Compare commits
3 Commits
2cd4cf784e
...
3a5fb7bcd0
Author | SHA1 | Date |
---|---|---|
SadlyNotSappho | 3a5fb7bcd0 | |
SadlyNotSappho | 92671eb0c8 | |
SadlyNotSappho | 085878f9f8 |
146
src/main.rs
146
src/main.rs
|
@ -24,7 +24,7 @@ use rocket::fs::TempFile;
|
||||||
use rocket::http::CookieJar;
|
use rocket::http::CookieJar;
|
||||||
use rocket::serde::{json::Json, Deserialize};
|
use rocket::serde::{json::Json, Deserialize};
|
||||||
|
|
||||||
use fossil::tables::{Db, Image, Post, User};
|
use fossil::tables::{Db, Image, LoginStatus, Post, User};
|
||||||
|
|
||||||
#[get("/login")]
|
#[get("/login")]
|
||||||
fn login_page() -> RawHtml<String> {
|
fn login_page() -> RawHtml<String> {
|
||||||
|
@ -114,38 +114,46 @@ async fn account(mut db: Connection<Db>, cookies: &CookieJar<'_>) -> status::Cus
|
||||||
}
|
}
|
||||||
|
|
||||||
#[post("/login", data = "<info>")]
|
#[post("/login", data = "<info>")]
|
||||||
async fn login(mut db: Connection<Db>, info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> String {
|
async fn login(
|
||||||
|
mut db: Connection<Db>,
|
||||||
|
info: Json<LoginInfo>,
|
||||||
|
cookies: &CookieJar<'_>,
|
||||||
|
) -> status::Custom<&'static str> {
|
||||||
let token = cookies.get_private("token");
|
let token = cookies.get_private("token");
|
||||||
match token {
|
match token {
|
||||||
Some(_) => {
|
Some(_) => {
|
||||||
"already logged in".to_string()
|
status::Custom(Status::Continue, "already logged in")
|
||||||
}
|
}
|
||||||
None => {
|
None => {
|
||||||
match User::get_by_username(&mut db, &info.username).await {
|
match User::get_by_username(&mut db, &info.username).await {
|
||||||
Some(user) => {
|
Some(user) => {
|
||||||
if user.password == sha256::digest(&info.password) {
|
if user.password == sha256::digest(&info.password) {
|
||||||
match user.token {
|
match user.token {
|
||||||
Some(t) => {cookies.add_private(("token", t)); "Logged in".to_string()},
|
Some(t) => {cookies.add_private(("token", t)); status::Custom(Status::Ok, "Logged in")},
|
||||||
None => {
|
None => {
|
||||||
match user.set_new_token(&mut db).await {
|
match user.set_new_token(&mut db).await {
|
||||||
Ok(t) => {
|
Ok(t) => {
|
||||||
cookies.add_private(("token", t));
|
cookies.add_private(("token", t));
|
||||||
"logged in".to_string()
|
status::Custom(Status::Ok, "Logged in")
|
||||||
|
},
|
||||||
|
Err(why) => {
|
||||||
|
eprintln!("{why:?}");
|
||||||
|
status::Custom(Status::InternalServerError, "Couldn't generate a token for you, therefore you weren't logged in.")
