AINDUSTRIES/vote-rllhc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added check for token generation (look if exists)

Browse Source
This commit is contained in:
AINDUSTRIES
2024-10-04 17:15:59 +02:00
parent 01c8248313
commit cd1632b533
1 changed files with 116 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
src/main.rs
View File

@@ -8,7 +8,7 @@ use chrono::{DateTime, Days, Utc};
use daemonize::Daemonize;
use http_body_util::{BodyExt, Full};
use hyper::{
body::{Body as HyperBody, Incoming, Frame},
body::{Body as HyperBody, Frame, Incoming},
header::{COOKIE, SET_COOKIE},
server::conn::http1,
service::service_fn,
@@ -134,7 +134,12 @@ async fn get_page(
let map: Value = from_reader(file).expect("Could not parse routes, please verify syntax.");
match map.get(path) {
Some(Value::Object(s)) => {
let authorised = is_authorised(req, db, s.get("permission").unwrap().as_u64().unwrap() as u8).await;
let authorised = is_authorised(
req,
db,
s.get("permission").unwrap().as_u64().unwrap() as u8,
)
.await;
if authorised {
get_file(s.get("file").unwrap().as_str().unwrap()).await
} else {
@@ -297,8 +302,7 @@ async fn get_admin(
return get_page(&req, "/unauthorised", db).await;
}
match path {
"/admin" => {
get_page(req, path, db).await},
"/admin" => get_page(req, path, db).await,
"/admin/users" => {
let pool = db.clone().lock().unwrap().clone();
let users = sqlx::query!(r#"SELECT id, username, permissions FROM users"#)
@@ -311,14 +315,20 @@ async fn get_admin(
.collect();
let stringed = serde_json::to_string(&users).unwrap_or("".to_string());
Ok(Response::builder().body(Body::new(stringed)).unwrap())
},
}
"/admin/players" => {
let pool = db.clone().lock().unwrap().clone();
let players = sqlx::query!(r#"SELECT id, name FROM players"#)
.fetch_all(&pool)
.await
.unwrap();
let players: Vec<Player> = players.iter().map(|x| Player{id: x.id, name: x.name.clone()}).collect();
let players: Vec<Player> = players
.iter()
.map(|x| Player {
id: x.id,
name: x.name.clone(),
})
.collect();
let stringed = serde_json::to_string(&players).unwrap_or("".to_string());
Ok(Response::builder().body(Body::new(stringed)).unwrap())
}
@@ -385,8 +395,7 @@ async fn post_admin(
}
let path = req.uri().path();
match path {
"/admin/edit/user" => {
match req_json::<Value>(req).await {
"/admin/edit/user" => match req_json::<Value>(req).await {
Some(Value::Object(user)) => {
let username = user.get("username");
let permissions = user.get("permissions");
@@ -399,14 +408,19 @@ async fn post_admin(
let username = username.unwrap().as_str().unwrap();
let permissions = permissions.unwrap();
let id = id.unwrap();
let _ = sqlx::query!(r#"UPDATE users SET username = ?1, permissions = ?2 WHERE id = ?3"#, username, permissions, id).execute(&mut *conn).await;
let _ = sqlx::query!(
r#"UPDATE users SET username = ?1, permissions = ?2 WHERE id = ?3"#,
username,
permissions,
id
)
.execute(&mut *conn)
.await;
ok().await
},
_ => {bad_request().await}
}
_ => bad_request().await,
},
"/admin/delete/user" => {
match req_json::<Value>(req).await {
"/admin/delete/user" => match req_json::<Value>(req).await {
Some(Value::Object(user)) => {
let id = user.get("id");
if id.is_none() {
@@ -415,25 +429,29 @@ async fn post_admin(
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let id = id.unwrap().as_i64().unwrap();
let _ = sqlx::query!(r#"DELETE FROM users WHERE id = ?1"#, id).execute(&mut *conn).await;
let _ = sqlx::query!(r#"DELETE FROM users WHERE id = ?1"#, id)
.execute(&mut *conn)
.await;
ok().await
}
_ => {bad_request().await}
}
_ => bad_request().await,
},
"/admin/edit/player" => {
match req_json::<Player>(req).await {
"/admin/edit/player" => match req_json::<Player>(req).await {
Some(player) => {
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let _ = sqlx::query!(r#"UPDATE players SET name = ?1 WHERE id = ?2"#, player.name, player.id).execute(&mut *conn).await;
let _ = sqlx::query!(
r#"UPDATE players SET name = ?1 WHERE id = ?2"#,
player.name,
player.id
)
.execute(&mut *conn)
.await;
ok().await
}
_ => bad_request().await,
},
_ => bad_request().await
}
}
"/admin/new/player" => {
match req_json::<Value>(req).await {
"/admin/new/player" => match req_json::<Value>(req).await {
Some(Value::Object(player)) => {
let name = player.get("name");
if name.is_none() {
@@ -442,14 +460,14 @@ async fn post_admin(
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let name = name.unwrap().as_str().unwrap();
let _ = sqlx::query!(r#"INSERT INTO players (name) VALUES (?1)"#, name).execute(&mut *conn).await;
let _ = sqlx::query!(r#"INSERT INTO players (name) VALUES (?1)"#, name)
.execute(&mut *conn)
.await;
ok().await
},
_ => {bad_request().await}
}
_ => bad_request().await,
},
"/admin/delete/player" => {
match req_json::<Value>(req).await {
"/admin/delete/player" => match req_json::<Value>(req).await {
Some(Value::Object(player)) => {
let id = player.get("id");
if id.is_none() {
@@ -458,13 +476,14 @@ async fn post_admin(
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let id = id.unwrap().as_i64().unwrap();
let _ = sqlx::query!(r#"DELETE FROM players WHERE id = ?1"#, id).execute(&mut *conn).await;
let _ = sqlx::query!(r#"DELETE FROM players WHERE id = ?1"#, id)
.execute(&mut *conn)
.await;
ok().await
}
_ => {bad_request().await}
}
}
_ => {bad_request().await}
_ => bad_request().await,
},
_ => bad_request().await,
}
}
@@ -561,7 +580,16 @@ async fn register(
.hash_password(login.password.as_bytes(), &SaltString::generate(&mut OsRng))
.unwrap()
.to_string();
let token = Alphanumeric.sample_string(&mut OsRng, 256);
let mut token = Alphanumeric.sample_string(&mut OsRng, 256);
while match sqlx::query!(r#"SELECT id FROM users WHERE token=?1"#, token)
.fetch_optional(&mut *conn)
.await
{
Ok(Some(user)) => true,
_ => false,
} {
token = Alphanumeric.sample_string(&mut OsRng, 256);
}
let result = sqlx::query!(r#"INSERT INTO users ( username, saltyhash, permissions, token) VALUES ( ?1, ?2, ?3, ?4 )"#, login.username, hash, 0, token).execute(&mut *conn).await;
match result {
Ok(_) => Ok(Response::builder().body(Body::Empty).unwrap()),
@@ -616,10 +644,10 @@ async fn is_authorised(req: &Request<Incoming>, db: Arc<Mutex<SqlitePool>>, leve
Ok(Some(user)) => {
let perm = user.permissions as u8;
perm >= level
},
}
_ => match level {
0 => true,
_ => false
_ => false,
},
}
}
@@ -671,7 +699,10 @@ async fn not_found() -> Result<Response<Body>, Error> {
}
async fn bad_request() -> Result<Response<Body>, Error> {
Ok(Response::builder().status(StatusCode::BAD_REQUEST).body(Body::Empty).unwrap())
Ok(Response::builder()
.status(StatusCode::BAD_REQUEST)
.body(Body::Empty)
.unwrap())
}
async fn ok() -> Result<Response<Body>, Error> {