AINDUSTRIES/vote-rllhc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added check for token generation (look if exists)

Browse Source
This commit is contained in:
AINDUSTRIES
2024-10-04 17:15:59 +02:00
parent 01c8248313
commit cd1632b533
1 changed files with 116 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

201
src/main.rs
View File

@@ -8,7 +8,7 @@ use chrono::{DateTime, Days, Utc};
use daemonize::Daemonize; use daemonize::Daemonize;
use http_body_util::{BodyExt, Full}; use http_body_util::{BodyExt, Full};
use hyper::{ use hyper::{
body::{Body as HyperBody, Incoming, Frame}, body::{Body as HyperBody, Frame, Incoming},
header::{COOKIE, SET_COOKIE}, header::{COOKIE, SET_COOKIE},
server::conn::http1, server::conn::http1,
service::service_fn, service::service_fn,
@@ -134,7 +134,12 @@ async fn get_page(
let map: Value = from_reader(file).expect("Could not parse routes, please verify syntax."); let map: Value = from_reader(file).expect("Could not parse routes, please verify syntax.");
match map.get(path) { match map.get(path) {
Some(Value::Object(s)) => { Some(Value::Object(s)) => {
let authorised = is_authorised(req, db, s.get("permission").unwrap().as_u64().unwrap() as u8).await; let authorised = is_authorised(
req,
db,
s.get("permission").unwrap().as_u64().unwrap() as u8,
)
.await;
if authorised { if authorised {
get_file(s.get("file").unwrap().as_str().unwrap()).await get_file(s.get("file").unwrap().as_str().unwrap()).await
} else { } else {
@@ -297,8 +302,7 @@ async fn get_admin(
return get_page(&req, "/unauthorised", db).await; return get_page(&req, "/unauthorised", db).await;
} }
match path { match path {
"/admin" => { "/admin" => get_page(req, path, db).await,
get_page(req, path, db).await},
"/admin/users" => { "/admin/users" => {
let pool = db.clone().lock().unwrap().clone(); let pool = db.clone().lock().unwrap().clone();
let users = sqlx::query!(r#"SELECT id, username, permissions FROM users"#) let users = sqlx::query!(r#"SELECT id, username, permissions FROM users"#)
@@ -311,14 +315,20 @@ async fn get_admin(
.collect(); .collect();
let stringed = serde_json::to_string(&users).unwrap_or("".to_string()); let stringed = serde_json::to_string(&users).unwrap_or("".to_string());
Ok(Response::builder().body(Body::new(stringed)).unwrap()) Ok(Response::builder().body(Body::new(stringed)).unwrap())
}, }
"/admin/players" => { "/admin/players" => {
let pool = db.clone().lock().unwrap().clone(); let pool = db.clone().lock().unwrap().clone();
let players = sqlx::query!(r#"SELECT id, name FROM players"#) let players = sqlx::query!(r#"SELECT id, name FROM players"#)
.fetch_all(&pool) .fetch_all(&pool)
.await .await
.unwrap(); .unwrap();
let players: Vec<Player> = players.iter().map(|x| Player{id: x.id, name: x.name.clone()}).collect(); let players: Vec<Player> = players
.iter()
.map(|x| Player {
id: x.id,
name: x.name.clone(),
})
.collect();
let stringed = serde_json::to_string(&players).unwrap_or("".to_string()); let stringed = serde_json::to_string(&players).unwrap_or("".to_string());
Ok(Response::builder().body(Body::new(stringed)).unwrap()) Ok(Response::builder().body(Body::new(stringed)).unwrap())
} }
@@ -385,86 +395,95 @@ async fn post_admin(
} }
let path = req.uri().path(); let path = req.uri().path();
match path { match path {
"/admin/edit/user" => { "/admin/edit/user" => match req_json::<Value>(req).await {
match req_json::<Value>(req).await { Some(Value::Object(user)) => {
Some(Value::Object(user)) => { let username = user.get("username");
let username = user.get("username"); let permissions = user.get("permissions");
let permissions = user.get("permissions"); let id = user.get("id");
let id = user.get("id"); if username.is_none() || permissions.is_none() || id.is_none() {
if username.is_none() || permissions.is_none() || id.is_none() { return bad_request().await;
return bad_request().await;
}
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let username = username.unwrap().as_str().unwrap();
let permissions = permissions.unwrap();
let id = id.unwrap();
let _ = sqlx::query!(r#"UPDATE users SET username = ?1, permissions = ?2 WHERE id = ?3"#, username, permissions, id).execute(&mut *conn).await;
ok().await
},
_ => {bad_request().await}
}
},
"/admin/delete/user" => {
match req_json::<Value>(req).await {
Some(Value::Object(user)) => {
let id = user.get("id");
if id.is_none() {
return bad_request().await;
}
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let id = id.unwrap().as_i64().unwrap();
let _ = sqlx::query!(r#"DELETE FROM users WHERE id = ?1"#, id).execute(&mut *conn).await;
ok().await
} }
_ => {bad_request().await} let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let username = username.unwrap().as_str().unwrap();
let permissions = permissions.unwrap();
let id = id.unwrap();
let _ = sqlx::query!(
r#"UPDATE users SET username = ?1, permissions = ?2 WHERE id = ?3"#,
username,
permissions,
id
)
.execute(&mut *conn)
.await;
ok().await
} }
_ => bad_request().await,
}, },
"/admin/edit/player" => { "/admin/delete/user" => match req_json::<Value>(req).await {
match req_json::<Player>(req).await { Some(Value::Object(user)) => {
Some(player) => { let id = user.get("id");
let pool = db.clone().lock().unwrap().clone(); if id.is_none() {
let mut conn = pool.acquire().await.unwrap(); return bad_request().await;
let _ = sqlx::query!(r#"UPDATE players SET name = ?1 WHERE id = ?2"#, player.name, player.id).execute(&mut *conn).await;
ok().await
},
_ => bad_request().await
}
}
"/admin/new/player" => {
match req_json::<Value>(req).await {
Some(Value::Object(player)) => {
let name = player.get("name");
if name.is_none() {
return bad_request().await;
}
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let name = name.unwrap().as_str().unwrap();
let _ = sqlx::query!(r#"INSERT INTO players (name) VALUES (?1)"#, name).execute(&mut *conn).await;
ok().await
},
_ => {bad_request().await}
}
},
"/admin/delete/player" => {
match req_json::<Value>(req).await {
Some(Value::Object(player)) => {
let id = player.get("id");
if id.is_none() {
return bad_request().await;
}
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let id = id.unwrap().as_i64().unwrap();
let _ = sqlx::query!(r#"DELETE FROM players WHERE id = ?1"#, id).execute(&mut *conn).await;
ok().await
} }
_ => {bad_request().await} let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let id = id.unwrap().as_i64().unwrap();
let _ = sqlx::query!(r#"DELETE FROM users WHERE id = ?1"#, id)
.execute(&mut *conn)
.await;
ok().await
} }
} _ => bad_request().await,
_ => {bad_request().await} },
"/admin/edit/player" => match req_json::<Player>(req).await {
Some(player) => {
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let _ = sqlx::query!(
r#"UPDATE players SET name = ?1 WHERE id = ?2"#,
player.name,
player.id
)
.execute(&mut *conn)
.await;
ok().await
}
_ => bad_request().await,
},
"/admin/new/player" => match req_json::<Value>(req).await {
Some(Value::Object(player)) => {
let name = player.get("name");
if name.is_none() {
return bad_request().await;
}
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let name = name.unwrap().as_str().unwrap();
let _ = sqlx::query!(r#"INSERT INTO players (name) VALUES (?1)"#, name)
.execute(&mut *conn)
.await;
ok().await
}
_ => bad_request().await,
},
"/admin/delete/player" => match req_json::<Value>(req).await {
Some(Value::Object(player)) => {
let id = player.get("id");
if id.is_none() {
return bad_request().await;
}
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let id = id.unwrap().as_i64().unwrap();
let _ = sqlx::query!(r#"DELETE FROM players WHERE id = ?1"#, id)
.execute(&mut *conn)
.await;
ok().await
}
_ => bad_request().await,
},
_ => bad_request().await,
} }
} }
@@ -561,7 +580,16 @@ async fn register(
.hash_password(login.password.as_bytes(), &SaltString::generate(&mut OsRng)) .hash_password(login.password.as_bytes(), &SaltString::generate(&mut OsRng))
.unwrap() .unwrap()
.to_string(); .to_string();
let token = Alphanumeric.sample_string(&mut OsRng, 256); let mut token = Alphanumeric.sample_string(&mut OsRng, 256);
while match sqlx::query!(r#"SELECT id FROM users WHERE token=?1"#, token)
.fetch_optional(&mut *conn)
.await
{
Ok(Some(user)) => true,
_ => false,
} {
token = Alphanumeric.sample_string(&mut OsRng, 256);
}
let result = sqlx::query!(r#"INSERT INTO users ( username, saltyhash, permissions, token) VALUES ( ?1, ?2, ?3, ?4 )"#, login.username, hash, 0, token).execute(&mut *conn).await; let result = sqlx::query!(r#"INSERT INTO users ( username, saltyhash, permissions, token) VALUES ( ?1, ?2, ?3, ?4 )"#, login.username, hash, 0, token).execute(&mut *conn).await;
match result { match result {
Ok(_) => Ok(Response::builder().body(Body::Empty).unwrap()), Ok(_) => Ok(Response::builder().body(Body::Empty).unwrap()),
@@ -616,10 +644,10 @@ async fn is_authorised(req: &Request<Incoming>, db: Arc<Mutex<SqlitePool>>, leve
Ok(Some(user)) => { Ok(Some(user)) => {
let perm = user.permissions as u8; let perm = user.permissions as u8;
perm >= level perm >= level
}, }
_ => match level { _ => match level {
0 => true, 0 => true,
_ => false _ => false,
}, },
} }
} }
@@ -671,7 +699,10 @@ async fn not_found() -> Result<Response<Body>, Error> {
} }
async fn bad_request() -> Result<Response<Body>, Error> { async fn bad_request() -> Result<Response<Body>, Error> {
Ok(Response::builder().status(StatusCode::BAD_REQUEST).body(Body::Empty).unwrap()) Ok(Response::builder()
.status(StatusCode::BAD_REQUEST)
.body(Body::Empty)
.unwrap())
} }
async fn ok() -> Result<Response<Body>, Error> { async fn ok() -> Result<Response<Body>, Error> {