gorb/backend
4
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

Compare commits

base: gorb:c9d3b2cd12b5c3a0eb44d5bcaa533b4d3e5abc33
Branches Tags
gorb:main
gorb:wip/messaging
gorb:wip/messaging-test
...
compare: gorb:beb9fc10bae87c332c4c6e03edd7d8c944ed947a
Branches Tags
gorb:wip/messaging
gorb:main
gorb:wip/messaging-test

2 commits
c9d3b2cd12 ... beb9fc10ba

Author SHA1 Message Date
Radical
beb9fc10ba feat: use new auth and convert to get request 2025-05-04 23:40:03 +02:00
Radical
fb76e6df08 feat: use new auth 2025-05-04 23:39:36 +02:00
2 changed files with 32 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

32
src/api/v1/servers/mod.rs
View file

@ -1,4 +1,4 @@
use actix_web::{error, post, web, Error, HttpResponse, Scope}; use actix_web::{error, post, web, Error, HttpRequest, HttpResponse, Scope};
use futures::StreamExt; use futures::StreamExt;
use log::error; use log::error;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@ -7,11 +7,10 @@ use std::time::{SystemTime, UNIX_EPOCH};
mod uuid; mod uuid;
use crate::{api::v1::auth::check_access_token, Data}; use crate::{api::v1::auth::check_access_token, utils::get_auth_header, Data};
#[derive(Deserialize)] #[derive(Deserialize)]
struct Request { struct Request {
access_token: String,
name: String, name: String,
description: Option<String>, description: Option<String>,
} }
@ -38,8 +37,25 @@ pub fn web() -> Scope {
} }
#[post("")] #[post("")]
pub async fn res(mut payload: web::Payload, data: web::Data<Data>) -> Result<HttpResponse, Error> { pub async fn res(req: HttpRequest, mut payload: web::Payload, data: web::Data<Data>) -> Result<HttpResponse, Error> {
let headers = req.headers();
let auth_header = get_auth_header(headers);
if let Err(error) = auth_header {
return Ok(error)
}
let authorized = check_access_token(auth_header.unwrap(), &data.pool).await;
if let Err(error) = authorized {
return Ok(error)
}
let uuid = authorized.unwrap();
let mut body = web::BytesMut::new(); let mut body = web::BytesMut::new();
while let Some(chunk) = payload.next().await { while let Some(chunk) = payload.next().await {
let chunk = chunk?; let chunk = chunk?;
// limit max size of in-memory payload // limit max size of in-memory payload
@ -51,14 +67,6 @@ pub async fn res(mut payload: web::Payload, data: web::Data<Data>) -> Result<Htt
let request = serde_json::from_slice::<Request>(&body)?; let request = serde_json::from_slice::<Request>(&body)?;
let authorized = check_access_token(request.access_token, &data.pool).await;
if let Err(error) = authorized {
return Ok(error)
}
let uuid = authorized.unwrap();
let guild_uuid = Uuid::now_v7(); let guild_uuid = Uuid::now_v7();
let row = sqlx::query(&format!("INSERT INTO guilds (uuid, owner_uuid, name, description) VALUES ('{}', '{}', $1, $2)", guild_uuid, uuid)) let row = sqlx::query(&format!("INSERT INTO guilds (uuid, owner_uuid, name, description) VALUES ('{}', '{}', $1, $2)", guild_uuid, uuid))

36
src/api/v1/servers/uuid/mod.rs
View file

@ -1,19 +1,13 @@
use actix_web::{error, post, web, Error, HttpResponse, Scope}; use actix_web::{get, web, Error, HttpRequest, HttpResponse, Scope};
use futures::StreamExt;
use log::error; use log::error;
use serde::{Deserialize, Serialize}; use serde::Serialize;
use sqlx::FromRow; use sqlx::FromRow;
use uuid::Uuid; use uuid::Uuid;
use std::str::FromStr; use std::str::FromStr;
mod channels; mod channels;
use crate::{api::v1::auth::check_access_token, Data}; use crate::{api::v1::auth::check_access_token, utils::get_auth_header, Data};
#[derive(Deserialize)]
struct Request {
access_token: String,
}
#[derive(Serialize)] #[derive(Serialize)]
struct Response { struct Response {
@ -35,31 +29,25 @@ struct Role {
permissions: i64, permissions: i64,
} }
const MAX_SIZE: usize = 262_144;
pub fn web() -> Scope { pub fn web() -> Scope {
web::scope("/") web::scope("/")
.service(res) .service(res)
.service(channels::web()) .service(channels::web())
} }
#[post("{uuid}")] #[get("{uuid}")]
pub async fn res(mut payload: web::Payload, path: web::Path<(Uuid,)>, data: web::Data<Data>) -> Result<HttpResponse, Error> { pub async fn res(req: HttpRequest, path: web::Path<(Uuid,)>, data: web::Data<Data>) -> Result<HttpResponse, Error> {
let mut body = web::BytesMut::new(); let headers = req.headers();
while let Some(chunk) = payload.next().await {
let chunk = chunk?; let auth_header = get_auth_header(headers);
// limit max size of in-memory payload
if (body.len() + chunk.len()) > MAX_SIZE { if let Err(error) = auth_header {
return Err(error::ErrorBadRequest("overflow")); return Ok(error)
}
body.extend_from_slice(&chunk);
} }
let guild_uuid = path.into_inner().0; let guild_uuid = path.into_inner().0;
let request = serde_json::from_slice::<Request>(&body)?; let authorized = check_access_token(auth_header.unwrap(), &data.pool).await;
let authorized = check_access_token(request.access_token, &data.pool).await;
if let Err(error) = authorized { if let Err(error) = authorized {
return Ok(error) return Ok(error)