gorb/backend
4
0
Fork 1
Code Issues 1 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

Merge pull request 'Add email support' (#18) from wip/email into main
Some checks failed
ci/woodpecker/push/build-and-publish Pipeline failed
Details
ci/woodpecker/push/publish-docs Pipeline was successful
Details

Browse source 
Reviewed-on: #18
This commit is contained in:
Radical 2025-05-28 23:56:52 +00:00
commit 251e33c188
20 changed files with 648 additions and 90 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Cargo.toml
View file

@ -25,19 +25,21 @@ redis = { version = "0.31.0", features= ["tokio-comp"] }
tokio-tungstenite = { version = "0.26", features = ["native-tls", "url"] } tokio-tungstenite = { version = "0.26", features = ["native-tls", "url"] }
toml = "0.8" toml = "0.8"
url = { version = "2.5", features = ["serde"] } url = { version = "2.5", features = ["serde"] }
uuid = { version = "1.16", features = ["serde", "v7"] } uuid = { version = "1.17", features = ["serde", "v7"] }
random-string = "1.1" random-string = "1.1"
actix-ws = "0.3.0" actix-ws = "0.3.0"
futures-util = "0.3.31" futures-util = "0.3.31"
bunny-api-tokio = "0.3.0" bunny-api-tokio = "0.3.0"
bindet = "0.3.2" bindet = "0.3.2"
deadpool = "0.12" deadpool = "0.12"
diesel = { version = "2.2", features = ["uuid"] } diesel = { version = "2.2", features = ["uuid", "chrono"] }
diesel-async = { version = "0.5", features = ["deadpool", "postgres", "async-connection-wrapper"] } diesel-async = { version = "0.5", features = ["deadpool", "postgres", "async-connection-wrapper"] }
diesel_migrations = { version = "2.2.0", features = ["postgres"] } diesel_migrations = { version = "2.2.0", features = ["postgres"] }
thiserror = "2.0.12" thiserror = "2.0.12"
actix-multipart = "0.7.2" actix-multipart = "0.7.2"
lettre = { version = "0.11.16", features = ["tokio1", "tokio1-native-tls"] }
chrono = { version = "0.4.41", features = ["serde"] }
[dependencies.tokio] [dependencies.tokio]
version = "1.44" version = "1.45"
features = ["full"] features = ["full"]

10
Dockerfile
View file

@ -18,7 +18,8 @@ RUN useradd --create-home --home-dir /gorb gorb
USER gorb USER gorb
ENV DATABASE_USERNAME=gorb \ ENV WEB_URL=https://gorb.app/web/ \
DATABASE_USERNAME=gorb \
DATABASE_PASSWORD=gorb \ DATABASE_PASSWORD=gorb \
DATABASE=gorb \ DATABASE=gorb \
DATABASE_HOST=database \ DATABASE_HOST=database \
@ -28,6 +29,11 @@ CACHE_DB_PORT=6379 \
BUNNY_API_KEY=your_storage_zone_password_here \ BUNNY_API_KEY=your_storage_zone_password_here \
BUNNY_ENDPOINT=Frankfurt \ BUNNY_ENDPOINT=Frankfurt \
BUNNY_ZONE=gorb \ BUNNY_ZONE=gorb \
BUNNY_CDN_URL=https://cdn.gorb.app BUNNY_CDN_URL=https://cdn.gorb.app \
MAIL_ADDRESS=Gorb <noreply@gorb.app> \
MAIL_TLS=tls \
SMTP_SERVER=mail.gorb.app \
SMTP_USERNAME=your_smtp_username \
SMTP_PASSWORD=your_smtp_password \
ENTRYPOINT ["/usr/bin/entrypoint.sh"] ENTRYPOINT ["/usr/bin/entrypoint.sh"]

6
compose.dev.yml
View file

@ -18,6 +18,7 @@ services:
- gorb-backend:/gorb - gorb-backend:/gorb
environment: environment:
#- RUST_LOG=debug #- RUST_LOG=debug
- WEB_URL=https://gorb.app/web/
- DATABASE_USERNAME=gorb - DATABASE_USERNAME=gorb
- DATABASE_PASSWORD=gorb - DATABASE_PASSWORD=gorb
- DATABASE=gorb - DATABASE=gorb
@ -27,6 +28,11 @@ services:
- BUNNY_ENDPOINT=Frankfurt - BUNNY_ENDPOINT=Frankfurt
- BUNNY_ZONE=gorb - BUNNY_ZONE=gorb
- BUNNY_CDN_URL=https://cdn.gorb.app - BUNNY_CDN_URL=https://cdn.gorb.app
- MAIL_ADDRESS=Gorb <noreply@gorb.app>
- MAIL_TLS=tls
- SMTP_SERVER=mail.gorb.app
- SMTP_USERNAME=your_smtp_username
- SMTP_PASSWORD=your_smtp_password
database: database:
image: postgres:16 image: postgres:16
restart: always restart: always

6
compose.yml
View file

@ -16,6 +16,7 @@ services:
- gorb-backend:/gorb - gorb-backend:/gorb
environment: environment:
#- RUST_LOG=debug #- RUST_LOG=debug
- WEB_URL=https://gorb.app/web/
- DATABASE_USERNAME=gorb - DATABASE_USERNAME=gorb
- DATABASE_PASSWORD=gorb - DATABASE_PASSWORD=gorb
- DATABASE=gorb - DATABASE=gorb
@ -25,6 +26,11 @@ services:
- BUNNY_ENDPOINT=Frankfurt - BUNNY_ENDPOINT=Frankfurt
- BUNNY_ZONE=gorb - BUNNY_ZONE=gorb
- BUNNY_CDN_URL=https://cdn.gorb.app - BUNNY_CDN_URL=https://cdn.gorb.app
- MAIL_ADDRESS=Gorb <noreply@gorb.app>
- MAIL_TLS=tls
- SMTP_SERVER=mail.gorb.app
- SMTP_USERNAME=your_smtp_username
- SMTP_PASSWORD=your_smtp_password
database: database:
image: postgres:16 image: postgres:16
restart: always restart: always

12
entrypoint.sh
View file

@ -10,6 +10,9 @@ fi
if [ ! -f "/gorb/config/config.toml" ]; then if [ ! -f "/gorb/config/config.toml" ]; then
cat > /gorb/config/config.toml <<EOF cat > /gorb/config/config.toml <<EOF
[web]
url = "${WEB_URL}"
[database] [database]
username = "${DATABASE_USERNAME}" username = "${DATABASE_USERNAME}"
password = "${DATABASE_PASSWORD}" password = "${DATABASE_PASSWORD}"
@ -27,6 +30,15 @@ endpoint = "${BUNNY_ENDPOINT}"
storage_zone = "${BUNNY_ZONE}" storage_zone = "${BUNNY_ZONE}"
cdn_url = "${BUNNY_CDN_URL}" cdn_url = "${BUNNY_CDN_URL}"
[mail]
address = "${MAIL_ADDRESS}"
tls = "${MAIL_TLS}"
[mail.smtp]
server = "${SMTP_SERVER}"
username = "${SMTP_USERNAME}"
password = "${SMTP_PASSWORD}"
EOF EOF
fi fi

2
migrations/2025-05-27-162114_create_email_tokens/down.sql Normal file
View file

@ -0,0 +1,2 @@
-- This file should undo anything in `up.sql`
DROP TABLE email_tokens;

7
migrations/2025-05-27-162114_create_email_tokens/up.sql Normal file
View file

@ -0,0 +1,7 @@
-- Your SQL goes here
CREATE TABLE email_tokens (
token VARCHAR(64) NOT NULL,
user_uuid uuid UNIQUE NOT NULL REFERENCES users(uuid),
created_at TIMESTAMPTZ NOT NULL,
PRIMARY KEY (token, user_uuid)
);

2
migrations/2025-05-28-175918_create_password_reset_tokens/down.sql Normal file
View file

@ -0,0 +1,2 @@
-- This file should undo anything in `up.sql`
DROP TABLE password_reset_tokens;

7
migrations/2025-05-28-175918_create_password_reset_tokens/up.sql Normal file
View file

@ -0,0 +1,7 @@
-- Your SQL goes here
CREATE TABLE password_reset_tokens (
token VARCHAR(64) NOT NULL,
user_uuid uuid UNIQUE NOT NULL REFERENCES users(uuid),
created_at TIMESTAMPTZ NOT NULL,
PRIMARY KEY (token, user_uuid)
);

59
src/api/v1/auth/login.rs
View file

@ -5,15 +5,14 @@ use argon2::{PasswordHash, PasswordVerifier};
use diesel::{ExpressionMethods, QueryDsl, dsl::insert_into}; use diesel::{ExpressionMethods, QueryDsl, dsl::insert_into};
use diesel_async::RunQueryDsl; use diesel_async::RunQueryDsl;
use serde::Deserialize; use serde::Deserialize;
use uuid::Uuid;
use crate::{ use crate::{
Data, Data,
error::Error, error::Error,
schema::*, schema::*,
utils::{ utils::{
EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX, generate_access_token, generate_refresh_token, PASSWORD_REGEX, generate_access_token, generate_refresh_token,
refresh_token_cookie, refresh_token_cookie, user_uuid_from_identifier
}, },
}; };
@ -39,58 +38,20 @@ pub async fn response(
let mut conn = data.pool.get().await?; let mut conn = data.pool.get().await?;
if EMAIL_REGEX.is_match(&login_information.username) { let uuid = user_uuid_from_identifier(&mut conn, &login_information.username).await?;
// FIXME: error handling, right now i just want this to work
let (uuid, password): (Uuid, String) = dsl::users
.filter(dsl::email.eq(&login_information.username))
.select((dsl::uuid, dsl::password))
.get_result(&mut conn)
.await?;
return login( let database_password: String = dsl::users
data.clone(), .filter(dsl::uuid.eq(uuid))
uuid, .select(dsl::password)
login_information.password.clone(), .get_result(&mut conn)
password, .await?;
login_information.device_name.clone(),
)
.await;
} else if USERNAME_REGEX.is_match(&login_information.username) {
// FIXME: error handling, right now i just want this to work
let (uuid, password): (Uuid, String) = dsl::users
.filter(dsl::username.eq(&login_information.username))
.select((dsl::uuid, dsl::password))
.get_result(&mut conn)
.await?;
return login(
data.clone(),
uuid,
login_information.password.clone(),
password,
login_information.device_name.clone(),
)
.await;
}
Ok(HttpResponse::Unauthorized().finish())
}
async fn login(
data: actix_web::web::Data<Data>,
uuid: Uuid,
request_password: String,
database_password: String,
device_name: String,
) -> Result<HttpResponse, Error> {
let mut conn = data.pool.get().await?;
let parsed_hash = PasswordHash::new(&database_password) let parsed_hash = PasswordHash::new(&database_password)
.map_err(|e| Error::PasswordHashError(e.to_string()))?; .map_err(|e| Error::PasswordHashError(e.to_string()))?;
if data if data
.argon2 .argon2
.verify_password(request_password.as_bytes(), &parsed_hash) .verify_password(login_information.password.as_bytes(), &parsed_hash)
.is_err() .is_err()
{ {
return Err(Error::Unauthorized( return Err(Error::Unauthorized(
@ -110,7 +71,7 @@ async fn login(
rdsl::token.eq(&refresh_token), rdsl::token.eq(&refresh_token),
rdsl::uuid.eq(uuid), rdsl::uuid.eq(uuid),
rdsl::created_at.eq(current_time), rdsl::created_at.eq(current_time),
rdsl::device_name.eq(device_name), rdsl::device_name.eq(&login_information.device_name),
)) ))
.execute(&mut conn) .execute(&mut conn)
.await?; .await?;

12
src/api/v1/auth/mod.rs
View file

@ -1,12 +1,8 @@
use std::{ use std::time::{SystemTime, UNIX_EPOCH};
sync::LazyLock,
time::{SystemTime, UNIX_EPOCH},
};
use actix_web::{Scope, web}; use actix_web::{Scope, web};
use diesel::{ExpressionMethods, QueryDsl}; use diesel::{ExpressionMethods, QueryDsl};
use diesel_async::RunQueryDsl; use diesel_async::RunQueryDsl;
use regex::Regex;
use serde::Serialize; use serde::Serialize;
use uuid::Uuid; use uuid::Uuid;
@ -16,6 +12,8 @@ mod login;
mod refresh; mod refresh;
mod register; mod register;
mod revoke; mod revoke;
mod verify_email;
mod reset_password;
#[derive(Serialize)] #[derive(Serialize)]
struct Response { struct Response {
@ -28,6 +26,10 @@ pub fn web() -> Scope {
.service(login::response) .service(login::response)
.service(refresh::res) .service(refresh::res)
.service(revoke::res) .service(revoke::res)
.service(verify_email::get)
.service(verify_email::post)
.service(reset_password::get)
.service(reset_password::post)
} }
pub async fn check_access_token(access_token: &str, conn: &mut Conn) -> Result<Uuid, Error> { pub async fn check_access_token(access_token: &str, conn: &mut Conn) -> Result<Uuid, Error> {

90
src/api/v1/auth/reset_password.rs Normal file
View file

@ -0,0 +1,90 @@
//! `/api/v1/auth/reset-password` Endpoints for resetting user password
use actix_web::{HttpResponse, get, post, web};
use chrono::{Duration, Utc};
use serde::Deserialize;
use crate::{
error::Error, structs::PasswordResetToken, Data
};
#[derive(Deserialize)]
struct Query {
identifier: String,
}
/// `GET /api/v1/auth/reset-password` Sends password reset email to user
///
/// requires auth? no
///
/// ### Query Parameters
/// identifier: Email or username
///
/// ### Responses
/// 200 Email sent
/// 429 Too Many Requests
/// 404 Not found
/// 400 Bad request
///
#[get("/reset-password")]
pub async fn get(
query: web::Query<Query>,
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let mut conn = data.pool.get().await?;
if let Ok(password_reset_token) = PasswordResetToken::get_with_identifier(&mut conn, query.identifier.clone()).await {
if Utc::now().signed_duration_since(password_reset_token.created_at) > Duration::hours(1) {
password_reset_token.delete(&mut conn).await?;
} else {
return Err(Error::TooManyRequests("Please allow 1 hour before sending a new email".to_string()))
}
}
PasswordResetToken::new(&data, query.identifier.clone()).await?;
Ok(HttpResponse::Ok().finish())
}
#[derive(Deserialize)]
struct ResetPassword {
password: String,
token: String,
}
/// `POST /api/v1/auth/reset-password` Resets user password
///
/// requires auth? no
///
/// ### Request Example:
/// ```
/// json!({
/// "password": "1608c17a27f6ae3891c23d680c73ae91528f20a54dcf4973e2c3126b9734f48b7253047f2395b51bb8a44a6daa188003",
/// "token": "a3f7e29c1b8d0456e2c9f83b7a1d6e4f5028c3b9a7e1f2d5c6b8a0d3e7f4a2b"
/// });
/// ```
///
/// ### Responses
/// 200 Success
/// 410 Token Expired
/// 404 Not Found
/// 400 Bad Request
///
#[post("/reset-password")]
pub async fn post(
reset_password: web::Json<ResetPassword>,
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let mut conn = data.pool.get().await?;
let password_reset_token = PasswordResetToken::get(&mut conn, reset_password.token.clone()).await?;
if Utc::now().signed_duration_since(password_reset_token.created_at) > Duration::hours(24) {
password_reset_token.delete(&mut conn).await?;
return Ok(HttpResponse::Gone().finish());
}
password_reset_token.set_password(&data, reset_password.password.clone()).await?;
Ok(HttpResponse::Ok().finish())
}

103
src/api/v1/auth/verify_email.rs Normal file
View file

@ -0,0 +1,103 @@
//! `/api/v1/auth/verify-email` Endpoints for verifying user emails
use actix_web::{HttpRequest, HttpResponse, get, post, web};
use chrono::{Duration, Utc};
use serde::Deserialize;
use crate::{
api::v1::auth::check_access_token, error::Error, structs::{EmailToken, Me}, utils::get_auth_header, Data
};
#[derive(Deserialize)]
struct Query {
token: String,
}
/// `GET /api/v1/auth/verify-email` Verifies user email address
///
/// requires auth? yes
///
/// ### Query Parameters
/// token
///
/// ### Responses
/// 200 Success
/// 410 Token Expired
/// 404 Not Found
/// 401 Unauthorized
///
#[get("/verify-email")]
pub async fn get(
req: HttpRequest,
query: web::Query<Query>,
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let headers = req.headers();
let auth_header = get_auth_header(headers)?;
let mut conn = data.pool.get().await?;
let uuid = check_access_token(auth_header, &mut conn).await?;
let me = Me::get(&mut conn, uuid).await?;
let email_token = EmailToken::get(&mut conn, me.uuid).await?;
if query.token != email_token.token {
return Ok(HttpResponse::Unauthorized().finish());
}
if Utc::now().signed_duration_since(email_token.created_at) > Duration::hours(24) {
email_token.delete(&mut conn).await?;
return Ok(HttpResponse::Gone().finish());
}
me.verify_email(&mut conn).await?;
email_token.delete(&mut conn).await?;
Ok(HttpResponse::Ok().finish())
}
/// `POST /api/v1/auth/verify-email` Sends user verification email
///
/// requires auth? yes
///
/// ### Responses
/// 200 Email sent
/// 204 Already verified
/// 429 Too Many Requests
/// 401 Unauthorized
///
#[post("/verify-email")]
pub async fn post(
req: HttpRequest,
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let headers = req.headers();
let auth_header = get_auth_header(headers)?;
let mut conn = data.pool.get().await?;
let uuid = check_access_token(auth_header, &mut conn).await?;
let me = Me::get(&mut conn, uuid).await?;
if me.email_verified {
return Ok(HttpResponse::NoContent().finish())
}
if let Ok(email_token) = EmailToken::get(&mut conn, me.uuid).await {
if Utc::now().signed_duration_since(email_token.created_at) > Duration::hours(1) {
email_token.delete(&mut conn).await?;
} else {
return Err(Error::TooManyRequests("Please allow 1 hour before sending a new email".to_string()))
}
}
EmailToken::new(&data, me).await?;
Ok(HttpResponse::Ok().finish())
}

6
src/api/v1/me/mod.rs
View file

@ -31,7 +31,7 @@ pub async fn get(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
struct NewInfo { struct NewInfo {
username: Option<String>, username: Option<String>,
display_name: Option<String>, display_name: Option<String>,
password: Option<String>, //password: Option<String>, will probably be handled through a reset password link
email: Option<String>, email: Option<String>,
} }
@ -81,10 +81,6 @@ pub async fn update(
me.set_display_name(&mut conn, display_name.clone()).await?; me.set_display_name(&mut conn, display_name.clone()).await?;
} }
if let Some(password) = &new_info.password {
todo!();
}
if let Some(email) = &new_info.email { if let Some(email) = &new_info.email {
me.set_email(&mut conn, email.to_string()).await?; me.set_email(&mut conn, email.to_string()).await?;
} }

46
src/config.rs
View file

@ -1,5 +1,6 @@
use crate::error::Error; use crate::error::Error;
use bunny_api_tokio::edge_storage::Endpoint; use bunny_api_tokio::edge_storage::Endpoint;
use lettre::transport::smtp::authentication::Credentials;
use log::debug; use log::debug;
use serde::Deserialize; use serde::Deserialize;
use tokio::fs::read_to_string; use tokio::fs::read_to_string;
@ -9,9 +10,10 @@ use url::Url;
pub struct ConfigBuilder { pub struct ConfigBuilder {
database: Database, database: Database,
cache_database: CacheDatabase, cache_database: CacheDatabase,
web: Option<WebBuilder>, web: WebBuilder,
instance: Option<Instance>, instance: Option<Instance>,
bunny: BunnyBuilder, bunny: BunnyBuilder,
mail: Mail,
} }
#[derive(Debug, Deserialize, Clone)] #[derive(Debug, Deserialize, Clone)]
@ -34,8 +36,9 @@ pub struct CacheDatabase {
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
struct WebBuilder { struct WebBuilder {
url: Option<String>, ip: Option<String>,
port: Option<u16>, port: Option<u16>,
url: Url,
_ssl: Option<bool>, _ssl: Option<bool>,
} }
@ -52,6 +55,20 @@ struct BunnyBuilder {
cdn_url: Url, cdn_url: Url,
} }
#[derive(Debug, Deserialize, Clone)]
pub struct Mail {
pub smtp: Smtp,
pub address: String,
pub tls: String,
}
#[derive(Debug, Deserialize, Clone)]
pub struct Smtp {
pub server: String,
username: String,
password: String,
}
impl ConfigBuilder { impl ConfigBuilder {
pub async fn load(path: String) -> Result<Self, Error> { pub async fn load(path: String) -> Result<Self, Error> {
debug!("loading config from: {}", path); debug!("loading config from: {}", path);
@ -63,16 +80,10 @@ impl ConfigBuilder {
} }
pub fn build(self) -> Config { pub fn build(self) -> Config {
let web = if let Some(web) = self.web { let web = Web {
Web { ip: self.web.ip.unwrap_or(String::from("0.0.0.0")),
url: web.url.unwrap_or(String::from("0.0.0.0")), port: self.web.port.unwrap_or(8080),
port: web.port.unwrap_or(8080), url: self.web.url,
}
} else {
Web {
url: String::from("0.0.0.0"),
port: 8080,
}
}; };
let endpoint = match &*self.bunny.endpoint { let endpoint = match &*self.bunny.endpoint {
@ -101,6 +112,7 @@ impl ConfigBuilder {
web, web,
instance: self.instance.unwrap_or(Instance { registration: true }), instance: self.instance.unwrap_or(Instance { registration: true }),
bunny, bunny,
mail: self.mail,
} }
} }
} }
@ -112,12 +124,14 @@ pub struct Config {
pub web: Web, pub web: Web,
pub instance: Instance, pub instance: Instance,
pub bunny: Bunny, pub bunny: Bunny,
pub mail: Mail,
} }
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct Web { pub struct Web {
pub url: String, pub ip: String,
pub port: u16, pub port: u16,
pub url: Url,
} }
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
@ -179,3 +193,9 @@ impl CacheDatabase {
url url
} }
} }
impl Smtp {
pub fn credentials(&self) -> Credentials {
Credentials::new(self.username.clone(), self.password.clone())
}
}

11
src/error.rs
View file

@ -19,6 +19,7 @@ use serde_json::Error as JsonError;
use thiserror::Error; use thiserror::Error;
use tokio::task::JoinError; use tokio::task::JoinError;
use toml::de::Error as TomlError; use toml::de::Error as TomlError;
use lettre::{error::Error as EmailError, address::AddressError, transport::smtp::Error as SmtpError};
#[derive(Debug, Error)] #[derive(Debug, Error)]
pub enum Error { pub enum Error {
@ -54,6 +55,12 @@ pub enum Error {
PayloadError(#[from] PayloadError), PayloadError(#[from] PayloadError),
#[error(transparent)] #[error(transparent)]
WsClosed(#[from] actix_ws::Closed), WsClosed(#[from] actix_ws::Closed),
#[error(transparent)]
EmailError(#[from] EmailError),
#[error(transparent)]
SmtpError(#[from] SmtpError),
#[error(transparent)]
SmtpAddressError(#[from] AddressError),
#[error("{0}")] #[error("{0}")]
PasswordHashError(String), PasswordHashError(String),
#[error("{0}")] #[error("{0}")]
@ -63,6 +70,8 @@ pub enum Error {
#[error("{0}")] #[error("{0}")]
Forbidden(String), Forbidden(String),
#[error("{0}")] #[error("{0}")]
TooManyRequests(String),
#[error("{0}")]
InternalServerError(String), InternalServerError(String),
} }
@ -82,6 +91,8 @@ impl ResponseError for Error {
Error::BunnyError(BunnyError::NotFound(_)) => StatusCode::NOT_FOUND, Error::BunnyError(BunnyError::NotFound(_)) => StatusCode::NOT_FOUND,
Error::BadRequest(_) => StatusCode::BAD_REQUEST, Error::BadRequest(_) => StatusCode::BAD_REQUEST,
Error::Unauthorized(_) => StatusCode::UNAUTHORIZED, Error::Unauthorized(_) => StatusCode::UNAUTHORIZED,
Error::Forbidden(_) => StatusCode::FORBIDDEN,
Error::TooManyRequests(_) => StatusCode::TOO_MANY_REQUESTS,
_ => StatusCode::INTERNAL_SERVER_ERROR, _ => StatusCode::INTERNAL_SERVER_ERROR,
} }
} }

9
src/main.rs
View file

@ -6,6 +6,7 @@ use diesel_async::pooled_connection::AsyncDieselConnectionManager;
use diesel_async::pooled_connection::deadpool::Pool; use diesel_async::pooled_connection::deadpool::Pool;
use error::Error; use error::Error;
use simple_logger::SimpleLogger; use simple_logger::SimpleLogger;
use structs::MailClient;
use std::time::SystemTime; use std::time::SystemTime;
mod config; mod config;
use config::{Config, ConfigBuilder}; use config::{Config, ConfigBuilder};
@ -40,6 +41,7 @@ pub struct Data {
pub argon2: Argon2<'static>, pub argon2: Argon2<'static>,
pub start_time: SystemTime, pub start_time: SystemTime,
pub bunny_cdn: bunny_api_tokio::Client, pub bunny_cdn: bunny_api_tokio::Client,
pub mail_client: MailClient,
} }
#[tokio::main] #[tokio::main]
@ -72,6 +74,10 @@ async fn main() -> Result<(), Error> {
.init(bunny.api_key, bunny.endpoint, bunny.storage_zone) .init(bunny.api_key, bunny.endpoint, bunny.storage_zone)
.await?; .await?;
let mail = config.mail.clone();
let mail_client = MailClient::new(mail.smtp.credentials(), mail.smtp.server, mail.address, mail.tls)?;
let database_url = config.database.url(); let database_url = config.database.url();
tokio::task::spawn_blocking(move || { tokio::task::spawn_blocking(move || {
@ -112,6 +118,7 @@ async fn main() -> Result<(), Error> {
argon2: Argon2::default(), argon2: Argon2::default(),
start_time: SystemTime::now(), start_time: SystemTime::now(),
bunny_cdn, bunny_cdn,
mail_client,
}; };
HttpServer::new(move || { HttpServer::new(move || {
@ -145,7 +152,7 @@ async fn main() -> Result<(), Error> {
.wrap(cors) .wrap(cors)
.service(api::web()) .service(api::web())
}) })
.bind((web.url, web.port))? .bind((web.ip, web.port))?
.run() .run()
.await?; .await?;

22
src/schema.rs
View file

@ -31,6 +31,15 @@ diesel::table! {
} }
} }
diesel::table! {
email_tokens (token, user_uuid) {
#[max_length = 64]
token -> Varchar,
user_uuid -> Uuid,
created_at -> Timestamptz,
}
}
diesel::table! { diesel::table! {
guild_members (uuid) { guild_members (uuid) {
uuid -> Uuid, uuid -> Uuid,
@ -80,6 +89,15 @@ diesel::table! {
} }
} }
diesel::table! {
password_reset_tokens (token, user_uuid) {
#[max_length = 64]
token -> Varchar,
user_uuid -> Uuid,
created_at -> Timestamptz,
}
}
diesel::table! { diesel::table! {
refresh_tokens (token) { refresh_tokens (token) {
#[max_length = 64] #[max_length = 64]
@ -133,6 +151,7 @@ diesel::joinable!(access_tokens -> refresh_tokens (refresh_token));
diesel::joinable!(access_tokens -> users (uuid)); diesel::joinable!(access_tokens -> users (uuid));
diesel::joinable!(channel_permissions -> channels (channel_uuid)); diesel::joinable!(channel_permissions -> channels (channel_uuid));
diesel::joinable!(channels -> guilds (guild_uuid)); diesel::joinable!(channels -> guilds (guild_uuid));
diesel::joinable!(email_tokens -> users (user_uuid));
diesel::joinable!(guild_members -> guilds (guild_uuid)); diesel::joinable!(guild_members -> guilds (guild_uuid));
diesel::joinable!(guild_members -> users (user_uuid)); diesel::joinable!(guild_members -> users (user_uuid));
diesel::joinable!(guilds -> users (owner_uuid)); diesel::joinable!(guilds -> users (owner_uuid));
@ -141,6 +160,7 @@ diesel::joinable!(invites -> guilds (guild_uuid));
diesel::joinable!(invites -> users (user_uuid)); diesel::joinable!(invites -> users (user_uuid));
diesel::joinable!(messages -> channels (channel_uuid)); diesel::joinable!(messages -> channels (channel_uuid));
diesel::joinable!(messages -> users (user_uuid)); diesel::joinable!(messages -> users (user_uuid));
diesel::joinable!(password_reset_tokens -> users (user_uuid));
diesel::joinable!(refresh_tokens -> users (uuid)); diesel::joinable!(refresh_tokens -> users (uuid));
diesel::joinable!(role_members -> guild_members (member_uuid)); diesel::joinable!(role_members -> guild_members (member_uuid));
diesel::joinable!(roles -> guilds (guild_uuid)); diesel::joinable!(roles -> guilds (guild_uuid));
@ -149,11 +169,13 @@ diesel::allow_tables_to_appear_in_same_query!(
access_tokens, access_tokens,
channel_permissions, channel_permissions,
channels, channels,
email_tokens,
guild_members, guild_members,
guilds, guilds,
instance_permissions, instance_permissions,
invites, invites,
messages, messages,
password_reset_tokens,
refresh_tokens, refresh_tokens,
role_members, role_members,
roles, roles,

