i am going insane
This commit is contained in:
parent
92671eb0c8
commit
3a5fb7bcd0
102
src/main.rs
102
src/main.rs
|
|
@ -24,7 +24,7 @@ use rocket::fs::TempFile;
|
|||
use rocket::http::CookieJar;
|
||||
use rocket::serde::{json::Json, Deserialize};
|
||||
|
||||
use fossil::tables::{Db, Image, Post, User};
|
||||
use fossil::tables::{Db, Image, LoginStatus, Post, User};
|
||||
|
||||
#[get("/login")]
|
||||
fn login_page() -> RawHtml<String> {
|
||||
|
|
@ -374,65 +374,75 @@ async fn get_image(
|
|||
}
|
||||
|
||||
#[post("/upload", format = "image/png", data = "<file>")]
|
||||
async fn upload(mut file: TempFile<'_>, cookies: &CookieJar<'_>, mut db: Connection<Db>) -> String {
|
||||
async fn upload(
|
||||
mut file: TempFile<'_>,
|
||||
cookies: &CookieJar<'_>,
|
||||
mut db: Connection<Db>,
|
||||
) -> status::Custom<String> {
|
||||
let uuid = Uuid::new_v4().to_string();
|
||||
match file.copy_to(format!("/srv/tmpimages/{uuid}.png")).await {
|
||||
Ok(_) => {
|
||||
// validate that it is, in fact, an image
|
||||
match Reader::open(format!("/srv/tmpimages/{uuid}.png")) {
|
||||
Ok(_) => {
|
||||
match cookies.get_private("token") {
|
||||
Some(t) => {
|
||||
match User::get_by_token(&mut db, t).await {
|
||||
Some(user) => {
|
||||
if user.make_posts == true || user.admin == true {
|
||||
// upload to db
|
||||
match Image::create(&mut db, &uuid, user).await {
|
||||
|
||||
// login & perms check
|
||||
match User::login_status(&mut db, cookies).await {
|
||||
LoginStatus::LoggedIn(user) => {
|
||||
match user.make_posts || user.admin {
|
||||
// image validation check
|
||||
true => {
|
||||
match file.copy_to(format!("/srv/tmpimages/{uuid}.png")).await {
|
||||
Ok(_) => {
|
||||
// validate that it is, in fact, an image
|
||||
match Reader::open(format!("/srv/tmpimages/{uuid}.png")) {
|
||||
Ok(_) => {
|
||||
match file.copy_to(format!("/srv/images/{uuid}.png")).await {
|
||||
Ok(_) => match Image::create(&mut db, &uuid, user).await {
|
||||
Ok(_) => {
|
||||
// move image
|
||||
match file
|
||||
.copy_to(format!("/srv/images/{uuid}.png"))
|
||||
.await
|
||||
{
|
||||
Ok(_) => {
|
||||
match fs::remove_file(format!(
|
||||
"/srv/tmpimages/{uuid}.png"
|
||||
)) {
|
||||
Ok(_) => uuid,
|
||||
Err(why) => {
|
||||
eprintln!("{why:?}");
|
||||
"couldn't delete old file"
|
||||
.to_string()
|
||||
}
|
||||
}
|
||||
}
|
||||
match fs::remove_file(format!(
|
||||
"/srv/tmpimages/{uuid}.png"
|
||||
)) {
|
||||
Ok(_) => status::Custom(Status::Created, uuid),
|
||||
Err(why) => {
|
||||
eprintln!("{why:?}");
|
||||
"couldn't save file to final destination"
|
||||
.to_string()
|
||||
eprintln!("couldn't clear image from tmpimages: {why:?}");
|
||||
status::Custom(Status::Ok, uuid)
|
||||
}
|
||||
}
|
||||
}
|
||||
Err(_) => "Couldn't save to DB".to_string(),
|
||||
}
|
||||
} else {
|
||||
"Invalid perms".to_string()
|
||||
Err(why) => {
|
||||
eprintln!("{why:?}");
|
||||
status::Custom(
|
||||
Status::InternalServerError,
|
||||
"Couldn't save to DB".to_string(),
|
||||
)
|
||||
}
|
||||
},
|
||||
Err(_) => status::Custom(
|
||||
Status::InternalServerError,
|
||||
"Couldn't copy file to final location".to_string(),
|
||||
),
|
||||
}
|
||||
}
|
||||
None => "Invalid login token".to_string(),
|
||||
Err(_) => status::Custom(
|
||||
Status::Forbidden,
|
||||
"File isn't an image".to_string(),
|
||||
),
|
||||
}
|
||||
}
|
||||
None => "Not logged in".to_string(),
|
||||
Err(_) => status::Custom(
|
||||
Status::InternalServerError,
|
||||
"Couldn't save temporary file".to_string(),
|
||||
),
|
||||
}
|
||||
}
|
||||
Err(why) => {
|
||||
// isn't an image, or something else went wrong
|
||||
eprintln!("{why:?}");
|
||||
"error".to_string()
|
||||
}
|
||||
false => status::Custom(
|
||||
Status::Unauthorized,
|
||||
"You don't have the right permissions for that".to_string(),
|
||||
),
|
||||
}
|
||||
}
|
||||
Err(why) => why.to_string(),
|
||||
LoginStatus::InvalidToken => {
|
||||
status::Custom(Status::Unauthorized, "Invalid login token".to_string())
|
||||
}
|
||||
LoginStatus::NotLoggedIn => {
|
||||
status::Custom(Status::Unauthorized, "Not logged in".to_string())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
use base64::{engine::general_purpose, Engine};
|
||||
use rand::{RngCore, SeedableRng};
|
||||
use regex::Regex;
|
||||
use rocket::http::Cookie;
|
||||
use rocket::http::{Cookie, CookieJar};
|
||||
use rocket_db_pools::sqlx::Executor;
|
||||
use rocket_db_pools::Connection;
|
||||
use rocket_db_pools::{
|
||||
|
|
@ -67,6 +67,12 @@ pub struct User {
|
|||
pub comment: bool,
|
||||
}
|
||||
|
||||
pub enum LoginStatus {
|
||||
InvalidToken,
|
||||
NotLoggedIn,
|
||||
LoggedIn(User)
|
||||
}
|
||||
|
||||
impl User {
|
||||
pub async fn create(db: &mut Connection<Db>, username: &String, password: &String) -> Result<String, String> {
|
||||
match Regex::new(r"[^A-Za-z0-9_]") {
|
||||
|
|
@ -217,6 +223,22 @@ impl User {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn login_status(db: &mut Connection<Db>, cookies: &CookieJar<'_>) -> LoginStatus {
|
||||
match cookies.get_private("token") {
|
||||
Some(t) => {
|
||||
match User::get_by_token(db, t).await {
|
||||
Some(user) => {
|
||||
LoginStatus::LoggedIn(user)
|
||||
},
|
||||
None => {
|
||||
LoginStatus::InvalidToken
|
||||
}
|
||||
}
|
||||
},
|
||||
None => LoginStatus::NotLoggedIn
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub struct Image {
|
||||
|
|
|
|||
|
|
@ -32,6 +32,8 @@
|
|||
},
|
||||
body: input.files[0]
|
||||
})
|
||||
|
||||
// TODO: if status is 200, not 201, alert the user to tell the admins to clear tmpimages
|
||||
alert(await token.text());
|
||||
});
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue