Adds an AdminPanel with currently active registration tokens.

2022-06-04 21:42:45 +02:00
parent 34737bfb6b
commit 65d2dece55
13 changed files with 490 additions and 48 deletions
--- a/backend/Cargo.lock
+++ b/backend/Cargo.lock
@@ -238,6 +238,7 @@ dependencies = [
 "libc",
 "num-integer",
 "num-traits",
+ "serde",
 "time 0.1.44",
 "winapi 0.3.9",
 ]
@@ -338,6 +339,7 @@ checksum = "b28135ecf6b7d446b43e27e225622a038cc4e2930a1022f51cdb97ada19b8e4d"
 dependencies = [
 "bitflags",
 "byteorder",
+ "chrono",
 "diesel_derives",
 "pq-sys",
 "r2d2",
@@ -598,6 +600,7 @@ name = "gamenight"
 version = "0.1.0"
 dependencies = [
 "argon2",
+ "base64",
 "chrono",
 "diesel",
 "diesel-derive-enum",
@@ -605,6 +608,7 @@ dependencies = [
 "futures",
 "jsonwebtoken",
 "password-hash",
+ "rand",
 "rand_core",
 "rocket",
 "rocket_dyn_templates",
--- a/backend/Cargo.toml
+++ b/backend/Cargo.toml
@@ -10,10 +10,10 @@ edition = "2018"
 rocket = { version = "0.5.0-rc.2", features = ["default", "json"] }
 rocket_sync_db_pools = { version = "0.1.0-rc.2", features =  ["diesel_postgres_pool"] }
 rocket_dyn_templates = { version = "0.1.0-rc.2", features = ["handlebars"] }
-diesel = {version = "1.4.8", features = ["uuidv07", "r2d2", "postgres"]}
+diesel = {version = "1.4.8", features = ["uuidv07", "r2d2", "postgres", "chrono"]}
 diesel_migrations = "1.4.0"
 diesel-derive-enum = { version = "1.1", features = ["postgres"] }
-chrono = "0.4.19"
+chrono = {version = "0.4.19", features = ["serde"] }
 serde = "1.0.136"
 password-hash = "0.4"
 argon2 = "0.4"
@@ -21,4 +21,6 @@ rand_core = { version = "0.6", features = ["std"] }
 jsonwebtoken = "8.1"
 validator = { version = "0.15", features = ["derive"] }
 uuid = { version = "0.8.2", features = ["v4", "serde"] }
-futures = "0.3.21"
+futures = "0.3.21"
+rand = "0.8.5"
+base64 = "0.13.0"
--- a/backend/migrations/2022-06-04-141858_registration_tokens/down.sql
+++ b/backend/migrations/2022-06-04-141858_registration_tokens/down.sql
@@ -0,0 +1,6 @@
+-- This file should undo anything in `up.sql`
+
+drop table registration_tokens;
+
+ALTER TABLE gamenight
+ALTER datetime TYPE VARCHAR;
--- a/backend/migrations/2022-06-04-141858_registration_tokens/up.sql
+++ b/backend/migrations/2022-06-04-141858_registration_tokens/up.sql
@@ -0,0 +1,11 @@
+-- Your SQL goes here
+
+create table registration_tokens (
+    id UUID PRIMARY KEY,
+    token CHARACTER(32) NOT NULL,
+    single_use BOOLEAN NOT NULL,
+    expires TIMESTAMPTZ
+);
+
+ALTER TABLE gamenight
+ALTER datetime TYPE TIMESTAMPTZ using datetime::timestamp;
--- a/backend/src/api.rs
+++ b/backend/src/api.rs
@@ -1,8 +1,11 @@
+use crate::schema;
+use crate::schema::admin::RegistrationToken;
 use crate::schema::gamenight::*;
 use crate::schema::users::*;
 use crate::schema::DatabaseError;
 use crate::schema::DbConn;
 use crate::AppConfig;
+use chrono::DateTime;
 use chrono::Utc;
 use futures::future::join_all;
 use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation};
@@ -31,6 +34,8 @@ pub enum ApiData {
    Gamenight(GamenightOutput),
    #[serde(rename = "games")]
    Games(Vec<Game>),
+    #[serde(rename = "registration_tokens")]
+    RegistrationTokens(Vec<RegistrationToken>),
 }

 #[derive(Serialize, Deserialize, Debug)]
@@ -94,6 +99,14 @@ impl ApiResponse {
            data: Some(ApiData::Games(games)),
        }
    }
+
+    fn registration_tokens_response(tokens: Vec<RegistrationToken>) -> Self {
+        Self {
+            result: Self::SUCCES_RESULT,
+            message: None,
+            data: Some(ApiData::RegistrationTokens(tokens)),
+        }
+    }
 }

 #[derive(Debug)]
@@ -249,7 +262,7 @@ pub async fn gamenights_unauthorized() -> ApiResponseVariant {
 #[derive(Debug, Serialize, Deserialize, Clone)]
 pub struct GamenightInput {
    pub name: String,
-    pub datetime: String,
+    pub datetime: DateTime<Utc>,
    pub owner_id: Option<Uuid>,
    pub game_list: Vec<Game>,
 }
@@ -474,3 +487,87 @@ pub async fn delete_participants(
 pub async fn delete_participants_unauthorized() -> ApiResponseVariant {
    ApiResponseVariant::Status(Status::Unauthorized)
 }
+
+#[derive(Deserialize)]
+pub struct RegistrationTokenData {
+    single_use: bool,
+    expires: Option<DateTime<Utc>>,
+}
+
+impl Into<RegistrationToken> for RegistrationTokenData {
+    fn into(self) -> RegistrationToken {
+        use rand::Rng;
+        let random_bytes = rand::thread_rng().gen::<[u8; 24]>();
+        RegistrationToken {
+            id: Uuid::new_v4(),
+            token: base64::encode_config(random_bytes, base64::URL_SAFE),
+            single_use: self.single_use,
+            expires: self.expires,
+        }
+    }
+}
+
+#[post(
+    "/admin/registration_tokens",
+    format = "application/json",
+    data = "<token_json>"
+)]
+pub async fn add_registration_token(
+    conn: DbConn,
+    user: User,
+    token_json: Json<RegistrationTokenData>,
+) -> ApiResponseVariant {
+    if user.role != Role::Admin {
+        return ApiResponseVariant::Status(Status::Unauthorized);
+    }
+
+    match schema::admin::add_registration_token(&conn, token_json.into_inner().into()).await {
+        Ok(_) => ApiResponseVariant::Value(json!(ApiResponse::SUCCES)),
+        Err(err) => ApiResponseVariant::Value(json!(ApiResponse::error(err.to_string()))),
+    }
+}
+
+#[post("/admin/registration_tokens", rank = 2)]
+pub async fn add_registration_token_unauthorized() -> ApiResponseVariant {
+    ApiResponseVariant::Status(Status::Unauthorized)
+}
+
+#[get("/admin/registration_tokens")]
+pub async fn get_registration_tokens(conn: DbConn, user: User) -> ApiResponseVariant {
+    if user.role != Role::Admin {
+        return ApiResponseVariant::Status(Status::Unauthorized);
+    }
+
+    match schema::admin::get_all_registration_tokens(&conn).await {
+        Ok(results) => {
+            ApiResponseVariant::Value(json!(ApiResponse::registration_tokens_response(results)))
+        }
+        Err(err) => ApiResponseVariant::Value(json!(ApiResponse::error(err.to_string()))),
+    }
+}
+
+#[get("/admin/registration_tokens", rank = 2)]
+pub async fn get_registration_tokens_unauthorized() -> ApiResponseVariant {
+    ApiResponseVariant::Status(Status::Unauthorized)
+}
+
+#[delete("/admin/registration_tokens/<gamenight_id>")]
+pub async fn delete_registration_tokens(
+    conn: DbConn,
+    user: User,
+    gamenight_id: String,
+) -> ApiResponseVariant {
+    if user.role != Role::Admin {
+        return ApiResponseVariant::Status(Status::Unauthorized);
+    }
+    
+    let uuid = Uuid::parse_str(&gamenight_id).unwrap();
+    match schema::admin::delete_registration_token(&conn, uuid).await {
+        Ok(_) => ApiResponseVariant::Value(json!(ApiResponse::SUCCES)),
+        Err(err) => ApiResponseVariant::Value(json!(ApiResponse::error(err.to_string()))),
+    }
+}
+#[delete("/admin/registration_tokens", rank = 2)]
+pub async fn delete_registration_tokens_unauthorized() -> ApiResponseVariant {
+    ApiResponseVariant::Status(Status::Unauthorized)
+}
--- a/backend/src/main.rs
+++ b/backend/src/main.rs
@@ -68,6 +68,12 @@ async fn rocket() -> _ {
                api::post_participants_unauthorized,
                api::delete_participants,
                api::delete_participants_unauthorized,
+                api::add_registration_token,
+                api::add_registration_token_unauthorized,
+                api::get_registration_tokens,
+                api::get_registration_tokens_unauthorized,
+                api::delete_registration_tokens,
+                api::delete_registration_tokens_unauthorized,
            ],
        );

--- a/backend/src/schema/admin.rs
+++ b/backend/src/schema/admin.rs
@@ -0,0 +1,54 @@
+use crate::schema::{DatabaseError, DbConn};
+use chrono::DateTime;
+use chrono::Utc;
+use diesel::{QueryDsl, RunQueryDsl, ExpressionMethods};
+use serde::{Deserialize, Serialize};
+use uuid::Uuid;
+
+table! {
+    registration_tokens (id) {
+        id -> diesel::sql_types::Uuid,
+        token -> Char,
+        single_use -> Bool,
+        expires -> Nullable<Timestamptz>,
+    }
+}
+
+#[derive(Serialize, Deserialize, Debug, Insertable, Queryable)]
+#[table_name = "registration_tokens"]
+pub struct RegistrationToken {
+    pub id: Uuid,
+    pub token: String,
+    pub single_use: bool,
+    pub expires: Option<DateTime<Utc>>,
+}
+
+pub async fn get_all_registration_tokens(
+    conn: &DbConn,
+) -> Result<Vec<RegistrationToken>, DatabaseError> {
+    Ok(conn
+        .run(|c| registration_tokens::table.load::<RegistrationToken>(c))
+        .await?)
+}
+
+pub async fn add_registration_token(
+    conn: &DbConn,
+    token: RegistrationToken,
+) -> Result<usize, DatabaseError> {
+    Ok(conn
+        .run(|c| {
+            diesel::insert_into(registration_tokens::table)
+                .values(token)
+                .execute(c)
+        })
+        .await?)
+}
+
+pub async fn delete_registration_token(conn: &DbConn, id: Uuid) -> Result<usize, DatabaseError> {
+    Ok(conn
+        .run(move |c| {
+            diesel::delete(registration_tokens::table.filter(registration_tokens::id.eq(id)))
+                .execute(c)
+        })
+        .await?)
+}
--- a/backend/src/schema/gamenight.rs
+++ b/backend/src/schema/gamenight.rs
@@ -1,5 +1,6 @@
 use crate::schema::users::{users, User};
 use crate::schema::{DatabaseError, DbConn};
+use chrono::{DateTime, Utc};
 use diesel::{Connection, ExpressionMethods, QueryDsl, RunQueryDsl};
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
@@ -8,7 +9,7 @@ table! {
    gamenight (id) {
        id -> diesel::sql_types::Uuid,
        name -> VarChar,
-        datetime -> VarChar,
+        datetime -> Timestamptz,
        owner_id -> Uuid,
    }
 }
@@ -46,7 +47,7 @@ pub struct Game {
 pub struct Gamenight {
    pub id: Uuid,
    pub name: String,
-    pub datetime: String,
+    pub datetime: DateTime<Utc>,
    pub owner_id: Uuid,
 }

--- a/backend/src/schema/mod.rs
+++ b/backend/src/schema/mod.rs
@@ -1,3 +1,4 @@
+pub mod admin;
 pub mod gamenight;
 pub mod users;