289
src/structs.rs
View file

@ -1,20 +1,22 @@
use actix_web::web::BytesMut; use actix_web::web::BytesMut;
use chrono::Utc;
use diesel::{ use diesel::{
ExpressionMethods, QueryDsl, Selectable, SelectableHelper, delete, insert_into, delete, dsl::now, insert_into, prelude::{Insertable, Queryable}, update, ExpressionMethods, QueryDsl, Selectable, SelectableHelper
prelude::{Insertable, Queryable},
update,
}; };
use diesel_async::{RunQueryDsl, pooled_connection::AsyncDieselConnectionManager}; use diesel_async::{RunQueryDsl, pooled_connection::AsyncDieselConnectionManager};
use lettre::{message::{Mailbox, MessageBuilder as EmailBuilder, MultiPart}, transport::smtp::authentication::Credentials, AsyncSmtpTransport, AsyncTransport, Message as Email, Tokio1Executor};
use log::debug;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use tokio::task; use tokio::task;
use url::Url; use url::Url;
use uuid::Uuid; use uuid::Uuid;
use argon2::{
PasswordHasher,
password_hash::{SaltString, rand_core::OsRng},
};
use crate::{ use crate::{
Conn, Data, error::Error, schema::*, utils::{generate_refresh_token, image_check, order_by_is_above, user_uuid_from_identifier, EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX}, Conn, Data
error::Error,
schema::*,
utils::{EMAIL_REGEX, USERNAME_REGEX, image_check, order_by_is_above},
}; };
pub trait HasUuid { pub trait HasUuid {
@ -35,6 +37,62 @@ fn load_or_empty<T>(
} }
} }
#[derive(PartialEq, Eq, Clone)]
pub enum MailTls {
StartTls,
Tls,
}
impl From<String> for MailTls {
fn from(value: String) -> Self {
match &*value.to_lowercase() {
"starttls" => Self::StartTls,
_ => Self::Tls,
}
}
}
#[derive(Clone)]
pub struct MailClient {
creds: Credentials,
smtp_server: String,
mbox: Mailbox,
tls: MailTls,
}
impl MailClient {
pub fn new<T: Into<MailTls>>(creds: Credentials, smtp_server: String, mbox: String, tls: T) -> Result<Self, Error> {
Ok(Self {
creds,
smtp_server,
mbox: mbox.parse()?,
tls: tls.into(),
})
}
pub fn message_builder(&self) -> EmailBuilder {
Email::builder()
.from(self.mbox.clone())
}
pub async fn send_mail(&self, email: Email) -> Result<(), Error> {
let mailer: AsyncSmtpTransport<Tokio1Executor> = match self.tls {
MailTls::StartTls => AsyncSmtpTransport::<Tokio1Executor>::starttls_relay(&self.smtp_server)?
.credentials(self.creds.clone())
.build(),
MailTls::Tls => AsyncSmtpTransport::<Tokio1Executor>::relay(&self.smtp_server)?
.credentials(self.creds.clone())
.build(),
};
let response = mailer.send(email).await?;
debug!("mail sending response: {:?}", response);
Ok(())
}
}
#[derive(Queryable, Selectable, Insertable, Clone, Debug)] #[derive(Queryable, Selectable, Insertable, Clone, Debug)]
#[diesel(table_name = channels)] #[diesel(table_name = channels)]
#[diesel(check_for_backend(diesel::pg::Pg))] #[diesel(check_for_backend(diesel::pg::Pg))]
@ -718,12 +776,12 @@ impl User {
#[diesel(table_name = users)] #[diesel(table_name = users)]
#[diesel(check_for_backend(diesel::pg::Pg))] #[diesel(check_for_backend(diesel::pg::Pg))]
pub struct Me { pub struct Me {
uuid: Uuid, pub uuid: Uuid,
username: String, username: String,
display_name: Option<String>, display_name: Option<String>,
avatar: Option<String>, avatar: Option<String>,
email: String, email: String,
email_verified: bool, pub email_verified: bool,
} }
impl Me { impl Me {
@ -788,6 +846,17 @@ impl Me {
Ok(()) Ok(())
} }
pub async fn verify_email(&self, conn: &mut Conn) -> Result<(), Error> {
use users::dsl;
update(users::table)
.filter(dsl::uuid.eq(self.uuid))
.set(dsl::email_verified.eq(true))
.execute(conn)
.await?;
Ok(())
}
pub async fn set_username( pub async fn set_username(
&mut self, &mut self,
conn: &mut Conn, conn: &mut Conn,
@ -852,3 +921,205 @@ pub struct StartAmountQuery {
pub start: Option<i64>, pub start: Option<i64>,
pub amount: Option<i64>, pub amount: Option<i64>,
} }
#[derive(Selectable, Queryable)]
#[diesel(table_name = email_tokens)]
#[diesel(check_for_backend(diesel::pg::Pg))]
pub struct EmailToken {
user_uuid: Uuid,
pub token: String,
pub created_at: chrono::DateTime<Utc>,
}
impl EmailToken {
pub async fn get(conn: &mut Conn, user_uuid: Uuid) -> Result<EmailToken, Error> {
use email_tokens::dsl;
let email_token = dsl::email_tokens
.filter(dsl::user_uuid.eq(user_uuid))
.select(EmailToken::as_select())
.get_result(conn)
.await?;
Ok(email_token)
}
pub async fn new(data: &Data, me: Me) -> Result<(), Error> {
let token = generate_refresh_token()?;
let mut conn = data.pool.get().await?;
use email_tokens::dsl;
insert_into(email_tokens::table)
.values((dsl::user_uuid.eq(me.uuid), dsl::token.eq(&token), dsl::created_at.eq(now)))
.execute(&mut conn)
.await?;
let mut verify_endpoint = data.config.web.url.join("verify-email")?;
verify_endpoint.set_query(Some(&format!("token={}", token)));
let email = data
.mail_client
.message_builder()
.to(me.email.parse()?)
.subject(format!("{} E-mail Verification", data.config.web.url.domain().unwrap()))
.multipart(MultiPart::alternative_plain_html(
format!("Verify your {} account\n\nHello, {}!\nThanks for creating a new account on Gorb.\nThe final step to create your account is to verify your email address by visiting the page, within 24 hours.\n\n{}\n\nIf you didn't ask to verify this address, you can safely ignore this email\n\nThanks, The gorb team.", data.config.web.url.domain().unwrap(), me.username, verify_endpoint),
format!(r#"<html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>:root{{--header-text-colour: #ffffff;--footer-text-colour: #7f7f7f;--button-text-colour: #170e08;--text-colour: #170e08;--background-colour: #fbf6f2;--primary-colour: #df5f0b;--secondary-colour: #e8ac84;--accent-colour: #e68b4e;}}@media (prefers-color-scheme: dark){{:root{{--header-text-colour: #ffffff;--footer-text-colour: #585858;--button-text-colour: #ffffff;--text-colour: #f7eee8;--background-colour: #0c0704;--primary-colour: #f4741f;--secondary-colour: #7c4018;--accent-colour: #b35719;}}}}@media (max-width: 600px){{.container{{width: 100%;}}}}body{{font-family: Arial, sans-serif;align-content: center;text-align: center;margin: 0;padding: 0;background-color: var(--background-colour);color: var(--text-colour);width: 100%;max-width: 600px;margin: 0 auto;border-radius: 5px;}}.header{{background-color: var(--primary-colour);color: var(--header-text-colour);padding: 20px;}}.verify-button{{background-color: var(--accent-colour);color: var(--button-text-colour);padding: 12px 30px;margin: 16px;font-size: 20px;transition: background-color 0.3s;cursor: pointer;border: none;border-radius: 14px;text-decoration: none;display: inline-block;}}.verify-button:hover{{background-color: var(--secondary-colour);}}.content{{padding: 20px 30px;}}.footer{{padding: 10px;font-size: 12px;color: var(--footer-text-colour);}}</style></head><body><div class="container"><div class="header"><h1>Verify your {} Account</h1></div><div class="content"><h2>Hello, {}!</h2><p>Thanks for creating a new account on Gorb.</p><p>The final step to create your account is to verify your email address by clicking the button below, within 24 hours.</p><a href="{}" class="verify-button">VERIFY ACCOUNT</a><p>If you didn't ask to verify this address, you can safely ignore this email.</p><div class="footer"><p>Thanks<br>The gorb team.</p></div></div></div></body></html>"#, data.config.web.url.domain().unwrap(), me.username, verify_endpoint)
))?;
data
.mail_client
.send_mail(email)
.await?;
Ok(())
}
pub async fn delete(&self, conn: &mut Conn) -> Result<(), Error> {
use email_tokens::dsl;
delete(email_tokens::table)
.filter(dsl::user_uuid.eq(self.user_uuid))
.filter(dsl::token.eq(&self.token))
.execute(conn)
.await?;
Ok(())
}
}
#[derive(Selectable, Queryable)]
#[diesel(table_name = password_reset_tokens)]
#[diesel(check_for_backend(diesel::pg::Pg))]
pub struct PasswordResetToken {
