Bommels05/Modrinth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Scoped PATs (#651)

Browse Source 
* Scoped PATs

* fix threads issues

* fix migration
This commit is contained in:
Geometrically 2023-07-10 16:44:40 -07:00 committed by GitHub
parent 366ea63209
commit 7fbb8838e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
42 changed files with 2560 additions and 1402 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
Cargo.lock generated
View File

@ -1280,6 +1280,22 @@ dependencies = [
"serde",
]
[[package]]
name = "email-encoding"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dbfb21b9878cf7a348dcb8559109aabc0ec40d69924bd706fa5149846c4fef75"
dependencies = [
"base64 0.21.2",
"memchr",
]
[[package]]
name = "email_address"
version = "0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e2153bd83ebc09db15bcbdc3e2194d901804952e3dc96967e1cd3b0c5c32d112"
[[package]]
name = "encoding_rs"
version = "0.8.32"
@ -1874,6 +1890,16 @@ version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39"
[[package]]
name = "idna"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e14ddfc70884202db2244c223200c204c2bda1bc6e0998d11b5e024d657209e6"
dependencies = [
"unicode-bidi",
"unicode-normalization",
]
[[package]]
name = "idna"
version = "0.4.0"
@ -2093,6 +2119,7 @@ dependencies = [
"image",
"itertools 0.11.0",
"lazy_static",
"lettre",
"log",
"meilisearch-sdk",
"rand",
@ -2144,6 +2171,29 @@ version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "03087c2bad5e1034e8cace5926dec053fb3790248370865f5117a7d0213354c8"
[[package]]
name = "lettre"
version = "0.10.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "76bd09637ae3ec7bd605b8e135e757980b3968430ff2b1a4a94fb7769e50166d"
dependencies = [
"base64 0.21.2",
"email-encoding",
"email_address",
"fastrand",
"futures-util",
"hostname",
"httpdate",
"idna 0.3.0",
"mime",
"native-tls",
"nom 7.1.3",
"once_cell",
"quoted_printable",
"socket2",
"tokio",
]
[[package]]
name = "lexical-core"
version = "0.7.6"
@ -2978,6 +3028,12 @@ dependencies = [
"proc-macro2",
]
[[package]]
name = "quoted_printable"
version = "0.4.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a3866219251662ec3b26fc217e3e05bf9c4f84325234dfb96bf0bf840889e49"
[[package]]
name = "r2d2"
version = "0.8.10"
@ -4408,7 +4464,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "50bff7831e19200a85b17131d085c25d7811bc4e186efdaf54bbd132994a88cb"
dependencies = [
"form_urlencoded",
"idna",
"idna 0.4.0",
"percent-encoding",
"serde",
]
@ -4441,7 +4497,7 @@ version = "0.16.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b92f40481c04ff1f4f61f304d61793c7b56ff76ac1469f1beb199b1445b253bd"
dependencies = [
"idna",
"idna 0.4.0",
"lazy_static",
"phonenumber",
"regex",

4
Cargo.toml
View File

@ -79,4 +79,6 @@ sentry-actix = "0.31.5"
image = "0.24.6"
color-thief = "0.2.2"
woothee = "0.13.0"
woothee = "0.13.0"
lettre = "0.10.4"

44
migrations/20230710034250_flows.sql Normal file
View File

@ -0,0 +1,44 @@
CREATE INDEX sessions_session
ON sessions (session);
CREATE TABLE flows (
id bigint NOT NULL PRIMARY KEY,
flow varchar(64) NOT NULL UNIQUE,
user_id BIGINT NOT NULL REFERENCES users(id),
expires timestamptz NOT NULL,
flow_type varchar(64) NOT NULL
);
CREATE INDEX flows_flow
ON flows (flow);
DROP TABLE pats;
CREATE TABLE pats (
id BIGINT PRIMARY KEY,
name VARCHAR(255) NOT NULL,
user_id BIGINT NOT NULL REFERENCES users(id),
access_token VARCHAR(64) NOT NULL UNIQUE,
scopes BIGINT NOT NULL,
created timestamptz NOT NULL DEFAULT CURRENT_TIMESTAMP,
expires timestamptz NOT NULL,
last_used timestamptz NULL
);
CREATE INDEX pats_user_id
ON pats (user_id);
CREATE INDEX pats_access_token
ON pats (access_token);
ALTER TABLE mods DROP COLUMN thread_id;
ALTER TABLE reports DROP COLUMN thread_id;
DELETE FROM threads_members;
DELETE FROM threads_messages;
DELETE FROM threads;
ALTER TABLE threads
ADD COLUMN report_id bigint references reports ON UPDATE CASCADE NULL;
ALTER TABLE threads
ADD COLUMN mod_id bigint references mods ON UPDATE CASCADE NULL;

1285
sqlx-data.json
View File

File diff suppressed because it is too large Load Diff

2
src/auth/mod.rs
View File

@ -1,6 +1,6 @@
pub mod checks;
pub mod flows;
pub mod pat;
pub mod pats;
pub mod session;
pub mod validate;

115
src/auth/pat.rs
View File

@ -1,115 +0,0 @@
// use crate::auth::AuthenticationError;
// use crate::database;
// use crate::database::models::{DatabaseError, UserId};
// use crate::models::users::{self, Badges, RecipientType, RecipientWallet};
// use censor::Censor;
// use chrono::{NaiveDateTime, Utc};
// use rand::Rng;
// use serde::{Deserialize, Serialize};
//
// #[derive(Serialize, Deserialize)]
// pub struct PersonalAccessToken {
// pub id: String,
// pub name: Option<String>,
// pub access_token: Option<String>,
// pub scope: i64,
// pub user_id: users::UserId,
// pub expires_at: NaiveDateTime,
// }
// // Find database user from PAT token
// // Separate to user_items as it may yet include further behaviour.
// pub async fn get_user_from_pat<'a, E>(
// access_token: &str,
// executor: E,
// ) -> Result<Option<database::models::User>, AuthenticationError>
// where
// E: sqlx::Executor<'a, Database = sqlx::Postgres>,
// {
// let row = sqlx::query!(
// "
// SELECT pats.expires_at,
// u.id, u.name, u.email,
// u.avatar_url, u.username, u.bio,
// u.created, u.role, u.badges,
// u.balance, u.payout_wallet, u.payout_wallet_type, u.payout_address,
// github_id, discord_id, gitlab_id, google_id, steam_id, microsoft_id
// FROM pats LEFT OUTER JOIN users u ON pats.user_id = u.id
// WHERE access_token = $1
// ",
// access_token
// )
// .fetch_optional(executor)
// .await?;
// if let Some(row) = row {
// if row.expires_at < Utc::now().naive_utc() {
// return Ok(None);
// }
//
// return Ok(Some(database::models::User {
// id: UserId(row.id),
// name: row.name,
// github_id: row.github_id,
// discord_id: row.discord_id,
// gitlab_id: row.gitlab_id,
// google_id: row.google_id,
// steam_id: row.steam_id,
// microsoft_id: row.microsoft_id,
// email: row.email,
// avatar_url: row.avatar_url,
// username: row.username,
// bio: row.bio,
// created: row.created,
// role: row.role,
// badges: Badges::from_bits(row.badges as u64).unwrap_or_default(),
// balance: row.balance,
// payout_wallet: row.payout_wallet.map(|x| RecipientWallet::from_string(&x)),
// payout_wallet_type: row
// .payout_wallet_type
// .map(|x| RecipientType::from_string(&x)),
// payout_address: row.payout_address,
// }));
// }
// Ok(None)
// }
//
// // Generate a new 128 char PAT token starting with 'modrinth_pat_'
// pub async fn generate_pat(
// con: &mut sqlx::Transaction<'_, sqlx::Postgres>,
// ) -> Result<String, DatabaseError> {
// let mut rng = rand::thread_rng();
// let mut retry_count = 0;
// let censor = Censor::Standard + Censor::Sex;
//
// // First generate the PAT token as a random 128 char string. This may include uppercase and lowercase and numbers only.
// loop {
// let mut access_token = String::with_capacity(63);
// access_token.push_str("modrinth_pat_");
// for _ in 0..51 {
// let c = rng.gen_range(0..62);
// if c < 10 {
// access_token.push(char::from_u32(c + 48).unwrap()); // 0-9
// } else if c < 36 {
// access_token.push(char::from_u32(c + 55).unwrap()); // A-Z
// } else {
// access_token.push(char::from_u32(c + 61).unwrap()); // a-z
// }
// }
// let results = sqlx::query!(
// "
// SELECT EXISTS(SELECT 1 FROM pats WHERE access_token=$1)
// ",
// access_token
// )
// .fetch_one(&mut *con)
// .await?;
//
// if !results.exists.unwrap_or(true) && !censor.check(&access_token) {
// break Ok(access_token);
// }
//
// retry_count += 1;
// if retry_count > 15 {
// return Err(DatabaseError::RandomId);
// }
// }
// }

269
src/auth/pats.rs Normal file
View File

@ -0,0 +1,269 @@
use crate::database;
use crate::database::models::generate_pat_id;
use crate::auth::get_user_from_headers;
use crate::routes::ApiError;
use actix_web::web::{self, Data};
use actix_web::{delete, get, patch, post, HttpRequest, HttpResponse};
use chrono::{DateTime, Utc};
use rand::distributions::Alphanumeric;
use rand::Rng;
use rand_chacha::rand_core::SeedableRng;
use rand_chacha::ChaCha20Rng;
use crate::models::pats::{PersonalAccessToken, Scopes};
use crate::queue::session::AuthQueue;
use crate::util::validate::validation_errors_to_string;
use serde::Deserialize;
use sqlx::postgres::PgPool;
use validator::Validate;
pub fn config(cfg: &mut web::ServiceConfig) {
cfg.service(get_pats);
cfg.service(create_pat);
cfg.service(edit_pat);
cfg.service(delete_pat);
}
#[get("pat")]
pub async fn get_pats(
req: HttpRequest,
pool: Data<PgPool>,
redis: Data<deadpool_redis::Pool>,
session_queue: Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PAT_READ]),
)
.await?
.1;
let pat_ids = database::models::pat_item::PersonalAccessToken::get_user_pats(
user.id.into(),
&**pool,
&redis,
)
.await?;
let pats =
database::models::pat_item::PersonalAccessToken::get_many_ids(&pat_ids, &**pool, &redis)
.await?;
Ok(HttpResponse::Ok().json(
pats.into_iter()
.map(|x| PersonalAccessToken::from(x, false))
.collect::<Vec<_>>(),
))
}
#[derive(Deserialize, Validate)]
pub struct NewPersonalAccessToken {
pub scopes: Scopes,
#[validate(length(min = 3, max = 255))]
pub name: String,
pub expires: DateTime<Utc>,
}
#[post("pat")]
pub async fn create_pat(
req: HttpRequest,
info: web::Json<NewPersonalAccessToken>,
pool: Data<PgPool>,
redis: Data<deadpool_redis::Pool>,
session_queue: Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
info.0
.validate()
.map_err(|err| ApiError::InvalidInput(validation_errors_to_string(err, None)))?;
if info.scopes.restricted() {
return Err(ApiError::InvalidInput(
"Invalid scopes requested!".to_string(),
));
}
if info.expires < Utc::now() {
return Err(ApiError::InvalidInput(
"Expire date must be in the future!".to_string(),
));
}
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PAT_CREATE]),
)
.await?
.1;
let mut transaction = pool.begin().await?;
let id = generate_pat_id(&mut transaction).await?;
let token = ChaCha20Rng::from_entropy()
.sample_iter(&Alphanumeric)
.take(60)
.map(char::from)
.collect::<String>();
let token = format!("mrp_{}", token);
let name = info.name.clone();
database::models::pat_item::PersonalAccessToken {
id,
name: name.clone(),
access_token: token.clone(),
scopes: info.scopes,
user_id: user.id.into(),
created: Utc::now(),
expires: info.expires,
last_used: None,
}
.insert(&mut transaction)
.await?;
database::models::pat_item::PersonalAccessToken::clear_cache(
vec![(None, None, Some(user.id.into()))],
&redis,
)
.await?;
transaction.commit().await?;
Ok(HttpResponse::Ok().json(PersonalAccessToken {
id: id.into(),
name,
access_token: Some(token),
scopes: info.scopes,
user_id: user.id,
created: Utc::now(),
expires: info.expires,
last_used: None,
}))
}
#[derive(Deserialize, Validate)]
pub struct ModifyPersonalAccessToken {
pub scopes: Option<Scopes>,
#[validate(length(min = 3, max = 255))]
pub name: Option<String>,
pub expires: Option<DateTime<Utc>>,
}
#[patch("pat/{id}")]
pub async fn edit_pat(
req: HttpRequest,
id: web::Path<(String,)>,
info: web::Json<ModifyPersonalAccessToken>,
pool: Data<PgPool>,
redis: Data<deadpool_redis::Pool>,
session_queue: Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PAT_WRITE]),
)
.await?
.1;
let id = id.into_inner().0;
let pat = database::models::pat_item::PersonalAccessToken::get(&id, &**pool, &redis).await?;
if let Some(pat) = pat {
if pat.user_id == user.id.into() {
let mut transaction = pool.begin().await?;
if let Some(scopes) = &info.scopes {
sqlx::query!(
"
UPDATE pats
SET scopes = $1
WHERE id = $2
",
scopes.bits() as i64,
pat.id.0
)
.execute(&mut *transaction)
.await?;
}
if let Some(name) = &info.name {
sqlx::query!(
"
UPDATE pats
SET name = $1
WHERE id = $2
",
name,
pat.id.0
)
.execute(&mut *transaction)
.await?;
}
if let Some(expires) = &info.expires {
sqlx::query!(
"
UPDATE pats
SET expires = $1
WHERE id = $2
",
expires,
pat.id.0
)
.execute(&mut *transaction)
.await?;
}
database::models::pat_item::PersonalAccessToken::clear_cache(
vec![(Some(pat.id), Some(pat.access_token), Some(pat.user_id))],
&redis,
)
.await?;
transaction.commit().await?;
}
}
Ok(HttpResponse::NoContent().finish())
}
#[delete("pat/{id}")]
pub async fn delete_pat(
req: HttpRequest,
id: web::Path<(String,)>,
pool: Data<PgPool>,
redis: Data<deadpool_redis::Pool>,
session_queue: Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PAT_DELETE]),
)
.await?
.1;
let id = id.into_inner().0;
let pat = database::models::pat_item::PersonalAccessToken::get(&id, &**pool, &redis).await?;
if let Some(pat) = pat {
if pat.user_id == user.id.into() {
let mut transaction = pool.begin().await?;
database::models::pat_item::PersonalAccessToken::remove(pat.id, &mut transaction)
.await?;
database::models::pat_item::PersonalAccessToken::clear_cache(
vec![(Some(pat.id), Some(pat.access_token), Some(pat.user_id))],
&redis,
)
.await?;
transaction.commit().await?;
}
}
Ok(HttpResponse::NoContent().finish())
}

33
src/auth/session.rs
View File

@ -2,8 +2,9 @@ use crate::auth::{get_user_from_headers, AuthenticationError};
use crate::database::models::session_item::Session as DBSession;
use crate::database::models::session_item::SessionBuilder;
use crate::database::models::UserId;
use crate::models::pats::Scopes;
use crate::models::sessions::Session;
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use crate::routes::ApiError;
use crate::util::env::parse_var;
use actix_web::http::header::AUTHORIZATION;
@ -122,9 +123,17 @@ pub async fn list(
req: HttpRequest,
pool: Data<PgPool>,
redis: Data<deadpool_redis::Pool>,
session_queue: Data<SessionQueue>,
session_queue: Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let current_user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let current_user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::SESSION_READ]),
)
.await?
.1;
let session_ids = DBSession::get_user_sessions(current_user.id.into(), &**pool, &redis).await?;
let sessions = DBSession::get_many_ids(&session_ids, &**pool, &redis)
@ -143,9 +152,17 @@ pub async fn delete(
req: HttpRequest,
pool: Data<PgPool>,
redis: Data<deadpool_redis::Pool>,
session_queue: Data<SessionQueue>,
session_queue: Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let current_user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let current_user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::SESSION_DELETE]),
)
.await?
.1;
let session = DBSession::get(info.into_inner().0, &**pool, &redis).await?;
@ -174,9 +191,11 @@ pub async fn refresh(
req: HttpRequest,
pool: Data<PgPool>,
redis: Data<deadpool_redis::Pool>,
session_queue: Data<SessionQueue>,
session_queue: Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let current_user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let current_user = get_user_from_headers(&req, &**pool, &redis, &session_queue, None)
.await?
.1;
let session = req
.headers()
.get(AUTHORIZATION)

66
src/auth/validate.rs
View File

@ -2,8 +2,9 @@ use crate::auth::flows::AuthProvider;
use crate::auth::session::get_session_metadata;
use crate::auth::AuthenticationError;
use crate::database::models::user_item;
use crate::models::pats::Scopes;
use crate::models::users::{Role, User, UserId, UserPayoutData};
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use actix_web::HttpRequest;
use chrono::Utc;
use reqwest::header::{HeaderValue, AUTHORIZATION};
@ -12,8 +13,9 @@ pub async fn get_user_from_headers<'a, E>(
req: &HttpRequest,
executor: E,
redis: &deadpool_redis::Pool,
session_queue: &SessionQueue,
) -> Result<User, AuthenticationError>
session_queue: &AuthQueue,
required_scopes: Option<&[Scopes]>,
) -> Result<(Scopes, User), AuthenticationError>
where
E: sqlx::Executor<'a, Database = sqlx::Postgres> + Copy,
{
@ -21,7 +23,7 @@ where
let token: Option<&HeaderValue> = headers.get(AUTHORIZATION);
// Fetch DB user record and minos user from headers
let db_user = get_user_record_from_bearer_token(
let (scopes, db_user) = get_user_record_from_bearer_token(
req,
token
.ok_or_else(|| AuthenticationError::InvalidAuthMethod)?
@ -57,7 +59,16 @@ where
payout_address: db_user.payout_address,
}),
};
Ok(user)
if let Some(required_scopes) = required_scopes {
for scope in required_scopes {
if !scopes.contains(*scope) {
return Err(AuthenticationError::InvalidCredentials);
}
}
}
Ok((scopes, user))
}
pub async fn get_user_record_from_bearer_token<'a, 'b, E>(
@ -65,13 +76,28 @@ pub async fn get_user_record_from_bearer_token<'a, 'b, E>(
token: &str,
executor: E,
redis: &deadpool_redis::Pool,
session_queue: &SessionQueue,
) -> Result<Option<user_item::User>, AuthenticationError>
session_queue: &AuthQueue,
) -> Result<Option<(Scopes, user_item::User)>, AuthenticationError>
where
E: sqlx::Executor<'a, Database = sqlx::Postgres> + Copy,
{
let possible_user = match token.split_once('_') {
//Some(("modrinth", _)) => get_user_from_pat(token, executor).await?,
Some(("mrp", _)) => {
let pat =
crate::database::models::pat_item::PersonalAccessToken::get(token, executor, redis)
.await?
.ok_or_else(|| AuthenticationError::InvalidCredentials)?;
if pat.expires < Utc::now() {
return Err(AuthenticationError::InvalidCredentials);
}
let user = user_item::User::get_id(pat.user_id, executor, redis).await?;
session_queue.add_pat(pat.id).await;
user.map(|x| (pat.scopes, x))
}
Some(("mra", _)) => {
let session =
crate::database::models::session_item::Session::get(token, executor, redis)
@ -85,23 +111,31 @@ where
let user = user_item::User::get_id(session.user_id, executor, redis).await?;
let rate_limit_ignore = dotenvy::var("RATE_LIMIT_IGNORE_KEY")?;
if !req.headers().get("x-ratelimit-key").and_then(|x| x.to_str().ok()).map(|x| x == rate_limit_ignore).unwrap_or(false) {
if !req
.headers()
.get("x-ratelimit-key")
.and_then(|x| x.to_str().ok())
.map(|x| x == rate_limit_ignore)
.unwrap_or(false)
{
let metadata = get_session_metadata(req).await?;
session_queue.add(session.id, metadata).await;
session_queue.add_session(session.id, metadata).await;
}
user
user.map(|x| (Scopes::ALL, x))
}
Some(("github", _)) | Some(("gho", _)) | Some(("ghp", _)) => {
let user = AuthProvider::GitHub.get_user(token).await?;
let id = AuthProvider::GitHub.get_user_id(&user.id, executor).await?;
user_item::User::get_id(
let user = user_item::User::get_id(
id.ok_or_else(|| AuthenticationError::InvalidCredentials)?,
executor,
redis,
)
.await?
.await?;
user.map(|x| (Scopes::ALL, x))
}
_ => return Err(AuthenticationError::InvalidAuthMethod),
};
@ -112,12 +146,14 @@ pub async fn check_is_moderator_from_headers<'a, 'b, E>(
req: &HttpRequest,
executor: E,
redis: &deadpool_redis::Pool,
session_queue: &SessionQueue,
session_queue: &AuthQueue,
) -> Result<User, AuthenticationError>
where
E: sqlx::Executor<'a, Database = sqlx::Postgres> + Copy,
{
let user = get_user_from_headers(req, executor, redis, session_queue).await?;
let user = get_user_from_headers(req, executor, redis, session_queue, None)
.await?
.1;
if user.role.is_mod() {
Ok(user)

21
src/database/models/ids.rs
View File

@ -83,13 +83,13 @@ generate_ids!(
"SELECT EXISTS(SELECT 1 FROM states WHERE id=$1)",
StateId
);
// generate_ids!(
// pub generate_pat_id,
// PatId,
// 8,
// "SELECT EXISTS(SELECT 1 FROM pats WHERE id=$1)",
// PatId
// );
generate_ids!(
pub generate_pat_id,
PatId,
8,
"SELECT EXISTS(SELECT 1 FROM pats WHERE id=$1)",
PatId
);
generate_ids!(
pub generate_user_id,
@ -193,7 +193,7 @@ pub struct FileId(pub i64);
#[sqlx(transparent)]
pub struct StateId(pub i64);
#[derive(Copy, Clone, Debug, Type)]
#[derive(Copy, Clone, Debug, Type, Deserialize, Serialize)]
#[sqlx(transparent)]
pub struct PatId(pub i64);
@ -302,3 +302,8 @@ impl From<SessionId> for ids::SessionId {
ids::SessionId(id.0 as u64)
}
}
impl From<PatId> for ids::PatId {
fn from(id: PatId) -> Self {
ids::PatId(id.0 as u64)
}
}

1
src/database/models/mod.rs
View File

@ -3,6 +3,7 @@ use thiserror::Error;
pub mod categories;
pub mod ids;
pub mod notification_item;
pub mod pat_item;
pub mod project_item;
pub mod report_item;
pub mod session_item;

289
src/database/models/pat_item.rs Normal file
View File

@ -0,0 +1,289 @@
use super::ids::*;
use crate::database::models::DatabaseError;
use crate::models::ids::base62_impl::{parse_base62, to_base62};
use crate::models::pats::Scopes;
use chrono::{DateTime, Utc};
use redis::cmd;
use serde::{Deserialize, Serialize};
const PATS_NAMESPACE: &str = "pats";
const PATS_TOKENS_NAMESPACE: &str = "pats_tokens";
const PATS_USERS_NAMESPACE: &str = "pats_users";
const DEFAULT_EXPIRY: i64 = 1800; // 30 minutes
#[derive(Deserialize, Serialize)]
pub struct PersonalAccessToken {
pub id: PatId,
pub name: String,
pub access_token: String,
pub scopes: Scopes,
pub user_id: UserId,
pub created: DateTime<Utc>,
pub expires: DateTime<Utc>,
pub last_used: Option<DateTime<Utc>>,
}
impl PersonalAccessToken {
pub async fn insert(
&self,
transaction: &mut sqlx::Transaction<'_, sqlx::Postgres>,
) -> Result<(), DatabaseError> {
sqlx::query!(
"
INSERT INTO pats (
id, name, access_token, scopes, user_id,
expires
)
VALUES (
$1, $2, $3, $4, $5,
$6
)
",
self.id as PatId,
self.name,
self.access_token,
self.scopes.bits() as i64,
self.user_id as UserId,
self.expires
)
.execute(&mut *transaction)
.await?;
Ok(())
}
pub async fn get<'a, E, T: ToString>(
id: T,
exec: E,
redis: &deadpool_redis::Pool,
) -> Result<Option<PersonalAccessToken>, DatabaseError>
where
E: sqlx::Executor<'a, Database = sqlx::Postgres>,
{
Self::get_many(&[id], exec, redis)
.await
.map(|x| x.into_iter().next())
}
pub async fn get_many_ids<'a, E>(
pat_ids: &[PatId],
exec: E,
redis: &deadpool_redis::Pool,
) -> Result<Vec<PersonalAccessToken>, DatabaseError>
where
E: sqlx::Executor<'a, Database = sqlx::Postgres>,
{
let ids = pat_ids
.iter()
.map(|x| crate::models::ids::PatId::from(*x))
.collect::<Vec<_>>();
PersonalAccessToken::get_many(&ids, exec, redis).await
}
pub async fn get_many<'a, E, T: ToString>(
pat_strings: &[T],
exec: E,
redis: &deadpool_redis::Pool,
) -> Result<Vec<PersonalAccessToken>, DatabaseError>
where
E: sqlx::Executor<'a, Database = sqlx::Postgres>,
{
use futures::TryStreamExt;
if pat_strings.is_empty() {
return Ok(Vec::new());
}
let mut redis = redis.get().await?;
let mut found_pats = Vec::new();
let mut remaining_strings = pat_strings
.iter()
.map(|x| x.to_string())
.collect::<Vec<_>>();
let mut pat_ids = pat_strings
.iter()
.flat_map(|x| parse_base62(&x.to_string()).map(|x| x as i64))
.collect::<Vec<_>>();
pat_ids.append(
&mut cmd("MGET")
.arg(
pat_strings
.iter()
.map(|x| format!("{}:{}", PATS_TOKENS_NAMESPACE, x.to_string()))
.collect::<Vec<_>>(),
)
.query_async::<_, Vec<Option<i64>>>(&mut redis)
.await?
.into_iter()
.flatten()
.collect(),
);
if !pat_ids.is_empty() {
let pats = cmd("MGET")
.arg(
pat_ids
.iter()
.map(|x| format!("{}:{}", PATS_NAMESPACE, x))
.collect::<Vec<_>>(),
)
.query_async::<_, Vec<Option<String>>>(&mut redis)
.await?;
for pat in pats {
if let Some(pat) =
pat.and_then(|x| serde_json::from_str::<PersonalAccessToken>(&x).ok())
{
remaining_strings
.retain(|x| &to_base62(pat.id.0 as u64) != x && &pat.access_token != x);
found_pats.push(pat);
continue;
}
}
}
if !remaining_strings.is_empty() {
let pat_ids_parsed: Vec<i64> = pat_strings
.iter()
.flat_map(|x| parse_base62(&x.to_string()).ok())
.map(|x| x as i64)
.collect();
let db_pats: Vec<PersonalAccessToken> = sqlx::query!(
"
SELECT id, name, access_token, scopes, user_id, created, expires, last_used
FROM pats
WHERE id = ANY($1) OR access_token = ANY($2)
ORDER BY created DESC
",
&pat_ids_parsed,
&pat_strings
.into_iter()
.map(|x| x.to_string())
.collect::<Vec<_>>(),
)
.fetch_many(exec)
.try_filter_map(|e| async {
Ok(e.right().map(|x| PersonalAccessToken {
id: PatId(x.id),
name: x.name,
access_token: x.access_token,
scopes: Scopes::from_bits(x.scopes as u64).unwrap_or(Scopes::NONE),
user_id: UserId(x.user_id),
created: x.created,
expires: x.expires,
last_used: x.last_used,
}))
})
.try_collect::<Vec<PersonalAccessToken>>()
.await?;
for pat in db_pats {
cmd("SET")
.arg(format!("{}:{}", PATS_NAMESPACE, pat.id.0))
.arg(serde_json::to_string(&pat)?)
.arg("EX")
.arg(DEFAULT_EXPIRY)
.query_async::<_, ()>(&mut redis)
.await?;
cmd("SET")
.arg(format!("{}:{}", PATS_TOKENS_NAMESPACE, pat.access_token))
.arg(pat.id.0)
.arg("EX")
.arg(DEFAULT_EXPIRY)
.query_async::<_, ()>(&mut redis)
.await?;
found_pats.push(pat);
}
}
Ok(found_pats)
}
pub async fn get_user_pats<'a, E>(
user_id: UserId,
exec: E,
redis: &deadpool_redis::Pool,
) -> Result<Vec<PatId>, DatabaseError>
where
E: sqlx::Executor<'a, Database = sqlx::Postgres>,
{
let mut redis = redis.get().await?;
let res = cmd("GET")
.arg(format!("{}:{}", PATS_USERS_NAMESPACE, user_id.0))
.query_async::<_, Option<Vec<i64>>>(&mut redis)
.await?;
if let Some(res) = res {
return Ok(res.into_iter().map(PatId).collect());
}
use futures::TryStreamExt;
let db_pats: Vec<PatId> = sqlx::query!(
"
SELECT id
FROM pats
WHERE user_id = $1
ORDER BY created DESC
",
user_id.0,
)
.fetch_many(exec)
.try_filter_map(|e| async { Ok(e.right().map(|x| PatId(x.id))) })
.try_collect::<Vec<PatId>>()
.await?;
cmd("SET")
.arg(format!("{}:{}", PATS_USERS_NAMESPACE, user_id.0))
.arg(serde_json::to_string(&db_pats)?)
.arg("EX")
.arg(DEFAULT_EXPIRY)
.query_async::<_, ()>(&mut redis)
.await?;
Ok(db_pats)
}
pub async fn clear_cache(
clear_pats: Vec<(Option<PatId>, Option<String>, Option<UserId>)>,
redis: &deadpool_redis::Pool,
) -> Result<(), DatabaseError> {
let mut redis = redis.get().await?;
let mut cmd = cmd("DEL");
for (id, token, user_id) in clear_pats {
if let Some(id) = id {
cmd.arg(format!("{}:{}", PATS_NAMESPACE, id.0));
}
if let Some(token) = token {
cmd.arg(format!("{}:{}", PATS_TOKENS_NAMESPACE, token));
}
if let Some(user_id) = user_id {
cmd.arg(format!("{}:{}", PATS_USERS_NAMESPACE, user_id.0));
}
}
cmd.query_async::<_, ()>(&mut redis).await?;
Ok(())
}
pub async fn remove(
id: PatId,
transaction: &mut sqlx::Transaction<'_, sqlx::Postgres>,
) -> Result<Option<()>, sqlx::error::Error> {
sqlx::query!(
"
DELETE FROM pats WHERE id = $1
",
id as PatId,
)
.execute(&mut *transaction)
.await?;
Ok(Some(()))
}
}

27
src/database/models/project_item.rs
View File

@ -85,6 +85,7 @@ impl GalleryItem {
}
}
#[derive(Clone)]
pub struct ProjectBuilder {
pub project_id: ProjectId,
pub project_type_id: ProjectTypeId,
@ -110,7 +111,6 @@ pub struct ProjectBuilder {
pub donation_urls: Vec<DonationUrl>,
pub gallery_items: Vec<GalleryItem>,
pub color: Option<u32>,
pub thread_id: ThreadId,
pub monetization_status: MonetizationStatus,
}
@ -153,7 +153,6 @@ impl ProjectBuilder {
moderation_message_body: None,
webhook_sent: false,
color: self.color,
thread_id: Some(self.thread_id),
monetization_status: self.monetization_status,
};
project_struct.insert(&mut *transaction).await?;
@ -231,7 +230,6 @@ pub struct Project {
pub moderation_message_body: Option<String>,
pub webhook_sent: bool,
pub color: Option<u32>,
pub thread_id: Option<ThreadId>,
pub monetization_status: MonetizationStatus,
}
@ -247,14 +245,14 @@ impl Project {
published, downloads, icon_url, issues_url,
source_url, wiki_url, status, requested_status, discord_url,
client_side, server_side, license_url, license,
slug, project_type, color, thread_id, monetization_status
slug, project_type, color, monetization_status
)
VALUES (
$1, $2, $3, $4, $5,
$6, $7, $8, $9,
$10, $11, $12, $13, $14,
$15, $16, $17, $18,
LOWER($19), $20, $21, $22, $23
LOWER($19), $20, $21, $22
)
",
self.id as ProjectId,
@ -278,7 +276,6 @@ impl Project {
self.slug.as_ref(),
self.project_type as ProjectTypeId,
self.color.map(|x| x as i32),
self.thread_id.map(|x| x.0),
self.monetization_status.as_str(),
)
.execute(&mut *transaction)
@ -381,6 +378,8 @@ impl Project {
.execute(&mut *transaction)
.await?;
models::Thread::remove_full(project.thread_id, transaction).await?;
sqlx::query!(
"
DELETE FROM mods
@ -413,10 +412,6 @@ impl Project {
.execute(&mut *transaction)
.await?;
if let Some(thread_id) = project.inner.thread_id {
models::Thread::remove_full(thread_id, transaction).await?;
}
Ok(Some(()))
} else {
Ok(None)
@ -551,7 +546,7 @@ impl Project {
m.issues_url issues_url, m.source_url source_url, m.wiki_url wiki_url, m.discord_url discord_url, m.license_url license_url,
m.team_id team_id, m.client_side client_side, m.server_side server_side, m.license license, m.slug slug, m.moderation_message moderation_message, m.moderation_message_body moderation_message_body,
cs.name client_side_type, ss.name server_side_type, pt.name project_type_name, m.webhook_sent, m.color,
m.thread_id thread_id, m.monetization_status monetization_status,
t.id thread_id, m.monetization_status monetization_status,
ARRAY_AGG(DISTINCT l.loader) filter (where l.loader is not null) loaders,
JSONB_AGG(DISTINCT jsonb_build_object('id', gv.version, 'created', gv.created)) filter (where gv.version is not null) game_versions,
ARRAY_AGG(DISTINCT c.category) filter (where c.category is not null and mc.is_additional is false) categories,
@ -563,6 +558,7 @@ impl Project {
INNER JOIN project_types pt ON pt.id = m.project_type
INNER JOIN side_types cs ON m.client_side = cs.id
INNER JOIN side_types ss ON m.server_side = ss.id
INNER JOIN threads t ON t.mod_id = m.id
LEFT JOIN mods_gallery mg ON mg.mod_id = m.id
LEFT JOIN mods_donations md ON md.joining_mod_id = m.id
LEFT JOIN donation_platforms dp ON md.joining_platform_id = dp.id
@ -574,7 +570,7 @@ impl Project {
LEFT JOIN game_versions_versions gvv ON v.id = gvv.joining_version_id
LEFT JOIN game_versions gv ON gvv.game_version_id = gv.id
WHERE m.id = ANY($1) OR m.slug = ANY($2)
GROUP BY pt.id, cs.id, ss.id, m.id;
GROUP BY pt.id, cs.id, ss.id, t.id, m.id;
",
&project_ids_parsed,
&remaining_strings.into_iter().map(|x| x.to_string().to_lowercase()).collect::<Vec<_>>(),
@ -620,7 +616,6 @@ impl Project {
webhook_sent: m.webhook_sent,
color: m.color.map(|x| x as u32),
queued: m.queued,
thread_id: m.thread_id.map(ThreadId),
monetization_status: MonetizationStatus::from_str(
&m.monetization_status,
),
@ -676,8 +671,9 @@ impl Project {
game_versions.sort_by(|a, b| a.created.cmp(&b.created));
game_versions.into_iter().map(|x| x.id).collect()
}
}}))
},
thread_id: ThreadId(m.thread_id),
}}))
})
.try_collect::<Vec<QueryProject>>()
.await?;
@ -814,4 +810,5 @@ pub struct QueryProject {
pub server_side: crate::models::projects::SideType,
pub loaders: Vec<String>,
pub game_versions: Vec<String>,
pub thread_id: ThreadId,
}

29
src/database/models/report_item.rs
View File

@ -11,7 +11,6 @@ pub struct Report {
pub reporter: UserId,
pub created: DateTime<Utc>,
pub closed: bool,
pub thread_id: ThreadId,
}
pub struct QueryReport {
@ -24,7 +23,7 @@ pub struct QueryReport {
pub reporter: UserId,
pub created: DateTime<Utc>,
pub closed: bool,
pub thread_id: Option<ThreadId>,
pub thread_id: ThreadId,
}
impl Report {
@ -36,11 +35,11 @@ impl Report {
"
INSERT INTO reports (
id, report_type_id, mod_id, version_id, user_id,
body, reporter, thread_id
body, reporter
)
VALUES (
$1, $2, $3, $4, $5,
$6, $7, $8
$6, $7
)
",
self.id as ReportId,
@ -49,8 +48,7 @@ impl Report {
self.version_id.map(|x| x.0 as i64),
self.user_id.map(|x| x.0 as i64),
self.body,
self.reporter as UserId,
self.thread_id as ThreadId,
self.reporter as UserId
)
.execute(&mut *transaction)
.await?;
@ -79,9 +77,10 @@ impl Report {
let report_ids_parsed: Vec<i64> = report_ids.iter().map(|x| x.0).collect();
let reports = sqlx::query!(
"
SELECT r.id, rt.name, r.mod_id, r.version_id, r.user_id, r.body, r.reporter, r.created, r.thread_id, r.closed
SELECT r.id, rt.name, r.mod_id, r.version_id, r.user_id, r.body, r.reporter, r.created, t.id thread_id, r.closed
FROM reports r
INNER JOIN report_types rt ON rt.id = r.report_type_id
INNER JOIN threads t ON t.report_id = r.id
WHERE r.id = ANY($1)
ORDER BY r.created DESC
",
@ -99,7 +98,7 @@ impl Report {
reporter: UserId(x.reporter),
created: x.created,
closed: x.closed,
thread_id: x.thread_id.map(ThreadId),
thread_id: ThreadId(x.thread_id)
}))
})
.try_collect::<Vec<QueryReport>>()
@ -127,14 +126,18 @@ impl Report {
let thread_id = sqlx::query!(
"
SELECT thread_id FROM reports
WHERE id = $1
SELECT id FROM threads
WHERE report_id = $1
",
id as ReportId
)
.fetch_optional(&mut *transaction)
.await?;
if let Some(thread_id) = thread_id {
crate::database::models::Thread::remove_full(ThreadId(thread_id.id), transaction).await?;
}
sqlx::query!(
"
DELETE FROM reports WHERE id = $1
@ -144,12 +147,6 @@ impl Report {
.execute(&mut *transaction)
.await?;
if let Some(thread_id) = thread_id {
if let Some(id) = thread_id.thread_id {
crate::database::models::Thread::remove_full(ThreadId(id), transaction).await?;
}
}
Ok(Some(()))
}
}

4
src/database/models/session_item.rs
View File

@ -107,14 +107,14 @@ impl Session {
}
pub async fn get_many_ids<'a, E>(
user_ids: &[SessionId],
session_ids: &[SessionId],
exec: E,
redis: &deadpool_redis::Pool,
) -> Result<Vec<Session>, DatabaseError>
where
E: sqlx::Executor<'a, Database = sqlx::Postgres>,
{
let ids = user_ids
let ids = session_ids
.iter()
.map(|x| crate::models::ids::SessionId::from(*x))
.collect::<Vec<_>>();

18
src/database/models/thread_item.rs
View File

@ -7,12 +7,18 @@ use serde::Deserialize;
pub struct ThreadBuilder {
pub type_: ThreadType,
pub members: Vec<UserId>,
pub project_id: Option<ProjectId>,
pub report_id: Option<ReportId>,
}
#[derive(Clone)]
pub struct Thread {
pub id: ThreadId,
pub project_id: Option<ProjectId>,
pub report_id: Option<ReportId>,
pub type_: ThreadType,
pub messages: Vec<ThreadMessage>,
pub members: Vec<UserId>,
pub show_in_mod_inbox: bool,
@ -70,14 +76,16 @@ impl ThreadBuilder {
sqlx::query!(
"
INSERT INTO threads (
id, thread_type
id, thread_type, mod_id, report_id
)
VALUES (
$1, $2
$1, $2, $3, $4
)
",
thread_id as ThreadId,
self.type_.as_str()
self.type_.as_str(),
self.project_id.map(|x| x.0),
self.report_id.map(|x| x.0),
)
.execute(&mut *transaction)
.await?;
@ -125,7 +133,7 @@ impl Thread {
let thread_ids_parsed: Vec<i64> = thread_ids.iter().map(|x| x.0).collect();
let threads = sqlx::query!(
"
SELECT t.id, t.thread_type, t.show_in_mod_inbox,
SELECT t.id, t.thread_type, t.mod_id, t.report_id, t.show_in_mod_inbox,
ARRAY_AGG(DISTINCT tm.user_id) filter (where tm.user_id is not null) members,
JSONB_AGG(DISTINCT jsonb_build_object('id', tmsg.id, 'author_id', tmsg.author_id, 'thread_id', tmsg.thread_id, 'body', tmsg.body, 'created', tmsg.created)) filter (where tmsg.id is not null) messages
FROM threads t
@ -140,6 +148,8 @@ impl Thread {
.try_filter_map(|e| async {
Ok(e.right().map(|x| Thread {
id: ThreadId(x.id),
project_id: x.mod_id.map(ProjectId),
report_id: x.report_id.map(ReportId),
type_: ThreadType::from_str(&x.thread_type),
messages: {
let mut messages: Vec<ThreadMessage> = serde_json::from_value(

6
src/database/models/version_item.rs
View File

@ -10,11 +10,10 @@ use std::cmp::Ordering;
use std::collections::HashMap;
const VERSIONS_NAMESPACE: &str = "versions";
// TODO: Cache version slugs call
// const VERSIONS_SLUGS_NAMESPACE: &str = "versions_slugs";
const VERSION_FILES_NAMESPACE: &str = "versions_files";
const DEFAULT_EXPIRY: i64 = 1800; // 30 minutes
#[derive(Clone)]
pub struct VersionBuilder {
pub version_id: VersionId,
pub project_id: ProjectId,
@ -32,6 +31,7 @@ pub struct VersionBuilder {
pub requested_status: Option<VersionStatus>,
}
#[derive(Clone)]
pub struct DependencyBuilder {
pub project_id: Option<ProjectId>,
pub version_id: Option<VersionId>,
@ -79,6 +79,7 @@ impl DependencyBuilder {
}
}
#[derive(Clone)]
pub struct VersionFileBuilder {
pub url: String,
pub filename: String,
@ -130,6 +131,7 @@ impl VersionFileBuilder {
}
}
#[derive(Clone)]
pub struct HashBuilder {
pub algorithm: String,
pub hash: Vec<u8>,

4
src/main.rs
View File

@ -1,7 +1,7 @@
use crate::file_hosting::S3Host;
use crate::queue::download::DownloadQueue;
use crate::queue::payouts::PayoutsQueue;
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use crate::ratelimit::errors::ARError;
use crate::ratelimit::memory::{MemoryStore, MemoryStoreActor};
use crate::ratelimit::middleware::RateLimiter;
@ -288,7 +288,7 @@ async fn main() -> std::io::Result<()> {
}
});
let session_queue = web::Data::new(SessionQueue::new());
let session_queue = web::Data::new(AuthQueue::new());
let pool_ref = pool.clone();
let redis_ref = redis_pool.clone();

2
src/models/ids.rs
View File

@ -1,6 +1,7 @@
use thiserror::Error;
pub use super::notifications::NotificationId;
pub use super::pats::PatId;
pub use super::projects::{ProjectId, VersionId};
pub use super::reports::ReportId;
pub use super::sessions::SessionId;
@ -115,6 +116,7 @@ base62_id_impl!(NotificationId, NotificationId);
base62_id_impl!(ThreadId, ThreadId);
base62_id_impl!(ThreadMessageId, ThreadMessageId);
base62_id_impl!(SessionId, SessionId);
base62_id_impl!(PatId, PatId);
pub mod base62_impl {
use serde::de::{self, Deserializer, Visitor};

1
src/models/mod.rs
View File

@ -2,6 +2,7 @@ pub mod error;
pub mod ids;
pub mod notifications;
pub mod pack;
pub mod pats;
pub mod projects;
pub mod reports;
pub mod sessions;

137
src/models/pats.rs Normal file
View File

@ -0,0 +1,137 @@
use super::ids::Base62Id;
use crate::models::ids::UserId;
use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
/// The ID of a team
#[derive(Copy, Clone, PartialEq, Eq, Serialize, Deserialize)]
#[serde(from = "Base62Id")]
#[serde(into = "Base62Id")]
pub struct PatId(pub u64);
bitflags::bitflags! {
#[derive(Serialize, Deserialize)]
#[serde(transparent)]
pub struct Scopes: u64 {
// read a user's email
const USER_READ_EMAIL = 1 << 0;
// read a user's data
const USER_READ = 1 << 1;
// write to a user's profile (edit username, email, avatar, follows, etc)
const USER_WRITE = 1 << 2;
// delete a user
const USER_DELETE = 1 << 3;
// modify a user's authentication data
const USER_AUTH_WRITE = 1 << 4;
// read a user's notifications
const NOTIFICATION_READ = 1 << 5;
// delete or read a notification
const NOTIFICATION_WRITE = 1 << 6;
// read a user's payouts data
const PAYOUTS_READ = 1 << 7;
// withdraw money from a user's account
const PAYOUTS_WRITE = 1<< 8;
// access user analytics (payout analytics at the moment)
const ANALYTICS = 1 << 9;
// create a project
const PROJECT_CREATE = 1 << 10;
// read a user's projects (including private)
const PROJECT_READ = 1 << 11;
// write to a project's data (metadata, title, team members, etc)
const PROJECT_WRITE = 1 << 12;
// delete a project
const PROJECT_DELETE = 1 << 13;
// create a version
const VERSION_CREATE = 1 << 14;
// read a user's versions (including private)
const VERSION_READ = 1 << 15;
// write to a version's data (metadata, files, etc)
const VERSION_WRITE = 1 << 16;
// delete a project
const VERSION_DELETE = 1 << 17;
// create a report
const REPORT_CREATE = 1 << 18;
// read a user's reports
const REPORT_READ = 1 << 19;
// edit a report
const REPORT_WRITE = 1 << 20;
// delete a report
const REPORT_DELETE = 1 << 21;
// read a thread
const THREAD_READ = 1 << 22;
// write to a thread (send a message, delete a message)
const THREAD_WRITE = 1 << 23;
// create a pat
const PAT_CREATE = 1 << 24;
// read a user's pats
const PAT_READ = 1 << 25;
// edit a pat
const PAT_WRITE = 1 << 26;
// delete a pat
const PAT_DELETE = 1 << 27;
// read a user's sessions
const SESSION_READ = 1 << 28;
// delete a session22
const SESSION_DELETE = 1 << 29;
const ALL = 0b11111111111111111111111111;
const NONE = 0b0;
}
}
impl Scopes {
// these scopes cannot be specified in a personal access token
pub fn restricted(&self) -> bool {
self.contains(
Scopes::PAT_CREATE
| Scopes::PAT_READ
| Scopes::PAT_WRITE
| Scopes::PAT_DELETE
| Scopes::SESSION_READ
| Scopes::SESSION_DELETE
| Scopes::USER_AUTH_WRITE,
)
}
}
#[derive(Serialize, Deserialize)]
pub struct PersonalAccessToken {
pub id: PatId,
pub name: String,
pub access_token: Option<String>,
pub scopes: Scopes,
pub user_id: UserId,
pub created: DateTime<Utc>,
pub expires: DateTime<Utc>,
pub last_used: Option<DateTime<Utc>>,
}
impl PersonalAccessToken {
pub fn from(
data: crate::database::models::pat_item::PersonalAccessToken,
include_token: bool,
) -> Self {
Self {
id: data.id.into(),
name: data.name,
access_token: if include_token {
Some(data.access_token)
} else {
None
},
scopes: data.scopes,
user_id: data.user_id.into(),
created: data.created,
expires: data.expires,
last_used: data.last_used,
}
}
}

4
src/models/projects.rs
View File

@ -106,7 +106,7 @@ pub struct Project {
pub color: Option<u32>,
/// The thread of the moderation messages of the project
pub thread_id: Option<ThreadId>,
pub thread_id: ThreadId,
/// The monetization status of this project
pub monetization_status: MonetizationStatus,
@ -196,7 +196,7 @@ impl From<QueryProject> for Project {
})
.collect(),
color: m.color,
thread_id: m.thread_id.map(|x| x.into()),
thread_id: data.thread_id.into(),
monetization_status: m.monetization_status,
}
}

4
src/models/reports.rs
View File

@ -19,7 +19,7 @@ pub struct Report {
pub body: String,
pub created: DateTime<Utc>,
pub closed: bool,
pub thread_id: Option<ThreadId>,
pub thread_id: ThreadId,
}
#[derive(Serialize, Deserialize, Clone)]
@ -67,7 +67,7 @@ impl From<DBReport> for Report {
body: x.body,
created: x.created,
closed: x.closed,
thread_id: x.thread_id.map(|x| x.into()),
thread_id: x.thread_id.into(),
}
}
}

1
src/models/teams.rs
View File

@ -12,7 +12,6 @@ pub struct TeamId(pub u64);
pub const OWNER_ROLE: &str = "Owner";
pub const DEFAULT_ROLE: &str = "Member";
// TODO: permissions, role names, etc
/// A team of users who control a project
#[derive(Serialize, Deserialize)]
pub struct Team {

5
src/models/threads.rs
View File

@ -3,6 +3,7 @@ use crate::models::projects::ProjectStatus;
use crate::models::users::{User, UserId};
use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use crate::models::ids::{ProjectId, ReportId};
#[derive(Copy, Clone, PartialEq, Eq, Serialize, Deserialize)]
#[serde(from = "Base62Id")]
@ -19,6 +20,8 @@ pub struct Thread {
pub id: ThreadId,
#[serde(rename = "type")]
pub type_: ThreadType,
pub project_id: Option<ProjectId>,
pub report_id: Option<ReportId>,
pub messages: Vec<ThreadMessage>,
pub members: Vec<User>,
}
@ -90,6 +93,8 @@ impl Thread {
Thread {
id: data.id.into(),
type_: thread_type,
project_id: data.project_id.map(|x| x.into()),
report_id: data.report_id.map(|x| x.into()),
messages: data
.messages
.into_iter()

61
src/queue/session.rs
View File

@ -1,27 +1,41 @@
use crate::auth::session::SessionMetadata;
use crate::database::models::pat_item::PersonalAccessToken;
use crate::database::models::session_item::Session;
use crate::database::models::{DatabaseError, SessionId, UserId};
use crate::database::models::{DatabaseError, PatId, SessionId, UserId};
use chrono::Utc;
use sqlx::PgPool;
use tokio::sync::Mutex;
pub struct SessionQueue {
queue: Mutex<Vec<(SessionId, SessionMetadata)>>,
pub struct AuthQueue {
session_queue: Mutex<Vec<(SessionId, SessionMetadata)>>,
pat_queue: Mutex<Vec<PatId>>,
}
// Batches session accessing transactions every 30 seconds
impl SessionQueue {
impl AuthQueue {
pub fn new() -> Self {
SessionQueue {
queue: Mutex::new(Vec::with_capacity(1000)),
AuthQueue {
session_queue: Mutex::new(Vec::with_capacity(1000)),
pat_queue: Mutex::new(Vec::with_capacity(1000)),
}
}
pub async fn add(&self, id: SessionId, metadata: SessionMetadata) {
self.queue.lock().await.push((id, metadata));
pub async fn add_session(&self, id: SessionId, metadata: SessionMetadata) {
self.session_queue.lock().await.push((id, metadata));
}
pub async fn take(&self) -> Vec<(SessionId, SessionMetadata)> {
let mut queue = self.queue.lock().await;
pub async fn add_pat(&self, id: PatId) {
self.pat_queue.lock().await.push(id);
}
pub async fn take_sessions(&self) -> Vec<(SessionId, SessionMetadata)> {
let mut queue = self.session_queue.lock().await;
let len = queue.len();
std::mem::replace(&mut queue, Vec::with_capacity(len))
}
pub async fn take_pats(&self) -> Vec<PatId> {
let mut queue = self.pat_queue.lock().await;
let len = queue.len();
std::mem::replace(&mut queue, Vec::with_capacity(len))
@ -32,13 +46,14 @@ impl SessionQueue {
pool: &PgPool,
redis: &deadpool_redis::Pool,
) -> Result<(), DatabaseError> {
let queue = self.take().await;
let session_queue = self.take_sessions().await;
let pat_queue = self.take_pats().await;
if !queue.is_empty() {
if !session_queue.is_empty() || !pat_queue.is_empty() {
let mut transaction = pool.begin().await?;
let mut clear_cache_sessions = Vec::new();
for (id, metadata) in queue {
for (id, metadata) in session_queue {
clear_cache_sessions.push((Some(id), None, None));
sqlx::query!(
@ -83,6 +98,26 @@ impl SessionQueue {
Session::clear_cache(clear_cache_sessions, redis).await?;
let mut clear_cache_pats = Vec::new();
for id in pat_queue {
clear_cache_pats.push((Some(id), None, None));
sqlx::query!(
"
UPDATE pats
SET last_used = $2
WHERE (id = $1)
",
id as PatId,
Utc::now(),
)
.execute(&mut *transaction)
.await?;
}
PersonalAccessToken::clear_cache(clear_cache_pats, redis).await?;
transaction.commit().await?;
}

63
src/routes/maven.rs
View File

@ -1,8 +1,9 @@
use crate::auth::{get_user_from_headers, is_authorized_version};
use crate::database::models::project_item::QueryProject;
use crate::database::models::version_item::{QueryFile, QueryVersion};
use crate::models::pats::Scopes;
use crate::models::projects::{ProjectId, VersionId};
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use crate::routes::ApiError;
use crate::{auth::is_authorized, database};
use actix_web::{get, route, web, HttpRequest, HttpResponse};
@ -68,7 +69,7 @@ pub async fn maven_metadata(
params: web::Path<(String,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let project_id = params.into_inner().0;
let project_data = database::models::Project::get(&project_id, &**pool, &redis).await?;
@ -79,9 +80,16 @@ pub async fn maven_metadata(
return Ok(HttpResponse::NotFound().body(""));
};
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_READ]),
)
.await
.map(|x| x.1)
.ok();
if !is_authorized(&data.inner, &user_option, &pool).await? {
return Ok(HttpResponse::NotFound().body(""));
@ -190,7 +198,7 @@ pub async fn version_file(
params: web::Path<(String, String, String)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let (project_id, vnum, file) = params.into_inner();
let project_data = database::models::Project::get(&project_id, &**pool, &redis).await?;
@ -201,9 +209,16 @@ pub async fn version_file(
return Ok(HttpResponse::NotFound().body(""));
};
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_READ]),
)
.await
.map(|x| x.1)
.ok();
if !is_authorized(&project.inner, &user_option, &pool).await? {
return Ok(HttpResponse::NotFound().body(""));
@ -274,7 +289,7 @@ pub async fn version_file_sha1(
params: web::Path<(String, String, String)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let (project_id, vnum, file) = params.into_inner();
let project_data = database::models::Project::get(&project_id, &**pool, &redis).await?;
@ -285,9 +300,16 @@ pub async fn version_file_sha1(
return Ok(HttpResponse::NotFound().body(""));
};
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_READ]),
)
.await
.map(|x| x.1)
.ok();
if !is_authorized(&project.inner, &user_option, &pool).await? {
return Ok(HttpResponse::NotFound().body(""));
@ -332,7 +354,7 @@ pub async fn version_file_sha512(
params: web::Path<(String, String, String)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let (project_id, vnum, file) = params.into_inner();
let project_data = database::models::Project::get(&project_id, &**pool, &redis).await?;
@ -343,9 +365,16 @@ pub async fn version_file_sha512(
return Ok(HttpResponse::NotFound().body(""));
};
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_READ]),
)
.await
.map(|x| x.1)
.ok();
if !is_authorized(&project.inner, &user_option, &pool).await? {
return Ok(HttpResponse::NotFound().body(""));

18
src/routes/updates.rs
View File

@ -6,8 +6,9 @@ use sqlx::PgPool;
use crate::auth::{filter_authorized_versions, get_user_from_headers, is_authorized};
use crate::database;
use crate::models::pats::Scopes;
use crate::models::projects::VersionType;
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use super::ApiError;
@ -21,7 +22,7 @@ pub async fn forge_updates(
info: web::Path<(String,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
const ERROR: &str = "The specified project does not exist!";
@ -31,9 +32,16 @@ pub async fn forge_updates(
.await?
.ok_or_else(|| ApiError::InvalidInput(ERROR.to_string()))?;
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_READ]),
)
.await
.map(|x| x.1)
.ok();
if !is_authorized(&project.inner, &user_option, &pool).await? {
return Err(ApiError::InvalidInput(ERROR.to_string()));

2
src/routes/v2/mod.rs
View File

@ -1,7 +1,6 @@
mod admin;
mod moderation;
mod notifications;
mod pats;
pub(crate) mod project_creation;
mod projects;
mod reports;
@ -22,6 +21,7 @@ pub fn config(cfg: &mut actix_web::web::ServiceConfig) {
.configure(admin::config)
.configure(crate::auth::session::config)
.configure(crate::auth::flows::config)
.configure(crate::auth::pats::config)
.configure(moderation::config)
.configure(notifications::config)
//.configure(pats::config)

4
src/routes/v2/moderation.rs
View File

@ -2,7 +2,7 @@ use super::ApiError;
use crate::auth::check_is_moderator_from_headers;
use crate::database;
use crate::models::projects::ProjectStatus;
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use actix_web::{get, web, HttpRequest, HttpResponse};
use serde::Deserialize;
use sqlx::PgPool;
@ -27,7 +27,7 @@ pub async fn get_projects(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
count: web::Query<ResultCount>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
check_is_moderator_from_headers(&req, &**pool, &redis, &session_queue).await?;

75
src/routes/v2/notifications.rs
View File

@ -2,7 +2,8 @@ use crate::auth::get_user_from_headers;
use crate::database;
use crate::models::ids::NotificationId;
use crate::models::notifications::Notification;
use crate::queue::session::SessionQueue;
use crate::models::pats::Scopes;
use crate::queue::session::AuthQueue;
use crate::routes::ApiError;
use actix_web::{delete, get, patch, web, HttpRequest, HttpResponse};
use serde::{Deserialize, Serialize};
@ -32,9 +33,17 @@ pub async fn notifications_get(
web::Query(ids): web::Query<NotificationIds>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::NOTIFICATION_READ]),
)
.await?
.1;
use database::models::notification_item::Notification as DBNotification;
use database::models::NotificationId as DBNotificationId;
@ -64,9 +73,17 @@ pub async fn notification_get(
info: web::Path<(NotificationId,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::NOTIFICATION_READ]),
)
.await?
.1;
let id = info.into_inner().0;
@ -90,9 +107,17 @@ pub async fn notification_read(
info: web::Path<(NotificationId,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::NOTIFICATION_WRITE]),
)
.await?
.1;
let id = info.into_inner().0;
@ -125,9 +150,17 @@ pub async fn notification_delete(
info: web::Path<(NotificationId,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::NOTIFICATION_WRITE]),
)
.await?
.1;
let id = info.into_inner().0;
@ -160,9 +193,17 @@ pub async fn notifications_read(
web::Query(ids): web::Query<NotificationIds>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::NOTIFICATION_WRITE]),
)
.await?
.1;
let notification_ids = serde_json::from_str::<Vec<NotificationId>>(&ids.ids)?
.into_iter()
@ -197,9 +238,17 @@ pub async fn notifications_delete(
web::Query(ids): web::Query<NotificationIds>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::NOTIFICATION_WRITE]),
)
.await?
.1;
let notification_ids = serde_json::from_str::<Vec<NotificationId>>(&ids.ids)?
.into_iter()

249
src/routes/v2/pats.rs
View File

@ -1,249 +0,0 @@
// /*!
// Current edition of Ory kratos does not support PAT access of data, so this module is how we allow for PAT authentication.
//
//
// Just as a summary: Don't implement this flow in your application!
// */
//
// use crate::database;
// use crate::database::models::generate_pat_id;
// use crate::models::ids::base62_impl::{parse_base62, to_base62};
//
// use crate::auth::get_user_from_headers;
// use crate::auth::{generate_pat, PersonalAccessToken};
// use crate::models::users::UserId;
// use crate::routes::ApiError;
//
// use actix_web::web::{self, Data, Query};
// use actix_web::{delete, get, patch, post, HttpRequest, HttpResponse};
// use chrono::{Duration, Utc};
//
// use crate::queue::session::SessionQueue;
// use serde::Deserialize;
// use sqlx::postgres::PgPool;
//
// pub fn config(cfg: &mut web::ServiceConfig) {
// cfg.service(get_pats);
// cfg.service(create_pat);
// cfg.service(edit_pat);
// cfg.service(delete_pat);
// }
//
// #[derive(Deserialize)]
// pub struct CreatePersonalAccessToken {
// pub scope: i64, // todo: should be a vec of enum
// pub name: Option<String>,
// pub expire_in_days: i64, // resets expiry to expire_in_days days from now
// }
//
// #[derive(Deserialize)]
// pub struct ModifyPersonalAccessToken {
// #[serde(default, with = "::serde_with::rust::double_option")]
// pub name: Option<Option<String>>,
// pub expire_in_days: Option<i64>, // resets expiry to expire_in_days days from now
// }
//
// // GET /pat
// // Get all personal access tokens for the given user. Minos/Kratos cookie must be attached for it to work.
// // Does not return the actual access token, only the ID + metadata.
// #[get("pat")]
// pub async fn get_pats(
// req: HttpRequest,
// pool: Data<PgPool>,
// redis: Data<deadpool_redis::Pool>,
// session_queue: web::Data<SessionQueue>,
// ) -> Result<HttpResponse, ApiError> {
// let user: crate::models::users::User =
// get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
// let db_user_id: database::models::UserId = database::models::UserId::from(user.id);
//
// let pats = sqlx::query!(
// "
// SELECT id, name, user_id, scope, expires_at
// FROM pats
// WHERE user_id = $1
// ",
// db_user_id.0
// )
// .fetch_all(&**pool)
// .await?;
//
// let pats = pats
// .into_iter()
// .map(|pat| PersonalAccessToken {
// id: to_base62(pat.id as u64),
// scope: pat.scope,
// name: pat.name,
// expires_at: pat.expires_at,
// access_token: None,
// user_id: UserId(pat.user_id as u64),
// })
// .collect::<Vec<_>>();
//
// Ok(HttpResponse::Ok().json(pats))
// }
//
// // POST /pat
// // Create a new personal access token for the given user. Minos/Kratos cookie must be attached for it to work.
// // All PAT tokens are base62 encoded, and are prefixed with "modrinth_pat_"
// #[post("pat")]
// pub async fn create_pat(
// req: HttpRequest,
// Query(info): Query<CreatePersonalAccessToken>, // callback url
// pool: Data<PgPool>,
// redis: web::Data<deadpool_redis::Pool>,
// session_queue: web::Data<SessionQueue>,
// ) -> Result<HttpResponse, ApiError> {
// let user: crate::models::users::User =
// get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
// let db_user_id: database::models::UserId = database::models::UserId::from(user.id);
//
// let mut transaction: sqlx::Transaction<sqlx::Postgres> = pool.begin().await?;
//
// let pat = generate_pat_id(&mut transaction).await?;
// let access_token = generate_pat(&mut transaction).await?;
// let expiry = Utc::now().naive_utc() + Duration::days(info.expire_in_days);
// if info.expire_in_days <= 0 {
// return Err(ApiError::InvalidInput(
// "'expire_in_days' must be greater than 0".to_string(),
// ));
// }
//
// sqlx::query!(
// "
// INSERT INTO pats (id, name, access_token, user_id, scope, expires_at)
// VALUES ($1, $2, $3, $4, $5, $6)
// ",
// pat.0,
// info.name,
// access_token,
// db_user_id.0,
// info.scope,
// expiry
// )
// .execute(&mut *transaction)
// .await?;
//
// transaction.commit().await?;
//
// Ok(HttpResponse::Ok().json(PersonalAccessToken {
// id: to_base62(pat.0 as u64),
// access_token: Some(access_token),
// name: info.name,
// scope: info.scope,
// user_id: user.id,
// expires_at: expiry,
// }))
// }
//
// // PATCH /pat/(id)
// // Edit an access token of id "id" for the given user.
// // 'None' will mean not edited. Minos/Kratos cookie or PAT must be attached for it to work.
// #[patch("pat/{id}")]
// pub async fn edit_pat(
// req: HttpRequest,
// id: web::Path<String>,
// Query(info): Query<ModifyPersonalAccessToken>, // callback url
// pool: Data<PgPool>,
// redis: web::Data<deadpool_redis::Pool>,
// session_queue: web::Data<SessionQueue>,
// ) -> Result<HttpResponse, ApiError> {
// let user: crate::models::users::User =
// get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
// let pat_id = database::models::PatId(parse_base62(&id)? as i64);
// let db_user_id: database::models::UserId = database::models::UserId::from(user.id);
//
// if let Some(expire_in_days) = info.expire_in_days {
// if expire_in_days <= 0 {
// return Err(ApiError::InvalidInput(
// "'expire_in_days' must be greater than 0".to_string(),
// ));
// }
// }
//
// // Get the singular PAT and user combination (failing immediately if it doesn't exist)
// let mut transaction = pool.begin().await?;
// let row = sqlx::query!(
// "
// SELECT id, name, scope, user_id, expires_at FROM pats
// WHERE id = $1 AND user_id = $2
// ",
// pat_id.0,
// db_user_id.0 // included for safety
// )
// .fetch_one(&**pool)
// .await?;
//
// let pat = PersonalAccessToken {
// id: to_base62(row.id as u64),
// access_token: None,
// user_id: UserId::from(db_user_id),
// name: info.name.unwrap_or(row.name),
// scope: row.scope,
// expires_at: info
// .expire_in_days
// .map(|d| Utc::now().naive_utc() + Duration::days(d))
// .unwrap_or(row.expires_at),
// };
//
// sqlx::query!(
// "
// UPDATE pats SET
// name = $1,
// expires_at = $2
// WHERE id = $3
// ",
// pat.name,
// pat.expires_at,
// parse_base62(&pat.id)? as i64
// )
// .execute(&mut *transaction)
// .await?;
// transaction.commit().await?;
//
// Ok(HttpResponse::Ok().json(pat))
// }
//
// // DELETE /pat
// // Delete a personal access token for the given user. Minos/Kratos cookie must be attached for it to work.
// #[delete("pat/{id}")]
// pub async fn delete_pat(
// req: HttpRequest,
// id: web::Path<String>,
// pool: Data<PgPool>,
// redis: web::Data<deadpool_redis::Pool>,
// session_queue: web::Data<SessionQueue>,
// ) -> Result<HttpResponse, ApiError> {
// let user: crate::models::users::User =
// get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
// let pat_id = database::models::PatId(parse_base62(&id)? as i64);
// let db_user_id: database::models::UserId = database::models::UserId::from(user.id);
//
// // Get the singular PAT and user combination (failing immediately if it doesn't exist)
// // This is to prevent users from deleting other users' PATs
// let pat_id = sqlx::query!(
// "
// SELECT id FROM pats
// WHERE id = $1 AND user_id = $2
// ",
// pat_id.0,
// db_user_id.0
// )
// .fetch_one(&**pool)
// .await?
// .id;
//
// let mut transaction = pool.begin().await?;
// sqlx::query!(
// "
// DELETE FROM pats
// WHERE id = $1
// ",
// pat_id,
// )
// .execute(&mut *transaction)
// .await?;
// transaction.commit().await?;
//
// Ok(HttpResponse::Ok().finish())
// }