|
||||||
},
|
},
|
||||||
Err(why) => why,
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
String::from("Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)")
|
status::Custom(Status::Forbidden, "Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
None =>
|
None =>
|
||||||
String::from("Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)"),
|
status::Custom(Status::Forbidden, "Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[post("/logout")]
|
#[post("/logout")]
|
||||||
async fn logout(cookies: &CookieJar<'_>) -> status::Custom<&'static str> {
|
async fn logout(cookies: &CookieJar<'_>) -> status::Custom<&'static str> {
|
||||||
match cookies.get_private("token") {
|
match cookies.get_private("token") {
|
||||||
|
@ -253,11 +261,14 @@ async fn toggleperms(
|
||||||
cookies: &CookieJar<'_>,
|
cookies: &CookieJar<'_>,
|
||||||
) -> status::Custom<String> {
|
) -> status::Custom<String> {
|
||||||
match cookies.get_private("token") {
|
match cookies.get_private("token") {
|
||||||
Some(t) => match User::get_by_token(&mut db, t).await {
|
Some(t) => {
|
||||||
Some(user) => match user.admin {
|
match User::get_by_token(&mut db, t).await {
|
||||||
|
Some(user) => {
|
||||||
|
match user.admin {
|
||||||
true => match User::get_by_username(&mut db, &info.username).await {
|
true => match User::get_by_username(&mut db, &info.username).await {
|
||||||
Some(toggled_user) => {
|
Some(toggled_user) => {
|
||||||
match toggled_user.username == user.username && info.perm == "admin" {
|
match toggled_user.username == user.username && info.perm == "admin"
|
||||||
|
{
|
||||||
true => status::Custom(
|
true => status::Custom(
|
||||||
Status::Forbidden,
|
Status::Forbidden,
|
||||||
"You can't change your own admin status".to_string(),
|
"You can't change your own admin status".to_string(),
|
||||||
|
@ -268,7 +279,8 @@ async fn toggleperms(
|
||||||
match toggled_user.username == admin_username {
|
match toggled_user.username == admin_username {
|
||||||
true => status::Custom(
|
true => status::Custom(
|
||||||
Status::Forbidden,
|
Status::Forbidden,
|
||||||
"You can't change the system admin's perms.".to_string(),
|
"You can't change the system admin's perms."
|
||||||
|
.to_string(),
|
||||||
),
|
),
|
||||||
false => {
|
false => {
|
||||||
match info.perm == "admin"
|
match info.perm == "admin"
|
||||||
|
@ -295,19 +307,27 @@ async fn toggleperms(
|
||||||
}
|
}
|
||||||
None => status::Custom(
|
None => status::Custom(
|
||||||
Status::NotFound,
|
Status::NotFound,
|
||||||
"The user you're trying to toggle perms for doesn't exist.".to_string(),
|
"The user you're trying to toggle perms for doesn't exist."
|
||||||
|
.to_string(),
|
||||||
),
|
),
|
||||||
},
|
},
|
||||||
false => status::Custom(Status::Unauthorized, "You aren't an admin.".to_string()),
|
false => {
|
||||||
},
|
status::Custom(Status::Unauthorized, "You aren't an admin.".to_string())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
None => status::Custom(Status::Unauthorized, "Invalid login token".to_string()),
|
None => status::Custom(Status::Unauthorized, "Invalid login token".to_string()),
|
||||||
},
|
}
|
||||||
|
}
|
||||||
None => status::Custom(Status::Unauthorized, "Not logged in".to_string()),
|
None => status::Custom(Status::Unauthorized, "Not logged in".to_string()),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[get("/images/<image>")]
|
#[get("/images/<image>")]
|
||||||
async fn get_image(image: String, mut db: Connection<Db>) -> Result<NamedFile, Status> {
|
async fn get_image(
|
||||||
|
image: String,
|
||||||
|
mut db: Connection<Db>,
|
||||||
|
) -> Result<NamedFile, status::Custom<&'static str>> {
|
||||||
let mut split = image.split('.').collect::<Vec<&str>>();
|
let mut split = image.split('.').collect::<Vec<&str>>();
|
||||||
let format = split.pop().unwrap();
|
let format = split.pop().unwrap();
|
||||||
let image = split.join(".");
|
let image = split.join(".");
|
||||||
|
@ -335,77 +355,95 @@ async fn get_image(image: String, mut db: Connection<Db>) -> Result<NamedFile, S
|
||||||
Ok(file)
|
Ok(file)
|
||||||
}
|
}
|
||||||
Err(why) => Err(match &why.to_string()[..] {
|
Err(why) => Err(match &why.to_string()[..] {
|
||||||
"Format error decoding Png: Invalid PNG signature." => Status::NotAcceptable,
|
"Format error decoding Png: Invalid PNG signature." => {
|
||||||
_ => Status::InternalServerError,
|
status::Custom(Status::NotAcceptable, "That file isn't an image.")
