseConnection)
        .await
-        .map_err(Error::from)?
+        .map_err(|err| Right(Error::from(err).into()))?
        .to_owned();
    tx.send(Update::tick_added(tick.clone()))
-        .map_err(Error::from)?;
+        .map_err(|err| Right(Error::from(err).into()))?;
    Ok(Json(tick))
 }

@ -121,7 +200,12 @@ pub(super) async fn ticked_on_date(
    year: i32,
    month: u32,
    day: u32,
+    authorized_user: Auth,
 ) -> ApiResult<Either<Json<ticks::Model>, Status>> {
+    if !authorized_user.is_authorized_for(id, db).await {
+        return Ok(Right(Status::Forbidden));
+    }
+
    let Some(date) = Date::from_ymd_opt(year, month, day) else {
        return Ok(Right(Status::BadRequest));
    };
@ -141,10 +225,14 @@ pub(super) async fn clear_all_ticks(
    db: &State<DatabaseConnection>,
    tx: &State<Sender<Update>>,
    id: i32,
+    authorized_user: Auth,
 ) -> ApiResult<Either<Status, Json<Vec<ticks::Model>>>> {
    let db = db as &DatabaseConnection;
-    let Some(track) = Tracks::find_by_id(id).one(db).await.map_err(Error::from)? else {
-        info!(track_id = id; "couldn't drop all ticks for track; track not found");
+    let Some(track) = authorized_user.authorized_track(id, db).await else {
+        info!(
+            track_id = id, user_id = authorized_user.id;
+            "couldn't drop all ticks for track; track not found or user not authorized"
+        );
        return Ok(Left(Status::NotFound));
    };
    let ticks = track
@ -167,8 +255,12 @@ pub(super) async fn clear_all_ticks_on_day(
    year: i32,
    month: u32,
    day: u32,
-) -> ApiResult<Json<Vec<ticks::Model>>> {
+    authorized_user: Auth,
+) -> ApiResult<Either<Status, Json<Vec<ticks::Model>>>> {
    let db = db as &DatabaseConnection;
+    if !authorized_user.is_authorized_for(id, db).await {
+        return Ok(Left(Status::Forbidden));
+    }
    let ticks = Ticks::find()
        .filter(ticks::Column::TrackId.eq(id))
        .filter(ticks::Column::Year.eq(year))
@ -181,5 +273,5 @@ pub(super) async fn clear_all_ticks_on_day(
        tick.clone().delete(db).await.map_err(Error::from)?;
        Update::tick_cancelled(tick).send(&tx)?;
    }
-    Ok(Json(ticks))
+    Ok(Right(Json(ticks)))
 }
--- a/server/src/entities/mod.rs
+++ b/server/src/entities/mod.rs
@ -7,3 +7,4 @@ pub mod ticks;
 pub mod track2_groups;
 pub mod tracks;
 pub mod user;
+pub mod user_tracks;
--- a/server/src/entities/prelude.rs
+++ b/server/src/entities/prelude.rs
@ -5,3 +5,4 @@ pub use super::ticks::Entity as Ticks;
 pub use super::track2_groups::Entity as Track2Groups;
 pub use super::tracks::Entity as Tracks;
 pub use super::user::Entity as User;
+pub use super::user_tracks::Entity as UserTracks;
--- a/server/src/entities/tracks.rs
+++ b/server/src/entities/tracks.rs
@ -24,6 +24,8 @@ pub enum Relation {
    Ticks,
    #[sea_orm(has_many = "super::track2_groups::Entity")]
    Track2Groups,
+    #[sea_orm(has_many = "super::user_tracks::Entity")]
+    UserTracks,
 }

 impl Related<super::ticks::Entity> for Entity {
@ -38,4 +40,19 @@ impl Related<super::track2_groups::Entity> for Entity {
    }
 }

+impl Related<super::user_tracks::Entity> for Entity {
+    fn to() -> RelationDef {
+        Relation::UserTracks.def()
+    }
+}
+
+impl Related<super::user::Entity> for Entity {
+    fn to() -> RelationDef {
+        super::user_tracks::Relation::User.def()
+    }
+    fn via() -> Option<RelationDef> {
+        Some(super::user_tracks::Relation::Tracks.def().rev())
+    }
+}
+
 impl ActiveModelBehavior for ActiveModel {}
--- a/server/src/entities/user.rs
+++ b/server/src/entities/user.rs
@ -3,34 +3,57 @@
 use std::default::default;

 use bcrypt::*;
+// TODO Add option for argon2 https://docs.rs/argon2/latest/argon2/
 use either::Either::{self, Left, Right};
 use rocket::response::status::Unauthorized;
 use sea_orm::entity::prelude::*;
+use serde::{Deserialize, Serialize};

 use crate::{
    api::ErrorResponder,
    error::{self, Error},
 };

-#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq)]
+use super::tracks;
+
+#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
 #[sea_orm(table_name = "user")]
 pub struct Model {
    #[sea_orm(primary_key)]
+    #[serde(skip_deserializing)]
    pub id: i32,
    pub name: String,
    pub password_hash: String,
 }

 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
-pub enum Relation {}
+pub enum Relation {
+    #[sea_orm(has_many = "super::user_tracks::Entity")]
+    UserTracks,
+}
+impl Related<super::user_tracks::Entity> for Entity {
+    fn to() -> RelationDef {
+        Relation::UserTracks.def()
+    }
+}
+
+impl Related<super::tracks::Entity> for Entity {
+    fn to() -> RelationDef {
+        super::user_tracks::Relation::Tracks.def()
+    }
+
+    fn via() -> Option<RelationDef> {
+        Some(super::user_tracks::Relation::User.def().rev())
+    }
+}

 impl ActiveModelBehavior for ActiveModel {}

 impl ActiveModel {
-    pub fn new(name: String, password: String) -> error::Result<Self> {
+    pub fn new(name: impl AsRef<str>, password: impl AsRef<str>) -> error::Result<Self> {
        use sea_orm::ActiveValue::Set;
-        let name = Set(name);
-        let password_hash = Set(hash(password, DEFAULT_COST + 2)?);
+        let name = Set(name.as_ref().to_string());
+        let password_hash = Set(hash(password.as_ref(), DEFAULT_COST + 2)?);
        Ok(Self {
            name,
            password_hash,
@ -50,4 +73,27 @@ impl Model {
            Err(err) => Err(Right(Error::from(err).into())),
        }
    }
+
+    pub async fn authorized_track(
+        &self,
+        track_id: i32,
+        db: &DatabaseConnection,
+    ) -> Option<tracks::Model> {
+        self.find_related(super::prelude::Tracks)
+            .filter(tracks::Column::Id.eq(track_id))
+            .one(db)
+            .await
+            .ok()
+            .flatten()
+    }
+    pub async fn is_authorized_for(&self, track_id: i32, db: &DatabaseConnection) -> bool {
+        self.authorized_track(track_id, db).await.is_some()
+    }
+
+    pub async fn authorized_tracks(&self, db: &DatabaseConnection) -> Vec<tracks::Model> {
+        self.find_related(super::prelude::Tracks)
+            .all(db)
+            .await
+            .unwrap_or_default()
+    }
 }
--- a/server/src/entities/user_tracks.rs
+++ b/server/src/entities/user_tracks.rs
@ -0,0 +1,46 @@
+//! `SeaORM` Entity. Generated by sea-orm-codegen 0.11.3
+
+use sea_orm::entity::prelude::*;
+
+#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq)]
+#[sea_orm(table_name = "user_tracks")]
+pub struct Model {
+    #[sea_orm(primary_key)]
+    pub id: i32,
+    pub user_id: i32,
+    pub track_id: i32,
+}
+
+#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
+pub enum Relation {
+    #[sea_orm(
+        belongs_to = "super::tracks::Entity",
+        from = "Column::TrackId",
+        to = "super::tracks::Column::Id",
+        on_update = "NoAction",
+        on_delete = "NoAction"
+    )]
+    Tracks,
+    #[sea_orm(
+        belongs_to = "super::user::Entity",
+        from = "Column::UserId",
+        to = "super::user::Column::Id",
+        on_update = "NoAction",
+        on_delete = "NoAction"
+    )]
+    User,
+}
+
+impl Related<super::tracks::Entity> for Entity {
+    fn to() -> RelationDef {
+        Relation::Tracks.def()
+    }
+}
+
+impl Related<super::user::Entity> for Entity {
+    fn to() -> RelationDef {
+        Relation::User.def()
+    }
+}
+
+impl ActiveModelBehavior for ActiveModel {}
--- a/server/src/error.rs
+++ b/server/src/error.rs
@ -21,6 +21,8 @@ pub enum Error {
    ChannelSendError(#[from] tokio::sync::broadcast::error::SendError<crate::api::update::Update>),
    #[error(transparent)]
    Bcrypt(#[from] BcryptError),
+    #[error(transparent)]
+    SerdeJson(#[from] serde_json::Error),
 }