user_uuid: Uuid,
pub token: String,
pub created_at: chrono::DateTime<Utc>,
}
impl PasswordResetToken {
pub async fn get(conn: &mut Conn, token: String) -> Result<PasswordResetToken, Error> {
use password_reset_tokens::dsl;
let password_reset_token = dsl::password_reset_tokens
.filter(dsl::token.eq(token))
.select(PasswordResetToken::as_select())
.get_result(conn)
.await?;
Ok(password_reset_token)
}
pub async fn get_with_identifier(conn: &mut Conn, identifier: String) -> Result<PasswordResetToken, Error> {
let user_uuid = user_uuid_from_identifier(conn, &identifier).await?;
use password_reset_tokens::dsl;
let password_reset_token = dsl::password_reset_tokens
.filter(dsl::user_uuid.eq(user_uuid))
.select(PasswordResetToken::as_select())
.get_result(conn)
.await?;
Ok(password_reset_token)
}
pub async fn new(data: &Data, identifier: String) -> Result<(), Error> {
let token = generate_refresh_token()?;
let mut conn = data.pool.get().await?;
let user_uuid = user_uuid_from_identifier(&mut conn, &identifier).await?;
use users::dsl as udsl;
let (username, email_address): (String, String) = udsl::users
.filter(udsl::uuid.eq(user_uuid))
.select((udsl::username, udsl::email))
.get_result(&mut conn)
.await?;
use password_reset_tokens::dsl;
insert_into(password_reset_tokens::table)
.values((dsl::user_uuid.eq(user_uuid), dsl::token.eq(&token), dsl::created_at.eq(now)))
.execute(&mut conn)
.await?;
let mut reset_endpoint = data.config.web.url.join("reset-password")?;
reset_endpoint.set_query(Some(&format!("token={}", token)));
let email = data
.mail_client
.message_builder()
.to(email_address.parse()?)
.subject(format!("{} Password Reset", data.config.web.url.domain().unwrap()))
.multipart(MultiPart::alternative_plain_html(
format!("{} Password Reset\n\nHello, {}!\nSomeone requested a password reset for your Gorb account.\nClick the button below within 24 hours to reset your password.\n\n{}\n\nIf you didn't request a password reset, don't worry, your account is safe and you can safely ignore this email.\n\nThanks, The gorb team.", data.config.web.url.domain().unwrap(), username, reset_endpoint),
format!(r#"<html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>:root {{--header-text-colour: #ffffff;--footer-text-colour: #7f7f7f;--button-text-colour: #170e08;--text-colour: #170e08;--background-colour: #fbf6f2;--primary-colour: #df5f0b;--secondary-colour: #e8ac84;--accent-colour: #e68b4e;}}@media (prefers-color-scheme: dark) {{:root {{--header-text-colour: #ffffff;--footer-text-colour: #585858;--button-text-colour: #ffffff;--text-colour: #f7eee8;--background-colour: #0c0704;--primary-colour: #f4741f;--secondary-colour: #7c4018;--accent-colour: #b35719;}}}}@media (max-width: 600px) {{.container {{width: 100%;}}}}body {{font-family: Arial, sans-serif;align-content: center;text-align: center;margin: 0;padding: 0;background-color: var(--background-colour);color: var(--text-colour);width: 100%;max-width: 600px;margin: 0 auto;border-radius: 5px;}}.header {{background-color: var(--primary-colour);color: var(--header-text-colour);padding: 20px;}}.verify-button {{background-color: var(--accent-colour);color: var(--button-text-colour);padding: 12px 30px;margin: 16px;font-size: 20px;transition: background-color 0.3s;cursor: pointer;border: none;border-radius: 14px;text-decoration: none;display: inline-block;}}.verify-button:hover {{background-color: var(--secondary-colour);}}.content {{padding: 20px 30px;}}.footer {{padding: 10px;font-size: 12px;color: var(--footer-text-colour);}}</style></head><body><div class="container"><div class="header"><h1>{} Password Reset</h1></div><div class="content"><h2>Hello, {}!</h2><p>Someone requested a password reset for your Gorb account.</p><p>Click the button below within 24 hours to reset your password.</p><a href="{}" class="verify-button">RESET PASSWORD</a><p>If you didn't request a password reset, don't worry, your account is safe and you can safely ignore this email.</p><div class="footer"><p>Thanks<br>The gorb team.</p></div></div></div></body></html>"#, data.config.web.url.domain().unwrap(), username, reset_endpoint)
))?;
data
.mail_client
.send_mail(email)
.await?;
Ok(())
}
pub async fn set_password(&self, data: &Data, password: String) -> Result<(), Error> {
if !PASSWORD_REGEX.is_match(&password) {
return Err(Error::BadRequest("Please provide a valid password".to_string()))
}
let salt = SaltString::generate(&mut OsRng);
let hashed_password = data
.argon2
.hash_password(password.as_bytes(), &salt)
.map_err(|e| Error::PasswordHashError(e.to_string()))?;
let mut conn = data.pool.get().await?;
use users::dsl;
update(users::table)
.filter(dsl::uuid.eq(self.user_uuid))
.set(dsl::password.eq(hashed_password.to_string()))
.execute(&mut conn)
.await?;
let (username, email_address): (String, String) = dsl::users
.filter(dsl::uuid.eq(self.user_uuid))
.select((dsl::username, dsl::email))
.get_result(&mut conn)
.await?;
let login_page = data.config.web.url.join("login")?;
let email = data
.mail_client
.message_builder()
.to(email_address.parse()?)
.subject(format!("Your {} Password has been Reset", data.config.web.url.domain().unwrap()))
.multipart(MultiPart::alternative_plain_html(
format!("{} Password Reset Confirmation\n\nHello, {}!\nYour password has been successfully reset for your Gorb account.\nIf you did not initiate this change, please click the link below to reset your password <strong>immediately</strong>.\n\n{}\n\nThanks, The gorb team.", data.config.web.url.domain().unwrap(), username, login_page),
format!(r#"<html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>:root {{--header-text-colour: #ffffff;--footer-text-colour: #7f7f7f;--button-text-colour: #170e08;--text-colour: #170e08;--background-colour: #fbf6f2;--primary-colour: #df5f0b;--secondary-colour: #e8ac84;--accent-colour: #e68b4e;}}@media (prefers-color-scheme: dark) {{:root {{--header-text-colour: #ffffff;--footer-text-colour: #585858;--button-text-colour: #ffffff;--text-colour: #f7eee8;--background-colour: #0c0704;--primary-colour: #f4741f;--secondary-colour: #7c4018;--accent-colour: #b35719;}}}}@media (max-width: 600px) {{.container {{width: 100%;}}}}body {{font-family: Arial, sans-serif;align-content: center;text-align: center;margin: 0;padding: 0;background-color: var(--background-colour);color: var(--text-colour);width: 100%;max-width: 600px;margin: 0 auto;border-radius: 5px;}}.header {{background-color: var(--primary-colour);color: var(--header-text-colour);padding: 20px;}}.verify-button {{background-color: var(--accent-colour);color: var(--button-text-colour);padding: 12px 30px;margin: 16px;font-size: 20px;transition: background-color 0.3s;cursor: pointer;border: none;border-radius: 14px;text-decoration: none;display: inline-block;}}.verify-button:hover {{background-color: var(--secondary-colour);}}.content {{padding: 20px 30px;}}.footer {{padding: 10px;font-size: 12px;color: var(--footer-text-colour);}}</style></head><body><div class="container"><div class="header"><h1>{} Password Reset Confirmation</h1></div><div class="content"><h2>Hello, {}!</h2><p>Your password has been successfully reset for your Gorb account.</p><p>If you did not initiate this change, please click the button below to reset your password <strong>immediately</strong>.</p><a href="{}" class="verify-button">RESET PASSWORD</a><div class="footer"><p>Thanks<br>The gorb team.</p></div></div></div></body></html>"#, data.config.web.url.domain().unwrap(), username, login_page)
))?;
data
.mail_client
.send_mail(email)
.await?;
self.delete(&mut conn).await
}
pub async fn delete(&self, conn: &mut Conn) -> Result<(), Error> {
use password_reset_tokens::dsl;
delete(password_reset_tokens::table)
.filter(dsl::user_uuid.eq(self.user_uuid))
.filter(dsl::token.eq(&self.token))
.execute(conn)
.await?;
Ok(())
}
}

31
src/utils.rs
View file

@ -6,16 +6,17 @@ use actix_web::{
web::BytesMut, web::BytesMut,
}; };
use bindet::FileType; use bindet::FileType;
use diesel::{ExpressionMethods, QueryDsl};
use diesel_async::RunQueryDsl;
use getrandom::fill; use getrandom::fill;
use hex::encode; use hex::encode;
use redis::RedisError; use redis::RedisError;
use regex::Regex; use regex::Regex;
use serde::Serialize; use serde::Serialize;
use uuid::Uuid;
use crate::{ use crate::{
Data, error::Error, schema::users, structs::{HasIsAbove, HasUuid}, Conn, Data
error::Error,
structs::{HasIsAbove, HasUuid},
}; };
pub static EMAIL_REGEX: LazyLock<Regex> = LazyLock::new(|| { pub static EMAIL_REGEX: LazyLock<Regex> = LazyLock::new(|| {
@ -136,6 +137,30 @@ pub fn image_check(icon: BytesMut) -> Result<String, Error> {
)) ))
} }
pub async fn user_uuid_from_identifier(conn: &mut Conn, identifier: &String) -> Result<Uuid, Error> {
if EMAIL_REGEX.is_match(identifier) {
use users::dsl;
let user_uuid = dsl::users
.filter(dsl::email.eq(identifier))
.select(dsl::uuid)
.get_result(conn)
.await?;
Ok(user_uuid)
} else if USERNAME_REGEX.is_match(identifier) {
use users::dsl;
let user_uuid = dsl::users
.filter(dsl::username.eq(identifier))
.select(dsl::uuid)
.get_result(conn)
.await?;
Ok(user_uuid)
} else {
Err(Error::BadRequest("Please provide a valid username or email".to_string()))
}
}
pub async fn order_by_is_above<T>(mut items: Vec<T>) -> Result<Vec<T>, Error> pub async fn order_by_is_above<T>(mut items: Vec<T>) -> Result<Vec<T>, Error>
where where
T: HasUuid + HasIsAbove, T: HasUuid + HasIsAbove,