Added a user system with no proper user validation but working authorisation. #1

Merged
Roflin merged 6 commits from user-system into main 2022-04-23 13:17:32 +02:00
4 changed files with 281 additions and 251 deletions
Showing only changes of commit 81e65b1619 - Show all commits

View File

@ -1,36 +1,36 @@
use validator::ValidateArgs; use crate::schema;
use crate::AppConfig;
use rocket::request::Outcome;
use jsonwebtoken::decode;
use crate::schema::DbConn; use crate::schema::DbConn;
use crate::AppConfig;
use chrono::Utc;
use jsonwebtoken::decode;
use jsonwebtoken::encode;
use jsonwebtoken::DecodingKey; use jsonwebtoken::DecodingKey;
use jsonwebtoken::Validation; use jsonwebtoken::Validation;
use rocket::State; use jsonwebtoken::{EncodingKey, Header};
use chrono::Utc;
use jsonwebtoken::{Header, EncodingKey};
use crate::schema;
use std::borrow::Cow;
use jsonwebtoken::encode;
use rocket::serde::json::{Json, json, Value};
use rocket::http::Status; use rocket::http::Status;
use rocket::request::{self, Request, FromRequest}; use rocket::outcome::Outcome::{Failure, Success};
use rocket::outcome::Outcome::{Success, Failure}; use rocket::request::Outcome;
use serde::{Serialize, Deserialize}; use rocket::request::{self, FromRequest, Request};
use rocket::serde::json::{json, Json, Value};
use rocket::State;
use serde::{Deserialize, Serialize};
use std::borrow::Cow;
use validator::ValidateArgs;
pub struct Referer(String); pub struct Referer(String);
Review

You can probably use a Result<Value, Status> for most endpoints and avoid a custom enum. I also recommend using json::Value qualified like that because Value by itself is not very descriptive.

You can probably use a `Result<Value, Status>` for most endpoints and avoid a custom enum. I also recommend using `json::Value` qualified like that because `Value` by itself is not very descriptive.
Review

True, but in the future we might want to return a status on a non error condition, or return a Redirect, I understand it is a bit overkill now, but in a previous iteration I was also returning Redirects and then this becomes a nice solution imho.

True, but in the future we might want to return a status on a non error condition, or return a Redirect, I understand it is a bit overkill now, but in a previous iteration I was also returning Redirects and then this becomes a nice solution imho.
#[derive(Debug)] #[derive(Debug)]
pub enum ReferrerError { pub enum ReferrerError {
Missing, Missing,
MoreThanOne MoreThanOne,
} }
#[derive(Debug, Responder)] #[derive(Debug, Responder)]
pub enum ApiResponseVariant { pub enum ApiResponseVariant {
Status(Status), Status(Status),
// Redirect(Redirect), // Redirect(Redirect),
Value(Value), Value(Value),
// Flash(Flash<Redirect>) // Flash(Flash<Redirect>)
} }
#[rocket::async_trait] #[rocket::async_trait]
@ -38,7 +38,7 @@ impl<'r> FromRequest<'r> for Referer {
type Error = ReferrerError; type Error = ReferrerError;
async fn from_request(req: &'r Request<'_>) -> request::Outcome<Self, Self::Error> { async fn from_request(req: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
let referers : Vec<_> = req.headers().get("Referer").collect(); let referers: Vec<_> = req.headers().get("Referer").collect();
match referers.len() { match referers.len() {
0 => Failure((Status::BadRequest, ReferrerError::Missing)), 0 => Failure((Status::BadRequest, ReferrerError::Missing)),
1 => Success(Referer(referers[0].to_string())), 1 => Success(Referer(referers[0].to_string())),
@ -51,9 +51,9 @@ impl<'r> FromRequest<'r> for Referer {
struct ApiResponse { struct ApiResponse {
result: Cow<'static, str>, result: Cow<'static, str>,
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
message: Option::<Cow<'static, str>>, message: Option<Cow<'static, str>>,
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
jwt: Option::<Cow<'static, str>> jwt: Option<Cow<'static, str>>,
} }
impl ApiResponse { impl ApiResponse {
@ -63,14 +63,14 @@ impl ApiResponse {
const SUCCES: Self = Self { const SUCCES: Self = Self {
result: Self::SUCCES_RESULT, result: Self::SUCCES_RESULT,
message: None, message: None,
jwt: None jwt: None,
}; };
fn error(message: String) -> Self { fn error(message: String) -> Self {
Self { Self {
result: Self::FAILURE_RESULT, result: Self::FAILURE_RESULT,
message: Some(Cow::Owned(message)), message: Some(Cow::Owned(message)),
jwt: None jwt: None,
} }
} }
@ -78,7 +78,7 @@ impl ApiResponse {
Self { Self {
result: Self::SUCCES_RESULT, result: Self::SUCCES_RESULT,
message: None, message: None,
jwt: Some(Cow::Owned(jwt)) jwt: Some(Cow::Owned(jwt)),
} }
} }
} }
@ -98,23 +98,40 @@ impl<'r> FromRequest<'r> for schema::User {
async fn from_request(req: &'r Request<'_>) -> Outcome<Self, Self::Error> { async fn from_request(req: &'r Request<'_>) -> Outcome<Self, Self::Error> {
let header = match req.headers().get_one(AUTH_HEADER) { let header = match req.headers().get_one(AUTH_HEADER) {
Some(header) => header, Some(header) => header,
None => return Outcome::Failure((Status::BadRequest, ApiError::RequestError("No authorization header found".to_string()))) None => {
return Outcome::Failure((
Status::BadRequest,
ApiError::RequestError("No authorization header found".to_string()),
))
}
}; };
if !header.starts_with(BEARER) { if !header.starts_with(BEARER) {
return Outcome::Failure((Status::BadRequest, ApiError::RequestError("Invalid Authorization header.".to_string()))) return Outcome::Failure((
Status::BadRequest,
ApiError::RequestError("Invalid Authorization header.".to_string()),
));
}; };
let app_config = req.guard::<&State<AppConfig>>().await.unwrap().inner(); let app_config = req.guard::<&State<AppConfig>>().await.unwrap().inner();
Roflin marked this conversation as resolved
Review

I think you can use a Request Guard (see https://api.rocket.rs/v0.5-rc/rocket/request/trait.FromRequest.html) to authenticate the user and role: For example, endpoints that require admin privileges could accept a non-optional Admin struct containing a user id and the request guard that generates it would only return Success if the user is logged and has the admin role.

I think you can use a Request Guard (see https://api.rocket.rs/v0.5-rc/rocket/request/trait.FromRequest.html) to authenticate the user and role: For example, endpoints that require admin privileges could accept a non-optional `Admin` struct containing a user id and the request guard that generates it would only return `Success` if the user is logged and has the admin role.
Review

See also the examples under the header "Request-Local State" in the above link.

See also the examples under the header "Request-Local State" in the above link.
Review

Reading more carefully I see you're already doing this, just that you're accepting an Option<User> and then checking it's not None while you could accept a User and be sure.

Reading more carefully I see you're already doing this, just that you're accepting an `Option<User>` and then checking it's not `None` while you could accept a `User` and be sure.
let jwt = header.trim_start_matches(BEARER).to_owned(); let jwt = header.trim_start_matches(BEARER).to_owned();
let token = match decode::<Claims>(&jwt, &DecodingKey::from_secret(app_config.jwt_secret.as_bytes()), &Validation::default()) { let token = match decode::<Claims>(
&jwt,
&DecodingKey::from_secret(app_config.jwt_secret.as_bytes()),
&Validation::default(),
) {
Ok(token) => token, Ok(token) => token,
Err(error) => return Outcome::Failure((Status::BadRequest, ApiError::RequestError(error.to_string()))) Err(error) => {
return Outcome::Failure((
Status::BadRequest,
ApiError::RequestError(error.to_string()),
))
}
}; };
let id = token.claims.uid; let id = token.claims.uid;
let conn = req.guard::<DbConn>().await.unwrap(); let conn = req.guard::<DbConn>().await.unwrap();
return Outcome::Success(schema::get_user(conn, id).await) return Outcome::Success(schema::get_user(conn, id).await);
} }
} }
@ -123,38 +140,45 @@ pub async fn gamenights(conn: DbConn, user: Option<schema::User>) -> ApiResponse
if user.is_some() { if user.is_some() {
let gamenights = schema::get_all_gamenights(conn).await; let gamenights = schema::get_all_gamenights(conn).await;
ApiResponseVariant::Value(json!(gamenights)) ApiResponseVariant::Value(json!(gamenights))
} } else {
else {
ApiResponseVariant::Status(Status::Unauthorized) ApiResponseVariant::Status(Status::Unauthorized)
} }
} }
#[post("/gamenight", format = "application/json", data = "<gamenight_json>")] #[post("/gamenight", format = "application/json", data = "<gamenight_json>")]
pub async fn gamenight_post_json(conn: DbConn, user: Option<schema::User>, gamenight_json: Json<schema::GameNightNoId>) -> ApiResponseVariant { pub async fn gamenight_post_json(
conn: DbConn,
user: Option<schema::User>,
gamenight_json: Json<schema::GameNightNoId>,
) -> ApiResponseVariant {
if user.is_some() { if user.is_some() {
schema::insert_gamenight(conn, gamenight_json.into_inner()).await; schema::insert_gamenight(conn, gamenight_json.into_inner()).await;
ApiResponseVariant::Value(json!(ApiResponse::SUCCES)) ApiResponseVariant::Value(json!(ApiResponse::SUCCES))
} } else {
else {
ApiResponseVariant::Status(Status::Unauthorized) ApiResponseVariant::Status(Status::Unauthorized)
} }
} }
#[post("/register", format = "application/json", data = "<register_json>")] #[post("/register", format = "application/json", data = "<register_json>")]
pub async fn register_post_json(conn: DbConn, register_json: Json<schema::Register>) -> ApiResponseVariant { pub async fn register_post_json(
conn: DbConn,
register_json: Json<schema::Register>,
) -> ApiResponseVariant {
let register = register_json.into_inner(); let register = register_json.into_inner();
let register_clone = register.clone(); let register_clone = register.clone();
match conn.run(move |c| { match conn
register_clone.validate_args((c,c)) .run(move |c| register_clone.validate_args((c, c)))
}).await { .await
{
Ok(()) => (), Ok(()) => (),
Err(error) => return ApiResponseVariant::Value(json!(ApiResponse::error(error.to_string()))) Err(error) => {
return ApiResponseVariant::Value(json!(ApiResponse::error(error.to_string())))
}
} }
match schema::insert_user(conn, register).await { match schema::insert_user(conn, register).await {
Ok(_) => ApiResponseVariant::Value(json!(ApiResponse::SUCCES)), Ok(_) => ApiResponseVariant::Value(json!(ApiResponse::SUCCES)),
Err(err) => ApiResponseVariant::Value(json!(ApiResponse::error(err.to_string()))) Err(err) => ApiResponseVariant::Value(json!(ApiResponse::error(err.to_string()))),
} }
} }
@ -166,23 +190,36 @@ struct Claims {
} }
#[post("/login", format = "application/json", data = "<login_json>")] #[post("/login", format = "application/json", data = "<login_json>")]
pub async fn login_post_json(conn: DbConn, config: &State<AppConfig>, login_json: Json<schema::Login>) -> ApiResponseVariant { pub async fn login_post_json(
conn: DbConn,
config: &State<AppConfig>,
login_json: Json<schema::Login>,
) -> ApiResponseVariant {
match schema::login(conn, login_json.into_inner()).await { match schema::login(conn, login_json.into_inner()).await {
Err(err) => ApiResponseVariant::Value(json!(ApiResponse::error(err.to_string()))), Err(err) => ApiResponseVariant::Value(json!(ApiResponse::error(err.to_string()))),
Ok(login_result) => { Ok(login_result) => {
if !login_result.result {
return ApiResponseVariant::Value(json!(ApiResponse::error(String::from(
"username and password didn't match"
))));
}
let my_claims = Claims { let my_claims = Claims {
exp: Utc::now().timestamp() + chrono::Duration::days(7).num_seconds(), exp: Utc::now().timestamp() + chrono::Duration::days(7).num_seconds(),
uid: login_result.id.unwrap(), uid: login_result.id.unwrap(),
role: login_result.role.unwrap() role: login_result.role.unwrap(),
}; };
let secret = &config.inner().jwt_secret; let secret = &config.inner().jwt_secret;
match encode(&Header::default(), &my_claims, &EncodingKey::from_secret(secret.as_bytes())) match encode(
{ &Header::default(),
&my_claims,
&EncodingKey::from_secret(secret.as_bytes()),
) {
Ok(token) => ApiResponseVariant::Value(json!(ApiResponse::login_response(token))), Ok(token) => ApiResponseVariant::Value(json!(ApiResponse::login_response(token))),
Err(error) => ApiResponseVariant::Value(json!(ApiResponse::error(error.to_string()))) Err(error) => {
ApiResponseVariant::Value(json!(ApiResponse::error(error.to_string())))
}
} }
} }
} }

View File

@ -1,8 +1,17 @@
#[macro_use] extern crate rocket; #[macro_use]
#[macro_use] extern crate diesel_migrations; extern crate rocket;
#[macro_use] extern crate diesel; #[macro_use]
extern crate diesel_migrations;
#[macro_use]
extern crate diesel;
use rocket::{fairing::AdHoc, figment::{Figment, providers::{Serialized, Toml, Env, Format}, Profile}}; use rocket::{
fairing::AdHoc,
figment::{
providers::{Env, Format, Serialized, Toml},
Figment, Profile,
},
};
use rocket_dyn_templates::Template; use rocket_dyn_templates::Template;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@ -12,12 +21,14 @@ mod site;
#[derive(Debug, Deserialize, Serialize)] #[derive(Debug, Deserialize, Serialize)]
pub struct AppConfig { pub struct AppConfig {
jwt_secret: String jwt_secret: String,
} }
impl Default for AppConfig { impl Default for AppConfig {
fn default() -> AppConfig { fn default() -> AppConfig {
AppConfig { jwt_secret: String::from("secret") } AppConfig {
jwt_secret: String::from("secret"),
}
} }
} }
@ -34,13 +45,17 @@ fn rocket() -> _ {
.attach(Template::fairing()) .attach(Template::fairing())
.attach(AdHoc::on_ignite("Run Migrations", schema::run_migrations)) .attach(AdHoc::on_ignite("Run Migrations", schema::run_migrations))
.attach(AdHoc::config::<AppConfig>()) .attach(AdHoc::config::<AppConfig>())
.mount("/", routes![site::index, site::gamenights, .attach(site::make_cors())
site::add_game_night, site::register]) .mount("/", routes![site::index, site::files])
.mount("/api", routes![ .mount(
api::gamenights, api::gamenight_post_json, "/api",
api::register_post_json, routes![
api::login_post_json api::gamenights,
]); api::gamenight_post_json,
api::register_post_json,
api::login_post_json
],
);
rocket rocket
} }

View File

@ -1,24 +1,21 @@
use diesel::dsl::count;
use std::ops::Deref;
use argon2::PasswordVerifier;
use argon2::PasswordHash;
use diesel_derive_enum::DbEnum;
use crate::diesel::QueryDsl;
use crate::diesel::BoolExpressionMethods; use crate::diesel::BoolExpressionMethods;
use crate::diesel::ExpressionMethods;
use crate::diesel::Connection; use crate::diesel::Connection;
use rocket_sync_db_pools::database; use crate::diesel::ExpressionMethods;
use serde::{Serialize, Deserialize}; use crate::diesel::QueryDsl;
use rocket::{Rocket, Build};
use diesel::RunQueryDsl;
use argon2::{
password_hash::{
rand_core::OsRng,
PasswordHasher
},
Argon2
};
use argon2::password_hash::SaltString; use argon2::password_hash::SaltString;
use argon2::PasswordHash;
use argon2::PasswordVerifier;
use argon2::{
password_hash::{rand_core::OsRng, PasswordHasher},
Argon2,
};
use diesel::dsl::count;
use diesel::RunQueryDsl;
use diesel_derive_enum::DbEnum;
use rocket::{Build, Rocket};
use rocket_sync_db_pools::database;
use serde::{Deserialize, Serialize};
use std::ops::Deref;
use validator::{Validate, ValidationError}; use validator::{Validate, ValidationError};
#[database("gamenight_database")] #[database("gamenight_database")]
@ -66,30 +63,25 @@ table! {
} }
} }
allow_tables_to_appear_in_same_query!( allow_tables_to_appear_in_same_query!(gamenight, known_games,);
gamenight,
known_games,
);
pub enum DatabaseError { pub enum DatabaseError {
Hash(password_hash::Error), Hash(password_hash::Error),
Query(String) Query(String),
} }
impl std::fmt::Display for DatabaseError { impl std::fmt::Display for DatabaseError {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
match self { match self {
DatabaseError::Hash(err) => write!(f, "{}", err), DatabaseError::Hash(err) => write!(f, "{}", err),
DatabaseError::Query(err) => write!(f, "{}", err) DatabaseError::Query(err) => write!(f, "{}", err),
} }
} }
} }
pub async fn get_all_gamenights(conn: DbConn) -> Vec::<GameNight> { pub async fn get_all_gamenights(conn: DbConn) -> Vec<GameNight> {
conn.run(|c| { conn.run(|c| gamenight::table.load::<GameNight>(c).unwrap())
gamenight::table.load::<GameNight>(c).unwrap() .await
}).await
} }
pub async fn insert_gamenight(conn: DbConn, new_gamenight: GameNightNoId) -> () { pub async fn insert_gamenight(conn: DbConn, new_gamenight: GameNightNoId) -> () {
@ -98,7 +90,8 @@ pub async fn insert_gamenight(conn: DbConn, new_gamenight: GameNightNoId) -> ()
.values(new_gamenight) .values(new_gamenight)
.execute(c) .execute(c)
.unwrap() .unwrap()
}).await; })
.await;
} }
pub async fn insert_user(conn: DbConn, new_user: Register) -> Result<(), DatabaseError> { pub async fn insert_user(conn: DbConn, new_user: Register) -> Result<(), DatabaseError> {
@ -107,29 +100,41 @@ pub async fn insert_user(conn: DbConn, new_user: Register) -> Result<(), Databas
let argon2 = Argon2::default(); let argon2 = Argon2::default();
let password_hash = match argon2.hash_password(new_user.password.as_bytes(), &salt) { let password_hash = match argon2.hash_password(new_user.password.as_bytes(), &salt) {
Ok(hash) => hash.to_string(), Ok(hash) => hash.to_string(),
Err(error) => return Err(DatabaseError::Hash(error)) Err(error) => return Err(DatabaseError::Hash(error)),
}; };
match conn.run(move |c| { match conn
c.transaction(|| { .run(move |c| {
diesel::insert_into(user::table) c.transaction(|| {
.values((user::username.eq(&new_user.username), user::email.eq(&new_user.email), user::role.eq(Role::User))) diesel::insert_into(user::table)
.execute(c)?; .values((
user::username.eq(&new_user.username),
user::email.eq(&new_user.email),
user::role.eq(Role::User),
))
.execute(c)?;
let ids : Vec::<i32> = match user::table let ids: Vec<i32> = match user::table
.filter(user::username.eq(&new_user.username).and(user::email.eq(&new_user.email))) .filter(
.select(user::id) user::username
.get_results(c) { .eq(&new_user.username)
.and(user::email.eq(&new_user.email)),
)
.select(user::id)
Roflin marked this conversation as resolved
Review

called user_id now

called `user_id` now
.get_results(c)
{
Ok(id) => id, Ok(id) => id,
Err(e) => return Err(e) Err(e) => return Err(e),
}; };
diesel::insert_into(pwd::table) diesel::insert_into(pwd::table)
.values((pwd::id.eq(ids[0]), pwd::password.eq(&password_hash))) .values((pwd::id.eq(ids[0]), pwd::password.eq(&password_hash)))
.execute(c) .execute(c)
})
}) })
}).await { .await
{
Err(e) => Err(DatabaseError::Query(e.to_string())), Err(e) => Err(DatabaseError::Query(e.to_string())),
_ => Ok(()), _ => Ok(()),
} }
@ -137,83 +142,94 @@ pub async fn insert_user(conn: DbConn, new_user: Register) -> Result<(), Databas
pub async fn login(conn: DbConn, login: Login) -> Result<LoginResult, DatabaseError> { pub async fn login(conn: DbConn, login: Login) -> Result<LoginResult, DatabaseError> {
conn.run(move |c| -> Result<LoginResult, DatabaseError> { conn.run(move |c| -> Result<LoginResult, DatabaseError> {
let id : i32 = match user::table let id: i32 = match user::table
.filter(user::username.eq(&login.username)) .filter(user::username.eq(&login.username))
.or_filter(user::email.eq(&login.username)) .or_filter(user::email.eq(&login.username))
.select(user::id) .select(user::id)
.get_results(c) { .get_results(c)
Ok(id) => id[0], {
Err(error) => return Err(DatabaseError::Query(error.to_string())) Ok(id) => id[0],
}; Err(error) => return Err(DatabaseError::Query(error.to_string())),
};
let pwd : String = match pwd::table let pwd: String = match pwd::table
.filter(pwd::id.eq(id)) .filter(pwd::id.eq(id))
.select(pwd::password) .select(pwd::password)
.get_results::<String>(c) { .get_results::<String>(c)
Ok(pwd) => pwd[0].clone(), {
Err(error) => return Err(DatabaseError::Query(error.to_string())) Ok(pwd) => pwd[0].clone(),
}; Err(error) => return Err(DatabaseError::Query(error.to_string())),
};
let parsed_hash = match PasswordHash::new(&pwd) { let parsed_hash = match PasswordHash::new(&pwd) {
Ok(hash) => hash, Ok(hash) => hash,
Err(error) => return Err(DatabaseError::Hash(error)) Err(error) => return Err(DatabaseError::Hash(error)),
}; };
if Argon2::default().verify_password(&login.password.as_bytes(), &parsed_hash).is_ok() { if Argon2::default()
.verify_password(&login.password.as_bytes(), &parsed_hash)
let role : Role = match user::table .is_ok()
{
let role: Role = match user::table
.filter(user::id.eq(id)) .filter(user::id.eq(id))
.select(user::role) .select(user::role)
.get_results::<Role>(c) { .get_results::<Role>(c)
Ok(role) => role[0].clone(), {
Err(error) => return Err(DatabaseError::Query(error.to_string())) Ok(role) => role[0].clone(),
}; Err(error) => return Err(DatabaseError::Query(error.to_string())),
};
Ok(LoginResult { Ok(LoginResult {
result: true, result: true,
id: Some(id), id: Some(id),
role: Some(role) role: Some(role),
}) })
} } else {
else {
Ok(LoginResult { Ok(LoginResult {
result: false, result: false,
id: None, id: None,
role: None, role: None,
}) })
} }
}).await })
.await
} }
pub async fn get_user(conn: DbConn, id: i32) -> User { pub async fn get_user(conn: DbConn, id: i32) -> User {
conn.run(move |c| { conn.run(move |c| user::table.filter(user::id.eq(id)).first(c).unwrap())
user::table .await
.filter(user::id.eq(id))
.first(c)
.unwrap()
}).await
} }
pub fn unique_username(username: &String, conn: &diesel::SqliteConnection) -> Result<(), ValidationError> { pub fn unique_username(
username: &String,
conn: &diesel::SqliteConnection,
) -> Result<(), ValidationError> {
match user::table match user::table
.select(count(user::username)) .select(count(user::username))
.filter(user::username.eq(username)) .filter(user::username.eq(username))
.execute(conn) { .execute(conn)
Ok(0) => Ok(()), {
Ok(_) => Err(ValidationError::new("User already exists")), Ok(0) => Ok(()),
Err(_) => Err(ValidationError::new("Database error while validating user")) Ok(_) => Err(ValidationError::new("User already exists")),
} Err(_) => Err(ValidationError::new("Database error while validating user")),
}
} }
pub fn unique_email(email: &String, conn: &diesel::SqliteConnection) -> Result<(), ValidationError> { pub fn unique_email(
email: &String,
conn: &diesel::SqliteConnection,
) -> Result<(), ValidationError> {
match user::table match user::table
.select(count(user::email)) .select(count(user::email))
.filter(user::email.eq(email)) .filter(user::email.eq(email))
.execute(conn) { .execute(conn)
Ok(0) => Ok(()), {
Ok(_) => Err(ValidationError::new("email already exists")), Ok(0) => Ok(()),
Err(_) => Err(ValidationError::new("Database error while validating email")) Ok(_) => Err(ValidationError::new("email already exists")),
} Err(_) => Err(ValidationError::new(
"Database error while validating email",
)),
}
} }
pub async fn run_migrations(rocket: Rocket<Build>) -> Rocket<Build> { pub async fn run_migrations(rocket: Rocket<Build>) -> Rocket<Build> {
@ -223,7 +239,9 @@ pub async fn run_migrations(rocket: Rocket<Build>) -> Rocket<Build> {
embed_migrations!(); embed_migrations!();
let conn = DbConn::get_one(&rocket).await.expect("database connection"); let conn = DbConn::get_one(&rocket).await.expect("database connection");
conn.run(|c| embedded_migrations::run(c)).await.expect("can run migrations"); conn.run(|c| embedded_migrations::run(c))
.await
.expect("can run migrations");
rocket rocket
} }
@ -235,45 +253,51 @@ pub enum Role {
} }
#[derive(Serialize, Deserialize, Debug, Insertable, Queryable)] #[derive(Serialize, Deserialize, Debug, Insertable, Queryable)]
#[table_name="user"] #[table_name = "user"]
pub struct User { pub struct User {
pub id: i32, pub id: i32,
pub username: String, pub username: String,
pub email: String, pub email: String,
pub role: Role pub role: Role,
} }
#[derive(Serialize, Deserialize, Debug, FromForm, Insertable)] #[derive(Serialize, Deserialize, Debug, FromForm, Insertable)]
#[table_name="known_games"] #[table_name = "known_games"]
pub struct GameNoId { pub struct GameNoId {
pub game : String, pub game: String,
} }
#[derive(Serialize, Deserialize, Debug, FromForm, Queryable)] #[derive(Serialize, Deserialize, Debug, FromForm, Queryable)]
pub struct Game { pub struct Game {
pub id: i32, pub id: i32,
pub game : String, pub game: String,
} }
#[derive(Serialize, Deserialize, Debug, FromForm, Insertable)] #[derive(Serialize, Deserialize, Debug, FromForm, Insertable)]
#[table_name="gamenight"] #[table_name = "gamenight"]
pub struct GameNightNoId { pub struct GameNightNoId {
pub game : String, pub game: String,
pub datetime : String, pub datetime: String,
} }
#[derive(Serialize, Deserialize, Debug, FromForm, Queryable)] #[derive(Serialize, Deserialize, Debug, FromForm, Queryable)]
pub struct GameNight { pub struct GameNight {
pub id: i32, pub id: i32,
pub game : String, pub game: String,
pub datetime : String, pub datetime: String,
} }
#[derive(Serialize, Deserialize, Debug, Validate, Clone)] #[derive(Serialize, Deserialize, Debug, Validate, Clone)]
pub struct Register { pub struct Register {
#[validate(length(min = 1), custom( function = "unique_username", arg = "&'v_a diesel::SqliteConnection"))] #[validate(
length(min = 1),
custom(function = "unique_username", arg = "&'v_a diesel::SqliteConnection")
)]
pub username: String, pub username: String,
#[validate(email, custom( function = "unique_email", arg = "&'v_a diesel::SqliteConnection"))] #[validate(
email,
custom(function = "unique_email", arg = "&'v_a diesel::SqliteConnection")
)]
pub email: String, pub email: String,
#[validate(length(min = 10), must_match = "password_repeat")] #[validate(length(min = 10), must_match = "password_repeat")]
pub password: String, pub password: String,
@ -283,12 +307,12 @@ pub struct Register {
#[derive(Serialize, Deserialize, Debug)] #[derive(Serialize, Deserialize, Debug)]
pub struct Login { pub struct Login {
pub username: String, pub username: String,
pub password: String pub password: String,
} }
#[derive(Serialize, Deserialize, Debug)] #[derive(Serialize, Deserialize, Debug)]
pub struct LoginResult { pub struct LoginResult {
pub result: bool, pub result: bool,
pub id: Option<i32>, pub id: Option<i32>,
pub role: Option<Role> pub role: Option<Role>,
} }

View File

@ -1,88 +1,42 @@
use std::borrow::Cow; use rocket::fs::NamedFile;
use serde::{Serialize, Deserialize}; use rocket::http::Method;
use rocket_dyn_templates::Template; use rocket_cors::{AllowedHeaders, AllowedOrigins, Cors, CorsOptions};
use rocket::response::{Redirect}; use std::io;
use rocket::request::{FlashMessage}; use std::path::{Path, PathBuf};
use crate::schema;
#[derive(Serialize, Deserialize, Debug)] pub fn make_cors() -> Cors {
struct FlashData { let allowed_origins = AllowedOrigins::some_exact(&[
has_data: bool, // 4.
kind: Cow<'static, str>, //CHANGE THESE TO MATCH YOUR PORTS
message: Cow<'static, str> "http://localhost:3000",
"http://127.0.0.1:3000",
"http://localhost:8000",
"http://0.0.0.0:8000",
]);
CorsOptions {
// 5.
allowed_origins,
allowed_methods: vec![Method::Get].into_iter().map(From::from).collect(), // 1.
allowed_headers: AllowedHeaders::some(&[
"Authorization",
"Accept",
"Access-Control-Allow-Origin", // 6.
]),
allow_credentials: true,
..Default::default()
}
.to_cors()
.expect("error while building CORS")
} }
impl FlashData { #[get("/<file..>")]
const EMPTY: Self = Self { has_data: false, message: Cow::Borrowed(""), kind: Cow::Borrowed("") }; pub async fn files(file: PathBuf) -> Option<NamedFile> {
} NamedFile::open(Path::new("../frontend/build/").join(file))
.await
#[derive(Serialize, Deserialize, Debug)] .ok()
struct GameNightsData {
gamenights: Vec::<schema::GameNight>,
flash: FlashData
}
#[get("/gamenights")]
pub async fn gamenights(conn: schema::DbConn) -> Template {
let gamenights = schema::get_all_gamenights(conn).await;
let data = GameNightsData {
gamenights: gamenights,
flash: FlashData::EMPTY
};
Template::render("gamenights", &data)
} }
#[get("/")] #[get("/")]
pub async fn index() -> Redirect { pub async fn index() -> io::Result<NamedFile> {
Redirect::to(uri!(gamenights)) NamedFile::open("../frontend/build/index.html").await
}
#[derive(Serialize, Deserialize, Debug)]
struct GameNightAddData {
post_url: String,
flash : FlashData
}
#[get("/gamenight/add")]
pub async fn add_game_night(flash: Option<FlashMessage<'_>>) -> Template {
let flash_data = match flash {
None => FlashData::EMPTY,
Some(flash) => FlashData {
has_data: true,
message: Cow::Owned(flash.message().to_string()),
kind: Cow::Owned(flash.kind().to_string())
}
};
let data = GameNightAddData {
post_url: "/api/gamenight".to_string(),
flash: flash_data
};
Template::render("gamenight_add", &data)
}
#[derive(Serialize, Deserialize, Debug)]
struct RegisterData {
flash : FlashData
}
#[get("/register")]
pub async fn register(flash: Option<FlashMessage<'_>>) -> Template {
let flash_data = match flash {
None => FlashData::EMPTY,
Some(flash) => FlashData {
has_data: true,
message: Cow::Owned(flash.message().to_string()),
kind: Cow::Owned(flash.kind().to_string())
}
};
let data = RegisterData {
flash: flash_data
};
Template::render("register", &data)
} }