|
||||||
|
}
|
||||||
|
_ => status::Custom(Status::InternalServerError, "Unknown decoding error"),
|
||||||
}),
|
}),
|
||||||
},
|
},
|
||||||
Err(_) => Err(Status::NotFound),
|
Err(_) => Err(status::Custom(
|
||||||
|
Status::InternalServerError,
|
||||||
|
"Unknown decoding error",
|
||||||
|
)),
|
||||||
},
|
},
|
||||||
Err(_) => Err(Status::ImATeapot),
|
Err(_) => Err(status::Custom(
|
||||||
|
Status::InternalServerError,
|
||||||
|
"File not found",
|
||||||
|
)),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[post("/upload", format = "image/png", data = "<file>")]
|
#[post("/upload", format = "image/png", data = "<file>")]
|
||||||
async fn upload(mut file: TempFile<'_>, cookies: &CookieJar<'_>, mut db: Connection<Db>) -> String {
|
async fn upload(
|
||||||
|
mut file: TempFile<'_>,
|
||||||
|
cookies: &CookieJar<'_>,
|
||||||
|
mut db: Connection<Db>,
|
||||||
|
) -> status::Custom<String> {
|
||||||
let uuid = Uuid::new_v4().to_string();
|
let uuid = Uuid::new_v4().to_string();
|
||||||
|
|
||||||
|
// login & perms check
|
||||||
|
match User::login_status(&mut db, cookies).await {
|
||||||
|
LoginStatus::LoggedIn(user) => {
|
||||||
|
match user.make_posts || user.admin {
|
||||||
|
// image validation check
|
||||||
|
true => {
|
||||||
match file.copy_to(format!("/srv/tmpimages/{uuid}.png")).await {
|
match file.copy_to(format!("/srv/tmpimages/{uuid}.png")).await {
|
||||||
Ok(_) => {
|
Ok(_) => {
|
||||||
// validate that it is, in fact, an image
|
// validate that it is, in fact, an image
|
||||||
match Reader::open(format!("/srv/tmpimages/{uuid}.png")) {
|
match Reader::open(format!("/srv/tmpimages/{uuid}.png")) {
|
||||||
Ok(_) => {
|
Ok(_) => {
|
||||||
match cookies.get_private("token") {
|
match file.copy_to(format!("/srv/images/{uuid}.png")).await {
|
||||||
Some(t) => {
|
Ok(_) => match Image::create(&mut db, &uuid, user).await {
|
||||||
match User::get_by_token(&mut db, t).await {
|
|
||||||
Some(user) => {
|
|
||||||
if user.make_posts == true || user.admin == true {
|
|
||||||
// upload to db
|
|
||||||
match Image::create(&mut db, &uuid, user).await {
|
|
||||||
Ok(_) => {
|
|
||||||
// move image
|
|
||||||
match file
|
|
||||||
.copy_to(format!("/srv/images/{uuid}.png"))
|
|
||||||
.await
|
|
||||||
{
|
|
||||||
Ok(_) => {
|
Ok(_) => {
|
||||||
match fs::remove_file(format!(
|
match fs::remove_file(format!(
|
||||||
"/srv/tmpimages/{uuid}.png"
|
"/srv/tmpimages/{uuid}.png"
|
||||||
)) {
|
)) {
|
||||||
Ok(_) => uuid,
|
Ok(_) => status::Custom(Status::Created, uuid),
|
||||||
Err(why) => {
|
Err(why) => {
|
||||||
eprintln!("{why:?}");
|
eprintln!("couldn't clear image from tmpimages: {why:?}");
|
||||||
"couldn't delete old file"
|
status::Custom(Status::Ok, uuid)
|
||||||
.to_string()
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Err(why) => {
|
Err(why) => {
|
||||||
eprintln!("{why:?}");
|
eprintln!("{why:?}");
|
||||||
"couldn't save file to final destination"
|
status::Custom(
|
||||||
.to_string()
|
Status::InternalServerError,
|
||||||
|
"Couldn't save to DB".to_string(),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Err(_) => status::Custom(
|
||||||
|
Status::InternalServerError,
|
||||||
|
"Couldn't copy file to final location".to_string(),
|
||||||
|
),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
Err(_) => status::Custom(
|
||||||
Err(_) => "Couldn't save to DB".to_string(),
