gorb/backend
4
0
Fork 1
Code Issues 1 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

style: cargo clippy && cargo fmt
All checks were successful
ci/woodpecker/push/build-and-publish Pipeline was successful
Details
ci/woodpecker/push/publish-docs Pipeline was successful
Details

Browse source
This commit is contained in:
Radical 2025-05-30 21:17:30 +02:00
parent c9a3e8c6c4
commit d615f1392e
31 changed files with 288 additions and 181 deletions
Download patch file Download diff file Expand all files Collapse all files

2
build.rs
View file

@ -8,7 +8,7 @@ fn main() {
.output() .output()
.ok() .ok()
.and_then(|o| String::from_utf8(o.stdout).ok()) .and_then(|o| String::from_utf8(o.stdout).ok())
.map(|s| s.trim().to_string()) // Trim newline .map(|s| s.trim().to_string()) // Trim newline
.unwrap_or_else(|| "UNKNOWN".to_string()); .unwrap_or_else(|| "UNKNOWN".to_string());
// Tell Cargo to set `GIT_SHORT_HASH` for the main compilation // Tell Cargo to set `GIT_SHORT_HASH` for the main compilation

4
src/api/mod.rs
View file

@ -7,5 +7,7 @@ mod v1;
mod versions; mod versions;
pub fn web(path: &str) -> Scope { pub fn web(path: &str) -> Scope {
web::scope(path.trim_end_matches('/')).service(v1::web()).service(versions::get) web::scope(path.trim_end_matches('/'))
.service(v1::web())
.service(versions::get)
} }

4
src/api/v1/auth/login.rs
View file

@ -11,8 +11,8 @@ use crate::{
error::Error, error::Error,
schema::*, schema::*,
utils::{ utils::{
PASSWORD_REGEX, generate_access_token, generate_refresh_token, PASSWORD_REGEX, generate_access_token, generate_refresh_token, refresh_token_cookie,
refresh_token_cookie, user_uuid_from_identifier user_uuid_from_identifier,
}, },
}; };

2
src/api/v1/auth/mod.rs
View file

@ -11,9 +11,9 @@ use crate::{Conn, error::Error, schema::access_tokens::dsl};
mod login; mod login;
mod refresh; mod refresh;
mod register; mod register;
mod reset_password;
mod revoke; mod revoke;
mod verify_email; mod verify_email;
mod reset_password;
#[derive(Serialize)] #[derive(Serialize)]
struct Response { struct Response {

2
src/api/v1/auth/refresh.rs
View file

@ -61,8 +61,6 @@ pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
if lifetime > 1987200 { if lifetime > 1987200 {
let new_refresh_token = generate_refresh_token()?; let new_refresh_token = generate_refresh_token()?;
let new_refresh_token = new_refresh_token;
match update(refresh_tokens::table) match update(refresh_tokens::table)
.filter(rdsl::token.eq(&refresh_token)) .filter(rdsl::token.eq(&refresh_token))
.set(( .set((

40
src/api/v1/auth/reset_password.rs
View file

@ -4,9 +4,7 @@ use actix_web::{HttpResponse, get, post, web};
use chrono::{Duration, Utc}; use chrono::{Duration, Utc};
use serde::Deserialize; use serde::Deserialize;
use crate::{ use crate::{Data, error::Error, structs::PasswordResetToken};
error::Error, structs::PasswordResetToken, Data
};
#[derive(Deserialize)] #[derive(Deserialize)]
struct Query { struct Query {
@ -14,30 +12,31 @@ struct Query {
} }
/// `GET /api/v1/auth/reset-password` Sends password reset email to user /// `GET /api/v1/auth/reset-password` Sends password reset email to user
/// ///
/// requires auth? no /// requires auth? no
/// ///
/// ### Query Parameters /// ### Query Parameters
/// identifier: Email or username /// identifier: Email or username
/// ///
/// ### Responses /// ### Responses
/// 200 Email sent /// 200 Email sent
/// 429 Too Many Requests /// 429 Too Many Requests
/// 404 Not found /// 404 Not found
/// 400 Bad request /// 400 Bad request
/// ///
#[get("/reset-password")] #[get("/reset-password")]
pub async fn get( pub async fn get(query: web::Query<Query>, data: web::Data<Data>) -> Result<HttpResponse, Error> {
query: web::Query<Query>,
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let mut conn = data.pool.get().await?; let mut conn = data.pool.get().await?;
if let Ok(password_reset_token) = PasswordResetToken::get_with_identifier(&mut conn, query.identifier.clone()).await { if let Ok(password_reset_token) =
PasswordResetToken::get_with_identifier(&mut conn, query.identifier.clone()).await
{
if Utc::now().signed_duration_since(password_reset_token.created_at) > Duration::hours(1) { if Utc::now().signed_duration_since(password_reset_token.created_at) > Duration::hours(1) {
password_reset_token.delete(&mut conn).await?; password_reset_token.delete(&mut conn).await?;
} else { } else {
return Err(Error::TooManyRequests("Please allow 1 hour before sending a new email".to_string())) return Err(Error::TooManyRequests(
"Please allow 1 hour before sending a new email".to_string(),
));
} }
} }
@ -53,9 +52,9 @@ struct ResetPassword {
} }
/// `POST /api/v1/auth/reset-password` Resets user password /// `POST /api/v1/auth/reset-password` Resets user password
/// ///
/// requires auth? no /// requires auth? no
/// ///
/// ### Request Example: /// ### Request Example:
/// ``` /// ```
/// json!({ /// json!({
@ -63,13 +62,13 @@ struct ResetPassword {
/// "token": "a3f7e29c1b8d0456e2c9f83b7a1d6e4f5028c3b9a7e1f2d5c6b8a0d3e7f4a2b" /// "token": "a3f7e29c1b8d0456e2c9f83b7a1d6e4f5028c3b9a7e1f2d5c6b8a0d3e7f4a2b"
/// }); /// });
/// ``` /// ```
/// ///
/// ### Responses /// ### Responses
/// 200 Success /// 200 Success
/// 410 Token Expired /// 410 Token Expired
/// 404 Not Found /// 404 Not Found
/// 400 Bad Request /// 400 Bad Request
/// ///
#[post("/reset-password")] #[post("/reset-password")]
pub async fn post( pub async fn post(
reset_password: web::Json<ResetPassword>, reset_password: web::Json<ResetPassword>,
@ -77,14 +76,17 @@ pub async fn post(
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, Error> {
let mut conn = data.pool.get().await?; let mut conn = data.pool.get().await?;
let password_reset_token = PasswordResetToken::get(&mut conn, reset_password.token.clone()).await?; let password_reset_token =
PasswordResetToken::get(&mut conn, reset_password.token.clone()).await?;
if Utc::now().signed_duration_since(password_reset_token.created_at) > Duration::hours(24) { if Utc::now().signed_duration_since(password_reset_token.created_at) > Duration::hours(24) {
password_reset_token.delete(&mut conn).await?; password_reset_token.delete(&mut conn).await?;
return Ok(HttpResponse::Gone().finish()); return Ok(HttpResponse::Gone().finish());
} }
password_reset_token.set_password(&data, reset_password.password.clone()).await?; password_reset_token
.set_password(&data, reset_password.password.clone())
.await?;
Ok(HttpResponse::Ok().finish()) Ok(HttpResponse::Ok().finish())
} }

31
src/api/v1/auth/verify_email.rs
View file

@ -5,7 +5,11 @@ use chrono::{Duration, Utc};
use serde::Deserialize; use serde::Deserialize;
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::{EmailToken, Me}, utils::get_auth_header, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::{EmailToken, Me},
utils::get_auth_header,
}; };
#[derive(Deserialize)] #[derive(Deserialize)]
@ -14,18 +18,18 @@ struct Query {
} }
/// `GET /api/v1/auth/verify-email` Verifies user email address /// `GET /api/v1/auth/verify-email` Verifies user email address
/// ///
/// requires auth? yes /// requires auth? yes
/// ///
/// ### Query Parameters /// ### Query Parameters
/// token /// token
/// ///
/// ### Responses /// ### Responses
/// 200 Success /// 200 Success
/// 410 Token Expired /// 410 Token Expired
/// 404 Not Found /// 404 Not Found
/// 401 Unauthorized /// 401 Unauthorized
/// ///
#[get("/verify-email")] #[get("/verify-email")]
pub async fn get( pub async fn get(
req: HttpRequest, req: HttpRequest,
@ -61,20 +65,17 @@ pub async fn get(
} }
/// `POST /api/v1/auth/verify-email` Sends user verification email /// `POST /api/v1/auth/verify-email` Sends user verification email
/// ///
/// requires auth? yes /// requires auth? yes
/// ///
/// ### Responses /// ### Responses
/// 200 Email sent /// 200 Email sent
/// 204 Already verified /// 204 Already verified
/// 429 Too Many Requests /// 429 Too Many Requests
/// 401 Unauthorized /// 401 Unauthorized
/// ///
#[post("/verify-email")] #[post("/verify-email")]
pub async fn post( pub async fn post(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse, Error> {
req: HttpRequest,
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let headers = req.headers(); let headers = req.headers();
let auth_header = get_auth_header(headers)?; let auth_header = get_auth_header(headers)?;
@ -86,14 +87,16 @@ pub async fn post(
let me = Me::get(&mut conn, uuid).await?; let me = Me::get(&mut conn, uuid).await?;
if me.email_verified { if me.email_verified {
return Ok(HttpResponse::NoContent().finish()) return Ok(HttpResponse::NoContent().finish());
} }
if let Ok(email_token) = EmailToken::get(&mut conn, me.uuid).await { if let Ok(email_token) = EmailToken::get(&mut conn, me.uuid).await {
if Utc::now().signed_duration_since(email_token.created_at) > Duration::hours(1) { if Utc::now().signed_duration_since(email_token.created_at) > Duration::hours(1) {
email_token.delete(&mut conn).await?; email_token.delete(&mut conn).await?;
} else { } else {
return Err(Error::TooManyRequests("Please allow 1 hour before sending a new email".to_string())) return Err(Error::TooManyRequests(
"Please allow 1 hour before sending a new email".to_string(),
));
} }
} }

2
src/api/v1/channels/mod.rs
View file

@ -1,4 +1,4 @@
use actix_web::{web, Scope}; use actix_web::{Scope, web};
mod uuid; mod uuid;

16
src/api/v1/channels/uuid/messages.rs
View file

@ -1,7 +1,11 @@
//! `/api/v1/channels/{uuid}/messages` Endpoints related to channel messages //! `/api/v1/channels/{uuid}/messages` Endpoints related to channel messages
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::{Channel, Member}, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::{Channel, Member},
utils::{get_auth_header, global_checks},
}; };
use ::uuid::Uuid; use ::uuid::Uuid;
use actix_web::{HttpRequest, HttpResponse, get, web}; use actix_web::{HttpRequest, HttpResponse, get, web};
@ -14,11 +18,11 @@ struct MessageRequest {
} }
/// `GET /api/v1/channels/{uuid}/messages` Returns user with the given UUID /// `GET /api/v1/channels/{uuid}/messages` Returns user with the given UUID
/// ///
/// requires auth: yes /// requires auth: yes
/// ///
/// requires relation: yes /// requires relation: yes
/// ///
/// ### Request Example /// ### Request Example
/// ``` /// ```
/// json!({ /// json!({
@ -26,7 +30,7 @@ struct MessageRequest {
/// "offset": 0 /// "offset": 0
/// }) /// })
/// ``` /// ```
/// ///
/// ### Response Example /// ### Response Example
/// ``` /// ```
/// json!({ /// json!({
@ -42,7 +46,7 @@ struct MessageRequest {
/// } /// }
/// }); /// });
/// ``` /// ```
/// ///
#[get("/{uuid}/messages")] #[get("/{uuid}/messages")]
pub async fn get( pub async fn get(
req: HttpRequest, req: HttpRequest,

6
src/api/v1/channels/uuid/mod.rs
View file

@ -2,7 +2,11 @@ pub mod messages;
pub mod socket; pub mod socket;
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::{Channel, Member}, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::{Channel, Member},
utils::{get_auth_header, global_checks},
}; };
use actix_web::{HttpRequest, HttpResponse, delete, get, web}; use actix_web::{HttpRequest, HttpResponse, delete, get, web};
use uuid::Uuid; use uuid::Uuid;

9
src/api/v1/channels/uuid/socket.rs
View file

@ -8,7 +8,10 @@ use futures_util::StreamExt as _;
use uuid::Uuid; use uuid::Uuid;
use crate::{ use crate::{
api::v1::auth::check_access_token, structs::{Channel, Member}, utils::{get_ws_protocol_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
structs::{Channel, Member},
utils::{get_ws_protocol_header, global_checks},
}; };
#[get("/{uuid}/socket")] #[get("/{uuid}/socket")]
@ -71,9 +74,7 @@ pub async fn ws(
Ok(AggregatedMessage::Text(text)) => { Ok(AggregatedMessage::Text(text)) => {
let mut conn = data.cache_pool.get_multiplexed_tokio_connection().await?; let mut conn = data.cache_pool.get_multiplexed_tokio_connection().await?;
let message = channel let message = channel.new_message(&data, uuid, text.to_string()).await?;
.new_message(&data, uuid, text.to_string())
.await?;
redis::cmd("PUBLISH") redis::cmd("PUBLISH")
.arg(&[channel_uuid.to_string(), serde_json::to_string(&message)?]) .arg(&[channel_uuid.to_string(), serde_json::to_string(&message)?])

25
src/api/v1/guilds/mod.rs
View file

@ -6,7 +6,11 @@ use serde::Deserialize;
mod uuid; mod uuid;
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::{Guild, StartAmountQuery}, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::{Guild, StartAmountQuery},
utils::{get_auth_header, global_checks},
}; };
#[derive(Deserialize)] #[derive(Deserialize)]
@ -22,16 +26,16 @@ pub fn web() -> Scope {
} }
/// `POST /api/v1/guilds` Creates a new guild /// `POST /api/v1/guilds` Creates a new guild
/// ///
/// requires auth: yes /// requires auth: yes
/// ///
/// ### Request Example /// ### Request Example
/// ``` /// ```
/// json!({ /// json!({
/// "name": "My new server!" /// "name": "My new server!"
/// }); /// });
/// ``` /// ```
/// ///
/// ### Response Example /// ### Response Example
/// ``` /// ```
/// json!({ /// json!({
@ -59,22 +63,17 @@ pub async fn post(
let uuid = check_access_token(auth_header, &mut conn).await?; let uuid = check_access_token(auth_header, &mut conn).await?;
let guild = Guild::new( let guild = Guild::new(&mut conn, guild_info.name.clone(), uuid).await?;
&mut conn,
guild_info.name.clone(),
uuid,
)
.await?;
Ok(HttpResponse::Ok().json(guild)) Ok(HttpResponse::Ok().json(guild))
} }
/// `GET /api/v1/servers` Fetches all guilds /// `GET /api/v1/servers` Fetches all guilds
/// ///
/// requires auth: yes /// requires auth: yes
/// ///
/// requires admin: yes /// requires admin: yes
/// ///
/// ### Response Example /// ### Response Example
/// ``` /// ```
/// json!([ /// json!([

6
src/api/v1/guilds/uuid/channels.rs
View file

@ -1,5 +1,9 @@
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::{Channel, Member}, utils::{get_auth_header, global_checks, order_by_is_above}, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::{Channel, Member},
utils::{get_auth_header, global_checks, order_by_is_above},
}; };
use ::uuid::Uuid; use ::uuid::Uuid;
use actix_web::{HttpRequest, HttpResponse, get, post, web}; use actix_web::{HttpRequest, HttpResponse, get, post, web};

10
src/api/v1/guilds/uuid/icon.rs
View file

@ -5,13 +5,17 @@ use futures_util::StreamExt as _;
use uuid::Uuid; use uuid::Uuid;
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::{Guild, Member}, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::{Guild, Member},
utils::{get_auth_header, global_checks},
}; };
/// `PUT /api/v1/guilds/{uuid}/icon` Icon upload /// `PUT /api/v1/guilds/{uuid}/icon` Icon upload
/// ///
/// requires auth: no /// requires auth: no
/// ///
/// put request expects a file and nothing else /// put request expects a file and nothing else
#[put("{uuid}/icon")] #[put("{uuid}/icon")]
pub async fn upload( pub async fn upload(

6
src/api/v1/guilds/uuid/invites/mod.rs
View file

@ -3,7 +3,11 @@ use serde::Deserialize;
use uuid::Uuid; use uuid::Uuid;
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::{Guild, Member}, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::{Guild, Member},
utils::{get_auth_header, global_checks},
}; };
#[derive(Deserialize)] #[derive(Deserialize)]

6
src/api/v1/guilds/uuid/members.rs
View file

@ -1,5 +1,9 @@
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::Member, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::Member,
utils::{get_auth_header, global_checks},
}; };
use ::uuid::Uuid; use ::uuid::Uuid;
use actix_web::{HttpRequest, HttpResponse, get, web}; use actix_web::{HttpRequest, HttpResponse, get, web};

14
src/api/v1/guilds/uuid/mod.rs
View file

@ -6,11 +6,15 @@ use uuid::Uuid;
mod channels; mod channels;
mod icon; mod icon;
mod invites; mod invites;
mod roles;
mod members; mod members;
mod roles;
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::{Guild, Member}, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::{Guild, Member},
utils::{get_auth_header, global_checks},
}; };
pub fn web() -> Scope { pub fn web() -> Scope {
@ -34,9 +38,9 @@ pub fn web() -> Scope {
} }
/// `GET /api/v1/guilds/{uuid}` DESCRIPTION /// `GET /api/v1/guilds/{uuid}` DESCRIPTION
/// ///
/// requires auth: yes /// requires auth: yes
/// ///
/// ### Response Example /// ### Response Example
/// ``` /// ```
/// json!({ /// json!({
@ -65,7 +69,7 @@ pub fn web() -> Scope {
/// ], /// ],
/// "member_count": 20 /// "member_count": 20
/// }); /// });
/// ``` /// ```
#[get("/{uuid}")] #[get("/{uuid}")]
pub async fn get( pub async fn get(
req: HttpRequest, req: HttpRequest,

6
src/api/v1/guilds/uuid/roles/mod.rs
View file

@ -3,7 +3,11 @@ use actix_web::{HttpRequest, HttpResponse, get, post, web};
use serde::Deserialize; use serde::Deserialize;
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::{Member, Role}, utils::{get_auth_header, global_checks, order_by_is_above}, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::{Member, Role},
utils::{get_auth_header, global_checks, order_by_is_above},
}; };
pub mod uuid; pub mod uuid;

6
src/api/v1/guilds/uuid/roles/uuid.rs
View file

@ -1,5 +1,9 @@
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::{Member, Role}, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::{Member, Role},
utils::{get_auth_header, global_checks},
}; };
use ::uuid::Uuid; use ::uuid::Uuid;
use actix_web::{HttpRequest, HttpResponse, get, web}; use actix_web::{HttpRequest, HttpResponse, get, web};

11
src/api/v1/invites/id.rs
View file

@ -1,14 +1,15 @@
use actix_web::{HttpRequest, HttpResponse, get, post, web}; use actix_web::{HttpRequest, HttpResponse, get, post, web};
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::{Guild, Invite, Member}, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::{Guild, Invite, Member},
utils::{get_auth_header, global_checks},
}; };
#[get("{id}")] #[get("{id}")]
pub async fn get( pub async fn get(path: web::Path<(String,)>, data: web::Data<Data>) -> Result<HttpResponse, Error> {
path: web::Path<(String,)>,
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let mut conn = data.pool.get().await?; let mut conn = data.pool.get().await?;
let invite_id = path.into_inner().0; let invite_id = path.into_inner().0;

17
src/api/v1/me/guilds.rs
View file

@ -1,14 +1,19 @@
//! `/api/v1/me/guilds` Contains endpoint related to guild memberships //! `/api/v1/me/guilds` Contains endpoint related to guild memberships
use actix_web::{get, web, HttpRequest, HttpResponse}; use actix_web::{HttpRequest, HttpResponse, get, web};
use crate::{api::v1::auth::check_access_token, error::Error, structs::Me, utils::{get_auth_header, global_checks}, Data};
use crate::{
Data,
api::v1::auth::check_access_token,
error::Error,
structs::Me,
utils::{get_auth_header, global_checks},
};
/// `GET /api/v1/me/guilds` Returns all guild memberships in a list /// `GET /api/v1/me/guilds` Returns all guild memberships in a list
/// ///
/// requires auth: yes /// requires auth: yes
/// ///
/// ### Example Response /// ### Example Response
/// ``` /// ```
/// json!([ /// json!([
@ -44,4 +49,4 @@ pub async fn get(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
let memberships = me.fetch_memberships(&data).await?; let memberships = me.fetch_memberships(&data).await?;
Ok(HttpResponse::Ok().json(memberships)) Ok(HttpResponse::Ok().json(memberships))
} }

14
src/api/v1/me/mod.rs
View file

@ -3,7 +3,11 @@ use actix_web::{HttpRequest, HttpResponse, Scope, get, patch, web};
use serde::Deserialize; use serde::Deserialize;
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::Me, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::Me,
utils::{get_auth_header, global_checks},
}; };
mod guilds; mod guilds;
@ -59,7 +63,13 @@ pub async fn update(
let uuid = check_access_token(auth_header, &mut conn).await?; let uuid = check_access_token(auth_header, &mut conn).await?;
if form.avatar.is_some() || form.json.0.clone().is_some_and(|ni| ni.username.is_some() || ni.display_name.is_some()) { if form.avatar.is_some()
|| form
.json
.0
.clone()
.is_some_and(|ni| ni.username.is_some() || ni.display_name.is_some())
{
global_checks(&data, uuid).await?; global_checks(&data, uuid).await?;
} }

4
src/api/v1/mod.rs
View file

@ -4,11 +4,11 @@ use actix_web::{Scope, web};
mod auth; mod auth;
mod channels; mod channels;
mod invites;
mod guilds; mod guilds;
mod invites;
mod me;
mod stats; mod stats;
mod users; mod users;
mod me;
pub fn web() -> Scope { pub fn web() -> Scope {
web::scope("/v1") web::scope("/v1")

4
src/api/v1/stats.rs
View file

@ -25,9 +25,9 @@ struct Response {
} }
/// `GET /api/v1/` Returns stats about the server /// `GET /api/v1/` Returns stats about the server
/// ///
/// requires auth: no /// requires auth: no
/// ///
/// ### Response Example /// ### Response Example
/// ``` /// ```
/// json!({ /// json!({

16
src/api/v1/users/mod.rs
View file

@ -3,23 +3,25 @@
use actix_web::{HttpRequest, HttpResponse, Scope, get, web}; use actix_web::{HttpRequest, HttpResponse, Scope, get, web};
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::{StartAmountQuery, User}, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::{StartAmountQuery, User},
utils::{get_auth_header, global_checks},
}; };
mod uuid; mod uuid;
pub fn web() -> Scope { pub fn web() -> Scope {
web::scope("/users") web::scope("/users").service(get).service(uuid::get)
.service(get)
.service(uuid::get)
} }
/// `GET /api/v1/users` Returns all users on this instance /// `GET /api/v1/users` Returns all users on this instance
/// ///
/// requires auth: yes /// requires auth: yes
/// ///
/// requires admin: yes /// requires admin: yes
/// ///
/// ### Response Example /// ### Response Example
/// ``` /// ```
/// json!([ /// json!([

12
src/api/v1/users/uuid.rs
View file

@ -4,15 +4,19 @@ use actix_web::{HttpRequest, HttpResponse, get, web};
use uuid::Uuid; use uuid::Uuid;
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, structs::User, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
structs::User,
utils::{get_auth_header, global_checks},
}; };
/// `GET /api/v1/users/{uuid}` Returns user with the given UUID /// `GET /api/v1/users/{uuid}` Returns user with the given UUID
/// ///
/// requires auth: yes /// requires auth: yes
/// ///
/// requires relation: yes /// requires relation: yes
/// ///
/// ### Response Example /// ### Response Example
/// ``` /// ```
/// json!({ /// json!({

4
src/api/versions.rs
View file

@ -12,9 +12,9 @@ struct Response {
struct UnstableFeatures; struct UnstableFeatures;
/// `GET /api/versions` Returns info about api versions. /// `GET /api/versions` Returns info about api versions.
/// ///
/// requires auth: no /// requires auth: no
/// ///
/// ### Response Example /// ### Response Example
/// ``` /// ```
/// json!({ /// json!({

4
src/error.rs
View file

@ -12,6 +12,9 @@ use bunny_api_tokio::error::Error as BunnyError;
use deadpool::managed::{BuildError, PoolError}; use deadpool::managed::{BuildError, PoolError};
use diesel::{ConnectionError, result::Error as DieselError}; use diesel::{ConnectionError, result::Error as DieselError};
use diesel_async::pooled_connection::PoolError as DieselPoolError; use diesel_async::pooled_connection::PoolError as DieselPoolError;
use lettre::{
address::AddressError, error::Error as EmailError, transport::smtp::Error as SmtpError,
};
use log::{debug, error}; use log::{debug, error};
use redis::RedisError; use redis::RedisError;
use serde::Serialize; use serde::Serialize;
@ -19,7 +22,6 @@ use serde_json::Error as JsonError;
use thiserror::Error; use thiserror::Error;
use tokio::task::JoinError; use tokio::task::JoinError;
use toml::de::Error as TomlError; use toml::de::Error as TomlError;
use lettre::{error::Error as EmailError, address::AddressError, transport::smtp::Error as SmtpError};
#[derive(Debug, Error)] #[derive(Debug, Error)]
pub enum Error { pub enum Error {

9
src/main.rs
View file

@ -6,8 +6,8 @@ use diesel_async::pooled_connection::AsyncDieselConnectionManager;
use diesel_async::pooled_connection::deadpool::Pool; use diesel_async::pooled_connection::deadpool::Pool;
use error::Error; use error::Error;
use simple_logger::SimpleLogger; use simple_logger::SimpleLogger;
use structs::MailClient;
use std::time::SystemTime; use std::time::SystemTime;
use structs::MailClient;
mod config; mod config;
use config::{Config, ConfigBuilder}; use config::{Config, ConfigBuilder};
use diesel_migrations::{EmbeddedMigrations, MigrationHarness, embed_migrations}; use diesel_migrations::{EmbeddedMigrations, MigrationHarness, embed_migrations};
@ -76,7 +76,12 @@ async fn main() -> Result<(), Error> {
let mail = config.mail.clone(); let mail = config.mail.clone();
let mail_client = MailClient::new(mail.smtp.credentials(), mail.smtp.server, mail.address, mail.tls)?; let mail_client = MailClient::new(
mail.smtp.credentials(),
mail.smtp.server,
mail.address,
mail.tls,
)?;
let database_url = config.database.url(); let database_url = config.database.url();

130
src/structs.rs
View file

@ -1,22 +1,36 @@
use actix_web::web::BytesMut; use actix_web::web::BytesMut;
use argon2::{
PasswordHasher,
password_hash::{SaltString, rand_core::OsRng},
};
use chrono::Utc; use chrono::Utc;
use diesel::{ use diesel::{
delete, dsl::now, insert_into, prelude::{Insertable, Queryable}, update, ExpressionMethods, QueryDsl, Selectable, SelectableHelper ExpressionMethods, QueryDsl, Selectable, SelectableHelper, delete,
dsl::now,
insert_into,
prelude::{Insertable, Queryable},
update,
}; };
use diesel_async::{RunQueryDsl, pooled_connection::AsyncDieselConnectionManager}; use diesel_async::{RunQueryDsl, pooled_connection::AsyncDieselConnectionManager};
use lettre::{message::{Mailbox, MessageBuilder as EmailBuilder, MultiPart}, transport::smtp::authentication::Credentials, AsyncSmtpTransport, AsyncTransport, Message as Email, Tokio1Executor}; use lettre::{
AsyncSmtpTransport, AsyncTransport, Message as Email, Tokio1Executor,
message::{Mailbox, MessageBuilder as EmailBuilder, MultiPart},
transport::smtp::authentication::Credentials,
};
use log::debug; use log::debug;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use tokio::task; use tokio::task;
use url::Url; use url::Url;
use uuid::Uuid; use uuid::Uuid;
use argon2::{
PasswordHasher,
password_hash::{SaltString, rand_core::OsRng},
};
use crate::{ use crate::{
error::Error, schema::*, utils::{generate_refresh_token, global_checks, image_check, order_by_is_above, user_uuid_from_identifier, EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX}, Conn, Data Conn, Data,
error::Error,
schema::*,
utils::{
EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX, generate_refresh_token, global_checks,
image_check, order_by_is_above, user_uuid_from_identifier,
},
}; };
pub trait HasUuid { pub trait HasUuid {
@ -61,7 +75,12 @@ pub struct MailClient {
} }
impl MailClient { impl MailClient {
pub fn new<T: Into<MailTls>>(creds: Credentials, smtp_server: String, mbox: String, tls: T) -> Result<Self, Error> { pub fn new<T: Into<MailTls>>(
creds: Credentials,
smtp_server: String,
mbox: String,
tls: T,
) -> Result<Self, Error> {
Ok(Self { Ok(Self {
creds, creds,
smtp_server, smtp_server,
@ -71,15 +90,16 @@ impl MailClient {
} }
pub fn message_builder(&self) -> EmailBuilder { pub fn message_builder(&self) -> EmailBuilder {
Email::builder() Email::builder().from(self.mbox.clone())
.from(self.mbox.clone())
} }
pub async fn send_mail(&self, email: Email) -> Result<(), Error> { pub async fn send_mail(&self, email: Email) -> Result<(), Error> {
let mailer: AsyncSmtpTransport<Tokio1Executor> = match self.tls { let mailer: AsyncSmtpTransport<Tokio1Executor> = match self.tls {
MailTls::StartTls => AsyncSmtpTransport::<Tokio1Executor>::starttls_relay(&self.smtp_server)? MailTls::StartTls => {
.credentials(self.creds.clone()) AsyncSmtpTransport::<Tokio1Executor>::starttls_relay(&self.smtp_server)?
.build(), .credentials(self.creds.clone())
.build()
}
MailTls::Tls => AsyncSmtpTransport::<Tokio1Executor>::relay(&self.smtp_server)? MailTls::Tls => AsyncSmtpTransport::<Tokio1Executor>::relay(&self.smtp_server)?
.credentials(self.creds.clone()) .credentials(self.creds.clone())
.build(), .build(),
@ -256,7 +276,11 @@ impl Channel {
data.set_cache_key(channel_uuid.to_string(), channel.clone(), 1800) data.set_cache_key(channel_uuid.to_string(), channel.clone(), 1800)
.await?; .await?;
if let Ok(_) = data.get_cache_key(format!("{}_channels", guild_uuid)).await { if data
.get_cache_key(format!("{}_channels", guild_uuid))
.await
.is_ok()
{
data.del_cache_key(format!("{}_channels", guild_uuid)) data.del_cache_key(format!("{}_channels", guild_uuid))
.await?; .await?;
} }
@ -273,7 +297,7 @@ impl Channel {
.execute(&mut conn) .execute(&mut conn)
.await?; .await?;
if let Ok(_) = data.get_cache_key(self.uuid.to_string()).await { if data.get_cache_key(self.uuid.to_string()).await.is_ok() {
data.del_cache_key(self.uuid.to_string()).await?; data.del_cache_key(self.uuid.to_string()).await?;
} }
@ -300,9 +324,7 @@ impl Channel {
.await, .await,
)?; )?;
let message_futures = messages.iter().map(async move |b| { let message_futures = messages.iter().map(async move |b| b.build(data).await);
b.build(data).await
});
futures::future::try_join_all(message_futures).await futures::future::try_join_all(message_futures).await
} }
@ -708,7 +730,11 @@ impl Member {
Ok(count) Ok(count)
} }
pub async fn check_membership(conn: &mut Conn, user_uuid: Uuid, guild_uuid: Uuid) -> Result<(), Error> { pub async fn check_membership(
conn: &mut Conn,
user_uuid: Uuid,
guild_uuid: Uuid,
) -> Result<(), Error> {
use guild_members::dsl; use guild_members::dsl;
dsl::guild_members dsl::guild_members
.filter(dsl::user_uuid.eq(user_uuid)) .filter(dsl::user_uuid.eq(user_uuid))
@ -720,11 +746,7 @@ impl Member {
Ok(()) Ok(())
} }
pub async fn fetch_one( pub async fn fetch_one(data: &Data, user_uuid: Uuid, guild_uuid: Uuid) -> Result<Self, Error> {
data: &Data,
user_uuid: Uuid,
guild_uuid: Uuid,
) -> Result<Self, Error> {
let mut conn = data.pool.get().await?; let mut conn = data.pool.get().await?;
use guild_members::dsl; use guild_members::dsl;
@ -747,12 +769,12 @@ impl Member {
.filter(dsl::guild_uuid.eq(guild_uuid)) .filter(dsl::guild_uuid.eq(guild_uuid))
.select(MemberBuilder::as_select()) .select(MemberBuilder::as_select())
.load(&mut conn) .load(&mut conn)
.await .await,
)?; )?;
let member_futures = member_builders.iter().map(async move |m| { let member_futures = member_builders
m.build(data).await .iter()
}); .map(async move |m| m.build(data).await);
futures::future::try_join_all(member_futures).await futures::future::try_join_all(member_futures).await
} }
@ -921,15 +943,16 @@ impl Me {
let user = User::fetch_one(data, self.uuid).await?; let user = User::fetch_one(data, self.uuid).await?;
let memberships = member_builders.iter().map(|m| { let memberships = member_builders
Member { .iter()
.map(|m| Member {
uuid: m.uuid, uuid: m.uuid,
nickname: m.nickname.clone(), nickname: m.nickname.clone(),
user_uuid: m.user_uuid, user_uuid: m.user_uuid,
guild_uuid: m.guild_uuid, guild_uuid: m.guild_uuid,
user: user.clone(), user: user.clone(),
} })
}).collect(); .collect();
Ok(memberships) Ok(memberships)
} }
@ -1070,6 +1093,7 @@ impl EmailToken {
Ok(email_token) Ok(email_token)
} }
#[allow(clippy::new_ret_no_self)]
pub async fn new(data: &Data, me: Me) -> Result<(), Error> { pub async fn new(data: &Data, me: Me) -> Result<(), Error> {
let token = generate_refresh_token()?; let token = generate_refresh_token()?;
@ -1077,7 +1101,11 @@ impl EmailToken {
use email_tokens::dsl; use email_tokens::dsl;
insert_into(email_tokens::table) insert_into(email_tokens::table)
.values((dsl::user_uuid.eq(me.uuid), dsl::token.eq(&token), dsl::created_at.eq(now))) .values((
dsl::user_uuid.eq(me.uuid),
dsl::token.eq(&token),
dsl::created_at.eq(now),
))
.execute(&mut conn) .execute(&mut conn)
.await?; .await?;
@ -1095,10 +1123,7 @@ impl EmailToken {
format!(r#"<html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>:root{{--header-text-colour: #ffffff;--footer-text-colour: #7f7f7f;--button-text-colour: #170e08;--text-colour: #170e08;--background-colour: #fbf6f2;--primary-colour: #df5f0b;--secondary-colour: #e8ac84;--accent-colour: #e68b4e;}}@media (prefers-color-scheme: dark){{:root{{--header-text-colour: #ffffff;--footer-text-colour: #585858;--button-text-colour: #ffffff;--text-colour: #f7eee8;--background-colour: #0c0704;--primary-colour: #f4741f;--secondary-colour: #7c4018;--accent-colour: #b35719;}}}}@media (max-width: 600px){{.container{{width: 100%;}}}}body{{font-family: Arial, sans-serif;align-content: center;text-align: center;margin: 0;padding: 0;background-color: var(--background-colour);color: var(--text-colour);width: 100%;max-width: 600px;margin: 0 auto;border-radius: 5px;}}.header{{background-color: var(--primary-colour);color: var(--header-text-colour);padding: 20px;}}.verify-button{{background-color: var(--accent-colour);color: var(--button-text-colour);padding: 12px 30px;margin: 16px;font-size: 20px;transition: background-color 0.3s;cursor: pointer;border: none;border-radius: 14px;text-decoration: none;display: inline-block;}}.verify-button:hover{{background-color: var(--secondary-colour);}}.content{{padding: 20px 30px;}}.footer{{padding: 10px;font-size: 12px;color: var(--footer-text-colour);}}</style></head><body><div class="container"><div class="header"><h1>Verify your {} Account</h1></div><div class="content"><h2>Hello, {}!</h2><p>Thanks for creating a new account on Gorb.</p><p>The final step to create your account is to verify your email address by clicking the button below, within 24 hours.</p><a href="{}" class="verify-button">VERIFY ACCOUNT</a><p>If you didn't ask to verify this address, you can safely ignore this email.</p><div class="footer"><p>Thanks<br>The gorb team.</p></div></div></div></body></html>"#, data.config.instance.name, me.username, verify_endpoint) format!(r#"<html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>:root{{--header-text-colour: #ffffff;--footer-text-colour: #7f7f7f;--button-text-colour: #170e08;--text-colour: #170e08;--background-colour: #fbf6f2;--primary-colour: #df5f0b;--secondary-colour: #e8ac84;--accent-colour: #e68b4e;}}@media (prefers-color-scheme: dark){{:root{{--header-text-colour: #ffffff;--footer-text-colour: #585858;--button-text-colour: #ffffff;--text-colour: #f7eee8;--background-colour: #0c0704;--primary-colour: #f4741f;--secondary-colour: #7c4018;--accent-colour: #b35719;}}}}@media (max-width: 600px){{.container{{width: 100%;}}}}body{{font-family: Arial, sans-serif;align-content: center;text-align: center;margin: 0;padding: 0;background-color: var(--background-colour);color: var(--text-colour);width: 100%;max-width: 600px;margin: 0 auto;border-radius: 5px;}}.header{{background-color: var(--primary-colour);color: var(--header-text-colour);padding: 20px;}}.verify-button{{background-color: var(--accent-colour);color: var(--button-text-colour);padding: 12px 30px;margin: 16px;font-size: 20px;transition: background-color 0.3s;cursor: pointer;border: none;border-radius: 14px;text-decoration: none;display: inline-block;}}.verify-button:hover{{background-color: var(--secondary-colour);}}.content{{padding: 20px 30px;}}.footer{{padding: 10px;font-size: 12px;color: var(--footer-text-colour);}}</style></head><body><div class="container"><div class="header"><h1>Verify your {} Account</h1></div><div class="content"><h2>Hello, {}!</h2><p>Thanks for creating a new account on Gorb.</p><p>The final step to create your account is to verify your email address by clicking the button below, within 24 hours.</p><a href="{}" class="verify-button">VERIFY ACCOUNT</a><p>If you didn't ask to verify this address, you can safely ignore this email.</p><div class="footer"><p>Thanks<br>The gorb team.</p></div></div></div></body></html>"#, data.config.instance.name, me.username, verify_endpoint)
))?; ))?;
data data.mail_client.send_mail(email).await?;
.mail_client
.send_mail(email)
.await?;
Ok(()) Ok(())
} }
@ -1136,7 +1161,10 @@ impl PasswordResetToken {
Ok(password_reset_token) Ok(password_reset_token)
} }
pub async fn get_with_identifier(conn: &mut Conn, identifier: String) -> Result<PasswordResetToken, Error> { pub async fn get_with_identifier(
conn: &mut Conn,
identifier: String,
) -> Result<PasswordResetToken, Error> {
let user_uuid = user_uuid_from_identifier(conn, &identifier).await?; let user_uuid = user_uuid_from_identifier(conn, &identifier).await?;
use password_reset_tokens::dsl; use password_reset_tokens::dsl;
@ -1149,6 +1177,7 @@ impl PasswordResetToken {
Ok(password_reset_token) Ok(password_reset_token)
} }
#[allow(clippy::new_ret_no_self)]
pub async fn new(data: &Data, identifier: String) -> Result<(), Error> { pub async fn new(data: &Data, identifier: String) -> Result<(), Error> {
let token = generate_refresh_token()?; let token = generate_refresh_token()?;
@ -1156,7 +1185,7 @@ impl PasswordResetToken {
let user_uuid = user_uuid_from_identifier(&mut conn, &identifier).await?; let user_uuid = user_uuid_from_identifier(&mut conn, &identifier).await?;
global_checks(&data, user_uuid).await?; global_checks(data, user_uuid).await?;
use users::dsl as udsl; use users::dsl as udsl;
let (username, email_address): (String, String) = udsl::users let (username, email_address): (String, String) = udsl::users
@ -1167,7 +1196,11 @@ impl PasswordResetToken {
use password_reset_tokens::dsl; use password_reset_tokens::dsl;
insert_into(password_reset_tokens::table) insert_into(password_reset_tokens::table)
.values((dsl::user_uuid.eq(user_uuid), dsl::token.eq(&token), dsl::created_at.eq(now))) .values((
dsl::user_uuid.eq(user_uuid),
dsl::token.eq(&token),
dsl::created_at.eq(now),
))
.execute(&mut conn) .execute(&mut conn)
.await?; .await?;
@ -1185,17 +1218,16 @@ impl PasswordResetToken {
format!(r#"<html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>:root {{--header-text-colour: #ffffff;--footer-text-colour: #7f7f7f;--button-text-colour: #170e08;--text-colour: #170e08;--background-colour: #fbf6f2;--primary-colour: #df5f0b;--secondary-colour: #e8ac84;--accent-colour: #e68b4e;}}@media (prefers-color-scheme: dark) {{:root {{--header-text-colour: #ffffff;--footer-text-colour: #585858;--button-text-colour: #ffffff;--text-colour: #f7eee8;--background-colour: #0c0704;--primary-colour: #f4741f;--secondary-colour: #7c4018;--accent-colour: #b35719;}}}}@media (max-width: 600px) {{.container {{width: 100%;}}}}body {{font-family: Arial, sans-serif;align-content: center;text-align: center;margin: 0;padding: 0;background-color: var(--background-colour);color: var(--text-colour);width: 100%;max-width: 600px;margin: 0 auto;border-radius: 5px;}}.header {{background-color: var(--primary-colour);color: var(--header-text-colour);padding: 20px;}}.verify-button {{background-color: var(--accent-colour);color: var(--button-text-colour);padding: 12px 30px;margin: 16px;font-size: 20px;transition: background-color 0.3s;cursor: pointer;border: none;border-radius: 14px;text-decoration: none;display: inline-block;}}.verify-button:hover {{background-color: var(--secondary-colour);}}.content {{padding: 20px 30px;}}.footer {{padding: 10px;font-size: 12px;color: var(--footer-text-colour);}}</style></head><body><div class="container"><div class="header"><h1>{} Password Reset</h1></div><div class="content"><h2>Hello, {}!</h2><p>Someone requested a password reset for your Gorb account.</p><p>Click the button below within 24 hours to reset your password.</p><a href="{}" class="verify-button">RESET PASSWORD</a><p>If you didn't request a password reset, don't worry, your account is safe and you can safely ignore this email.</p><div class="footer"><p>Thanks<br>The gorb team.</p></div></div></div></body></html>"#, data.config.instance.name, username, reset_endpoint) format!(r#"<html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>:root {{--header-text-colour: #ffffff;--footer-text-colour: #7f7f7f;--button-text-colour: #170e08;--text-colour: #170e08;--background-colour: #fbf6f2;--primary-colour: #df5f0b;--secondary-colour: #e8ac84;--accent-colour: #e68b4e;}}@media (prefers-color-scheme: dark) {{:root {{--header-text-colour: #ffffff;--footer-text-colour: #585858;--button-text-colour: #ffffff;--text-colour: #f7eee8;--background-colour: #0c0704;--primary-colour: #f4741f;--secondary-colour: #7c4018;--accent-colour: #b35719;}}}}@media (max-width: 600px) {{.container {{width: 100%;}}}}body {{font-family: Arial, sans-serif;align-content: center;text-align: center;margin: 0;padding: 0;background-color: var(--background-colour);color: var(--text-colour);width: 100%;max-width: 600px;margin: 0 auto;border-radius: 5px;}}.header {{background-color: var(--primary-colour);color: var(--header-text-colour);padding: 20px;}}.verify-button {{background-color: var(--accent-colour);color: var(--button-text-colour);padding: 12px 30px;margin: 16px;font-size: 20px;transition: background-color 0.3s;cursor: pointer;border: none;border-radius: 14px;text-decoration: none;display: inline-block;}}.verify-button:hover {{background-color: var(--secondary-colour);}}.content {{padding: 20px 30px;}}.footer {{padding: 10px;font-size: 12px;color: var(--footer-text-colour);}}</style></head><body><div class="container"><div class="header"><h1>{} Password Reset</h1></div><div class="content"><h2>Hello, {}!</h2><p>Someone requested a password reset for your Gorb account.</p><p>Click the button below within 24 hours to reset your password.</p><a href="{}" class="verify-button">RESET PASSWORD</a><p>If you didn't request a password reset, don't worry, your account is safe and you can safely ignore this email.</p><div class="footer"><p>Thanks<br>The gorb team.</p></div></div></div></body></html>"#, data.config.instance.name, username, reset_endpoint)
))?; ))?;
data data.mail_client.send_mail(email).await?;
.mail_client
.send_mail(email)
.await?;
Ok(()) Ok(())
} }
pub async fn set_password(&self, data: &Data, password: String) -> Result<(), Error> { pub async fn set_password(&self, data: &Data, password: String) -> Result<(), Error> {
if !PASSWORD_REGEX.is_match(&password) { if !PASSWORD_REGEX.is_match(&password) {
return Err(Error::BadRequest("Please provide a valid password".to_string())) return Err(Error::BadRequest(
"Please provide a valid password".to_string(),
));
} }
let salt = SaltString::generate(&mut OsRng); let salt = SaltString::generate(&mut OsRng);
@ -1204,7 +1236,7 @@ impl PasswordResetToken {
.argon2 .argon2
.hash_password(password.as_bytes(), &salt) .hash_password(password.as_bytes(), &salt)
.map_err(|e| Error::PasswordHashError(e.to_string()))?; .map_err(|e| Error::PasswordHashError(e.to_string()))?;
let mut conn = data.pool.get().await?; let mut conn = data.pool.get().await?;
use users::dsl; use users::dsl;
@ -1232,10 +1264,7 @@ impl PasswordResetToken {
format!(r#"<html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>:root {{--header-text-colour: #ffffff;--footer-text-colour: #7f7f7f;--button-text-colour: #170e08;--text-colour: #170e08;--background-colour: #fbf6f2;--primary-colour: #df5f0b;--secondary-colour: #e8ac84;--accent-colour: #e68b4e;}}@media (prefers-color-scheme: dark) {{:root {{--header-text-colour: #ffffff;--footer-text-colour: #585858;--button-text-colour: #ffffff;--text-colour: #f7eee8;--background-colour: #0c0704;--primary-colour: #f4741f;--secondary-colour: #7c4018;--accent-colour: #b35719;}}}}@media (max-width: 600px) {{.container {{width: 100%;}}}}body {{font-family: Arial, sans-serif;align-content: center;text-align: center;margin: 0;padding: 0;background-color: var(--background-colour);color: var(--text-colour);width: 100%;max-width: 600px;margin: 0 auto;border-radius: 5px;}}.header {{background-color: var(--primary-colour);color: var(--header-text-colour);padding: 20px;}}.verify-button {{background-color: var(--accent-colour);color: var(--button-text-colour);padding: 12px 30px;margin: 16px;font-size: 20px;transition: background-color 0.3s;cursor: pointer;border: none;border-radius: 14px;text-decoration: none;display: inline-block;}}.verify-button:hover {{background-color: var(--secondary-colour);}}.content {{padding: 20px 30px;}}.footer {{padding: 10px;font-size: 12px;color: var(--footer-text-colour);}}</style></head><body><div class="container"><div class="header"><h1>{} Password Reset Confirmation</h1></div><div class="content"><h2>Hello, {}!</h2><p>Your password has been successfully reset for your Gorb account.</p><p>If you did not initiate this change, please click the button below to reset your password <strong>immediately</strong>.</p><a href="{}" class="verify-button">RESET PASSWORD</a><div class="footer"><p>Thanks<br>The gorb team.</p></div></div></div></body></html>"#, data.config.instance.name, username, login_page) format!(r#"<html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>:root {{--header-text-colour: #ffffff;--footer-text-colour: #7f7f7f;--button-text-colour: #170e08;--text-colour: #170e08;--background-colour: #fbf6f2;--primary-colour: #df5f0b;--secondary-colour: #e8ac84;--accent-colour: #e68b4e;}}@media (prefers-color-scheme: dark) {{:root {{--header-text-colour: #ffffff;--footer-text-colour: #585858;--button-text-colour: #ffffff;--text-colour: #f7eee8;--background-colour: #0c0704;--primary-colour: #f4741f;--secondary-colour: #7c4018;--accent-colour: #b35719;}}}}@media (max-width: 600px) {{.container {{width: 100%;}}}}body {{font-family: Arial, sans-serif;align-content: center;text-align: center;margin: 0;padding: 0;background-color: var(--background-colour);color: var(--text-colour);width: 100%;max-width: 600px;margin: 0 auto;border-radius: 5px;}}.header {{background-color: var(--primary-colour);color: var(--header-text-colour);padding: 20px;}}.verify-button {{background-color: var(--accent-colour);color: var(--button-text-colour);padding: 12px 30px;margin: 16px;font-size: 20px;transition: background-color 0.3s;cursor: pointer;border: none;border-radius: 14px;text-decoration: none;display: inline-block;}}.verify-button:hover {{background-color: var(--secondary-colour);}}.content {{padding: 20px 30px;}}.footer {{padding: 10px;font-size: 12px;color: var(--footer-text-colour);}}</style></head><body><div class="container"><div class="header"><h1>{} Password Reset Confirmation</h1></div><div class="content"><h2>Hello, {}!</h2><p>Your password has been successfully reset for your Gorb account.</p><p>If you did not initiate this change, please click the button below to reset your password <strong>immediately</strong>.</p><a href="{}" class="verify-button">RESET PASSWORD</a><div class="footer"><p>Thanks<br>The gorb team.</p></div></div></div></body></html>"#, data.config.instance.name, username, login_page)
))?; ))?;
data data.mail_client.send_mail(email).await?;
.mail_client
.send_mail(email)
.await?;
self.delete(&mut conn).await self.delete(&mut conn).await
} }
@ -1251,4 +1280,3 @@ impl PasswordResetToken {
Ok(()) Ok(())
} }
} }

47
src/utils.rs
View file

@ -16,7 +16,10 @@ use serde::Serialize;
use uuid::Uuid; use uuid::Uuid;
use crate::{ use crate::{
error::Error, schema::users, structs::{HasIsAbove, HasUuid}, Conn, Data Conn, Data,
error::Error,
schema::users,
structs::{HasIsAbove, HasUuid},
}; };
pub static EMAIL_REGEX: LazyLock<Regex> = LazyLock::new(|| { pub static EMAIL_REGEX: LazyLock<Regex> = LazyLock::new(|| {
@ -137,27 +140,32 @@ pub fn image_check(icon: BytesMut) -> Result<String, Error> {
)) ))
} }
pub async fn user_uuid_from_identifier(conn: &mut Conn, identifier: &String) -> Result<Uuid, Error> { pub async fn user_uuid_from_identifier(
conn: &mut Conn,
identifier: &String,
) -> Result<Uuid, Error> {
if EMAIL_REGEX.is_match(identifier) { if EMAIL_REGEX.is_match(identifier) {
use users::dsl; use users::dsl;
let user_uuid = dsl::users let user_uuid = dsl::users
.filter(dsl::email.eq(identifier)) .filter(dsl::email.eq(identifier))
.select(dsl::uuid) .select(dsl::uuid)
.get_result(conn) .get_result(conn)
.await?; .await?;
Ok(user_uuid) Ok(user_uuid)
} else if USERNAME_REGEX.is_match(identifier) { } else if USERNAME_REGEX.is_match(identifier) {
use users::dsl; use users::dsl;
let user_uuid = dsl::users let user_uuid = dsl::users
.filter(dsl::username.eq(identifier)) .filter(dsl::username.eq(identifier))
.select(dsl::uuid) .select(dsl::uuid)
.get_result(conn) .get_result(conn)
.await?; .await?;
Ok(user_uuid) Ok(user_uuid)
} else { } else {
Err(Error::BadRequest("Please provide a valid username or email".to_string())) Err(Error::BadRequest(
"Please provide a valid username or email".to_string(),
))
} }
} }
@ -173,11 +181,12 @@ pub async fn global_checks(data: &Data, user_uuid: Uuid) -> Result<(), Error> {
.await?; .await?;
if !email_verified { if !email_verified {
return Err(Error::Forbidden("server requires email verification".to_string())) return Err(Error::Forbidden(
"server requires email verification".to_string(),
));
} }
} }
Ok(()) Ok(())
} }