 pub type Result<T> = std::result::Result<T, Error>;
--- a/server/src/main.rs
+++ b/server/src/main.rs
@ -1,4 +1,4 @@
-#![feature(default_free_fn, proc_macro_hygiene, decl_macro)]
+#![feature(default_free_fn, proc_macro_hygiene, decl_macro, never_type)]
 #[macro_use]
 extern crate rocket;
 mod api;
--- a/server/src/migrator/m20230626_083036_create_users_table.rs
+++ b/server/src/migrator/m20230626_083036_create_users_table.rs
@ -34,7 +34,7 @@ impl MigrationTrait for Migration {

 /// Learn more at https://docs.rs/sea-query#iden
 #[derive(Iden)]
-enum User {
+pub(crate) enum User {
    Table,
    Id,
    Name,
--- a/server/src/migrator/m20230626_150551_associate_users_and_tracks.rs
+++ b/server/src/migrator/m20230626_150551_associate_users_and_tracks.rs
@ -0,0 +1,57 @@
+use super::{
+    m20230606_000001_create_tracks_table::Tracks, m20230626_083036_create_users_table::User,
+};
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .create_table(
+                Table::create()
+                    .table(UserTracks::Table)
+                    .if_not_exists()
+                    .col(
+                        ColumnDef::new(UserTracks::Id)
+                            .integer()
+                            .not_null()
+                            .primary_key()
+                            .auto_increment(),
+                    )
+                    .col(ColumnDef::new(UserTracks::UserId).integer().not_null())
+                    .col(ColumnDef::new(UserTracks::TrackId).integer().not_null())
+                    .foreign_key(
+                        ForeignKey::create()
+                            .name("fk-user_tracks-user_id")
+                            .from(UserTracks::Table, UserTracks::UserId)
+                            .to(User::Table, User::Id),
+                    )
+                    .foreign_key(
+                        ForeignKey::create()
+                            .name("fk-user_tracks-track_id")
+                            .from(UserTracks::Table, UserTracks::TrackId)
+                            .to(Tracks::Table, Tracks::Id),
+                    )
+                    .to_owned(),
+            )
+            .await
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .drop_table(Table::drop().table(UserTracks::Table).to_owned())
+            .await
+    }
+}
+
+/// Learn more at https://docs.rs/sea-query#iden
+#[derive(Iden)]
+enum UserTracks {
+    Table,
+    Id,
+    UserId,
+    TrackId,
+}
--- a/server/src/migrator/mod.rs
+++ b/server/src/migrator/mod.rs
@ -3,6 +3,7 @@ mod m20230606_000002_create_ticks_table;
 mod m20230606_000003_create_groups_table;
 mod m20230606_000004_create_track2groups_table;
 mod m20230626_083036_create_users_table;
+mod m20230626_150551_associate_users_and_tracks;

 use sea_orm_migration::prelude::*;

@ -17,6 +18,7 @@ impl MigratorTrait for Migrator {
            Box::new(m20230606_000003_create_groups_table::Migration),
            Box::new(m20230606_000004_create_track2groups_table::Migration),
            Box::new(m20230626_083036_create_users_table::Migration),
+            Box::new(m20230626_150551_associate_users_and_tracks::Migration),
        ]
    }
 }
Author	SHA1	Message	Date
D. Scott Boggs	29c022b951	tracks are now relative to an authenticated user	2023-06-27 06:11:44 -04:00
D. Scott Boggs	0d750f4b64	Add entity and relations for user-tracks relationship	2023-06-27 06:11:44 -04:00
D. Scott Boggs	5cb9a411c1	Add users-to-tracks many-to-many association	2023-06-27 06:11:44 -04:00
D. Scott Boggs	b82b76d736	Add login+sign_up routes and auth guard	2023-06-27 06:11:44 -04:00
D. Scott Boggs	cc89884977	Add support for rocket's "secret cookies"	2023-06-27 06:11:44 -04:00