45
src/routes/v2/project_creation.rs
View File

@ -4,13 +4,14 @@ use crate::database::models;
use crate::database::models::thread_item::ThreadBuilder;
use crate::file_hosting::{FileHost, FileHostingError};
use crate::models::error::ApiError;
use crate::models::pats::Scopes;
use crate::models::projects::{
DonationLink, License, MonetizationStatus, ProjectId, ProjectStatus, SideType, VersionId,
VersionStatus,
};
use crate::models::threads::ThreadType;
use crate::models::users::UserId;
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use crate::search::indexing::IndexingError;
use crate::util::routes::read_from_field;
use crate::util::validate::validation_errors_to_string;
@ -273,7 +274,7 @@ pub async fn project_create(
client: Data<PgPool>,
redis: Data<deadpool_redis::Pool>,
file_host: Data<Arc<dyn FileHost + Send + Sync>>,
session_queue: Data<SessionQueue>,
session_queue: Data<AuthQueue>,
) -> Result<HttpResponse, CreateError> {
let mut transaction = client.begin().await?;
let mut uploaded_files = Vec::new();
@ -343,13 +344,21 @@ async fn project_create_inner(
uploaded_files: &mut Vec<UploadedFile>,
pool: &PgPool,
redis: &deadpool_redis::Pool,
session_queue: &SessionQueue,
session_queue: &AuthQueue,
) -> Result<HttpResponse, CreateError> {
// The base URL for files uploaded to backblaze
let cdn_url = dotenvy::var("CDN_URL")?;
// The currently logged in user
let current_user = get_user_from_headers(&req, pool, redis, session_queue).await?;
let current_user = get_user_from_headers(
&req,
pool,
redis,
session_queue,
Some(&[Scopes::PROJECT_CREATE]),
)
.await?
.1;
let project_id: ProjectId = models::generate_project_id(transaction).await?.into();
@ -726,14 +735,7 @@ async fn project_create_inner(
}
}
let thread_id = ThreadBuilder {
type_: ThreadType::Project,
members: vec![],
}
.insert(&mut *transaction)
.await?;
let project_builder = models::project_item::ProjectBuilder {
let project_builder_actual = models::project_item::ProjectBuilder {
project_id: project_id.into(),
project_type_id,
team_id,
@ -769,12 +771,23 @@ async fn project_create_inner(
})
.collect(),
color: icon_data.and_then(|x| x.1),
thread_id,
monetization_status: MonetizationStatus::Monetized,
};
let project_builder = project_builder_actual.clone();
let now = Utc::now();
let id = project_builder_actual.insert(&mut *transaction).await?;
let thread_id = ThreadBuilder {
type_: ThreadType::Project,
members: vec![],
project_id: Some(id),
report_id: None,
}
.insert(&mut *transaction)
.await?;
let response = crate::models::projects::Project {
id: project_id,
slug: project_builder.slug.clone(),
@ -817,12 +830,10 @@ async fn project_create_inner(
donation_urls: project_create_data.donation_urls.clone(),
gallery: gallery_urls,
color: project_builder.color,
thread_id: Some(project_builder.thread_id.into()),
monetization_status: project_builder.monetization_status,
thread_id: thread_id.into(),
monetization_status: MonetizationStatus::Monetized,
};
let _project_id = project_builder.insert(&mut *transaction).await?;
if status == ProjectStatus::Processing {
if let Ok(webhook_url) = dotenvy::var("MODERATION_DISCORD_WEBHOOK") {
crate::util::webhook::send_discord_webhook(response.id, pool, webhook_url, None)

198
src/routes/v2/projects.rs
View File

@ -6,12 +6,13 @@ use crate::file_hosting::FileHost;
use crate::models;
use crate::models::ids::base62_impl::parse_base62;
use crate::models::notifications::NotificationBody;
use crate::models::pats::Scopes;
use crate::models::projects::{
DonationLink, MonetizationStatus, Project, ProjectId, ProjectStatus, SearchRequest, SideType,
};
use crate::models::teams::Permissions;
use crate::models::threads::MessageBody;
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use crate::routes::ApiError;
use crate::search::{search_for_project, SearchConfig, SearchError};
use crate::util::routes::read_from_payload;
@ -116,14 +117,21 @@ pub async fn projects_get(
web::Query(ids): web::Query<ProjectIds>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let ids = serde_json::from_str::<Vec<&str>>(&ids.ids)?;
let projects_data = database::models::Project::get_many(&ids, &**pool, &redis).await?;
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_READ]),
)
.await
.map(|x| x.1)
.ok();
let projects = filter_authorized_projects(projects_data, &user_option, &pool).await?;
@ -136,15 +144,22 @@ pub async fn project_get(
info: web::Path<(String,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let string = info.into_inner().0;
let project_data = database::models::Project::get(&string, &**pool, &redis).await?;
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_READ]),
)
.await
.map(|x| x.1)
.ok();
if let Some(data) = project_data {
if is_authorized(&data.inner, &user_option, &pool).await? {
@ -186,15 +201,22 @@ pub async fn dependency_list(
info: web::Path<(String,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let string = info.into_inner().0;
let result = database::models::Project::get(&string, &**pool, &redis).await?;
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_READ]),
)
.await
.map(|x| x.1)
.ok();
if let Some(project) = result {
if !is_authorized(&project.inner, &user_option, &pool).await? {
@ -357,9 +379,17 @@ pub async fn project_edit(
config: web::Data<SearchConfig>,
new_project: web::Json<EditProject>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_WRITE]),
)
.await?
.1;
new_project
.validate()
@ -546,18 +576,16 @@ pub async fn project_edit(
.await?;
}
if let Some(thread) = project_item.inner.thread_id {
ThreadMessageBuilder {
author_id: Some(user.id.into()),
body: MessageBody::StatusChange {
new_status: *status,
old_status: project_item.inner.status,
},
thread_id: thread,
}
ThreadMessageBuilder {
author_id: Some(user.id.into()),
body: MessageBody::StatusChange {
new_status: *status,
old_status: project_item.inner.status,
},
thread_id: project_item.thread_id,
}
.insert(&mut transaction)
.await?;
}
sqlx::query!(
"
@ -1181,9 +1209,17 @@ pub async fn projects_edit(
pool: web::Data<PgPool>,
bulk_edit_project: web::Json<BulkEditProject>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_WRITE]),
)
.await?
.1;
bulk_edit_project
.validate()
@ -1511,10 +1547,18 @@ pub async fn project_schedule(
info: web::Path<(String,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
scheduling_data: web::Json<SchedulingData>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_WRITE]),
)
.await?
.1;
if scheduling_data.time < Utc::now() {
return Err(ApiError::InvalidInput(
@ -1591,11 +1635,19 @@ pub async fn project_icon_edit(
redis: web::Data<deadpool_redis::Pool>,
file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
mut payload: web::Payload,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
if let Some(content_type) = crate::util::ext::get_image_content_type(&ext.ext) {
let cdn_url = dotenvy::var("CDN_URL")?;
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_WRITE]),
)
.await?
.1;
let string = info.into_inner().0;
let project_item = database::models::Project::get(&string, &**pool, &redis)
@ -1687,9 +1739,17 @@ pub async fn delete_project_icon(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_WRITE]),
)
.await?
.1;
let string = info.into_inner().0;
let project_item = database::models::Project::get(&string, &**pool, &redis)
@ -1773,14 +1833,22 @@ pub async fn add_gallery_item(
redis: web::Data<deadpool_redis::Pool>,
file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
mut payload: web::Payload,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
if let Some(content_type) = crate::util::ext::get_image_content_type(&ext.ext) {
item.validate()
.map_err(|err| ApiError::Validation(validation_errors_to_string(err, None)))?;
let cdn_url = dotenvy::var("CDN_URL")?;
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_WRITE]),
)
.await?
.1;
let string = info.into_inner().0;
let project_item = database::models::Project::get(&string, &**pool, &redis)
@ -1915,9 +1983,17 @@ pub async fn edit_gallery_item(
info: web::Path<(String,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_WRITE]),
)
.await?
.1;
let string = info.into_inner().0;
item.validate()
@ -2061,9 +2137,17 @@ pub async fn delete_gallery_item(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_WRITE]),
)
.await?
.1;
let string = info.into_inner().0;
let project_item = database::models::Project::get(&string, &**pool, &redis)
@ -2148,9 +2232,17 @@ pub async fn project_delete(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
config: web::Data<SearchConfig>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_DELETE]),
)
.await?
.1;
let string = info.into_inner().0;
let project = database::models::Project::get(&string, &**pool, &redis)
@ -2203,9 +2295,17 @@ pub async fn project_follow(
info: web::Path<(String,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::USER_WRITE]),
)
.await?
.1;
let string = info.into_inner().0;
let result = database::models::Project::get(&string, &**pool, &redis)
@ -2274,9 +2374,17 @@ pub async fn project_unfollow(
info: web::Path<(String,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::USER_WRITE]),
)
.await?
.1;
let string = info.into_inner().0;
let result = database::models::Project::get(&string, &**pool, &redis)

104
src/routes/v2/reports.rs
View File

@ -1,9 +1,10 @@
use crate::auth::{check_is_moderator_from_headers, get_user_from_headers};
use crate::database::models::thread_item::{ThreadBuilder, ThreadMessageBuilder};
use crate::models::ids::{base62_impl::parse_base62, ProjectId, UserId, VersionId};
use crate::models::pats::Scopes;
use crate::models::reports::{ItemType, Report};
use crate::models::threads::{MessageBody, ThreadType};
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use crate::routes::ApiError;
use actix_web::{delete, get, patch, post, web, HttpRequest, HttpResponse};
use chrono::Utc;
@ -35,11 +36,19 @@ pub async fn report_create(
pool: web::Data<PgPool>,
mut body: web::Payload,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let mut transaction = pool.begin().await?;
let current_user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let current_user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::REPORT_CREATE]),
)
.await?
.1;
let mut bytes = web::BytesMut::new();
while let Some(item) = body.next().await {
@ -59,13 +68,6 @@ pub async fn report_create(
ApiError::InvalidInput(format!("Invalid report type: {}", new_report.report_type))
})?;
let thread_id = ThreadBuilder {
type_: ThreadType::Report,
members: vec![],
}
.insert(&mut transaction)
.await?;
let mut report = crate::database::models::report_item::Report {
id,
report_type_id: report_type,
@ -76,7 +78,6 @@ pub async fn report_create(
reporter: current_user.id.into(),
created: Utc::now(),
closed: false,
thread_id,
};
match new_report.item_type {
@ -146,6 +147,15 @@ pub async fn report_create(
}
report.insert(&mut transaction).await?;
let thread_id = ThreadBuilder {
type_: ThreadType::Report,
members: vec![],
project_id: None,
report_id: Some(report.id),
}
.insert(&mut transaction)
.await?;
transaction.commit().await?;
Ok(HttpResponse::Ok().json(Report {
@ -157,7 +167,7 @@ pub async fn report_create(
body: new_report.body.clone(),
created: Utc::now(),
closed: false,
thread_id: Some(report.thread_id.into()),
thread_id: thread_id.into(),
}))
}
@ -182,9 +192,17 @@ pub async fn reports(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
count: web::Query<ReportsRequestOptions>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::REPORT_READ]),
)
.await?
.1;
use futures::stream::TryStreamExt;
@ -248,7 +266,7 @@ pub async fn reports_get(
web::Query(ids): web::Query<ReportIds>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let report_ids: Vec<crate::database::models::ids::ReportId> =
serde_json::from_str::<Vec<crate::models::ids::ReportId>>(&ids.ids)?
@ -259,7 +277,15 @@ pub async fn reports_get(
let reports_data =
crate::database::models::report_item::Report::get_many(&report_ids, &**pool).await?;
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::REPORT_READ]),
)
.await?
.1;
let all_reports = reports_data
.into_iter()
@ -276,9 +302,17 @@ pub async fn report_get(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
info: web::Path<(crate::models::reports::ReportId,)>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::REPORT_READ]),
)
.await?
.1;
let id = info.into_inner().0.into();
let report = crate::database::models::report_item::Report::get(id, &**pool).await?;
@ -308,10 +342,18 @@ pub async fn report_edit(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
info: web::Path<(crate::models::reports::ReportId,)>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
edit_report: web::Json<EditReport>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::REPORT_WRITE]),
)
.await?
.1;
let id = info.into_inner().0.into();
let report = crate::database::models::report_item::Report::get(id, &**pool).await?;
@ -344,19 +386,17 @@ pub async fn report_edit(
));
}
if let Some(thread) = report.thread_id {
ThreadMessageBuilder {
author_id: Some(user.id.into()),
body: if !edit_closed && report.closed {
MessageBody::ThreadReopen
} else {
MessageBody::ThreadClosure
},
thread_id: thread,
}
ThreadMessageBuilder {
author_id: Some(user.id.into()),
body: if !edit_closed && report.closed {
MessageBody::ThreadReopen
} else {
MessageBody::ThreadClosure
},
thread_id: report.thread_id,
}
.insert(&mut transaction)
.await?;
}
sqlx::query!(
"
@ -385,7 +425,7 @@ pub async fn report_delete(
pool: web::Data<PgPool>,
info: web::Path<(crate::models::reports::ReportId,)>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
check_is_moderator_from_headers(&req, &**pool, &redis, &session_queue).await?;

2
src/routes/v2/tags.rs
View File

@ -29,8 +29,6 @@ pub struct CategoryData {
header: String,
}
// TODO: searching / filtering? Could be used to implement a live
// searching category list
#[get("category")]
pub async fn category_list(pool: web::Data<PgPool>) -> Result<HttpResponse, ApiError> {
let results = Category::list(&**pool)

108
src/routes/v2/teams.rs
View File

@ -3,9 +3,10 @@ use crate::database::models::notification_item::NotificationBuilder;
use crate::database::models::TeamMember;
use crate::models::ids::ProjectId;
use crate::models::notifications::NotificationBody;
use crate::models::pats::Scopes;
use crate::models::teams::{Permissions, TeamId};
use crate::models::users::UserId;
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use crate::routes::ApiError;
use actix_web::{delete, get, patch, post, web, HttpRequest, HttpResponse};
use rust_decimal::Decimal;
@ -32,15 +33,22 @@ pub async fn team_members_get_project(
info: web::Path<(String,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let string = info.into_inner().0;
let project_data = crate::database::models::Project::get(&string, &**pool, &redis).await?;
if let Some(project) = project_data {
let current_user = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let current_user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_READ]),
)
.await
.map(|x| x.1)
.ok();
if !is_authorized(&project.inner, &current_user, &pool).await? {
return Ok(HttpResponse::NotFound().body(""));
@ -93,7 +101,7 @@ pub async fn team_members_get(
info: web::Path<(TeamId,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let id = info.into_inner().0;
let members_data = TeamMember::get_from_team_full(id.into(), &**pool, &redis).await?;
@ -104,9 +112,16 @@ pub async fn team_members_get(
)
.await?;
let current_user = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let current_user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_READ]),
)
.await
.map(|x| x.1)
.ok();
let user_id = current_user.as_ref().map(|x| x.id.into());
let logged_in = current_user
@ -148,7 +163,7 @@ pub async fn teams_get(
web::Query(ids): web::Query<TeamIds>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
use itertools::Itertools;
@ -165,9 +180,16 @@ pub async fn teams_get(
)
.await?;
let current_user = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let current_user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_READ]),
)
.await
.map(|x| x.1)
.ok();
let teams_groups = teams_data.into_iter().group_by(|data| data.team_id.0);
@ -206,10 +228,18 @@ pub async fn join_team(
info: web::Path<(TeamId,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let team_id = info.into_inner().0.into();
let current_user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let current_user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_WRITE]),
)
.await?
.1;
let member =
TeamMember::get_from_user_id_pending(team_id, current_user.id.into(), &**pool).await?;
@ -275,13 +305,21 @@ pub async fn add_team_member(
pool: web::Data<PgPool>,
new_member: web::Json<NewTeamMember>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let team_id = info.into_inner().0.into();
let mut transaction = pool.begin().await?;
let current_user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let current_user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_WRITE]),
)
.await?
.1;
let member = TeamMember::get_from_user_id(team_id, current_user.id.into(), &**pool)
.await?
.ok_or_else(|| {
@ -390,13 +428,21 @@ pub async fn edit_team_member(
pool: web::Data<PgPool>,
edit_member: web::Json<EditTeamMember>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let ids = info.into_inner();
let id = ids.0.into();
let user_id = ids.1.into();
let current_user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let current_user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_WRITE]),
)
.await?
.1;
let member = TeamMember::get_from_user_id(id, current_user.id.into(), &**pool)
.await?
.ok_or_else(|| {
@ -481,11 +527,19 @@ pub async fn transfer_ownership(
pool: web::Data<PgPool>,
new_owner: web::Json<TransferOwnership>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let id = info.into_inner().0;
let current_user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let current_user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_WRITE]),
)
.await?
.1;
if !current_user.role.is_admin() {
let member = TeamMember::get_from_user_id(id.into(), current_user.id.into(), &**pool)
@ -554,13 +608,21 @@ pub async fn remove_team_member(
info: web::Path<(TeamId, UserId)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let ids = info.into_inner();
let id = ids.0.into();
let user_id = ids.1.into();
let current_user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let current_user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_WRITE]),
)
.await?
.1;
let member = TeamMember::get_from_user_id(id, current_user.id.into(), &**pool)
.await?
.ok_or_else(|| {

184
src/routes/v2/threads.rs
View File

@ -4,10 +4,11 @@ use crate::database::models::notification_item::NotificationBuilder;
use crate::database::models::thread_item::ThreadMessageBuilder;
use crate::models::ids::ThreadMessageId;
use crate::models::notifications::NotificationBody;
use crate::models::pats::Scopes;
use crate::models::projects::ProjectStatus;
use crate::models::threads::{MessageBody, Thread, ThreadId, ThreadType};
use crate::models::users::User;
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use crate::routes::ApiError;
use actix_web::{delete, get, post, web, HttpRequest, HttpResponse};
use futures::TryStreamExt;
@ -38,28 +39,34 @@ pub async fn is_authorized_thread(
let user_id: database::models::UserId = user.id.into();
Ok(match thread.type_ {
ThreadType::Report => {
let report_exists = sqlx::query!(
"SELECT EXISTS(SELECT 1 FROM reports WHERE thread_id = $1 AND reporter = $2)",
thread.id as database::models::ids::ThreadId,
user_id as database::models::ids::UserId,
)
.fetch_one(pool)
.await?
.exists;
if let Some(report_id) = thread.report_id {
let report_exists = sqlx::query!(
"SELECT EXISTS(SELECT 1 FROM reports WHERE id = $1 AND reporter = $2)",
report_id as database::models::ids::ReportId,
user_id as database::models::ids::UserId,
)
.fetch_one(pool)
.await?
.exists;
report_exists.unwrap_or(false)
report_exists.unwrap_or(false)
} else { false }
}
ThreadType::Project => {
let project_exists = sqlx::query!(
"SELECT EXISTS(SELECT 1 FROM mods m INNER JOIN team_members tm ON tm.team_id = m.team_id AND tm.user_id = $2 WHERE thread_id = $1)",
thread.id as database::models::ids::ThreadId,
user_id as database::models::ids::UserId,
)
.fetch_one(pool)
.await?
.exists;
if let Some(project_id) = thread.project_id {
let project_exists = sqlx::query!(
"SELECT EXISTS(SELECT 1 FROM mods m INNER JOIN team_members tm ON tm.team_id = m.team_id AND tm.user_id = $2 WHERE m.id = $1)",
project_id as database::models::ids::ProjectId,
user_id as database::models::ids::UserId,
)
.fetch_one(pool)
.await?
.exists;
project_exists.unwrap_or(false)
project_exists.unwrap_or(false)
} else {
false
}
}
ThreadType::DirectMessage => thread.members.contains(&user_id),
})
@ -90,15 +97,15 @@ pub async fn filter_authorized_threads(
let project_thread_ids = check_threads
.iter()
.filter(|x| x.type_ == ThreadType::Project)
.map(|x| x.id.0)
.flat_map(|x| x.project_id.map(|x| x.0))
.collect::<Vec<_>>();
if !project_thread_ids.is_empty() {
sqlx::query!(
"
SELECT m.thread_id FROM mods m
SELECT m.id FROM mods m
INNER JOIN team_members tm ON tm.team_id = m.team_id AND user_id = $2
WHERE m.thread_id = ANY($1)
WHERE m.id = ANY($1)
",
&*project_thread_ids,
user_id as database::models::ids::UserId,
@ -107,7 +114,7 @@ pub async fn filter_authorized_threads(
.try_for_each(|e| {
if let Some(row) = e.right() {
check_threads.retain(|x| {
let bool = Some(x.id.0) == row.thread_id;
let bool = x.project_id.map(|x| x.0) == Some(row.id);
if bool {
return_threads.push(x.clone());
@ -125,14 +132,14 @@ pub async fn filter_authorized_threads(
let report_thread_ids = check_threads
.iter()
.filter(|x| x.type_ == ThreadType::Report)
.map(|x| x.id.0)
.flat_map(|x| x.report_id.map(|x| x.0))
.collect::<Vec<_>>();
if !report_thread_ids.is_empty() {
sqlx::query!(
"
SELECT thread_id FROM reports
WHERE thread_id = ANY($1) AND reporter = $2
SELECT id FROM reports
WHERE id = ANY($1) AND reporter = $2
",
&*report_thread_ids,
user_id as database::models::ids::UserId,
@ -141,7 +148,7 @@ pub async fn filter_authorized_threads(
.try_for_each(|e| {
if let Some(row) = e.right() {
check_threads.retain(|x| {
let bool = Some(x.id.0) == row.thread_id;
let bool = x.report_id.map(|x| x.0) == Some(row.id);
if bool {
return_threads.push(x.clone());
@ -212,13 +219,21 @@ pub async fn thread_get(
info: web::Path<(ThreadId,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let string = info.into_inner().0.into();
let thread_data = database::models::Thread::get(string, &**pool).await?;
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::THREAD_READ]),
)
.await?
.1;
if let Some(mut data) = thread_data {
if is_authorized_thread(&data, &user, &pool).await? {
@ -255,9 +270,17 @@ pub async fn threads_get(
web::Query(ids): web::Query<ThreadIds>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::THREAD_READ]),
)
.await?
.1;
let thread_ids: Vec<database::models::ids::ThreadId> =
serde_json::from_str::<Vec<ThreadId>>(&ids.ids)?
@ -284,9 +307,17 @@ pub async fn thread_send_message(
pool: web::Data<PgPool>,
new_message: web::Json<NewThreadMessage>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::THREAD_WRITE]),
)
.await?
.1;
let string: database::models::ThreadId = info.into_inner().0.into();
@ -347,50 +378,45 @@ pub async fn thread_send_message(
.insert(&mut transaction)
.await?;
let mod_notif = if thread.type_ == ThreadType::Project {
let record = sqlx::query!(
"SELECT m.id, m.status, m.team_id FROM mods m WHERE thread_id = $1",
thread.id as database::models::ids::ThreadId,
let mod_notif = if let Some(project_id) = thread.project_id {
let project = database::models::Project::get_id(
project_id,
&**pool,
&redis,
)
.fetch_one(&**pool)
.await?;
let status = ProjectStatus::from_str(&record.status);
if status != ProjectStatus::Processing && user.role.is_mod() {
let members = database::models::TeamMember::get_from_team_full(
database::models::TeamId(record.team_id),
&**pool,
&redis,
)
.await?;
NotificationBuilder {
body: NotificationBody::ModeratorMessage {
thread_id: thread.id.into(),
message_id: id.into(),
project_id: Some(database::models::ProjectId(record.id).into()),
report_id: None,
},
if let Some(project) = project {
if project.inner.status != ProjectStatus::Processing && user.role.is_mod() {
let members = database::models::TeamMember::get_from_team_full(
project.inner.team_id,
&**pool,
&redis,
)
.await?;
NotificationBuilder {
body: NotificationBody::ModeratorMessage {
thread_id: thread.id.into(),
message_id: id.into(),
project_id: Some(project.inner.id.into()),
report_id: None,
},
}
.insert_many(
members.into_iter().map(|x| x.user_id).collect(),
&mut transaction,
)
.await?;
}
.insert_many(
members.into_iter().map(|x| x.user_id).collect(),
&mut transaction,
)
.await?;
project.inner.status == ProjectStatus::Processing && !user.role.is_mod()
} else {
!user.role.is_mod()
}
status == ProjectStatus::Processing && !user.role.is_mod()
} else if thread.type_ == ThreadType::Report {
let record = sqlx::query!(
"SELECT r.id FROM reports r WHERE thread_id = $1",
thread.id as database::models::ids::ThreadId,
)
.fetch_one(&**pool)
.await?;
} else if let Some(report_id) = thread.report_id {
let report = database::models::report_item::Report::get(
database::models::ReportId(record.id),
report_id,
&**pool,
)
.await?;
@ -446,7 +472,7 @@ pub async fn moderation_inbox(
req: HttpRequest,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = check_is_moderator_from_headers(&req, &**pool, &redis, &session_queue).await?;
@ -474,7 +500,7 @@ pub async fn thread_read(
info: web::Path<(ThreadId,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
check_is_moderator_from_headers(&req, &**pool, &redis, &session_queue).await?;
@ -503,9 +529,17 @@ pub async fn message_delete(
info: web::Path<(ThreadMessageId,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::THREAD_WRITE]),
)
.await?
.1;
let result = database::models::ThreadMessage::get(info.into_inner().0.into(), &**pool).await?;

183
src/routes/v2/users.rs
View File

@ -1,11 +1,12 @@
use crate::auth::get_user_from_headers;
use crate::auth::{get_user_from_headers, AuthenticationError};
use crate::database::models::User;
use crate::file_hosting::FileHost;
use crate::models::notifications::Notification;
use crate::models::pats::Scopes;
use crate::models::projects::Project;
use crate::models::users::{Badges, RecipientType, RecipientWallet, Role, UserId};
use crate::queue::payouts::{PayoutAmount, PayoutItem, PayoutsQueue};
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use crate::routes::ApiError;
use crate::util::routes::read_from_payload;
use crate::util::validate::validation_errors_to_string;
@ -27,7 +28,6 @@ use validator::Validate;
pub fn config(cfg: &mut web::ServiceConfig) {
cfg.service(user_auth_get);
cfg.service(user_data_get);
cfg.service(users_get);
cfg.service(
@ -49,51 +49,36 @@ pub async fn user_auth_get(
req: HttpRequest,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
Ok(
HttpResponse::Ok()
.json(get_user_from_headers(&req, &**pool, &redis, &session_queue).await?),
let (scopes, mut user) = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::USER_READ]),
)
}
.await?;
#[derive(Serialize)]
pub struct UserData {
pub notifs_count: u64,
pub followed_projects: Vec<crate::models::ids::ProjectId>,
}
#[get("user_data")]
pub async fn user_data_get(
req: HttpRequest,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let data = sqlx::query!(
"
SELECT COUNT(DISTINCT n.id) notifs_count, ARRAY_AGG(mf.mod_id) followed_projects FROM notifications n
LEFT OUTER JOIN mod_follows mf ON mf.follower_id = $1
WHERE user_id = $1 AND read = FALSE
",
user.id.0 as i64
).fetch_optional(&**pool).await?;
if let Some(data) = data {
Ok(HttpResponse::Ok().json(UserData {
notifs_count: data.notifs_count.map(|x| x as u64).unwrap_or(0),
followed_projects: data
.followed_projects
.unwrap_or_default()
.into_iter()
.map(|x| crate::models::ids::ProjectId(x as u64))
.collect(),
}))
} else {
Ok(HttpResponse::NoContent().body(""))
if !scopes.contains(Scopes::USER_READ_EMAIL) {
user.email = None;
}
if !scopes.contains(Scopes::PAYOUTS_READ) {
user.payout_data = None;
}
Ok(HttpResponse::Ok().json(
get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::USER_READ]),
)
.await?
.1,
))
}
#[derive(Serialize, Deserialize)]
@ -138,11 +123,18 @@ pub async fn projects_list(
info: web::Path<(String,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_READ]),
)
.await
.map(|x| x.1)
.ok();
let id_option = User::get(&info.into_inner().0, &**pool, &redis).await?;
@ -218,9 +210,16 @@ pub async fn user_edit(
new_user: web::Json<EditUser>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let (scopes, user) = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::USER_WRITE]),
)
.await?;
new_user
.validate()
@ -343,6 +342,12 @@ pub async fn user_edit(
));
}
if !scopes.contains(Scopes::PAYOUTS_WRITE) {
return Err(ApiError::Authentication(
AuthenticationError::InvalidCredentials,
));
}
if !match payout_data.payout_wallet_type {
RecipientType::Email => {
validator::validate_email(&payout_data.payout_address)
@ -401,6 +406,12 @@ pub async fn user_edit(
}
if let Some((old_password, new_password)) = &new_user.password {
if !scopes.contains(Scopes::USER_AUTH_WRITE) {
return Err(ApiError::Authentication(
AuthenticationError::InvalidCredentials,
));
}
if let Some(pass) = actual_user.password {
let old_password = old_password.as_ref().ok_or_else(|| {
ApiError::CustomAuthentication(
@ -500,11 +511,19 @@ pub async fn user_icon_edit(
redis: web::Data<deadpool_redis::Pool>,
file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
mut payload: web::Payload,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
if let Some(content_type) = crate::util::ext::get_image_content_type(&ext.ext) {
let cdn_url = dotenvy::var("CDN_URL")?;
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::USER_WRITE]),
)
.await?
.1;
let id_option = User::get(&info.into_inner().0, &**pool, &redis).await?;
if let Some(actual_user) = id_option {
@ -579,9 +598,17 @@ pub async fn user_delete(
pool: web::Data<PgPool>,
removal_type: web::Query<RemovalType>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::USER_DELETE]),
)
.await?
.1;
let id_option = User::get(&info.into_inner().0, &**pool, &redis).await?;
if let Some(id) = id_option.map(|x| x.id) {
@ -619,9 +646,17 @@ pub async fn user_follows(
info: web::Path<(String,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::USER_READ]),
)
.await?
.1;
let id_option = User::get(&info.into_inner().0, &**pool, &redis).await?;
if let Some(id) = id_option.map(|x| x.id) {
@ -667,9 +702,17 @@ pub async fn user_notifications(
info: web::Path<(String,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::NOTIFICATION_READ]),
)
.await?
.1;
let id_option = User::get(&info.into_inner().0, &**pool, &redis).await?;
if let Some(id) = id_option.map(|x| x.id) {
@ -707,9 +750,17 @@ pub async fn user_payouts(
info: web::Path<(String,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PAYOUTS_READ]),
)
.await?
.1;
let id_option = User::get(&info.into_inner().0, &**pool, &redis).await?;
if let Some(id) = id_option.map(|x| x.id) {
@ -784,11 +835,19 @@ pub async fn user_payouts_request(
data: web::Json<PayoutData>,
payouts_queue: web::Data<Mutex<PayoutsQueue>>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let mut payouts_queue = payouts_queue.lock().await;
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PAYOUTS_WRITE]),
)
.await?
.1;
let id_option = User::get(&info.into_inner().0, &**pool, &redis).await?;
if let Some(id) = id_option.map(|x| x.id) {

31
src/routes/v2/version_creation.rs
View File

@ -8,12 +8,13 @@ use crate::database::models::version_item::{
use crate::file_hosting::FileHost;
use crate::models::notifications::NotificationBody;
use crate::models::pack::PackFileHash;
use crate::models::pats::Scopes;
use crate::models::projects::{
Dependency, DependencyType, FileType, GameVersion, Loader, ProjectId, Version, VersionFile,
VersionId, VersionStatus, VersionType,
};
use crate::models::teams::Permissions;
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use crate::util::routes::read_from_field;
use crate::util::validate::validation_errors_to_string;
use crate::validate::{validate_file, ValidationResult};
@ -85,7 +86,7 @@ pub async fn version_create(
client: Data<PgPool>,
redis: Data<deadpool_redis::Pool>,
file_host: Data<Arc<dyn FileHost + Send + Sync>>,
session_queue: Data<SessionQueue>,
session_queue: Data<AuthQueue>,
) -> Result<HttpResponse, CreateError> {
let mut transaction = client.begin().await?;
let mut uploaded_files = Vec::new();
@ -127,7 +128,7 @@ async fn version_create_inner(
file_host: &dyn FileHost,
uploaded_files: &mut Vec<UploadedFile>,
pool: &PgPool,
session_queue: &SessionQueue,
session_queue: &AuthQueue,
) -> Result<HttpResponse, CreateError> {
let cdn_url = dotenvy::var("CDN_URL")?;
@ -137,7 +138,15 @@ async fn version_create_inner(
let all_game_versions = models::categories::GameVersion::list(&mut *transaction).await?;
let all_loaders = models::categories::Loader::list(&mut *transaction).await?;
let user = get_user_from_headers(&req, pool, redis, session_queue).await?;
let user = get_user_from_headers(
&req,
pool,
redis,
session_queue,
Some(&[Scopes::VERSION_CREATE]),
)
.await?
.1;
let mut error = None;
while let Some(item) = payload.next().await {
@ -441,7 +450,7 @@ pub async fn upload_file_to_version(
client: Data<PgPool>,
redis: Data<deadpool_redis::Pool>,
file_host: Data<Arc<dyn FileHost + Send + Sync>>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, CreateError> {
let mut transaction = client.begin().await?;
let mut uploaded_files = Vec::new();
@ -487,14 +496,22 @@ async fn upload_file_to_version_inner(
file_host: &dyn FileHost,
uploaded_files: &mut Vec<UploadedFile>,
version_id: models::VersionId,
session_queue: &SessionQueue,
session_queue: &AuthQueue,
) -> Result<HttpResponse, CreateError> {
let cdn_url = dotenvy::var("CDN_URL")?;
let mut initial_file_data: Option<InitialFileData> = None;
let mut file_builders: Vec<VersionFileBuilder> = Vec::new();
let user = get_user_from_headers(&req, &**client, &redis, session_queue).await?;
let user = get_user_from_headers(
&req,
&**client,
&redis,
session_queue,
Some(&[Scopes::VERSION_WRITE]),
)
.await?
.1;
let result = models::Version::get(version_id, &**client, &redis).await?;

105
src/routes/v2/version_file.rs
View File

@ -4,9 +4,10 @@ use crate::auth::{
is_authorized_version,
};
use crate::models::ids::VersionId;
use crate::models::pats::Scopes;
use crate::models::projects::VersionType;
use crate::models::teams::Permissions;
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use crate::{database, models};
use actix_web::{delete, get, post, web, HttpRequest, HttpResponse};
use itertools::Itertools;
@ -49,11 +50,18 @@ pub async fn get_version_from_hash(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
hash_query: web::Query<HashQuery>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::VERSION_READ]),
)
.await
.map(|x| x.1)
.ok();
let hash = info.into_inner().0.to_lowercase();
let file = database::models::Version::get_file_from_hash(
@ -95,11 +103,18 @@ pub async fn download_version(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
hash_query: web::Query<HashQuery>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::VERSION_READ]),
)
.await
.map(|x| x.1)
.ok();
let hash = info.into_inner().0.to_lowercase();
let file = database::models::Version::get_file_from_hash(
@ -138,9 +153,17 @@ pub async fn delete_file(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
hash_query: web::Query<HashQuery>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::VERSION_WRITE]),
)
.await?
.1;
let hash = info.into_inner().0.to_lowercase();
@ -234,11 +257,18 @@ pub async fn get_update_from_hash(
redis: web::Data<deadpool_redis::Pool>,
hash_query: web::Query<HashQuery>,
update_data: web::Json<UpdateData>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::VERSION_READ]),
)
.await
.map(|x| x.1)
.ok();
let hash = info.into_inner().0.to_lowercase();
if let Some(file) = database::models::Version::get_file_from_hash(
@ -304,11 +334,18 @@ pub async fn get_versions_from_hashes(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
file_data: web::Json<FileHashes>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::VERSION_READ]),
)
.await
.map(|x| x.1)
.ok();
let files = database::models::Version::get_files_from_hash(
file_data.algorithm.clone(),
@ -345,11 +382,18 @@ pub async fn get_projects_from_hashes(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
file_data: web::Json<FileHashes>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::VERSION_READ]),
)
.await
.map(|x| x.1)
.ok();
let files = database::models::Version::get_files_from_hash(
file_data.algorithm.clone(),
@ -396,11 +440,18 @@ pub async fn update_files(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
update_data: web::Json<ManyUpdateData>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::VERSION_READ]),
)
.await
.map(|x| x.1)
.ok();
let files = database::models::Version::get_files_from_hash(
update_data.algorithm.clone(),

99
src/routes/v2/versions.rs
View File

@ -4,9 +4,10 @@ use crate::auth::{
};
use crate::database;
use crate::models;
use crate::models::pats::Scopes;
use crate::models::projects::{Dependency, FileType, VersionStatus, VersionType};
use crate::models::teams::Permissions;
use crate::queue::session::SessionQueue;
use crate::queue::session::AuthQueue;
use crate::util::validate::validation_errors_to_string;
use actix_web::{delete, get, patch, post, web, HttpRequest, HttpResponse};
use chrono::{DateTime, Utc};
@ -45,15 +46,22 @@ pub async fn version_list(
web::Query(filters): web::Query<VersionListFilters>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let string = info.into_inner().0;
let result = database::models::Project::get(&string, &**pool, &redis).await?;
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_READ, Scopes::VERSION_READ]),
)
.await
.map(|x| x.1)
.ok();
if let Some(project) = result {
if !is_authorized(&project.inner, &user_option, &pool).await? {
@ -154,15 +162,22 @@ pub async fn version_project_get(
info: web::Path<(String, String)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let id = info.into_inner();
let version_data =
database::models::Version::get_full_from_id_slug(&id.0, &id.1, &**pool, &redis).await?;
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::PROJECT_READ, Scopes::VERSION_READ]),
)
.await
.map(|x| x.1)
.ok();
if let Some(data) = version_data {
if is_authorized_version(&data.inner, &user_option, &pool).await? {
@ -184,7 +199,7 @@ pub async fn versions_get(
web::Query(ids): web::Query<VersionIds>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let version_ids = serde_json::from_str::<Vec<models::ids::VersionId>>(&ids.ids)?
.into_iter()
@ -192,9 +207,16 @@ pub async fn versions_get(
.collect::<Vec<database::models::VersionId>>();
let versions_data = database::models::Version::get_many(&version_ids, &**pool, &redis).await?;
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::VERSION_READ]),
)
.await
.map(|x| x.1)
.ok();
let versions = filter_authorized_versions(versions_data, &user_option, &pool).await?;
@ -207,14 +229,21 @@ pub async fn version_get(
info: web::Path<(models::ids::VersionId,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let id = info.into_inner().0;
let version_data = database::models::Version::get(id.into(), &**pool, &redis).await?;
let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
.await
.ok();
let user_option = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::VERSION_READ]),
)
.await
.map(|x| x.1)
.ok();
if let Some(data) = version_data {
if is_authorized_version(&data.inner, &user_option, &pool).await? {
@ -268,9 +297,17 @@ pub async fn version_edit(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
new_version: web::Json<EditVersion>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::VERSION_WRITE]),
)
.await?
.1;
new_version
.validate()
@ -645,9 +682,17 @@ pub async fn version_schedule(
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
scheduling_data: web::Json<SchedulingData>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::VERSION_WRITE]),
)
.await?
.1;
if scheduling_data.time < Utc::now() {
return Err(ApiError::InvalidInput(
@ -711,9 +756,17 @@ pub async fn version_delete(
info: web::Path<(models::ids::VersionId,)>,
pool: web::Data<PgPool>,
redis: web::Data<deadpool_redis::Pool>,
session_queue: web::Data<SessionQueue>,
session_queue: web::Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(&req, &**pool, &redis, &session_queue).await?;
let user = get_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Some(&[Scopes::VERSION_DELETE]),
)
.await?
.1;
let id = info.into_inner().0;
let version = database::models::Version::get(id.into(), &**pool, &redis)