fix DELETE /images/<uuid>

src/main.rs

@@ -106,17 +106,25 @@ struct GetUser {
     username: String,
     admin: bool,
     make_posts: bool,
-    comment: bool
+    comment: bool,
 }
 
 #[get("/account")]
-async fn account(mut db: Connection<Db>, cookies: &CookieJar<'_>) -> status::Custom<Result<Json<GetUser>, &'static str>> {
+async fn account(
+    mut db: Connection<Db>,
+    cookies: &CookieJar<'_>,
+) -> status::Custom<Result<Json<GetUser>, &'static str>> {
     let token = cookies.get_private("token");
     match token {
         Some(t) => match User::get_by_token(&mut db, t).await {
             Some(user) => status::Custom(
                 Status::Ok,
-                Ok(Json(GetUser {username: user.username, admin: user.admin, make_posts: user.make_posts, comment: user.comment})),
+                Ok(Json(GetUser {
+                    username: user.username,
+                    admin: user.admin,
+                    make_posts: user.make_posts,
+                    comment: user.comment,
+                })),
             ),
             None => status::Custom(Status::NotFound, Err("User doesn't exist.")),
         },
@@ -458,29 +466,43 @@ async fn upload(
 }
 
 #[delete("/images/<uuid>")]
-pub async fn delete_image(mut db: Connection<Db>, cookies: &CookieJar<'_>, uuid: String) -> String {
+pub async fn delete_image(
-    let token = cookies.get_private("token");
+    mut db: Connection<Db>,
-    match token {
+    cookies: &CookieJar<'_>,
-        Some(t) => match User::get_by_token(&mut db, t).await {
+    uuid: String,
-            Some(user) => match Image::is_owned_by(&mut db, &uuid, &user.username).await {
+) -> status::Custom<&'static str> {
+    match User::login_status(&mut db, cookies).await {
+        LoginStatus::LoggedIn(user) => {
+            match Image::is_owned_by(&mut db, &uuid, &user.username).await {
                 Ok(b) => match b {
-                    true => match Image::delete(&mut db, &uuid).await {
+                    // yeah this is jank but fuck types i don't want to figure that out
+                    true => delimg(&mut db, uuid).await,
+                    false => match user.admin {
+                        true => delimg(&mut db, uuid).await,
+                        false => status::Custom(Status::Unauthorized, "You don't own that image"),
+                    },
+                },
+                Err(_) => status::Custom(Status::NotFound, "Couldn't get image"),
+            }
+        }
+        LoginStatus::InvalidToken => status::Custom(Status::Unauthorized, "Invalid login token"),
+        LoginStatus::NotLoggedIn => status::Custom(Status::Unauthorized, "Not logged in"),
+    }
+}
+
+async fn delimg(db: &mut Connection<Db>, uuid: String) -> status::Custom<&'static str> {
+    match Image::delete(db, &uuid).await {
         Ok(_) => match fs::remove_file(format!("/srv/images/{uuid}.png")) {
-                            Ok(_) => "deleted!".to_string(),
+            Ok(_) => status::Custom(Status::Ok, "Image deleted"),
             Err(why) => {
                 eprintln!("{why:?}");
-                                "Image deleted from database but not filesystem".to_string()
+                status::Custom(
+                    Status::ImATeapot,
+                    "Image deleted from database but not filesystem",
+                )
             }
         },
-                        Err(_) => "Couldn't delete image".to_string(),
+        Err(_) => status::Custom(Status::InternalServerError, "Couldn't delete the image"),
-                    },
-                    false => "You don't own that image".to_string(),
-                },
-                Err(_) => "Couldn't get image".to_string(),
-            },
-            None => "Invalid login token".to_string(),
-        },
-        None => "Not logged in".to_string(),
     }
 }