start working on removing stupid shit i made and fixing errors n' all that
This commit is contained in:
parent
8d9d3bcd13
commit
57d558e254
10
src/lib.rs
10
src/lib.rs
|
@ -1,11 +1 @@
|
||||||
pub mod tables;
|
pub mod tables;
|
||||||
|
|
||||||
pub struct Status<T> {
|
|
||||||
pub status: StatusTypes,
|
|
||||||
pub data: T
|
|
||||||
}
|
|
||||||
|
|
||||||
pub enum StatusTypes {
|
|
||||||
Success,
|
|
||||||
Faliure
|
|
||||||
}
|
|
||||||
|
|
383
src/main.rs
383
src/main.rs
|
@ -1,17 +1,17 @@
|
||||||
use fossil::StatusTypes;
|
|
||||||
use image::io::Reader;
|
use image::io::Reader;
|
||||||
use rocket::fairing::AdHoc;
|
use rocket::fairing::AdHoc;
|
||||||
use rocket::fs::{FileServer, NamedFile};
|
use rocket::fs::{FileServer, NamedFile};
|
||||||
use rocket::http::Status;
|
use rocket::http::Status;
|
||||||
use rocket::response::content::{self, RawHtml};
|
use rocket::response::content::{self, RawHtml};
|
||||||
|
use rocket::response::status;
|
||||||
use rocket::serde::Serialize;
|
use rocket::serde::Serialize;
|
||||||
use rocket::{Build, Request, Rocket};
|
use rocket::{Build, Request, Rocket};
|
||||||
use rocket_db_pools::sqlx::pool::PoolConnection;
|
use rocket_db_pools::sqlx::pool::PoolConnection;
|
||||||
use rocket_db_pools::sqlx::Postgres;
|
use rocket_db_pools::sqlx::Postgres;
|
||||||
use rocket_db_pools::Connection;
|
use rocket_db_pools::Connection;
|
||||||
use uuid::Uuid;
|
|
||||||
use std::fs;
|
use std::fs;
|
||||||
use std::path::Path;
|
use std::path::Path;
|
||||||
|
use uuid::Uuid;
|
||||||
#[macro_use]
|
#[macro_use]
|
||||||
extern crate rocket;
|
extern crate rocket;
|
||||||
|
|
||||||
|
@ -20,11 +20,11 @@ use rocket_db_pools::{
|
||||||
Database,
|
Database,
|
||||||
};
|
};
|
||||||
|
|
||||||
use rocket::serde::{json::Json, Deserialize};
|
|
||||||
use rocket::http::CookieJar;
|
|
||||||
use rocket::fs::TempFile;
|
use rocket::fs::TempFile;
|
||||||
|
use rocket::http::CookieJar;
|
||||||
|
use rocket::serde::{json::Json, Deserialize};
|
||||||
|
|
||||||
use fossil::tables::{Db, Post, User, Image};
|
use fossil::tables::{Db, Image, Post, User};
|
||||||
|
|
||||||
#[get("/login")]
|
#[get("/login")]
|
||||||
fn login_page() -> RawHtml<String> {
|
fn login_page() -> RawHtml<String> {
|
||||||
|
@ -53,38 +53,36 @@ async fn createuser(
|
||||||
mut db: Connection<Db>,
|
mut db: Connection<Db>,
|
||||||
info: Json<LoginInfo>,
|
info: Json<LoginInfo>,
|
||||||
cookies: &CookieJar<'_>,
|
cookies: &CookieJar<'_>,
|
||||||
) -> String {
|
) -> status::Custom<&'static str> {
|
||||||
let token = cookies.get_private("token");
|
let token = cookies.get_private("token");
|
||||||
match token.is_some() {
|
match token.is_some() {
|
||||||
true => "You're already logged in. Log out before trying to create a new account.".to_string(),
|
true => {
|
||||||
false => {
|
status::Custom(Status::Forbidden,
|
||||||
match User::get_by_username(&mut db, &info.username).await {
|
"You're already logged in. Log out before trying to create a new account.")
|
||||||
|
}
|
||||||
|
false => match User::get_by_username(&mut db, &info.username).await {
|
||||||
Some(_) => "Username already taken. Please try again.".to_string(),
|
Some(_) => "Username already taken. Please try again.".to_string(),
|
||||||
None => {
|
None => match User::create(&mut db, &info.username, &info.password).await {
|
||||||
let created = User::create(&mut db, &info.username, &info.password).await;
|
Ok(_) => match User::get_by_username(&mut db, &info.username).await {
|
||||||
match created.status {
|
|
||||||
StatusTypes::Success => {
|
|
||||||
match User::get_by_username(&mut db, &info.username).await {
|
|
||||||
Some(user) => match user.set_new_token(&mut db).await {
|
Some(user) => match user.set_new_token(&mut db).await {
|
||||||
Ok(t) => {
|
Ok(t) => {
|
||||||
cookies.add_private(("token", t));
|
cookies.add_private(("token", t));
|
||||||
"Your account has been created and you've been automatically logged in.".to_string()
|
"Your account has been created and you've been automatically logged in."
|
||||||
},
|
.to_string()
|
||||||
|
}
|
||||||
Err(why) => {
|
Err(why) => {
|
||||||
eprintln!("{why:?}");
|
eprintln!("{why:?}");
|
||||||
"Couldn't log you in. Your account has been created, though.".to_string()
|
"Couldn't log you in. Your account has been created, though."
|
||||||
},
|
.to_string()
|
||||||
},
|
|
||||||
None => "Something went really wrong. I don't know what.".to_string()
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
StatusTypes::Faliure => {
|
None => "Something went really wrong. I don't know what.".to_string(),
|
||||||
format!("Couldn't create user: {}", created.data)
|
},
|
||||||
}
|
Err(why) => {
|
||||||
}
|
format!("Couldn't create user: {}", why)
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -92,21 +90,14 @@ async fn createuser(
|
||||||
async fn account(mut db: Connection<Db>, cookies: &CookieJar<'_>) -> String {
|
async fn account(mut db: Connection<Db>, cookies: &CookieJar<'_>) -> String {
|
||||||
let token = cookies.get_private("token");
|
let token = cookies.get_private("token");
|
||||||
match token {
|
match token {
|
||||||
Some(t) => {
|
Some(t) => match User::get_by_token(&mut db, t).await {
|
||||||
match User::get_by_token(&mut db, t).await {
|
|
||||||
Some(user) => format!(
|
Some(user) => format!(
|
||||||
"Username: {}\nAdmin: {}\nMake Posts: {}\nComment: {}",
|
"Username: {}\nAdmin: {}\nMake Posts: {}\nComment: {}",
|
||||||
user.username,
|
user.username, user.admin, user.make_posts, user.comment
|
||||||
user.admin,
|
|
||||||
user.make_posts,
|
|
||||||
user.comment
|
|
||||||
),
|
),
|
||||||
None => "User doesn't exist.".to_string()
|
None => "User doesn't exist.".to_string(),
|
||||||
}
|
|
||||||
},
|
},
|
||||||
None => {
|
None => "Not logged in".to_string(),
|
||||||
"Not logged in".to_string()
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -149,8 +140,8 @@ async fn logout(cookies: &CookieJar<'_>) -> &'static str {
|
||||||
Some(_) => {
|
Some(_) => {
|
||||||
cookies.remove_private("token");
|
cookies.remove_private("token");
|
||||||
"Logged out."
|
"Logged out."
|
||||||
},
|
}
|
||||||
None => "Not logged in."
|
None => "Not logged in.",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -158,66 +149,69 @@ async fn logout(cookies: &CookieJar<'_>) -> &'static str {
|
||||||
async fn adminpanel(mut db: Connection<Db>, cookies: &CookieJar<'_>) -> RawHtml<String> {
|
async fn adminpanel(mut db: Connection<Db>, cookies: &CookieJar<'_>) -> RawHtml<String> {
|
||||||
let token = cookies.get_private("token");
|
let token = cookies.get_private("token");
|
||||||
match token {
|
match token {
|
||||||
Some(t) => {
|
Some(t) => match User::get_by_token(&mut db, t).await {
|
||||||
match User::get_by_token(&mut db, t).await {
|
|
||||||
Some(user) => match user.admin {
|
Some(user) => match user.admin {
|
||||||
true => {
|
true => RawHtml(
|
||||||
RawHtml(
|
fs::read_to_string("/srv/web/adminpanel.html")
|
||||||
fs::read_to_string("/srv/web/adminpanel.html").unwrap().replace("{{username}}", &user.username[..])
|
.unwrap()
|
||||||
)
|
.replace("{{username}}", &user.username[..]),
|
||||||
|
),
|
||||||
|
false => RawHtml(fs::read_to_string("/srv/web/invalidperms.html").unwrap()),
|
||||||
},
|
},
|
||||||
false => RawHtml(fs::read_to_string("/srv/web/invalidperms.html").unwrap())
|
None => RawHtml(
|
||||||
}
|
fs::read_to_string("/srv/web/error.html")
|
||||||
None => RawHtml(fs::read_to_string("/srv/web/error.html").unwrap().replace("{{errorcode}}", "498"))
|
.unwrap()
|
||||||
}
|
.replace("{{errorcode}}", "498"),
|
||||||
|
),
|
||||||
},
|
},
|
||||||
None => {
|
None => RawHtml(fs::read_to_string("/srv/web/invalidperms.html").unwrap()),
|
||||||
RawHtml(fs::read_to_string("/srv/web/invalidperms.html").unwrap())
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Deserialize, Serialize)]
|
#[derive(Deserialize, Serialize)]
|
||||||
#[serde(crate = "rocket::serde")]
|
#[serde(crate = "rocket::serde")]
|
||||||
struct ApiPermsResult {
|
struct ApiPermsResult {
|
||||||
perms: Result<Perms, String>
|
perms: Result<Perms, String>,
|
||||||
}
|
}
|
||||||
#[derive(Deserialize, Serialize)]
|
#[derive(Deserialize, Serialize)]
|
||||||
#[serde(crate = "rocket::serde")]
|
#[serde(crate = "rocket::serde")]
|
||||||
struct Perms {
|
struct Perms {
|
||||||
admin: bool,
|
admin: bool,
|
||||||
make_posts: bool,
|
make_posts: bool,
|
||||||
comment: bool
|
comment: bool,
|
||||||
}
|
}
|
||||||
#[get("/perms/<username>")]
|
#[get("/perms/<username>")]
|
||||||
async fn api_perms(mut db: Connection<Db>, username: String, cookies: &CookieJar<'_>) -> Json<ApiPermsResult> {
|
async fn api_perms(
|
||||||
|
mut db: Connection<Db>,
|
||||||
|
username: String,
|
||||||
|
cookies: &CookieJar<'_>,
|
||||||
|
) -> Json<ApiPermsResult> {
|
||||||
match cookies.get_private("token") {
|
match cookies.get_private("token") {
|
||||||
Some(t) => {
|
Some(t) => match User::get_by_token(&mut db, t).await {
|
||||||
match User::get_by_token(&mut db, t).await {
|
Some(user) => match user.admin {
|
||||||
Some(user) => {
|
true => match User::get_by_username(&mut db, &username).await {
|
||||||
match user.admin {
|
Some(user) => Json(ApiPermsResult {
|
||||||
true => {
|
|
||||||
match User::get_by_username(&mut db, &username).await {
|
|
||||||
Some(user) => {
|
|
||||||
Json(ApiPermsResult {
|
|
||||||
perms: Ok(Perms {
|
perms: Ok(Perms {
|
||||||
admin: user.admin,
|
admin: user.admin,
|
||||||
make_posts: user.make_posts,
|
make_posts: user.make_posts,
|
||||||
comment: user.comment
|
comment: user.comment,
|
||||||
})
|
}),
|
||||||
})
|
}),
|
||||||
|
None => Json(ApiPermsResult {
|
||||||
|
perms: Err("User doesn't exist".to_string()),
|
||||||
|
}),
|
||||||
},
|
},
|
||||||
None => {
|
false => Json(ApiPermsResult {
|
||||||
Json(ApiPermsResult { perms: Err("User doesn't exist".to_string()) })
|
perms: Err("You don't have the permission to do this".to_string()),
|
||||||
}
|
}),
|
||||||
}
|
|
||||||
},
|
},
|
||||||
false => {Json(ApiPermsResult { perms: Err("You don't have the permission to do this".to_string())})}
|
None => Json(ApiPermsResult {
|
||||||
}
|
perms: Err("Invalid token".to_string()),
|
||||||
|
}),
|
||||||
},
|
},
|
||||||
None => {Json(ApiPermsResult { perms: Err("Invalid token".to_string())})},
|
None => Json(ApiPermsResult {
|
||||||
}},
|
perms: Err("Not logged in".to_string()),
|
||||||
None => {Json(ApiPermsResult { perms: Err("Not logged in".to_string())})}
|
}),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -226,7 +220,7 @@ async fn api_perms(mut db: Connection<Db>, username: String, cookies: &CookieJar
|
||||||
struct TogglePerms {
|
struct TogglePerms {
|
||||||
perm: String,
|
perm: String,
|
||||||
value: bool,
|
value: bool,
|
||||||
username: String
|
username: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[post("/toggleperms", data = "<info>")]
|
#[post("/toggleperms", data = "<info>")]
|
||||||
|
@ -243,40 +237,50 @@ async fn toggleperms(
|
||||||
true => {
|
true => {
|
||||||
match User::get_by_username(&mut db, &info.username).await {
|
match User::get_by_username(&mut db, &info.username).await {
|
||||||
Some(toggled_user) => {
|
Some(toggled_user) => {
|
||||||
if toggled_user.username == user.username && info.perm == "admin".to_string() {
|
if toggled_user.username == user.username
|
||||||
|
&& info.perm == "admin".to_string()
|
||||||
|
{
|
||||||
"You can't change your own admin status".to_string()
|
"You can't change your own admin status".to_string()
|
||||||
} else {
|
} else {
|
||||||
let admin_username = std::env::var("ADMIN_USERNAME").expect("set ADMIN_USERNAME env var");
|
let admin_username = std::env::var("ADMIN_USERNAME")
|
||||||
|
.expect("set ADMIN_USERNAME env var");
|
||||||
if toggled_user.username == admin_username {
|
if toggled_user.username == admin_username {
|
||||||
"You can't change the system admin's perms.".to_string()
|
"You can't change the system admin's perms.".to_string()
|
||||||
} else {
|
} else {
|
||||||
if info.perm == "admin" && user.username != admin_username {
|
if info.perm == "admin"
|
||||||
"You can't change other people's admin status.".to_string()
|
&& user.username != admin_username
|
||||||
|
{
|
||||||
|
"You can't change other people's admin status."
|
||||||
|
.to_string()
|
||||||
} else {
|
} else {
|
||||||
// how deep is this shit
|
// how deep is this shit
|
||||||
// i counted. 12.
|
// i counted. 12.
|
||||||
// NOW we can actually do the thing :D
|
// NOW we can actually do the thing :D
|
||||||
let res = match toggled_user.set_role(&mut db, &info.perm, &info.value).await {
|
let res = match toggled_user
|
||||||
|
.set_role(&mut db, &info.perm, &info.value)
|
||||||
|
.await
|
||||||
|
{
|
||||||
Ok(_) => "Done".to_string(),
|
Ok(_) => "Done".to_string(),
|
||||||
Err(why) => format!("Couldn't update the user's role: {why}")
|
Err(why) => format!(
|
||||||
|
"Couldn't update the user's role: {why}"
|
||||||
|
),
|
||||||
};
|
};
|
||||||
res
|
res
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
|
||||||
None => "The user you're trying to toggle perms for doesn't exist.".to_string()
|
|
||||||
}
|
}
|
||||||
},
|
None => "The user you're trying to toggle perms for doesn't exist."
|
||||||
false => {
|
.to_string(),
|
||||||
"You aren't an admin.".to_string()
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
false => "You aren't an admin.".to_string(),
|
||||||
None => "Invalid user".to_string()
|
|
||||||
}
|
}
|
||||||
},
|
}
|
||||||
None => "Not logged in".to_string()
|
None => "Invalid user".to_string(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
None => "Not logged in".to_string(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -287,36 +291,35 @@ async fn get_image(image: String, mut db: Connection<Db>) -> Result<NamedFile, S
|
||||||
let image = split.join(".");
|
let image = split.join(".");
|
||||||
|
|
||||||
match Image::get_by_uuid(&mut db, &image).await {
|
match Image::get_by_uuid(&mut db, &image).await {
|
||||||
Ok(_) => {match Reader::open(format!("/srv/images/{image}.png")) {
|
Ok(_) => match Reader::open(format!("/srv/images/{image}.png")) {
|
||||||
Ok(i) => {
|
Ok(i) => match i.decode() {
|
||||||
match i.decode() {
|
|
||||||
Ok(img) => {
|
Ok(img) => {
|
||||||
let encoder = match format {
|
let encoder = match format {
|
||||||
"jpg" => image::ImageFormat::Jpeg,
|
"jpg" => image::ImageFormat::Jpeg,
|
||||||
"jpeg" => image::ImageFormat::Jpeg,
|
"jpeg" => image::ImageFormat::Jpeg,
|
||||||
"png" => image::ImageFormat::Png,
|
"png" => image::ImageFormat::Png,
|
||||||
_ => {panic!("invalid format")}
|
_ => {
|
||||||
|
panic!("invalid format")
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
img.save_with_format(format!("/tmp/{image}.{format}"), encoder).unwrap();
|
img.save_with_format(format!("/tmp/{image}.{format}"), encoder)
|
||||||
let file = NamedFile::open(Path::new(&format!("/tmp/{image}.{format}"))).await.unwrap();
|
.unwrap();
|
||||||
|
let file = NamedFile::open(Path::new(&format!("/tmp/{image}.{format}")))
|
||||||
|
.await
|
||||||
|
.unwrap();
|
||||||
fs::remove_file(format!("/tmp/{image}.{format}")).unwrap_or(());
|
fs::remove_file(format!("/tmp/{image}.{format}")).unwrap_or(());
|
||||||
|
|
||||||
Ok(file)
|
Ok(file)
|
||||||
},
|
|
||||||
Err(why) => {
|
|
||||||
Err(match &why.to_string()[..] {
|
|
||||||
"Format error decoding Png: Invalid PNG signature." => {
|
|
||||||
Status::NotAcceptable
|
|
||||||
},
|
|
||||||
_ => Status::InternalServerError
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
Err(why) => Err(match &why.to_string()[..] {
|
||||||
|
"Format error decoding Png: Invalid PNG signature." => Status::NotAcceptable,
|
||||||
|
_ => Status::InternalServerError,
|
||||||
|
}),
|
||||||
},
|
},
|
||||||
Err(_) => Err(Status::NotFound)
|
Err(_) => Err(Status::NotFound),
|
||||||
}},
|
},
|
||||||
Err(_) => Err(Status::ImATeapot)
|
Err(_) => Err(Status::ImATeapot),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -334,53 +337,52 @@ async fn upload(mut file: TempFile<'_>, cookies: &CookieJar<'_>, mut db: Connect
|
||||||
Some(user) => {
|
Some(user) => {
|
||||||
if user.make_posts == true || user.admin == true {
|
if user.make_posts == true || user.admin == true {
|
||||||
// upload to db
|
// upload to db
|
||||||
match Image::create(&mut db, &uuid, user).await.status {
|
match Image::create(&mut db, &uuid, user).await {
|
||||||
StatusTypes::Success => {
|
Ok(_) => {
|
||||||
// move image
|
// move image
|
||||||
match file.copy_to(format!("/srv/images/{uuid}.png")).await {
|
match file
|
||||||
|
.copy_to(format!("/srv/images/{uuid}.png"))
|
||||||
|
.await
|
||||||
|
{
|
||||||
Ok(_) => {
|
Ok(_) => {
|
||||||
match fs::remove_file(format!("/srv/tmpimages/{uuid}.png")) {
|
match fs::remove_file(format!(
|
||||||
Ok(_) => {
|
"/srv/tmpimages/{uuid}.png"
|
||||||
uuid
|
)) {
|
||||||
},
|
Ok(_) => uuid,
|
||||||
Err(why) => {
|
Err(why) => {
|
||||||
eprintln!("{why:?}");
|
eprintln!("{why:?}");
|
||||||
"couldn't delete old file".to_string()
|
"couldn't delete old file"
|
||||||
|
.to_string()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
|
||||||
Err(why) => {
|
Err(why) => {
|
||||||
eprintln!("{why:?}");
|
eprintln!("{why:?}");
|
||||||
"couldn't save file to final destination".to_string()
|
"couldn't save file to final destination"
|
||||||
|
.to_string()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
|
||||||
StatusTypes::Faliure => {
|
|
||||||
"Couldn't save to DB".to_string()
|
|
||||||
}
|
}
|
||||||
|
Err(_) => "Couldn't save to DB".to_string(),
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
"Invalid perms".to_string()
|
"Invalid perms".to_string()
|
||||||
}
|
}
|
||||||
},
|
}
|
||||||
None => {
|
None => "Invalid login token".to_string(),
|
||||||
"Invalid login token".to_string()
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
None => "Not logged in".to_string(),
|
||||||
None => {
|
|
||||||
"Not logged in".to_string()
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
|
||||||
Err(why) => {
|
Err(why) => {
|
||||||
// isn't an image, or something else went wrong
|
// isn't an image, or something else went wrong
|
||||||
eprintln!("{why:?}");
|
eprintln!("{why:?}");
|
||||||
"error".to_string()
|
"error".to_string()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
}
|
||||||
Err(why) => why.to_string()
|
Err(why) => why.to_string(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -388,72 +390,53 @@ async fn upload(mut file: TempFile<'_>, cookies: &CookieJar<'_>, mut db: Connect
|
||||||
pub async fn delete_image(mut db: Connection<Db>, cookies: &CookieJar<'_>, uuid: String) -> String {
|
pub async fn delete_image(mut db: Connection<Db>, cookies: &CookieJar<'_>, uuid: String) -> String {
|
||||||
let token = cookies.get_private("token");
|
let token = cookies.get_private("token");
|
||||||
match token {
|
match token {
|
||||||
Some(t) => {
|
Some(t) => match User::get_by_token(&mut db, t).await {
|
||||||
match User::get_by_token(&mut db, t).await {
|
Some(user) => match Image::is_owned_by(&mut db, &uuid, &user.username).await {
|
||||||
Some(user) => {
|
Ok(b) => match b {
|
||||||
match Image::is_owned_by(&mut db, &uuid, &user.username).await {
|
true => match Image::delete(&mut db, &uuid).await {
|
||||||
Ok(b) => {
|
Ok(_) => match fs::remove_file(format!("/srv/images/{uuid}.png")) {
|
||||||
match b {
|
Ok(_) => "deleted!".to_string(),
|
||||||
true => {
|
|
||||||
match Image::delete(&mut db, &uuid).await.status {
|
|
||||||
StatusTypes::Success => {
|
|
||||||
match fs::remove_file(format!("/srv/images/{uuid}.png")) {
|
|
||||||
Ok(_) => {
|
|
||||||
"deleted!".to_string()
|
|
||||||
},
|
|
||||||
Err(why) => {
|
Err(why) => {
|
||||||
eprintln!("{why:?}");
|
eprintln!("{why:?}");
|
||||||
"Image deleted from database but not filesystem".to_string()
|
"Image deleted from database but not filesystem".to_string()
|
||||||
}
|
}
|
||||||
}
|
|
||||||
},
|
},
|
||||||
StatusTypes::Faliure => "Couldn't delete image".to_string()
|
Err(_) => "Couldn't delete image".to_string(),
|
||||||
}
|
|
||||||
},
|
},
|
||||||
false => "You don't own that image".to_string()
|
false => "You don't own that image".to_string(),
|
||||||
}
|
|
||||||
},
|
},
|
||||||
Err(_) => "Couldn't get image".to_string()
|
Err(_) => "Couldn't get image".to_string(),
|
||||||
}
|
|
||||||
},
|
},
|
||||||
None => "Invalid login token".to_string()
|
None => "Invalid login token".to_string(),
|
||||||
}
|
|
||||||
},
|
},
|
||||||
None => {
|
None => "Not logged in".to_string(),
|
||||||
"Not logged in".to_string()
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[get("/images/by-user/<username>")]
|
#[get("/images/by-user/<username>")]
|
||||||
pub async fn get_images_by_username(mut db: Connection<Db>, cookies: &CookieJar<'_>, username: String) -> Result<Json<Vec<String>>, String> {
|
pub async fn get_images_by_username(
|
||||||
|
mut db: Connection<Db>,
|
||||||
|
cookies: &CookieJar<'_>,
|
||||||
|
username: String,
|
||||||
|
) -> Result<Json<Vec<String>>, String> {
|
||||||
let token = cookies.get_private("token");
|
let token = cookies.get_private("token");
|
||||||
match token {
|
match token {
|
||||||
Some(t) => {
|
Some(t) => match User::get_by_token(&mut db, t).await {
|
||||||
match User::get_by_token(&mut db, t).await {
|
Some(user) => match user.admin || user.username == username {
|
||||||
Some(user) => {
|
true => match Image::get_by_username(&mut db, &username).await {
|
||||||
match user.admin || user.username == username {
|
Ok(images) => Ok(Json::from(
|
||||||
true => {
|
images.into_iter().map(|i| i.uuid).collect::<Vec<String>>(),
|
||||||
match Image::get_by_username(&mut db, &username).await {
|
)),
|
||||||
Ok(images) => {
|
|
||||||
Ok(Json::from(images.into_iter().map(|i| i.uuid).collect::<Vec<String>>()))
|
|
||||||
},
|
|
||||||
Err(why) => {
|
Err(why) => {
|
||||||
eprintln!("{why:?}");
|
eprintln!("{why:?}");
|
||||||
Err("Couldn't get that user's images".to_string())
|
Err("Couldn't get that user's images".to_string())
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
},
|
},
|
||||||
false => Err("You don't have permission to do this".to_string())
|
false => Err("You don't have permission to do this".to_string()),
|
||||||
}
|
|
||||||
},
|
},
|
||||||
None => Err("Invalid login token".to_string())
|
None => Err("Invalid login token".to_string()),
|
||||||
}
|
|
||||||
},
|
},
|
||||||
None => {
|
None => Err("Not logged in".to_string()),
|
||||||
Err("Not logged in".to_string())
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -491,30 +474,41 @@ async fn migrate(rocket: Rocket<Build>) -> Rocket<Build> {
|
||||||
))
|
))
|
||||||
.await;
|
.await;
|
||||||
|
|
||||||
let _ = conn.execute(sqlx::query(
|
let _ = conn
|
||||||
|
.execute(sqlx::query(
|
||||||
"ALTER TABLE users
|
"ALTER TABLE users
|
||||||
ADD COLUMN IF NOT EXISTS admin BOOLEAN NOT NULL DEFAULT FALSE,
|
ADD COLUMN IF NOT EXISTS admin BOOLEAN NOT NULL DEFAULT FALSE,
|
||||||
ADD COLUMN IF NOT EXISTS make_posts BOOLEAN NOT NULL DEFAULT FALSE,
|
ADD COLUMN IF NOT EXISTS make_posts BOOLEAN NOT NULL DEFAULT FALSE,
|
||||||
ADD COLUMN IF NOT EXISTS comment BOOLEAN NOT NULL DEFAULT TRUE
|
ADD COLUMN IF NOT EXISTS comment BOOLEAN NOT NULL DEFAULT TRUE
|
||||||
"
|
",
|
||||||
)).await;
|
))
|
||||||
|
.await;
|
||||||
|
|
||||||
match conn.fetch_one(sqlx::query("SELECT * from users WHERE username = $1").bind(std::env::var("ADMIN_USERNAME").expect("make ADMIN_USERNAME env var"))).await {
|
match conn
|
||||||
|
.fetch_one(
|
||||||
|
sqlx::query("SELECT * from users WHERE username = $1")
|
||||||
|
.bind(std::env::var("ADMIN_USERNAME").expect("make ADMIN_USERNAME env var")),
|
||||||
|
)
|
||||||
|
.await
|
||||||
|
{
|
||||||
Ok(_) => (),
|
Ok(_) => (),
|
||||||
Err(_) => {
|
Err(_) => {
|
||||||
// yes, User::create() exists. no, conn isn't the right type. no, i won't even attempt
|
// yes, User::create() exists. no, conn isn't the right type. no, i won't even attempt
|
||||||
// to fix it. yes, this works just as well as that. fuck you.
|
// to fix it. yes, this works just as well as that. fuck you.
|
||||||
let username = std::env::var("ADMIN_USERNAME").expect("make ADMIN_USERNAME env var");
|
let username = std::env::var("ADMIN_USERNAME").expect("make ADMIN_USERNAME env var");
|
||||||
let password = sha256::digest(std::env::var("ADMIN_PASSWORD").expect("make ADMIN_PASSWORD env var"));
|
let password = sha256::digest(
|
||||||
|
std::env::var("ADMIN_PASSWORD").expect("make ADMIN_PASSWORD env var"),
|
||||||
|
);
|
||||||
|
|
||||||
conn.execute(sqlx::query(
|
conn.execute(
|
||||||
|
sqlx::query(
|
||||||
r#"
|
r#"
|
||||||
INSERT INTO users (username, password, admin)
|
INSERT INTO users (username, password, admin)
|
||||||
VALUES ($1, $2, true);
|
VALUES ($1, $2, true);
|
||||||
"#,
|
"#,
|
||||||
)
|
)
|
||||||
.bind(username)
|
.bind(username)
|
||||||
.bind(password)
|
.bind(password),
|
||||||
)
|
)
|
||||||
.await
|
.await
|
||||||
.expect("couldn't create admin user");
|
.expect("couldn't create admin user");
|
||||||
|
@ -532,9 +526,10 @@ async fn migrate(rocket: Rocket<Build>) -> Rocket<Build> {
|
||||||
))
|
))
|
||||||
.await;
|
.await;
|
||||||
|
|
||||||
let _ = conn.execute(sqlx::query(
|
let _ = conn
|
||||||
|
.execute(sqlx::query(
|
||||||
"ALTER TABLE images
|
"ALTER TABLE images
|
||||||
DROP COLUMN IF EXISTS image"
|
DROP COLUMN IF EXISTS image",
|
||||||
))
|
))
|
||||||
.await;
|
.await;
|
||||||
|
|
||||||
|
@ -545,7 +540,9 @@ async fn migrate(rocket: Rocket<Build>) -> Rocket<Build> {
|
||||||
async fn main() {
|
async fn main() {
|
||||||
use rocket::http::Method;
|
use rocket::http::Method;
|
||||||
use rocket_cors::{AllowedOrigins, CorsOptions};
|
use rocket_cors::{AllowedOrigins, CorsOptions};
|
||||||
let cors = CorsOptions::default().allowed_origins(AllowedOrigins::all()).allowed_methods(
|
let cors = CorsOptions::default()
|
||||||
|
.allowed_origins(AllowedOrigins::all())
|
||||||
|
.allowed_methods(
|
||||||
vec![Method::Get, Method::Post, Method::Patch]
|
vec![Method::Get, Method::Post, Method::Patch]
|
||||||
.into_iter()
|
.into_iter()
|
||||||
.map(From::from)
|
.map(From::from)
|
||||||
|
@ -559,7 +556,21 @@ use rocket::http::Method;
|
||||||
.attach(cors.to_cors().unwrap())
|
.attach(cors.to_cors().unwrap())
|
||||||
.mount(
|
.mount(
|
||||||
"/",
|
"/",
|
||||||
routes![login_page, login, logout, createuser, createuser_page, account, adminpanel, toggleperms, get_image, upload, uploadimage, delete_image, get_images_by_username],
|
routes![
|
||||||
|
login_page,
|
||||||
|
login,
|
||||||
|
logout,
|
||||||
|
createuser,
|
||||||
|
createuser_page,
|
||||||
|
account,
|
||||||
|
adminpanel,
|
||||||
|
toggleperms,
|
||||||
|
get_image,
|
||||||
|
upload,
|
||||||
|
uploadimage,
|
||||||
|
delete_image,
|
||||||
|
get_images_by_username
|
||||||
|
],
|
||||||
)
|
)
|
||||||
.mount("/api", routes![api_perms])
|
.mount("/api", routes![api_perms])
|
||||||
.mount("/css", FileServer::from("/srv/web/css"))
|
.mount("/css", FileServer::from("/srv/web/css"))
|
||||||
|
|
|
@ -10,8 +10,6 @@ use rocket_db_pools::{
|
||||||
};
|
};
|
||||||
use sqlx::FromRow;
|
use sqlx::FromRow;
|
||||||
|
|
||||||
use crate::{Status, StatusTypes};
|
|
||||||
|
|
||||||
#[derive(Database)]
|
#[derive(Database)]
|
||||||
#[database("fossil_postgres")]
|
#[database("fossil_postgres")]
|
||||||
pub struct Db(PgPool);
|
pub struct Db(PgPool);
|
||||||
|
@ -70,21 +68,17 @@ pub struct User {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl User {
|
impl User {
|
||||||
pub async fn create(db: &mut Connection<Db>, username: &String, password: &String) -> Status<String> {
|
pub async fn create(db: &mut Connection<Db>, username: &String, password: &String) -> Result<String, String> {
|
||||||
match Regex::new(r"[^A-Za-z0-9_]") {
|
match Regex::new(r"[^A-Za-z0-9_]") {
|
||||||
Ok(r) => {
|
Ok(r) => {
|
||||||
match r.captures(username) {
|
match r.captures(username) {
|
||||||
Some(_) => Status {
|
Some(_) =>
|
||||||
status: StatusTypes::Faliure,
|
Err("The username contains invalid characters. Only letters, numbers, and underscores are allowed.".to_string())
|
||||||
data:"The username contains invalid characters. Only letters, numbers, and underscores are allowed.".to_string()
|
,
|
||||||
},
|
|
||||||
None => {
|
None => {
|
||||||
if username.len().gt(&32) || username.len().lt(&3) { // i can Never
|
if username.len().gt(&32) || username.len().lt(&3) { // i can Never
|
||||||
// remember which symbol is which. this works better for me.
|
// remember which symbol is which. this works better for me.
|
||||||
Status {
|
Err("Please choose a username between 3 and 32 characters.".to_string())
|
||||||
status: StatusTypes::Faliure,
|
|
||||||
data: "Please choose a username between 3 and 32 characters.".to_string()
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
match db
|
match db
|
||||||
.execute(
|
.execute(
|
||||||
|
@ -98,16 +92,12 @@ impl User {
|
||||||
.bind(sha256::digest(password)),
|
.bind(sha256::digest(password)),
|
||||||
).await
|
).await
|
||||||
{
|
{
|
||||||
Ok(_) => Status {
|
Ok(_) =>
|
||||||
status: StatusTypes::Success,
|
Ok("Created user.".to_string())
|
||||||
data: "Created user.".to_string()
|
,
|
||||||
},
|
|
||||||
Err(why) => {
|
Err(why) => {
|
||||||
eprintln!("Couldn't create database entry: {why:?}");
|
eprintln!("Couldn't create database entry: {why:?}");
|
||||||
Status {
|
Err("Failed to create user.".to_string())
|
||||||
status: StatusTypes::Faliure,
|
|
||||||
data: "Failed to create user.".to_string()
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -116,10 +106,7 @@ impl User {
|
||||||
}
|
}
|
||||||
Err(why) => {
|
Err(why) => {
|
||||||
eprintln!("Couldn't compile name regex: {why:?}");
|
eprintln!("Couldn't compile name regex: {why:?}");
|
||||||
Status {
|
Err("Couldn't compile name regex.".to_string())
|
||||||
status: StatusTypes::Faliure,
|
|
||||||
data: "Couldn't compile name regex.".to_string()
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -239,7 +226,7 @@ pub struct Image {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Image {
|
impl Image {
|
||||||
pub async fn create(db: &mut Connection<Db>, uuid: &String, user: User) -> Status<String> {
|
pub async fn create(db: &mut Connection<Db>, uuid: &String, user: User) -> Result<(), String> {
|
||||||
match db
|
match db
|
||||||
.execute(
|
.execute(
|
||||||
sqlx::query(
|
sqlx::query(
|
||||||
|
@ -253,16 +240,12 @@ impl Image {
|
||||||
)
|
)
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
Ok(_) => Status {
|
Ok(_) =>
|
||||||
status: StatusTypes::Success,
|
Ok(())
|
||||||
data: "useless field !".to_string()
|
,
|
||||||
},
|
|
||||||
Err(why) => {
|
Err(why) => {
|
||||||
eprintln!("Couldn't create database entry: {why:?}");
|
eprintln!("Couldn't create database entry: {why:?}");
|
||||||
Status {
|
Err("Couldn't create image.".to_string())
|
||||||
status: StatusTypes::Faliure,
|
|
||||||
data: "Couldn't create image.".to_string()
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -309,21 +292,15 @@ impl Image {
|
||||||
Err(_) => Err("Couldn't get image.".to_string()),
|
Err(_) => Err("Couldn't get image.".to_string()),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
pub async fn delete(db: &mut Connection<Db>, uuid: &String) -> Status<String> {
|
pub async fn delete(db: &mut Connection<Db>, uuid: &String) -> Result<(), ()> {
|
||||||
match db.execute(sqlx::query("DELETE FROM images WHERE uuid = $1").bind(uuid)).await {
|
match db.execute(sqlx::query("DELETE FROM images WHERE uuid = $1").bind(uuid)).await {
|
||||||
Ok(rows_gone) => {
|
Ok(rows_gone) => {
|
||||||
eprintln!("Deleted {rows_gone:?} rows.");
|
eprintln!("Deleted {rows_gone:?} rows.");
|
||||||
Status {
|
Ok(())
|
||||||
status: StatusTypes::Success,
|
|
||||||
data: "Successfully deleted the image.".to_string()
|
|
||||||
}
|
|
||||||
},
|
},
|
||||||
Err(why) => {
|
Err(why) => {
|
||||||
eprintln!("Couldn't remove database entry: {why:?}");
|
eprintln!("Couldn't remove database entry: {why:?}");
|
||||||
Status {
|
Err(())
|
||||||
status: StatusTypes::Faliure,
|
|
||||||
data: "Couldn't delete the image.".to_string()
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue