diff --git a/src/main.rs b/src/main.rs index 74c6746..fea44d9 100644 --- a/src/main.rs +++ b/src/main.rs @@ -8,7 +8,7 @@ use chrono::{DateTime, Days, Utc}; use daemonize::Daemonize; use http_body_util::{BodyExt, Full}; use hyper::{ - body::{Body as HyperBody, Incoming, Frame}, + body::{Body as HyperBody, Frame, Incoming}, header::{COOKIE, SET_COOKIE}, server::conn::http1, service::service_fn, @@ -134,7 +134,12 @@ async fn get_page( let map: Value = from_reader(file).expect("Could not parse routes, please verify syntax."); match map.get(path) { Some(Value::Object(s)) => { - let authorised = is_authorised(req, db, s.get("permission").unwrap().as_u64().unwrap() as u8).await; + let authorised = is_authorised( + req, + db, + s.get("permission").unwrap().as_u64().unwrap() as u8, + ) + .await; if authorised { get_file(s.get("file").unwrap().as_str().unwrap()).await } else { @@ -297,8 +302,7 @@ async fn get_admin( return get_page(&req, "/unauthorised", db).await; } match path { - "/admin" => { - get_page(req, path, db).await}, + "/admin" => get_page(req, path, db).await, "/admin/users" => { let pool = db.clone().lock().unwrap().clone(); let users = sqlx::query!(r#"SELECT id, username, permissions FROM users"#) @@ -311,14 +315,20 @@ async fn get_admin( .collect(); let stringed = serde_json::to_string(&users).unwrap_or("".to_string()); Ok(Response::builder().body(Body::new(stringed)).unwrap()) - }, + } "/admin/players" => { let pool = db.clone().lock().unwrap().clone(); let players = sqlx::query!(r#"SELECT id, name FROM players"#) .fetch_all(&pool) .await .unwrap(); - let players: Vec = players.iter().map(|x| Player{id: x.id, name: x.name.clone()}).collect(); + let players: Vec = players + .iter() + .map(|x| Player { + id: x.id, + name: x.name.clone(), + }) + .collect(); let stringed = serde_json::to_string(&players).unwrap_or("".to_string()); Ok(Response::builder().body(Body::new(stringed)).unwrap()) } @@ -385,86 +395,95 @@ async fn post_admin( } let path = req.uri().path(); match path { - "/admin/edit/user" => { - match req_json::(req).await { - Some(Value::Object(user)) => { - let username = user.get("username"); - let permissions = user.get("permissions"); - let id = user.get("id"); - if username.is_none() || permissions.is_none() || id.is_none() { - return bad_request().await; - } - let pool = db.clone().lock().unwrap().clone(); - let mut conn = pool.acquire().await.unwrap(); - let username = username.unwrap().as_str().unwrap(); - let permissions = permissions.unwrap(); - let id = id.unwrap(); - let _ = sqlx::query!(r#"UPDATE users SET username = ?1, permissions = ?2 WHERE id = ?3"#, username, permissions, id).execute(&mut *conn).await; - ok().await - }, - _ => {bad_request().await} - } - }, - "/admin/delete/user" => { - match req_json::(req).await { - Some(Value::Object(user)) => { - let id = user.get("id"); - if id.is_none() { - return bad_request().await; - } - let pool = db.clone().lock().unwrap().clone(); - let mut conn = pool.acquire().await.unwrap(); - let id = id.unwrap().as_i64().unwrap(); - let _ = sqlx::query!(r#"DELETE FROM users WHERE id = ?1"#, id).execute(&mut *conn).await; - ok().await + "/admin/edit/user" => match req_json::(req).await { + Some(Value::Object(user)) => { + let username = user.get("username"); + let permissions = user.get("permissions"); + let id = user.get("id"); + if username.is_none() || permissions.is_none() || id.is_none() { + return bad_request().await; } - _ => {bad_request().await} + let pool = db.clone().lock().unwrap().clone(); + let mut conn = pool.acquire().await.unwrap(); + let username = username.unwrap().as_str().unwrap(); + let permissions = permissions.unwrap(); + let id = id.unwrap(); + let _ = sqlx::query!( + r#"UPDATE users SET username = ?1, permissions = ?2 WHERE id = ?3"#, + username, + permissions, + id + ) + .execute(&mut *conn) + .await; + ok().await } + _ => bad_request().await, }, - "/admin/edit/player" => { - match req_json::(req).await { - Some(player) => { - let pool = db.clone().lock().unwrap().clone(); - let mut conn = pool.acquire().await.unwrap(); - let _ = sqlx::query!(r#"UPDATE players SET name = ?1 WHERE id = ?2"#, player.name, player.id).execute(&mut *conn).await; - ok().await - }, - _ => bad_request().await - } - } - "/admin/new/player" => { - match req_json::(req).await { - Some(Value::Object(player)) => { - let name = player.get("name"); - if name.is_none() { - return bad_request().await; - } - let pool = db.clone().lock().unwrap().clone(); - let mut conn = pool.acquire().await.unwrap(); - let name = name.unwrap().as_str().unwrap(); - let _ = sqlx::query!(r#"INSERT INTO players (name) VALUES (?1)"#, name).execute(&mut *conn).await; - ok().await - }, - _ => {bad_request().await} - } - }, - "/admin/delete/player" => { - match req_json::(req).await { - Some(Value::Object(player)) => { - let id = player.get("id"); - if id.is_none() { - return bad_request().await; - } - let pool = db.clone().lock().unwrap().clone(); - let mut conn = pool.acquire().await.unwrap(); - let id = id.unwrap().as_i64().unwrap(); - let _ = sqlx::query!(r#"DELETE FROM players WHERE id = ?1"#, id).execute(&mut *conn).await; - ok().await + "/admin/delete/user" => match req_json::(req).await { + Some(Value::Object(user)) => { + let id = user.get("id"); + if id.is_none() { + return bad_request().await; } - _ => {bad_request().await} + let pool = db.clone().lock().unwrap().clone(); + let mut conn = pool.acquire().await.unwrap(); + let id = id.unwrap().as_i64().unwrap(); + let _ = sqlx::query!(r#"DELETE FROM users WHERE id = ?1"#, id) + .execute(&mut *conn) + .await; + ok().await } - } - _ => {bad_request().await} + _ => bad_request().await, + }, + "/admin/edit/player" => match req_json::(req).await { + Some(player) => { + let pool = db.clone().lock().unwrap().clone(); + let mut conn = pool.acquire().await.unwrap(); + let _ = sqlx::query!( + r#"UPDATE players SET name = ?1 WHERE id = ?2"#, + player.name, + player.id + ) + .execute(&mut *conn) + .await; + ok().await + } + _ => bad_request().await, + }, + "/admin/new/player" => match req_json::(req).await { + Some(Value::Object(player)) => { + let name = player.get("name"); + if name.is_none() { + return bad_request().await; + } + let pool = db.clone().lock().unwrap().clone(); + let mut conn = pool.acquire().await.unwrap(); + let name = name.unwrap().as_str().unwrap(); + let _ = sqlx::query!(r#"INSERT INTO players (name) VALUES (?1)"#, name) + .execute(&mut *conn) + .await; + ok().await + } + _ => bad_request().await, + }, + "/admin/delete/player" => match req_json::(req).await { + Some(Value::Object(player)) => { + let id = player.get("id"); + if id.is_none() { + return bad_request().await; + } + let pool = db.clone().lock().unwrap().clone(); + let mut conn = pool.acquire().await.unwrap(); + let id = id.unwrap().as_i64().unwrap(); + let _ = sqlx::query!(r#"DELETE FROM players WHERE id = ?1"#, id) + .execute(&mut *conn) + .await; + ok().await + } + _ => bad_request().await, + }, + _ => bad_request().await, } } @@ -561,7 +580,16 @@ async fn register( .hash_password(login.password.as_bytes(), &SaltString::generate(&mut OsRng)) .unwrap() .to_string(); - let token = Alphanumeric.sample_string(&mut OsRng, 256); + let mut token = Alphanumeric.sample_string(&mut OsRng, 256); + while match sqlx::query!(r#"SELECT id FROM users WHERE token=?1"#, token) + .fetch_optional(&mut *conn) + .await + { + Ok(Some(user)) => true, + _ => false, + } { + token = Alphanumeric.sample_string(&mut OsRng, 256); + } let result = sqlx::query!(r#"INSERT INTO users ( username, saltyhash, permissions, token) VALUES ( ?1, ?2, ?3, ?4 )"#, login.username, hash, 0, token).execute(&mut *conn).await; match result { Ok(_) => Ok(Response::builder().body(Body::Empty).unwrap()), @@ -616,10 +644,10 @@ async fn is_authorised(req: &Request, db: Arc>, leve Ok(Some(user)) => { let perm = user.permissions as u8; perm >= level - }, + } _ => match level { 0 => true, - _ => false + _ => false, }, } } @@ -671,7 +699,10 @@ async fn not_found() -> Result, Error> { } async fn bad_request() -> Result, Error> { - Ok(Response::builder().status(StatusCode::BAD_REQUEST).body(Body::Empty).unwrap()) + Ok(Response::builder() + .status(StatusCode::BAD_REQUEST) + .body(Body::Empty) + .unwrap()) } async fn ok() -> Result, Error> {