|
Status::Forbidden,
|
||||||
}
|
"File isn't an image".to_string(),
|
||||||
} else {
|
),
|
||||||
"Invalid perms".to_string()
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
None => "Invalid login token".to_string(),
|
Err(_) => status::Custom(
|
||||||
|
Status::InternalServerError,
|
||||||
|
"Couldn't save temporary file".to_string(),
|
||||||
|
),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
None => "Not logged in".to_string(),
|
false => status::Custom(
|
||||||
|
Status::Unauthorized,
|
||||||
|
"You don't have the right permissions for that".to_string(),
|
||||||
|
),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Err(why) => {
|
LoginStatus::InvalidToken => {
|
||||||
// isn't an image, or something else went wrong
|
status::Custom(Status::Unauthorized, "Invalid login token".to_string())
|
||||||
eprintln!("{why:?}");
|
|
||||||
"error".to_string()
|
|
||||||
}
|
}
|
||||||
|
LoginStatus::NotLoggedIn => {
|
||||||
|
status::Custom(Status::Unauthorized, "Not logged in".to_string())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Err(why) => why.to_string(),
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[delete("/images/<uuid>")]
|
#[delete("/images/<uuid>")]
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
use base64::{engine::general_purpose, Engine};
|
use base64::{engine::general_purpose, Engine};
|
||||||
use rand::{RngCore, SeedableRng};
|
use rand::{RngCore, SeedableRng};
|
||||||
use regex::Regex;
|
use regex::Regex;
|
||||||
use rocket::http::Cookie;
|
use rocket::http::{Cookie, CookieJar};
|
||||||
use rocket_db_pools::sqlx::Executor;
|
use rocket_db_pools::sqlx::Executor;
|
||||||
use rocket_db_pools::Connection;
|
use rocket_db_pools::Connection;
|
||||||
use rocket_db_pools::{
|
use rocket_db_pools::{
|
||||||
|
@ -67,6 +67,12 @@ pub struct User {
|
||||||
pub comment: bool,
|
pub comment: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub enum LoginStatus {
|
||||||
|
InvalidToken,
|
||||||
|
NotLoggedIn,
|
||||||
|
LoggedIn(User)
|
||||||
|
}
|
||||||
|
|
||||||
impl User {
|
impl User {
|
||||||
pub async fn create(db: &mut Connection<Db>, username: &String, password: &String) -> Result<String, String> {
|
pub async fn create(db: &mut Connection<Db>, username: &String, password: &String) -> Result<String, String> {
|
||||||
match Regex::new(r"[^A-Za-z0-9_]") {
|
match Regex::new(r"[^A-Za-z0-9_]") {
|
||||||
|
@ -217,6 +223,22 @@ impl User {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub async fn login_status(db: &mut Connection<Db>, cookies: &CookieJar<'_>) -> LoginStatus {
|
||||||
|
match cookies.get_private("token") {
|
||||||
|
Some(t) => {
|
||||||
|
match User::get_by_token(db, t).await {
|
||||||
|
Some(user) => {
|
||||||
|
LoginStatus::LoggedIn(user)
|
||||||
|
},
|
||||||
|
None => {
|
||||||
|
LoginStatus::InvalidToken
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
None => LoginStatus::NotLoggedIn
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub struct Image {
|
pub struct Image {
|
||||||
|
|
|
@ -32,6 +32,8 @@
|
||||||
},
|
},
|
||||||
body: input.files[0]
|
body: input.files[0]
|
||||||
})
|
})
|
||||||
|
|
||||||
|
// TODO: if status is 200, not 201, alert the user to tell the admins to clear tmpimages
|
||||||
alert(await token.text());
|
alert(await token.text());
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue