fix DELETE /images/<uuid>

2024-03-26 11:59:52 -07:00 · 2024-03-26 11:59:52 -07:00 · ac21b0ef00
parent 4ffc45d5f7
commit ac21b0ef00
1 changed files with 45 additions and 23 deletions
--- a/src/main.rs
+++ b/src/main.rs
@ -106,17 +106,25 @@ struct GetUser {
    username: String,
    admin: bool,
    make_posts: bool,
-    comment: bool
+    comment: bool,
 }

 #[get("/account")]
-async fn account(mut db: Connection<Db>, cookies: &CookieJar<'_>) -> status::Custom<Result<Json<GetUser>, &'static str>> {
+async fn account(
+    mut db: Connection<Db>,
+    cookies: &CookieJar<'_>,
+) -> status::Custom<Result<Json<GetUser>, &'static str>> {
    let token = cookies.get_private("token");
    match token {
        Some(t) => match User::get_by_token(&mut db, t).await {
            Some(user) => status::Custom(
                Status::Ok,
-                Ok(Json(GetUser {username: user.username, admin: user.admin, make_posts: user.make_posts, comment: user.comment})),
+                Ok(Json(GetUser {
+                    username: user.username,
+                    admin: user.admin,
+                    make_posts: user.make_posts,
+                    comment: user.comment,
+                })),
            ),
            None => status::Custom(Status::NotFound, Err("User doesn't exist.")),
        },
@ -458,29 +466,43 @@ async fn upload(
 }

 #[delete("/images/<uuid>")]
-pub async fn delete_image(mut db: Connection<Db>, cookies: &CookieJar<'_>, uuid: String) -> String {
-    let token = cookies.get_private("token");
-    match token {
-        Some(t) => match User::get_by_token(&mut db, t).await {
-            Some(user) => match Image::is_owned_by(&mut db, &uuid, &user.username).await {
+pub async fn delete_image(
+    mut db: Connection<Db>,
+    cookies: &CookieJar<'_>,
+    uuid: String,
+) -> status::Custom<&'static str> {
+    match User::login_status(&mut db, cookies).await {
+        LoginStatus::LoggedIn(user) => {
+            match Image::is_owned_by(&mut db, &uuid, &user.username).await {
                Ok(b) => match b {
-                    true => match Image::delete(&mut db, &uuid).await {
+                    // yeah this is jank but fuck types i don't want to figure that out
+                    true => delimg(&mut db, uuid).await,
+                    false => match user.admin {
+                        true => delimg(&mut db, uuid).await,
+                        false => status::Custom(Status::Unauthorized, "You don't own that image"),
+                    },
+                },
+                Err(_) => status::Custom(Status::NotFound, "Couldn't get image"),
+            }
+        }
+        LoginStatus::InvalidToken => status::Custom(Status::Unauthorized, "Invalid login token"),
+        LoginStatus::NotLoggedIn => status::Custom(Status::Unauthorized, "Not logged in"),
+    }
+}
+
+async fn delimg(db: &mut Connection<Db>, uuid: String) -> status::Custom<&'static str> {
+    match Image::delete(db, &uuid).await {
        Ok(_) => match fs::remove_file(format!("/srv/images/{uuid}.png")) {
-                            Ok(_) => "deleted!".to_string(),
+            Ok(_) => status::Custom(Status::Ok, "Image deleted"),
            Err(why) => {
                eprintln!("{why:?}");
-                                "Image deleted from database but not filesystem".to_string()
+                status::Custom(
+                    Status::ImATeapot,
+                    "Image deleted from database but not filesystem",
+                )
            }
        },
-                        Err(_) => "Couldn't delete image".to_string(),
-                    },
-                    false => "You don't own that image".to_string(),
-                },
-                Err(_) => "Couldn't get image".to_string(),
-            },
-            None => "Invalid login token".to_string(),
-        },
-        None => "Not logged in".to_string(),
+        Err(_) => status::Custom(Status::InternalServerError, "Couldn't delete the image"),
    }
 }