i am going insane

This commit is contained in:
SadlyNotSappho 2024-03-22 12:10:51 -07:00
parent 92671eb0c8
commit 3a5fb7bcd0
3 changed files with 81 additions and 47 deletions

View File

@ -24,7 +24,7 @@ use rocket::fs::TempFile;
use rocket::http::CookieJar; use rocket::http::CookieJar;
use rocket::serde::{json::Json, Deserialize}; use rocket::serde::{json::Json, Deserialize};
use fossil::tables::{Db, Image, Post, User}; use fossil::tables::{Db, Image, LoginStatus, Post, User};
#[get("/login")] #[get("/login")]
fn login_page() -> RawHtml<String> { fn login_page() -> RawHtml<String> {
@ -374,66 +374,76 @@ async fn get_image(
} }
#[post("/upload", format = "image/png", data = "<file>")] #[post("/upload", format = "image/png", data = "<file>")]
async fn upload(mut file: TempFile<'_>, cookies: &CookieJar<'_>, mut db: Connection<Db>) -> String { async fn upload(
mut file: TempFile<'_>,
cookies: &CookieJar<'_>,
mut db: Connection<Db>,
) -> status::Custom<String> {
let uuid = Uuid::new_v4().to_string(); let uuid = Uuid::new_v4().to_string();
// login & perms check
match User::login_status(&mut db, cookies).await {
LoginStatus::LoggedIn(user) => {
match user.make_posts || user.admin {
// image validation check
true => {
match file.copy_to(format!("/srv/tmpimages/{uuid}.png")).await { match file.copy_to(format!("/srv/tmpimages/{uuid}.png")).await {
Ok(_) => { Ok(_) => {
// validate that it is, in fact, an image // validate that it is, in fact, an image
match Reader::open(format!("/srv/tmpimages/{uuid}.png")) { match Reader::open(format!("/srv/tmpimages/{uuid}.png")) {
Ok(_) => { Ok(_) => {
match cookies.get_private("token") { match file.copy_to(format!("/srv/images/{uuid}.png")).await {
Some(t) => { Ok(_) => match Image::create(&mut db, &uuid, user).await {
match User::get_by_token(&mut db, t).await {
Some(user) => {
if user.make_posts == true || user.admin == true {
// upload to db
match Image::create(&mut db, &uuid, user).await {
Ok(_) => {
// move image
match file
.copy_to(format!("/srv/images/{uuid}.png"))
.await
{
Ok(_) => { Ok(_) => {
match fs::remove_file(format!( match fs::remove_file(format!(
"/srv/tmpimages/{uuid}.png" "/srv/tmpimages/{uuid}.png"
)) { )) {
Ok(_) => uuid, Ok(_) => status::Custom(Status::Created, uuid),
Err(why) => { Err(why) => {
eprintln!("{why:?}"); eprintln!("couldn't clear image from tmpimages: {why:?}");
"couldn't delete old file" status::Custom(Status::Ok, uuid)
.to_string()
} }
} }
} }
Err(why) => { Err(why) => {
eprintln!("{why:?}"); eprintln!("{why:?}");
"couldn't save file to final destination" status::Custom(
.to_string() Status::InternalServerError,
"Couldn't save to DB".to_string(),
)
}
},
Err(_) => status::Custom(
Status::InternalServerError,
"Couldn't copy file to final location".to_string(),
),
} }
} }
} Err(_) => status::Custom(
Err(_) => "Couldn't save to DB".to_string(), Status::Forbidden,
} "File isn't an image".to_string(),
} else { ),
"Invalid perms".to_string()
} }
} }
None => "Invalid login token".to_string(), Err(_) => status::Custom(
Status::InternalServerError,
"Couldn't save temporary file".to_string(),
),
} }
} }
None => "Not logged in".to_string(), false => status::Custom(
Status::Unauthorized,
"You don't have the right permissions for that".to_string(),
),
} }
} }
Err(why) => { LoginStatus::InvalidToken => {
// isn't an image, or something else went wrong status::Custom(Status::Unauthorized, "Invalid login token".to_string())
eprintln!("{why:?}");
"error".to_string()
} }
LoginStatus::NotLoggedIn => {
status::Custom(Status::Unauthorized, "Not logged in".to_string())
} }
} }
Err(why) => why.to_string(),
}
} }
#[delete("/images/<uuid>")] #[delete("/images/<uuid>")]

View File

@ -1,7 +1,7 @@
use base64::{engine::general_purpose, Engine}; use base64::{engine::general_purpose, Engine};
use rand::{RngCore, SeedableRng}; use rand::{RngCore, SeedableRng};
use regex::Regex; use regex::Regex;
use rocket::http::Cookie; use rocket::http::{Cookie, CookieJar};
use rocket_db_pools::sqlx::Executor; use rocket_db_pools::sqlx::Executor;
use rocket_db_pools::Connection; use rocket_db_pools::Connection;
use rocket_db_pools::{ use rocket_db_pools::{
@ -67,6 +67,12 @@ pub struct User {
pub comment: bool, pub comment: bool,
} }
pub enum LoginStatus {
InvalidToken,
NotLoggedIn,
LoggedIn(User)
}
impl User { impl User {
pub async fn create(db: &mut Connection<Db>, username: &String, password: &String) -> Result<String, String> { pub async fn create(db: &mut Connection<Db>, username: &String, password: &String) -> Result<String, String> {
match Regex::new(r"[^A-Za-z0-9_]") { match Regex::new(r"[^A-Za-z0-9_]") {
@ -217,6 +223,22 @@ impl User {
} }
} }
} }
pub async fn login_status(db: &mut Connection<Db>, cookies: &CookieJar<'_>) -> LoginStatus {
match cookies.get_private("token") {
Some(t) => {
match User::get_by_token(db, t).await {
Some(user) => {
LoginStatus::LoggedIn(user)
},
None => {
LoginStatus::InvalidToken
}
}
},
None => LoginStatus::NotLoggedIn
}
}
} }
pub struct Image { pub struct Image {

View File

@ -32,6 +32,8 @@
}, },
body: input.files[0] body: input.files[0]
}) })
// TODO: if status is 200, not 201, alert the user to tell the admins to clear tmpimages
alert(await token.text()); alert(await token.text());
}); });