gorb/backend
4
0
Fork 1
Code Issues 1 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

Compare commits

base: gorb:main
Branches Tags
gorb:main
gorb:wip/federation-impl
gorb:wip/local-data-folder
gorb:wip/invite-deletion
..
compare: gorb:wip/federation-impl
Branches Tags
gorb:main
gorb:wip/federation-impl
gorb:wip/local-data-folder
gorb:wip/invite-deletion

1 commit
main ... wip/federa

Author SHA1 Message Date
Radical
4972aa37c4 feat: initial stuff for federation 
this might all change completely but this is at least somewhat whats needed for federation
 2025-06-04 20:11:24 +02:00
30 changed files with 316 additions and 217 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -21,3 +21,4 @@ Cargo.lock
# option (not recommended) you can uncomment the following to ignore the entire idea folder. # option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/ #.idea/
/config.toml /config.toml
/key.pem

1
Cargo.toml
View file

@ -45,6 +45,7 @@ thiserror = "2.0.12"
actix-multipart = "0.7.2" actix-multipart = "0.7.2"
lettre = { version = "0.11.16", features = ["tokio1", "tokio1-native-tls"] } lettre = { version = "0.11.16", features = ["tokio1", "tokio1-native-tls"] }
chrono = { version = "0.4.41", features = ["serde"] } chrono = { version = "0.4.41", features = ["serde"] }
ed25519-dalek = { version = "2.1.1", features = ["pem", "pkcs8", "rand_core"] }
[dependencies.tokio] [dependencies.tokio]
version = "1.45" version = "1.45"

2
entrypoint.sh
View file

@ -65,4 +65,4 @@ rotate_log "/gorb/logs/backend.log"
# Give the DB time to start up before connecting # Give the DB time to start up before connecting
sleep 5 sleep 5
/usr/bin/gorb-backend --config /gorb/config/config.toml 2>&1 | tee /gorb/logs/backend.log /usr/bin/gorb-backend --config /gorb/config/config.toml --private-key /gorb/config/federation-privkey.pem 2>&1 | tee /gorb/logs/backend.log

3
migrations/2025-06-03-123458_federated_instances/down.sql Normal file
View file

@ -0,0 +1,3 @@
-- This file should undo anything in `up.sql`
DROP TABLE federated_users;
DROP TABLE instances;

10
migrations/2025-06-03-123458_federated_instances/up.sql Normal file
View file

@ -0,0 +1,10 @@
-- Your SQL goes here
CREATE TABLE instances (
instance_url VARCHAR(8000) PRIMARY KEY NOT NULL,
public_key VARCHAR(500) UNIQUE NOT NULL
);
CREATE TABLE federated_users (
uuid UUID PRIMARY KEY NOT NULL,
instance_url VARCHAR(8000) NOT NULL REFERENCES instances(instance_url)
);

14
migrations/2025-06-06-145916_guild_ownership_changes/down.sql
View file

@ -1,14 +0,0 @@
-- This file should undo anything in `up.sql`
ALTER TABLE guilds
ADD COLUMN owner_uuid UUID REFERENCES users(uuid);
UPDATE guilds g
SET owner_uuid = gm.user_uuid
FROM guild_members gm
WHERE gm.guild_uuid = g.uuid AND gm.is_owner = TRUE;
ALTER TABLE guilds
ALTER COLUMN owner_uuid SET NOT NULL;
ALTER TABLE guild_members
DROP COLUMN is_owner;

14
migrations/2025-06-06-145916_guild_ownership_changes/up.sql
View file

@ -1,14 +0,0 @@
-- Your SQL goes here
ALTER TABLE guild_members
ADD COLUMN is_owner BOOLEAN NOT NULL DEFAULT false;
UPDATE guild_members gm
SET is_owner = true
FROM guilds g
WHERE gm.guild_uuid = g.uuid AND gm.user_uuid = g.owner_uuid;
CREATE UNIQUE INDEX one_owner_per_guild ON guild_members (guild_uuid)
WHERE is_owner;
ALTER TABLE guilds
DROP COLUMN owner_uuid;

6
src/api/v1/auth/login.rs
View file

@ -11,7 +11,7 @@ use crate::{
error::Error, error::Error,
schema::*, schema::*,
utils::{ utils::{
PASSWORD_REGEX, generate_token, new_refresh_token_cookie, PASSWORD_REGEX, generate_access_token, generate_refresh_token, new_refresh_token_cookie,
user_uuid_from_identifier, user_uuid_from_identifier,
}, },
}; };
@ -59,8 +59,8 @@ pub async fn response(
)); ));
} }
let refresh_token = generate_token::<32>()?; let refresh_token = generate_refresh_token()?;
let access_token = generate_token::<16>()?; let access_token = generate_access_token()?;
let current_time = SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs() as i64; let current_time = SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs() as i64;

6
src/api/v1/auth/refresh.rs
View file

@ -11,7 +11,7 @@ use crate::{
access_tokens::{self, dsl}, access_tokens::{self, dsl},
refresh_tokens::{self, dsl as rdsl}, refresh_tokens::{self, dsl as rdsl},
}, },
utils::{generate_token, new_refresh_token_cookie}, utils::{generate_access_token, generate_refresh_token, new_refresh_token_cookie},
}; };
use super::Response; use super::Response;
@ -55,7 +55,7 @@ pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
let current_time = SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs() as i64; let current_time = SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs() as i64;
if lifetime > 1987200 { if lifetime > 1987200 {
let new_refresh_token = generate_token::<32>()?; let new_refresh_token = generate_refresh_token()?;
match update(refresh_tokens::table) match update(refresh_tokens::table)
.filter(rdsl::token.eq(&refresh_token)) .filter(rdsl::token.eq(&refresh_token))
@ -75,7 +75,7 @@ pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
} }
} }
let access_token = generate_token::<16>()?; let access_token = generate_access_token()?;
update(access_tokens::table) update(access_tokens::table)
.filter(dsl::refresh_token.eq(&refresh_token)) .filter(dsl::refresh_token.eq(&refresh_token))

6
src/api/v1/auth/register.rs
View file

@ -20,7 +20,7 @@ use crate::{
users::{self, dsl as udsl}, users::{self, dsl as udsl},
}, },
utils::{ utils::{
EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX, generate_token, EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX, generate_access_token, generate_refresh_token,
new_refresh_token_cookie, new_refresh_token_cookie,
}, },
}; };
@ -120,8 +120,8 @@ pub async fn res(
.execute(&mut conn) .execute(&mut conn)
.await?; .await?;
let refresh_token = generate_token::<32>()?; let refresh_token = generate_refresh_token()?;
let access_token = generate_token::<16>()?; let access_token = generate_access_token()?;
let current_time = SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs() as i64; let current_time = SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs() as i64;

14
src/api/v1/channels/uuid/mod.rs
View file

@ -4,7 +4,11 @@ pub mod messages;
pub mod socket; pub mod socket;
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, objects::{Channel, Member, Permissions}, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
objects::{Channel, Member},
utils::{get_auth_header, global_checks},
}; };
use actix_web::{HttpRequest, HttpResponse, delete, get, patch, web}; use actix_web::{HttpRequest, HttpResponse, delete, get, patch, web};
use serde::Deserialize; use serde::Deserialize;
@ -55,9 +59,7 @@ pub async fn delete(
let channel = Channel::fetch_one(&data, channel_uuid).await?; let channel = Channel::fetch_one(&data, channel_uuid).await?;
let member = Member::check_membership(&mut conn, uuid, channel.guild_uuid).await?; Member::check_membership(&mut conn, uuid, channel.guild_uuid).await?;
member.check_permission(&data, Permissions::DeleteChannel).await?;
channel.delete(&data).await?; channel.delete(&data).await?;
@ -123,9 +125,7 @@ pub async fn patch(
let mut channel = Channel::fetch_one(&data, channel_uuid).await?; let mut channel = Channel::fetch_one(&data, channel_uuid).await?;
let member = Member::check_membership(&mut conn, uuid, channel.guild_uuid).await?; Member::check_membership(&mut conn, uuid, channel.guild_uuid).await?;
member.check_permission(&data, Permissions::ManageChannel).await?;
if let Some(new_name) = &new_info.name { if let Some(new_name) = &new_info.name {
channel.set_name(&data, new_name.to_string()).await?; channel.set_name(&data, new_name.to_string()).await?;

44
src/api/v1/federation/mod.rs Normal file
View file

@ -0,0 +1,44 @@
use actix_web::{post, web, HttpRequest, Scope};
use crate::{objects::Signature, Data};
mod pubkey;
pub fn web() -> Scope {
web::scope("/federation")
.service(pubkey::get)
.service(post)
}
#[post("")]
pub async fn post(
req: HttpRequest,
channel_info: web::Json<>,
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let headers = req.headers();
let signature = Signature::from_signature_header(headers)?;
let guild_uuid = path.into_inner().0;
let mut conn = data.pool.get().await?;
let uuid = check_access_token(auth_header, &mut conn).await?;
global_checks(&data, uuid).await?;
Member::check_membership(&mut conn, uuid, guild_uuid).await?;
// FIXME: Logic to check permissions, should probably be done in utils.rs
let channel = Channel::new(
data.clone(),
guild_uuid,
channel_info.name.clone(),
channel_info.description.clone(),
)
.await?;
Ok(HttpResponse::Ok().json(channel))
}

29
src/api/v1/federation/pubkey.rs Normal file
View file

@ -0,0 +1,29 @@
//! `/api/v1/users/{uuid}` Specific user endpoints
use actix_web::{HttpResponse, get, web};
use ed25519_dalek::pkcs8::{spki::der::pem::LineEnding, EncodePublicKey};
use crate::{
Data,
error::Error,
};
/// `GET /api/v1/users/{uuid}` Returns user with the given UUID
///
/// requires auth: yes
///
/// requires relation: yes
///
/// ### Response Example
/// ```
/// ""
/// ```
/// NOTE: UUIDs in this response are made using `uuidgen`, UUIDs made by the actual backend will be UUIDv7 and have extractable timestamps
#[get("/pubkey")]
pub async fn get(
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let pubkey = data.signing_key.verifying_key().to_public_key_pem(LineEnding::LF)?;
Ok(HttpResponse::Ok().body(pubkey))
}

10
src/api/v1/guilds/uuid/channels.rs
View file

@ -1,5 +1,9 @@
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, objects::{Channel, Member, Permissions}, utils::{get_auth_header, global_checks, order_by_is_above}, Data Data,
api::v1::auth::check_access_token,
error::Error,
objects::{Channel, Member},
utils::{get_auth_header, global_checks, order_by_is_above},
}; };
use ::uuid::Uuid; use ::uuid::Uuid;
use actix_web::{HttpRequest, HttpResponse, get, post, web}; use actix_web::{HttpRequest, HttpResponse, get, post, web};
@ -70,9 +74,9 @@ pub async fn create(
global_checks(&data, uuid).await?; global_checks(&data, uuid).await?;
let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?; Member::check_membership(&mut conn, uuid, guild_uuid).await?;
member.check_permission(&data, Permissions::CreateChannel).await?; // FIXME: Logic to check permissions, should probably be done in utils.rs
let channel = Channel::new( let channel = Channel::new(
data.clone(), data.clone(),

10
src/api/v1/guilds/uuid/icon.rs
View file

@ -5,7 +5,11 @@ use futures_util::StreamExt as _;
use uuid::Uuid; use uuid::Uuid;
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, objects::{Guild, Member, Permissions}, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
objects::{Guild, Member},
utils::{get_auth_header, global_checks},
}; };
/// `PUT /api/v1/guilds/{uuid}/icon` Icon upload /// `PUT /api/v1/guilds/{uuid}/icon` Icon upload
@ -32,9 +36,7 @@ pub async fn upload(
global_checks(&data, uuid).await?; global_checks(&data, uuid).await?;
let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?; Member::check_membership(&mut conn, uuid, guild_uuid).await?;
member.check_permission(&data, Permissions::ManageServer).await?;
let mut guild = Guild::fetch_one(&mut conn, guild_uuid).await?; let mut guild = Guild::fetch_one(&mut conn, guild_uuid).await?;

10
src/api/v1/guilds/uuid/invites/mod.rs
View file

@ -3,7 +3,11 @@ use serde::Deserialize;
use uuid::Uuid; use uuid::Uuid;
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, objects::{Guild, Member, Permissions}, utils::{get_auth_header, global_checks}, Data Data,
api::v1::auth::check_access_token,
error::Error,
objects::{Guild, Member},
utils::{get_auth_header, global_checks},
}; };
#[derive(Deserialize)] #[derive(Deserialize)]
@ -57,9 +61,7 @@ pub async fn create(
global_checks(&data, uuid).await?; global_checks(&data, uuid).await?;
let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?; Member::check_membership(&mut conn, uuid, guild_uuid).await?;
member.check_permission(&data, Permissions::CreateInvite).await?;
let guild = Guild::fetch_one(&mut conn, guild_uuid).await?; let guild = Guild::fetch_one(&mut conn, guild_uuid).await?;

10
src/api/v1/guilds/uuid/roles/mod.rs
View file

@ -3,7 +3,11 @@ use actix_web::{HttpRequest, HttpResponse, get, post, web};
use serde::Deserialize; use serde::Deserialize;
use crate::{ use crate::{
api::v1::auth::check_access_token, error::Error, objects::{Member, Permissions, Role}, utils::{get_auth_header, global_checks, order_by_is_above}, Data Data,
api::v1::auth::check_access_token,
error::Error,
objects::{Member, Role},
utils::{get_auth_header, global_checks, order_by_is_above},
}; };
pub mod uuid; pub mod uuid;
@ -66,9 +70,9 @@ pub async fn create(
global_checks(&data, uuid).await?; global_checks(&data, uuid).await?;
let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?; Member::check_membership(&mut conn, uuid, guild_uuid).await?;
member.check_permission(&data, Permissions::CreateRole).await?; // FIXME: Logic to check permissions, should probably be done in utils.rs
let role = Role::new(&mut conn, guild_uuid, role_info.name.clone()).await?; let role = Role::new(&mut conn, guild_uuid, role_info.name.clone()).await?;

2
src/api/v1/mod.rs
View file

@ -9,6 +9,7 @@ mod invites;
mod me; mod me;
mod stats; mod stats;
mod users; mod users;
mod federation;
pub fn web() -> Scope { pub fn web() -> Scope {
web::scope("/v1") web::scope("/v1")
@ -19,4 +20,5 @@ pub fn web() -> Scope {
.service(guilds::web()) .service(guilds::web())
.service(invites::web()) .service(invites::web())
.service(me::web()) .service(me::web())
.service(federation::web())
} }

5
src/error.rs
View file

@ -12,6 +12,7 @@ use bunny_api_tokio::error::Error as BunnyError;
use deadpool::managed::{BuildError, PoolError}; use deadpool::managed::{BuildError, PoolError};
use diesel::{ConnectionError, result::Error as DieselError}; use diesel::{ConnectionError, result::Error as DieselError};
use diesel_async::pooled_connection::PoolError as DieselPoolError; use diesel_async::pooled_connection::PoolError as DieselPoolError;
use ed25519_dalek::pkcs8::{self, spki};
use lettre::{ use lettre::{
address::AddressError, error::Error as EmailError, transport::smtp::Error as SmtpError, address::AddressError, error::Error as EmailError, transport::smtp::Error as SmtpError,
}; };
@ -63,6 +64,10 @@ pub enum Error {
SmtpError(#[from] SmtpError), SmtpError(#[from] SmtpError),
#[error(transparent)] #[error(transparent)]
SmtpAddressError(#[from] AddressError), SmtpAddressError(#[from] AddressError),
#[error(transparent)]
Pkcs8Error(#[from] pkcs8::Error),
#[error(transparent)]
SpkiError(#[from] spki::Error),
#[error("{0}")] #[error("{0}")]
PasswordHashError(String), PasswordHashError(String),
#[error("{0}")] #[error("{0}")]

20
src/main.rs
View file

@ -1,12 +1,14 @@
use actix_cors::Cors; use actix_cors::Cors;
use actix_web::{App, HttpServer, web}; use actix_web::{App, HttpServer, web};
use argon2::Argon2; use argon2::{password_hash::rand_core::OsRng, Argon2};
use clap::Parser; use clap::Parser;
use diesel_async::pooled_connection::AsyncDieselConnectionManager; use diesel_async::pooled_connection::AsyncDieselConnectionManager;
use diesel_async::pooled_connection::deadpool::Pool; use diesel_async::pooled_connection::deadpool::Pool;
use ed25519_dalek::{pkcs8::{spki::der::pem::LineEnding, DecodePrivateKey, EncodePrivateKey}, SigningKey};
use error::Error; use error::Error;
use objects::MailClient; use objects::MailClient;
use simple_logger::SimpleLogger; use simple_logger::SimpleLogger;
use tokio::{fs::{read_to_string, File}, io::AsyncWriteExt};
use std::time::SystemTime; use std::time::SystemTime;
mod config; mod config;
use config::{Config, ConfigBuilder}; use config::{Config, ConfigBuilder};
@ -28,6 +30,8 @@ pub mod utils;
struct Args { struct Args {
#[arg(short, long, default_value_t = String::from("/etc/gorb/config.toml"))] #[arg(short, long, default_value_t = String::from("/etc/gorb/config.toml"))]
config: String, config: String,
#[arg(short, long, default_value_t = String::from("/etc/gorb/privkey.pem"))]
private_key: String,
} }
#[derive(Clone)] #[derive(Clone)]
@ -42,6 +46,7 @@ pub struct Data {
pub start_time: SystemTime, pub start_time: SystemTime,
pub bunny_cdn: bunny_api_tokio::Client, pub bunny_cdn: bunny_api_tokio::Client,
pub mail_client: MailClient, pub mail_client: MailClient,
pub signing_key: SigningKey,
} }
#[tokio::main] #[tokio::main]
@ -98,6 +103,18 @@ async fn main() -> Result<(), Error> {
.await? .await?
.unwrap(); .unwrap();
let signing_key;
if let Ok(content) = read_to_string(&args.private_key).await {
signing_key = SigningKey::from_pkcs8_pem(&content)?;
} else {
let mut csprng = OsRng;
signing_key = tokio::task::spawn_blocking(move || SigningKey::generate(&mut csprng)).await?;
let mut file = File::create(args.private_key).await?;
file.write_all(signing_key.to_pkcs8_pem(LineEnding::LF)?.as_bytes()).await?;
}
/* /*
**Stored for later possible use** **Stored for later possible use**
@ -124,6 +141,7 @@ async fn main() -> Result<(), Error> {
start_time: SystemTime::now(), start_time: SystemTime::now(),
bunny_cdn, bunny_cdn,
mail_client, mail_client,
signing_key,
}; };
HttpServer::new(move || { HttpServer::new(move || {

31
src/objects/channel.rs
View file

@ -198,46 +198,15 @@ impl Channel {
let mut conn = data.pool.get().await?; let mut conn = data.pool.get().await?;
use channels::dsl; use channels::dsl;
match update(channels::table)
.filter(dsl::is_above.eq(self.uuid))
.set(dsl::is_above.eq(None::<Uuid>))
.execute(&mut conn)
.await
{
Ok(r) => Ok(r),
Err(diesel::result::Error::NotFound) => Ok(0),
Err(e) => Err(e),
}?;
delete(channels::table) delete(channels::table)
.filter(dsl::uuid.eq(self.uuid)) .filter(dsl::uuid.eq(self.uuid))
.execute(&mut conn) .execute(&mut conn)
.await?; .await?;
match update(channels::table)
.filter(dsl::is_above.eq(self.uuid))
.set(dsl::is_above.eq(self.is_above))
.execute(&mut conn)
.await
{
Ok(r) => Ok(r),
Err(diesel::result::Error::NotFound) => Ok(0),
Err(e) => Err(e),
}?;
if data.get_cache_key(self.uuid.to_string()).await.is_ok() { if data.get_cache_key(self.uuid.to_string()).await.is_ok() {
data.del_cache_key(self.uuid.to_string()).await?; data.del_cache_key(self.uuid.to_string()).await?;
} }
if data
.get_cache_key(format!("{}_channels", self.guild_uuid))
.await
.is_ok()
{
data.del_cache_key(format!("{}_channels", self.guild_uuid))
.await?;
}
Ok(()) Ok(())
} }

4
src/objects/email_token.rs
View file

@ -3,7 +3,7 @@ use lettre::message::MultiPart;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use uuid::Uuid; use uuid::Uuid;
use crate::{Data, error::Error, utils::generate_token}; use crate::{Data, error::Error, utils::generate_refresh_token};
use super::Me; use super::Me;
@ -23,7 +23,7 @@ impl EmailToken {
#[allow(clippy::new_ret_no_self)] #[allow(clippy::new_ret_no_self)]
pub async fn new(data: &Data, me: Me) -> Result<(), Error> { pub async fn new(data: &Data, me: Me) -> Result<(), Error> {
let token = generate_token::<32>()?; let token = generate_refresh_token()?;
let email_token = EmailToken { let email_token = EmailToken {
user_uuid: me.uuid, user_uuid: me.uuid,

6
src/objects/guild.rs
View file

@ -26,6 +26,7 @@ pub struct GuildBuilder {
name: String, name: String,
description: Option<String>, description: Option<String>,
icon: Option<String>, icon: Option<String>,
owner_uuid: Uuid,
} }
impl GuildBuilder { impl GuildBuilder {
@ -39,6 +40,7 @@ impl GuildBuilder {
name: self.name, name: self.name,
description: self.description, description: self.description,
icon: self.icon.and_then(|i| i.parse().ok()), icon: self.icon.and_then(|i| i.parse().ok()),
owner_uuid: self.owner_uuid,
roles, roles,
member_count, member_count,
}) })
@ -51,6 +53,7 @@ pub struct Guild {
name: String, name: String,
description: Option<String>, description: Option<String>,
icon: Option<Url>, icon: Option<Url>,
owner_uuid: Uuid,
pub roles: Vec<Role>, pub roles: Vec<Role>,
member_count: i64, member_count: i64,
} }
@ -107,6 +110,7 @@ impl Guild {
name: name.clone(), name: name.clone(),
description: None, description: None,
icon: None, icon: None,
owner_uuid,
}; };
insert_into(guilds::table) insert_into(guilds::table)
@ -121,7 +125,6 @@ impl Guild {
nickname: None, nickname: None,
user_uuid: owner_uuid, user_uuid: owner_uuid,
guild_uuid, guild_uuid,
is_owner: true,
}; };
insert_into(guild_members::table) insert_into(guild_members::table)
@ -134,6 +137,7 @@ impl Guild {
name, name,
description: None, description: None,
icon: None, icon: None,
owner_uuid,
roles: vec![], roles: vec![],
member_count: 1, member_count: 1,
}) })

26
src/objects/member.rs
View file

@ -5,7 +5,7 @@ use diesel_async::RunQueryDsl;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use uuid::Uuid; use uuid::Uuid;
use crate::{error::Error, objects::{Permissions, Role}, schema::guild_members, Conn, Data}; use crate::{Conn, Data, error::Error, schema::guild_members};
use super::{User, load_or_empty}; use super::{User, load_or_empty};
@ -17,11 +17,10 @@ pub struct MemberBuilder {
pub nickname: Option<String>, pub nickname: Option<String>,
pub user_uuid: Uuid, pub user_uuid: Uuid,
pub guild_uuid: Uuid, pub guild_uuid: Uuid,
pub is_owner: bool,
} }
impl MemberBuilder { impl MemberBuilder {
pub async fn build(&self, data: &Data) -> Result<Member, Error> { async fn build(&self, data: &Data) -> Result<Member, Error> {
let user = User::fetch_one(data, self.user_uuid).await?; let user = User::fetch_one(data, self.user_uuid).await?;
Ok(Member { Ok(Member {
@ -29,22 +28,9 @@ impl MemberBuilder {
nickname: self.nickname.clone(), nickname: self.nickname.clone(),
user_uuid: self.user_uuid, user_uuid: self.user_uuid,
guild_uuid: self.guild_uuid, guild_uuid: self.guild_uuid,
is_owner: self.is_owner,
user, user,
}) })
} }
pub async fn check_permission(&self, data: &Data, permission: Permissions) -> Result<(), Error> {
if !self.is_owner {
let roles = Role::fetch_from_member(&data, self.uuid).await?;
let allowed = roles.iter().any(|r| r.permissions & permission as i64 != 0);
if !allowed {
return Err(Error::Forbidden("Not allowed".to_string()))
}
}
Ok(())
}
} }
#[derive(Serialize, Deserialize)] #[derive(Serialize, Deserialize)]
@ -53,7 +39,6 @@ pub struct Member {
pub nickname: Option<String>, pub nickname: Option<String>,
pub user_uuid: Uuid, pub user_uuid: Uuid,
pub guild_uuid: Uuid, pub guild_uuid: Uuid,
pub is_owner: bool,
user: User, user: User,
} }
@ -73,16 +58,16 @@ impl Member {
conn: &mut Conn, conn: &mut Conn,
user_uuid: Uuid, user_uuid: Uuid,
guild_uuid: Uuid, guild_uuid: Uuid,
) -> Result<MemberBuilder, Error> { ) -> Result<(), Error> {
use guild_members::dsl; use guild_members::dsl;
let member_builder = dsl::guild_members dsl::guild_members
.filter(dsl::user_uuid.eq(user_uuid)) .filter(dsl::user_uuid.eq(user_uuid))
.filter(dsl::guild_uuid.eq(guild_uuid)) .filter(dsl::guild_uuid.eq(guild_uuid))
.select(MemberBuilder::as_select()) .select(MemberBuilder::as_select())
.get_result(conn) .get_result(conn)
.await?; .await?;
Ok(member_builder) Ok(())
} }
pub async fn fetch_one(data: &Data, user_uuid: Uuid, guild_uuid: Uuid) -> Result<Self, Error> { pub async fn fetch_one(data: &Data, user_uuid: Uuid, guild_uuid: Uuid) -> Result<Self, Error> {
@ -128,7 +113,6 @@ impl Member {
guild_uuid, guild_uuid,
user_uuid, user_uuid,
nickname: None, nickname: None,
is_owner: false,
}; };
insert_into(guild_members::table) insert_into(guild_members::table)

41
src/objects/mod.rs
View file

@ -17,6 +17,7 @@ mod message;
mod password_reset_token; mod password_reset_token;
mod role; mod role;
mod user; mod user;
mod signature;
pub use channel::Channel; pub use channel::Channel;
pub use email_token::EmailToken; pub use email_token::EmailToken;
@ -27,8 +28,8 @@ pub use member::Member;
pub use message::Message; pub use message::Message;
pub use password_reset_token::PasswordResetToken; pub use password_reset_token::PasswordResetToken;
pub use role::Role; pub use role::Role;
pub use role::Permissions;
pub use user::User; pub use user::User;
pub use signature::Signature;
use crate::error::Error; use crate::error::Error;
@ -112,6 +113,44 @@ impl MailClient {
} }
} }
#[derive(Clone, Copy)]
pub enum Permissions {
SendMessage = 1,
CreateChannel = 2,
DeleteChannel = 4,
ManageChannel = 8,
CreateRole = 16,
DeleteRole = 32,
ManageRole = 64,
CreateInvite = 128,
ManageInvite = 256,
ManageServer = 512,
ManageMember = 1024,
}
impl Permissions {
pub fn fetch_permissions(permissions: i64) -> Vec<Self> {
let all_perms = vec![
Self::SendMessage,
Self::CreateChannel,
Self::DeleteChannel,
Self::ManageChannel,
Self::CreateRole,
Self::DeleteRole,
Self::ManageRole,
Self::CreateInvite,
Self::ManageInvite,
Self::ManageServer,
Self::ManageMember,
];
all_perms
.into_iter()
.filter(|p| permissions & (*p as i64) != 0)
.collect()
}
}
#[derive(Deserialize)] #[derive(Deserialize)]
pub struct StartAmountQuery { pub struct StartAmountQuery {
pub start: Option<i64>, pub start: Option<i64>,

6
src/objects/password_reset_token.rs
View file

@ -12,10 +12,10 @@ use serde::{Deserialize, Serialize};
use uuid::Uuid; use uuid::Uuid;
use crate::{ use crate::{
Data,
error::Error, error::Error,
schema::users, schema::users,
utils::{generate_token, global_checks, user_uuid_from_identifier, PASSWORD_REGEX}, utils::{PASSWORD_REGEX, generate_refresh_token, global_checks, user_uuid_from_identifier},
Data
}; };
#[derive(Serialize, Deserialize)] #[derive(Serialize, Deserialize)]
@ -48,7 +48,7 @@ impl PasswordResetToken {
#[allow(clippy::new_ret_no_self)] #[allow(clippy::new_ret_no_self)]
pub async fn new(data: &Data, identifier: String) -> Result<(), Error> { pub async fn new(data: &Data, identifier: String) -> Result<(), Error> {
let token = generate_token::<32>()?; let token = generate_refresh_token()?;
let mut conn = data.pool.get().await?; let mut conn = data.pool.get().await?;

98
src/objects/role.rs
View file

@ -3,14 +3,14 @@ use diesel::{
update, update,
}; };
use diesel_async::RunQueryDsl; use diesel_async::RunQueryDsl;
use serde::{Deserialize, Serialize}; use serde::Serialize;
use uuid::Uuid; use uuid::Uuid;
use crate::{error::Error, schema::{role_members, roles}, utils::order_by_is_above, Conn, Data}; use crate::{Conn, error::Error, schema::roles, utils::order_by_is_above};
use super::{HasIsAbove, HasUuid, load_or_empty}; use super::{HasIsAbove, HasUuid, load_or_empty};
#[derive(Deserialize, Serialize, Clone, Queryable, Selectable, Insertable)] #[derive(Serialize, Clone, Queryable, Selectable, Insertable)]
#[diesel(table_name = roles)] #[diesel(table_name = roles)]
#[diesel(check_for_backend(diesel::pg::Pg))] #[diesel(check_for_backend(diesel::pg::Pg))]
pub struct Role { pub struct Role {
@ -19,28 +19,7 @@ pub struct Role {
name: String, name: String,
color: i32, color: i32,
is_above: Option<Uuid>, is_above: Option<Uuid>,
pub permissions: i64, permissions: i64,
}
#[derive(Serialize, Clone, Queryable, Selectable, Insertable)]
#[diesel(table_name = role_members)]
#[diesel(check_for_backend(diesel::pg::Pg))]
pub struct RoleMember {
role_uuid: Uuid,
member_uuid: Uuid,
}
impl RoleMember {
async fn fetch_role(&self, conn: &mut Conn) -> Result<Role, Error> {
use roles::dsl;
let role: Role = dsl::roles
.filter(dsl::uuid.eq(self.role_uuid))
.select(Role::as_select())
.get_result(conn)
.await?;
Ok(role)
}
} }
impl HasUuid for Role { impl HasUuid for Role {
@ -69,33 +48,6 @@ impl Role {
Ok(roles) Ok(roles)
} }
pub async fn fetch_from_member(data: &Data, member_uuid: Uuid) -> Result<Vec<Self>, Error> {
if let Ok(roles) = data.get_cache_key(format!("{}_roles", member_uuid)).await {
return Ok(serde_json::from_str(&roles)?)
}
let mut conn = data.pool.get().await?;
use role_members::dsl;
let role_memberships: Vec<RoleMember> = load_or_empty(
dsl::role_members
.filter(dsl::member_uuid.eq(member_uuid))
.select(RoleMember::as_select())
.load(&mut conn)
.await,
)?;
let mut roles = vec![];
for membership in role_memberships {
roles.push(membership.fetch_role(&mut conn).await?);
}
data.set_cache_key(format!("{}_roles", member_uuid), roles.clone(), 300).await?;
Ok(roles)
}
pub async fn fetch_one(conn: &mut Conn, role_uuid: Uuid) -> Result<Self, Error> { pub async fn fetch_one(conn: &mut Conn, role_uuid: Uuid) -> Result<Self, Error> {
use roles::dsl; use roles::dsl;
let role: Role = dsl::roles let role: Role = dsl::roles
@ -107,10 +59,6 @@ impl Role {
Ok(role) Ok(role)
} }
pub async fn fetch_permissions(&self) -> Vec<Permissions> {
Permissions::fetch_permissions(self.permissions.clone())
}
pub async fn new(conn: &mut Conn, guild_uuid: Uuid, name: String) -> Result<Self, Error> { pub async fn new(conn: &mut Conn, guild_uuid: Uuid, name: String) -> Result<Self, Error> {
let role_uuid = Uuid::now_v7(); let role_uuid = Uuid::now_v7();
@ -146,41 +94,3 @@ impl Role {
Ok(new_role) Ok(new_role)
} }
} }
#[derive(Clone, Copy, PartialEq, Eq)]
pub enum Permissions {
SendMessage = 1,
CreateChannel = 2,
DeleteChannel = 4,
ManageChannel = 8,
CreateRole = 16,
DeleteRole = 32,
ManageRole = 64,
CreateInvite = 128,
ManageInvite = 256,
ManageServer = 512,
ManageMember = 1024,
}
impl Permissions {
pub fn fetch_permissions(permissions: i64) -> Vec<Self> {
let all_perms = vec![
Self::SendMessage,
Self::CreateChannel,
Self::DeleteChannel,
Self::ManageChannel,
Self::CreateRole,
Self::DeleteRole,
Self::ManageRole,
Self::CreateInvite,
Self::ManageInvite,
Self::ManageServer,
Self::ManageMember,
];
all_perms
.into_iter()
.filter(|p| permissions & (*p as i64) != 0)
.collect()
}
}

68
src/objects/signature.rs Normal file
View file

@ -0,0 +1,68 @@
use std::collections::HashMap;
use actix_web::http::header::HeaderMap;
use url::Url;
use crate::error::Error;
pub struct Signature {
pub url: Url,
pub signature: String,
}
impl Signature {
pub fn from_signature_header(headers: &HeaderMap) -> Result<Signature, Error> {
let signature_header = headers.get(actix_web::http::header::HeaderName::from_static("signature"));
if signature_header.is_none() {
return Err(Error::Unauthorized(
"No signature header provided".to_string(),
));
}
let signature_raw = signature_header.unwrap().to_str()?;
let key_values = signature_raw.split_whitespace();
let mut hash_map = HashMap::new();
let results: Result<Vec<()>, Error> = key_values.map(|kv| {
let mut kv_split = kv.split('=');
let key = kv_split.next().unwrap().to_string();
let value = kv_split.next().ok_or(Error::BadRequest(format!(r#"Expected key="value", found {}"#, key)))?.trim_matches('"').to_string();
hash_map.insert(key, value);
Ok::<(), Error>(())
}).collect();
results?;
let key_id = hash_map.get("keyId");
let algorithm = hash_map.get("algorithm");
let signature = hash_map.get("signature");
if key_id.is_none() {
return Err(Error::BadRequest("No keyId was provided".to_string()))
}
if algorithm.is_none() {
return Err(Error::BadRequest("No key algorithm was provided".to_string()))
}
if signature.is_none() {
return Err(Error::BadRequest("No signature was provided".to_string()))
}
let key_id = key_id.unwrap();
let algorithm = algorithm.unwrap();
let signature = signature.unwrap();
if algorithm != "ed25519" {
return Err(Error::BadRequest(format!("Unsupported signature {}, please use ed25519", algorithm)))
}
Ok(Signature { url: key_id.parse()?, signature: signature.clone() })
}
}

24
src/schema.rs
View file

@ -31,6 +31,15 @@ diesel::table! {
} }
} }
diesel::table! {
federated_users (uuid) {
uuid -> Uuid,
email_verified -> Bool,
#[max_length = 8000]
instance_url -> Varchar,
}
}
diesel::table! { diesel::table! {
guild_members (uuid) { guild_members (uuid) {
uuid -> Uuid, uuid -> Uuid,
@ -38,13 +47,13 @@ diesel::table! {
user_uuid -> Uuid, user_uuid -> Uuid,
#[max_length = 100] #[max_length = 100]
nickname -> Nullable<Varchar>, nickname -> Nullable<Varchar>,
is_owner -> Bool,
} }
} }
diesel::table! { diesel::table! {
guilds (uuid) { guilds (uuid) {
uuid -> Uuid, uuid -> Uuid,
owner_uuid -> Uuid,
#[max_length = 100] #[max_length = 100]
name -> Varchar, name -> Varchar,
#[max_length = 300] #[max_length = 300]
@ -61,6 +70,15 @@ diesel::table! {
} }
} }
diesel::table! {
instances (instance_url) {
#[max_length = 8000]
instance_url -> Varchar,
#[max_length = 500]
public_key -> Varchar,
}
}
diesel::table! { diesel::table! {
invites (id) { invites (id) {
#[max_length = 32] #[max_length = 32]
@ -137,8 +155,10 @@ diesel::joinable!(access_tokens -> refresh_tokens (refresh_token));
diesel::joinable!(access_tokens -> users (uuid)); diesel::joinable!(access_tokens -> users (uuid));
diesel::joinable!(channel_permissions -> channels (channel_uuid)); diesel::joinable!(channel_permissions -> channels (channel_uuid));
diesel::joinable!(channels -> guilds (guild_uuid)); diesel::joinable!(channels -> guilds (guild_uuid));
diesel::joinable!(federated_users -> instances (instance_url));
diesel::joinable!(guild_members -> guilds (guild_uuid)); diesel::joinable!(guild_members -> guilds (guild_uuid));
diesel::joinable!(guild_members -> users (user_uuid)); diesel::joinable!(guild_members -> users (user_uuid));
diesel::joinable!(guilds -> users (owner_uuid));
diesel::joinable!(instance_permissions -> users (uuid)); diesel::joinable!(instance_permissions -> users (uuid));
diesel::joinable!(invites -> guilds (guild_uuid)); diesel::joinable!(invites -> guilds (guild_uuid));
diesel::joinable!(invites -> users (user_uuid)); diesel::joinable!(invites -> users (user_uuid));
@ -152,9 +172,11 @@ diesel::allow_tables_to_appear_in_same_query!(
access_tokens, access_tokens,
channel_permissions, channel_permissions,
channels, channels,
federated_users,
guild_members, guild_members,
guilds, guilds,
instance_permissions, instance_permissions,
instances,
invites, invites,
messages, messages,
refresh_tokens, refresh_tokens,

12
src/utils.rs
View file

@ -1,4 +1,4 @@
use std::sync::LazyLock; use std::{collections::HashMap, sync::LazyLock};
use actix_web::{ use actix_web::{
cookie::{Cookie, SameSite, time::Duration}, cookie::{Cookie, SameSite, time::Duration},
@ -115,8 +115,14 @@ pub fn new_refresh_token_cookie(config: &Config, refresh_token: String) -> Cooki
.finish() .finish()
} }
pub fn generate_token<const N: usize>() -> Result<String, getrandom::Error> { pub fn generate_access_token() -> Result<String, getrandom::Error> {
let mut buf = [0u8; N]; let mut buf = [0u8; 16];
fill(&mut buf)?;
Ok(encode(buf))
}
pub fn generate_refresh_token() -> Result<String, getrandom::Error> {
let mut buf = [0u8; 32];
fill(&mut buf)?; fill(&mut buf)?;
Ok(encode(buf)) Ok(encode(buf))
} }