feat: use custom middleware for authorization
All checks were successful
ci/woodpecker/push/build-and-publish Pipeline was successful
All checks were successful
ci/woodpecker/push/build-and-publish Pipeline was successful
This commit is contained in:
parent
dada230e08
commit
1ad88725bd
24 changed files with 157 additions and 365 deletions
|
|
@ -1,34 +1,23 @@
|
|||
use std::sync::Arc;
|
||||
|
||||
use axum::{Json, extract::State, http::StatusCode, response::IntoResponse};
|
||||
use axum_extra::{
|
||||
TypedHeader,
|
||||
headers::{Authorization, authorization::Bearer},
|
||||
};
|
||||
use axum::{extract::State, http::StatusCode, response::IntoResponse, Extension, Json};
|
||||
use serde::Deserialize;
|
||||
use ::uuid::Uuid;
|
||||
|
||||
pub mod uuid;
|
||||
|
||||
use crate::{
|
||||
AppState,
|
||||
api::v1::auth::check_access_token,
|
||||
error::Error,
|
||||
objects::Me,
|
||||
utils::{global_checks, user_uuid_from_username},
|
||||
api::v1::auth::CurrentUser, error::Error, objects::Me, utils::{global_checks, user_uuid_from_username}, AppState
|
||||
};
|
||||
|
||||
/// Returns a list of users that are your friends
|
||||
pub async fn get(
|
||||
State(app_state): State<Arc<AppState>>,
|
||||
TypedHeader(auth): TypedHeader<Authorization<Bearer>>,
|
||||
Extension(CurrentUser(uuid)): Extension<CurrentUser<Uuid>>,
|
||||
) -> Result<impl IntoResponse, Error> {
|
||||
let mut conn = app_state.pool.get().await?;
|
||||
|
||||
let uuid = check_access_token(auth.token(), &mut conn).await?;
|
||||
|
||||
global_checks(&app_state, uuid).await?;
|
||||
|
||||
let me = Me::get(&mut conn, uuid).await?;
|
||||
let me = Me::get(&mut app_state.pool.get().await?, uuid).await?;
|
||||
|
||||
let friends = me.get_friends(&app_state).await?;
|
||||
|
||||
|
|
@ -61,15 +50,13 @@ pub struct UserReq {
|
|||
///
|
||||
pub async fn post(
|
||||
State(app_state): State<Arc<AppState>>,
|
||||
TypedHeader(auth): TypedHeader<Authorization<Bearer>>,
|
||||
Extension(CurrentUser(uuid)): Extension<CurrentUser<Uuid>>,
|
||||
Json(user_request): Json<UserReq>,
|
||||
) -> Result<impl IntoResponse, Error> {
|
||||
let mut conn = app_state.pool.get().await?;
|
||||
|
||||
let uuid = check_access_token(auth.token(), &mut conn).await?;
|
||||
|
||||
global_checks(&app_state, uuid).await?;
|
||||
|
||||
let mut conn = app_state.pool.get().await?;
|
||||
|
||||
let me = Me::get(&mut conn, uuid).await?;
|
||||
|
||||
let target_uuid = user_uuid_from_username(&mut conn, &user_request.username).await?;
|
||||
|
|
|
|||
|
|
@ -3,29 +3,23 @@ use std::sync::Arc;
|
|||
use axum::{
|
||||
extract::{Path, State},
|
||||
http::StatusCode,
|
||||
response::IntoResponse,
|
||||
};
|
||||
use axum_extra::{
|
||||
TypedHeader,
|
||||
headers::{Authorization, authorization::Bearer},
|
||||
response::IntoResponse, Extension,
|
||||
};
|
||||
use uuid::Uuid;
|
||||
|
||||
use crate::{
|
||||
AppState, api::v1::auth::check_access_token, error::Error, objects::Me, utils::global_checks,
|
||||
AppState, api::v1::auth::CurrentUser, error::Error, objects::Me, utils::global_checks,
|
||||
};
|
||||
|
||||
pub async fn delete(
|
||||
State(app_state): State<Arc<AppState>>,
|
||||
Path(friend_uuid): Path<Uuid>,
|
||||
TypedHeader(auth): TypedHeader<Authorization<Bearer>>,
|
||||
Extension(CurrentUser(uuid)): Extension<CurrentUser<Uuid>>,
|
||||
) -> Result<impl IntoResponse, Error> {
|
||||
let mut conn = app_state.pool.get().await?;
|
||||
|
||||
let uuid = check_access_token(auth.token(), &mut conn).await?;
|
||||
|
||||
global_checks(&app_state, uuid).await?;
|
||||
|
||||
let mut conn = app_state.pool.get().await?;
|
||||
|
||||
let me = Me::get(&mut conn, uuid).await?;
|
||||
|
||||
me.remove_friend(&mut conn, friend_uuid).await?;
|
||||
|
|
|
|||
|
|
@ -2,14 +2,11 @@
|
|||
|
||||
use std::sync::Arc;
|
||||
|
||||
use axum::{Json, extract::State, http::StatusCode, response::IntoResponse};
|
||||
use axum_extra::{
|
||||
TypedHeader,
|
||||
headers::{Authorization, authorization::Bearer},
|
||||
};
|
||||
use axum::{extract::State, http::StatusCode, response::IntoResponse, Extension, Json};
|
||||
use uuid::Uuid;
|
||||
|
||||
use crate::{
|
||||
AppState, api::v1::auth::check_access_token, error::Error, objects::Me, utils::global_checks,
|
||||
AppState, api::v1::auth::CurrentUser, error::Error, objects::Me, utils::global_checks,
|
||||
};
|
||||
|
||||
/// `GET /api/v1/me/guilds` Returns all guild memberships in a list
|
||||
|
|
@ -59,14 +56,12 @@ use crate::{
|
|||
/// NOTE: UUIDs in this response are made using `uuidgen`, UUIDs made by the actual backend will be UUIDv7 and have extractable timestamps
|
||||
pub async fn get(
|
||||
State(app_state): State<Arc<AppState>>,
|
||||
TypedHeader(auth): TypedHeader<Authorization<Bearer>>,
|
||||
Extension(CurrentUser(uuid)): Extension<CurrentUser<Uuid>>,
|
||||
) -> Result<impl IntoResponse, Error> {
|
||||
let mut conn = app_state.pool.get().await?;
|
||||
|
||||
let uuid = check_access_token(auth.token(), &mut conn).await?;
|
||||
|
||||
global_checks(&app_state, uuid).await?;
|
||||
|
||||
let mut conn = app_state.pool.get().await?;
|
||||
|
||||
let me = Me::get(&mut conn, uuid).await?;
|
||||
|
||||
let memberships = me.fetch_memberships(&mut conn).await?;
|
||||
|
|
|
|||
|
|
@ -1,21 +1,14 @@
|
|||
use std::sync::Arc;
|
||||
|
||||
use axum::{
|
||||
Json, Router,
|
||||
extract::{DefaultBodyLimit, Multipart, State},
|
||||
http::StatusCode,
|
||||
response::IntoResponse,
|
||||
routing::{delete, get, patch, post},
|
||||
};
|
||||
use axum_extra::{
|
||||
TypedHeader,
|
||||
headers::{Authorization, authorization::Bearer},
|
||||
extract::{DefaultBodyLimit, Multipart, State}, http::StatusCode, response::IntoResponse, routing::{delete, get, patch, post}, Extension, Json, Router
|
||||
};
|
||||
use bytes::Bytes;
|
||||
use serde::Deserialize;
|
||||
use uuid::Uuid;
|
||||
|
||||
use crate::{
|
||||
AppState, api::v1::auth::check_access_token, error::Error, objects::Me, utils::global_checks,
|
||||
api::v1::auth::CurrentUser, error::Error, objects::Me, utils::global_checks, AppState
|
||||
};
|
||||
|
||||
mod friends;
|
||||
|
|
@ -38,13 +31,9 @@ pub fn router() -> Router<Arc<AppState>> {
|
|||
|
||||
pub async fn get_me(
|
||||
State(app_state): State<Arc<AppState>>,
|
||||
TypedHeader(auth): TypedHeader<Authorization<Bearer>>,
|
||||
Extension(CurrentUser(uuid)): Extension<CurrentUser<Uuid>>,
|
||||
) -> Result<impl IntoResponse, Error> {
|
||||
let mut conn = app_state.pool.get().await?;
|
||||
|
||||
let uuid = check_access_token(auth.token(), &mut conn).await?;
|
||||
|
||||
let me = Me::get(&mut conn, uuid).await?;
|
||||
let me = Me::get(&mut app_state.pool.get().await?, uuid).await?;
|
||||
|
||||
Ok((StatusCode::OK, Json(me)))
|
||||
}
|
||||
|
|
@ -60,13 +49,9 @@ struct NewInfo {
|
|||
|
||||
pub async fn update(
|
||||
State(app_state): State<Arc<AppState>>,
|
||||
TypedHeader(auth): TypedHeader<Authorization<Bearer>>,
|
||||
Extension(CurrentUser(uuid)): Extension<CurrentUser<Uuid>>,
|
||||
mut multipart: Multipart,
|
||||
) -> Result<impl IntoResponse, Error> {
|
||||
let mut conn = app_state.pool.get().await?;
|
||||
|
||||
let uuid = check_access_token(auth.token(), &mut conn).await?;
|
||||
|
||||
let mut json_raw: Option<NewInfo> = None;
|
||||
let mut avatar: Option<Bytes> = None;
|
||||
|
||||
|
|
@ -88,7 +73,7 @@ pub async fn update(
|
|||
global_checks(&app_state, uuid).await?;
|
||||
}
|
||||
|
||||
let mut me = Me::get(&mut conn, uuid).await?;
|
||||
let mut me = Me::get(&mut app_state.pool.get().await?, uuid).await?;
|
||||
|
||||
if let Some(avatar) = avatar {
|
||||
me.set_avatar(&app_state, app_state.config.bunny.cdn_url.clone(), avatar)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue