gorb/backend
4
0
Fork 1
Code Issues 1 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

Compare commits

base: gorb:wip/federation-impl
Branches Tags
gorb:main
gorb:wip/federation-impl
gorb:wip/local-data-folder
gorb:wip/invite-deletion
..
compare: gorb:main
Branches Tags
gorb:main
gorb:wip/federation-impl
gorb:wip/local-data-folder
gorb:wip/invite-deletion

4 commits
wip/federa ... main

Author SHA1 Message Date
Radical
f752cddd73 fix: add missing match statements
All checks were successful
ci/woodpecker/push/build-and-publish Pipeline was successful
Details
ci/woodpecker/push/publish-docs Pipeline was successful
Details
2025-06-06 18:19:40 +02:00
Radical
8dca22de3a fix: make channel deletion work
Some checks failed
ci/woodpecker/push/publish-docs Pipeline is pending
Details
ci/woodpecker/push/build-and-publish Pipeline failed
Details
2025-06-06 18:16:25 +02:00
Radical
95c942eee4 feat: use permission system
All checks were successful
ci/woodpecker/push/build-and-publish Pipeline was successful
Details
ci/woodpecker/push/publish-docs Pipeline was successful
Details
2025-06-06 17:49:06 +02:00
Radical
0588541876 feat: move ownership to member column instead of table column 2025-06-06 17:20:02 +02:00
25 changed files with 201 additions and 294 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -21,4 +21,3 @@ Cargo.lock
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/
/config.toml
/key.pem

1
Cargo.toml
View file

@ -45,7 +45,6 @@ thiserror = "2.0.12"
actix-multipart = "0.7.2"
lettre = { version = "0.11.16", features = ["tokio1", "tokio1-native-tls"] }
chrono = { version = "0.4.41", features = ["serde"] }
ed25519-dalek = { version = "2.1.1", features = ["pem", "pkcs8", "rand_core"] }
[dependencies.tokio]
version = "1.45"

2
entrypoint.sh
View file

@ -65,4 +65,4 @@ rotate_log "/gorb/logs/backend.log"
# Give the DB time to start up before connecting
sleep 5
/usr/bin/gorb-backend --config /gorb/config/config.toml --private-key /gorb/config/federation-privkey.pem 2>&1 | tee /gorb/logs/backend.log
/usr/bin/gorb-backend --config /gorb/config/config.toml 2>&1 | tee /gorb/logs/backend.log

3
migrations/2025-06-03-123458_federated_instances/down.sql
View file

@ -1,3 +0,0 @@
-- This file should undo anything in `up.sql`
DROP TABLE federated_users;
DROP TABLE instances;

10
migrations/2025-06-03-123458_federated_instances/up.sql
View file

@ -1,10 +0,0 @@
-- Your SQL goes here
CREATE TABLE instances (
instance_url VARCHAR(8000) PRIMARY KEY NOT NULL,
public_key VARCHAR(500) UNIQUE NOT NULL
);
CREATE TABLE federated_users (
uuid UUID PRIMARY KEY NOT NULL,
instance_url VARCHAR(8000) NOT NULL REFERENCES instances(instance_url)
);

14
migrations/2025-06-06-145916_guild_ownership_changes/down.sql Normal file
View file

@ -0,0 +1,14 @@
-- This file should undo anything in `up.sql`
ALTER TABLE guilds
ADD COLUMN owner_uuid UUID REFERENCES users(uuid);
UPDATE guilds g
SET owner_uuid = gm.user_uuid
FROM guild_members gm
WHERE gm.guild_uuid = g.uuid AND gm.is_owner = TRUE;
ALTER TABLE guilds
ALTER COLUMN owner_uuid SET NOT NULL;
ALTER TABLE guild_members
DROP COLUMN is_owner;

14
migrations/2025-06-06-145916_guild_ownership_changes/up.sql Normal file
View file

@ -0,0 +1,14 @@
-- Your SQL goes here
ALTER TABLE guild_members
ADD COLUMN is_owner BOOLEAN NOT NULL DEFAULT false;
UPDATE guild_members gm
SET is_owner = true
FROM guilds g
WHERE gm.guild_uuid = g.uuid AND gm.user_uuid = g.owner_uuid;
CREATE UNIQUE INDEX one_owner_per_guild ON guild_members (guild_uuid)
WHERE is_owner;
ALTER TABLE guilds
DROP COLUMN owner_uuid;

14
src/api/v1/channels/uuid/mod.rs
View file

@ -4,11 +4,7 @@ pub mod messages;
pub mod socket;
use crate::{
Data,
api::v1::auth::check_access_token,
error::Error,
objects::{Channel, Member},
utils::{get_auth_header, global_checks},
api::v1::auth::check_access_token, error::Error, objects::{Channel, Member, Permissions}, utils::{get_auth_header, global_checks}, Data
};
use actix_web::{HttpRequest, HttpResponse, delete, get, patch, web};
use serde::Deserialize;
@ -59,7 +55,9 @@ pub async fn delete(
let channel = Channel::fetch_one(&data, channel_uuid).await?;
Member::check_membership(&mut conn, uuid, channel.guild_uuid).await?;
let member = Member::check_membership(&mut conn, uuid, channel.guild_uuid).await?;
member.check_permission(&data, Permissions::DeleteChannel).await?;
channel.delete(&data).await?;
@ -125,7 +123,9 @@ pub async fn patch(
let mut channel = Channel::fetch_one(&data, channel_uuid).await?;
Member::check_membership(&mut conn, uuid, channel.guild_uuid).await?;
let member = Member::check_membership(&mut conn, uuid, channel.guild_uuid).await?;
member.check_permission(&data, Permissions::ManageChannel).await?;
if let Some(new_name) = &new_info.name {
channel.set_name(&data, new_name.to_string()).await?;

44
src/api/v1/federation/mod.rs
View file

@ -1,44 +0,0 @@
use actix_web::{post, web, HttpRequest, Scope};
use crate::{objects::Signature, Data};
mod pubkey;
pub fn web() -> Scope {
web::scope("/federation")
.service(pubkey::get)
.service(post)
}
#[post("")]
pub async fn post(
req: HttpRequest,
channel_info: web::Json<>,
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let headers = req.headers();
let signature = Signature::from_signature_header(headers)?;
let guild_uuid = path.into_inner().0;
let mut conn = data.pool.get().await?;
let uuid = check_access_token(auth_header, &mut conn).await?;
global_checks(&data, uuid).await?;
Member::check_membership(&mut conn, uuid, guild_uuid).await?;
// FIXME: Logic to check permissions, should probably be done in utils.rs
let channel = Channel::new(
data.clone(),
guild_uuid,
channel_info.name.clone(),
channel_info.description.clone(),
)
.await?;
Ok(HttpResponse::Ok().json(channel))
}

29
src/api/v1/federation/pubkey.rs
View file

@ -1,29 +0,0 @@
//! `/api/v1/users/{uuid}` Specific user endpoints
use actix_web::{HttpResponse, get, web};
use ed25519_dalek::pkcs8::{spki::der::pem::LineEnding, EncodePublicKey};
use crate::{
Data,
error::Error,
};
/// `GET /api/v1/users/{uuid}` Returns user with the given UUID
///
/// requires auth: yes
///
/// requires relation: yes
///
/// ### Response Example
/// ```
/// ""
/// ```
/// NOTE: UUIDs in this response are made using `uuidgen`, UUIDs made by the actual backend will be UUIDv7 and have extractable timestamps
#[get("/pubkey")]
pub async fn get(
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let pubkey = data.signing_key.verifying_key().to_public_key_pem(LineEnding::LF)?;
Ok(HttpResponse::Ok().body(pubkey))
}

10
src/api/v1/guilds/uuid/channels.rs
View file

@ -1,9 +1,5 @@
use crate::{
Data,
api::v1::auth::check_access_token,
error::Error,
objects::{Channel, Member},
utils::{get_auth_header, global_checks, order_by_is_above},
api::v1::auth::check_access_token, error::Error, objects::{Channel, Member, Permissions}, utils::{get_auth_header, global_checks, order_by_is_above}, Data
};
use ::uuid::Uuid;
use actix_web::{HttpRequest, HttpResponse, get, post, web};
@ -74,9 +70,9 @@ pub async fn create(
global_checks(&data, uuid).await?;
Member::check_membership(&mut conn, uuid, guild_uuid).await?;
let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?;
// FIXME: Logic to check permissions, should probably be done in utils.rs
member.check_permission(&data, Permissions::CreateChannel).await?;
let channel = Channel::new(
data.clone(),

10
src/api/v1/guilds/uuid/icon.rs
View file

@ -5,11 +5,7 @@ use futures_util::StreamExt as _;
use uuid::Uuid;
use crate::{
Data,
api::v1::auth::check_access_token,
error::Error,
objects::{Guild, Member},
utils::{get_auth_header, global_checks},
api::v1::auth::check_access_token, error::Error, objects::{Guild, Member, Permissions}, utils::{get_auth_header, global_checks}, Data
};
/// `PUT /api/v1/guilds/{uuid}/icon` Icon upload
@ -36,7 +32,9 @@ pub async fn upload(
global_checks(&data, uuid).await?;
Member::check_membership(&mut conn, uuid, guild_uuid).await?;
let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?;
member.check_permission(&data, Permissions::ManageServer).await?;
let mut guild = Guild::fetch_one(&mut conn, guild_uuid).await?;

10
src/api/v1/guilds/uuid/invites/mod.rs
View file

@ -3,11 +3,7 @@ use serde::Deserialize;
use uuid::Uuid;
use crate::{
Data,
api::v1::auth::check_access_token,
error::Error,
objects::{Guild, Member},
utils::{get_auth_header, global_checks},
api::v1::auth::check_access_token, error::Error, objects::{Guild, Member, Permissions}, utils::{get_auth_header, global_checks}, Data
};
#[derive(Deserialize)]
@ -61,7 +57,9 @@ pub async fn create(
global_checks(&data, uuid).await?;
Member::check_membership(&mut conn, uuid, guild_uuid).await?;
let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?;
member.check_permission(&data, Permissions::CreateInvite).await?;
let guild = Guild::fetch_one(&mut conn, guild_uuid).await?;

10
src/api/v1/guilds/uuid/roles/mod.rs
View file

@ -3,11 +3,7 @@ use actix_web::{HttpRequest, HttpResponse, get, post, web};
use serde::Deserialize;
use crate::{
Data,
api::v1::auth::check_access_token,
error::Error,
objects::{Member, Role},
utils::{get_auth_header, global_checks, order_by_is_above},
api::v1::auth::check_access_token, error::Error, objects::{Member, Permissions, Role}, utils::{get_auth_header, global_checks, order_by_is_above}, Data
};
pub mod uuid;
@ -70,9 +66,9 @@ pub async fn create(
global_checks(&data, uuid).await?;
Member::check_membership(&mut conn, uuid, guild_uuid).await?;
let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?;
// FIXME: Logic to check permissions, should probably be done in utils.rs
member.check_permission(&data, Permissions::CreateRole).await?;
let role = Role::new(&mut conn, guild_uuid, role_info.name.clone()).await?;

2
src/api/v1/mod.rs
View file

@ -9,7 +9,6 @@ mod invites;
mod me;
mod stats;
mod users;
mod federation;
pub fn web() -> Scope {
web::scope("/v1")
@ -20,5 +19,4 @@ pub fn web() -> Scope {
.service(guilds::web())
.service(invites::web())
.service(me::web())
.service(federation::web())
}

5
src/error.rs
View file

@ -12,7 +12,6 @@ use bunny_api_tokio::error::Error as BunnyError;
use deadpool::managed::{BuildError, PoolError};
use diesel::{ConnectionError, result::Error as DieselError};
use diesel_async::pooled_connection::PoolError as DieselPoolError;
use ed25519_dalek::pkcs8::{self, spki};
use lettre::{
address::AddressError, error::Error as EmailError, transport::smtp::Error as SmtpError,
};
@ -64,10 +63,6 @@ pub enum Error {
SmtpError(#[from] SmtpError),
#[error(transparent)]
SmtpAddressError(#[from] AddressError),
#[error(transparent)]
Pkcs8Error(#[from] pkcs8::Error),
#[error(transparent)]
SpkiError(#[from] spki::Error),
#[error("{0}")]
PasswordHashError(String),
#[error("{0}")]

20
src/main.rs
View file

@ -1,14 +1,12 @@
use actix_cors::Cors;
use actix_web::{App, HttpServer, web};
use argon2::{password_hash::rand_core::OsRng, Argon2};
use argon2::Argon2;
use clap::Parser;
use diesel_async::pooled_connection::AsyncDieselConnectionManager;
use diesel_async::pooled_connection::deadpool::Pool;
use ed25519_dalek::{pkcs8::{spki::der::pem::LineEnding, DecodePrivateKey, EncodePrivateKey}, SigningKey};
use error::Error;
use objects::MailClient;
use simple_logger::SimpleLogger;
use tokio::{fs::{read_to_string, File}, io::AsyncWriteExt};
use std::time::SystemTime;
mod config;
use config::{Config, ConfigBuilder};
@ -30,8 +28,6 @@ pub mod utils;
struct Args {
#[arg(short, long, default_value_t = String::from("/etc/gorb/config.toml"))]
config: String,
#[arg(short, long, default_value_t = String::from("/etc/gorb/privkey.pem"))]
private_key: String,
}
#[derive(Clone)]
@ -46,7 +42,6 @@ pub struct Data {
pub start_time: SystemTime,
pub bunny_cdn: bunny_api_tokio::Client,
pub mail_client: MailClient,
pub signing_key: SigningKey,
}
#[tokio::main]
@ -103,18 +98,6 @@ async fn main() -> Result<(), Error> {
.await?
.unwrap();
let signing_key;
if let Ok(content) = read_to_string(&args.private_key).await {
signing_key = SigningKey::from_pkcs8_pem(&content)?;
} else {
let mut csprng = OsRng;
signing_key = tokio::task::spawn_blocking(move || SigningKey::generate(&mut csprng)).await?;
let mut file = File::create(args.private_key).await?;
file.write_all(signing_key.to_pkcs8_pem(LineEnding::LF)?.as_bytes()).await?;
}
/*
**Stored for later possible use**
@ -141,7 +124,6 @@ async fn main() -> Result<(), Error> {
start_time: SystemTime::now(),
bunny_cdn,
mail_client,
signing_key,
};
HttpServer::new(move || {

31
src/objects/channel.rs
View file

@ -198,15 +198,46 @@ impl Channel {
let mut conn = data.pool.get().await?;
use channels::dsl;
match update(channels::table)
.filter(dsl::is_above.eq(self.uuid))
.set(dsl::is_above.eq(None::<Uuid>))
.execute(&mut conn)
.await
{
Ok(r) => Ok(r),
Err(diesel::result::Error::NotFound) => Ok(0),
Err(e) => Err(e),
}?;
delete(channels::table)
.filter(dsl::uuid.eq(self.uuid))
.execute(&mut conn)
.await?;
match update(channels::table)
.filter(dsl::is_above.eq(self.uuid))
.set(dsl::is_above.eq(self.is_above))
.execute(&mut conn)
.await
{
Ok(r) => Ok(r),
Err(diesel::result::Error::NotFound) => Ok(0),
Err(e) => Err(e),
}?;
if data.get_cache_key(self.uuid.to_string()).await.is_ok() {
data.del_cache_key(self.uuid.to_string()).await?;
}
if data
.get_cache_key(format!("{}_channels", self.guild_uuid))
.await
.is_ok()
{
data.del_cache_key(format!("{}_channels", self.guild_uuid))
.await?;
}
Ok(())
}

6
src/objects/guild.rs
View file

@ -26,7 +26,6 @@ pub struct GuildBuilder {
name: String,
description: Option<String>,
icon: Option<String>,
owner_uuid: Uuid,
}
impl GuildBuilder {
@ -40,7 +39,6 @@ impl GuildBuilder {
name: self.name,
description: self.description,
icon: self.icon.and_then(|i| i.parse().ok()),
owner_uuid: self.owner_uuid,
roles,
member_count,
})
@ -53,7 +51,6 @@ pub struct Guild {
name: String,
description: Option<String>,
icon: Option<Url>,
owner_uuid: Uuid,
pub roles: Vec<Role>,
member_count: i64,
}
@ -110,7 +107,6 @@ impl Guild {
name: name.clone(),
description: None,
icon: None,
owner_uuid,
};
insert_into(guilds::table)
@ -125,6 +121,7 @@ impl Guild {
nickname: None,
user_uuid: owner_uuid,
guild_uuid,
is_owner: true,
};
insert_into(guild_members::table)
@ -137,7 +134,6 @@ impl Guild {
name,
description: None,
icon: None,
owner_uuid,
roles: vec![],
member_count: 1,
})

26
src/objects/member.rs
View file

@ -5,7 +5,7 @@ use diesel_async::RunQueryDsl;
use serde::{Deserialize, Serialize};
use uuid::Uuid;
use crate::{Conn, Data, error::Error, schema::guild_members};
use crate::{error::Error, objects::{Permissions, Role}, schema::guild_members, Conn, Data};
use super::{User, load_or_empty};
@ -17,10 +17,11 @@ pub struct MemberBuilder {
pub nickname: Option<String>,
pub user_uuid: Uuid,
pub guild_uuid: Uuid,
pub is_owner: bool,
}
impl MemberBuilder {
async fn build(&self, data: &Data) -> Result<Member, Error> {
pub async fn build(&self, data: &Data) -> Result<Member, Error> {
let user = User::fetch_one(data, self.user_uuid).await?;
Ok(Member {
@ -28,9 +29,22 @@ impl MemberBuilder {
nickname: self.nickname.clone(),
user_uuid: self.user_uuid,
guild_uuid: self.guild_uuid,
is_owner: self.is_owner,
user,
})
}
pub async fn check_permission(&self, data: &Data, permission: Permissions) -> Result<(), Error> {
if !self.is_owner {
let roles = Role::fetch_from_member(&data, self.uuid).await?;
let allowed = roles.iter().any(|r| r.permissions & permission as i64 != 0);
if !allowed {
return Err(Error::Forbidden("Not allowed".to_string()))
}
}
Ok(())
}
}
#[derive(Serialize, Deserialize)]
@ -39,6 +53,7 @@ pub struct Member {
pub nickname: Option<String>,
pub user_uuid: Uuid,
pub guild_uuid: Uuid,
pub is_owner: bool,
user: User,
}
@ -58,16 +73,16 @@ impl Member {
conn: &mut Conn,
user_uuid: Uuid,
guild_uuid: Uuid,
) -> Result<(), Error> {
) -> Result<MemberBuilder, Error> {
use guild_members::dsl;
dsl::guild_members
let member_builder = dsl::guild_members
.filter(dsl::user_uuid.eq(user_uuid))
.filter(dsl::guild_uuid.eq(guild_uuid))
.select(MemberBuilder::as_select())
.get_result(conn)
.await?;
Ok(())
Ok(member_builder)
}
pub async fn fetch_one(data: &Data, user_uuid: Uuid, guild_uuid: Uuid) -> Result<Self, Error> {
@ -113,6 +128,7 @@ impl Member {
guild_uuid,
user_uuid,
nickname: None,
is_owner: false,
};
insert_into(guild_members::table)

41
src/objects/mod.rs
View file

@ -17,7 +17,6 @@ mod message;
mod password_reset_token;
mod role;
mod user;
mod signature;
pub use channel::Channel;
pub use email_token::EmailToken;
@ -28,8 +27,8 @@ pub use member::Member;
pub use message::Message;
pub use password_reset_token::PasswordResetToken;
pub use role::Role;
pub use role::Permissions;
pub use user::User;
pub use signature::Signature;
use crate::error::Error;
@ -113,44 +112,6 @@ impl MailClient {
}
}
#[derive(Clone, Copy)]
pub enum Permissions {
SendMessage = 1,
CreateChannel = 2,
DeleteChannel = 4,
ManageChannel = 8,
CreateRole = 16,
DeleteRole = 32,
ManageRole = 64,
CreateInvite = 128,
ManageInvite = 256,
ManageServer = 512,
ManageMember = 1024,
}
impl Permissions {
pub fn fetch_permissions(permissions: i64) -> Vec<Self> {
let all_perms = vec![
Self::SendMessage,
Self::CreateChannel,
Self::DeleteChannel,
Self::ManageChannel,
Self::CreateRole,
Self::DeleteRole,
Self::ManageRole,
Self::CreateInvite,
Self::ManageInvite,
Self::ManageServer,
Self::ManageMember,
];
all_perms
.into_iter()
.filter(|p| permissions & (*p as i64) != 0)
.collect()
}
}
#[derive(Deserialize)]
pub struct StartAmountQuery {
pub start: Option<i64>,

98
src/objects/role.rs
View file

@ -3,14 +3,14 @@ use diesel::{
update,
};
use diesel_async::RunQueryDsl;
use serde::Serialize;
use serde::{Deserialize, Serialize};
use uuid::Uuid;
use crate::{Conn, error::Error, schema::roles, utils::order_by_is_above};
use crate::{error::Error, schema::{role_members, roles}, utils::order_by_is_above, Conn, Data};
use super::{HasIsAbove, HasUuid, load_or_empty};
#[derive(Serialize, Clone, Queryable, Selectable, Insertable)]
#[derive(Deserialize, Serialize, Clone, Queryable, Selectable, Insertable)]
#[diesel(table_name = roles)]
#[diesel(check_for_backend(diesel::pg::Pg))]
pub struct Role {
@ -19,7 +19,28 @@ pub struct Role {
name: String,
color: i32,
is_above: Option<Uuid>,
permissions: i64,
pub permissions: i64,
}
#[derive(Serialize, Clone, Queryable, Selectable, Insertable)]
#[diesel(table_name = role_members)]
#[diesel(check_for_backend(diesel::pg::Pg))]
pub struct RoleMember {
role_uuid: Uuid,
member_uuid: Uuid,
}
impl RoleMember {
async fn fetch_role(&self, conn: &mut Conn) -> Result<Role, Error> {
use roles::dsl;
let role: Role = dsl::roles
.filter(dsl::uuid.eq(self.role_uuid))
.select(Role::as_select())
.get_result(conn)
.await?;
Ok(role)
}
}
impl HasUuid for Role {
@ -48,6 +69,33 @@ impl Role {
Ok(roles)
}
pub async fn fetch_from_member(data: &Data, member_uuid: Uuid) -> Result<Vec<Self>, Error> {
if let Ok(roles) = data.get_cache_key(format!("{}_roles", member_uuid)).await {
return Ok(serde_json::from_str(&roles)?)
}
let mut conn = data.pool.get().await?;
use role_members::dsl;
let role_memberships: Vec<RoleMember> = load_or_empty(
dsl::role_members
.filter(dsl::member_uuid.eq(member_uuid))
.select(RoleMember::as_select())
.load(&mut conn)
.await,
)?;
let mut roles = vec![];
for membership in role_memberships {
roles.push(membership.fetch_role(&mut conn).await?);
}
data.set_cache_key(format!("{}_roles", member_uuid), roles.clone(), 300).await?;
Ok(roles)
}
pub async fn fetch_one(conn: &mut Conn, role_uuid: Uuid) -> Result<Self, Error> {
use roles::dsl;
let role: Role = dsl::roles
@ -59,6 +107,10 @@ impl Role {
Ok(role)
}
pub async fn fetch_permissions(&self) -> Vec<Permissions> {
Permissions::fetch_permissions(self.permissions.clone())
}
pub async fn new(conn: &mut Conn, guild_uuid: Uuid, name: String) -> Result<Self, Error> {
let role_uuid = Uuid::now_v7();
@ -94,3 +146,41 @@ impl Role {
Ok(new_role)
}
}
#[derive(Clone, Copy, PartialEq, Eq)]
pub enum Permissions {
SendMessage = 1,
CreateChannel = 2,
DeleteChannel = 4,
ManageChannel = 8,
CreateRole = 16,
DeleteRole = 32,
ManageRole = 64,
CreateInvite = 128,
ManageInvite = 256,
ManageServer = 512,
ManageMember = 1024,
}
impl Permissions {
pub fn fetch_permissions(permissions: i64) -> Vec<Self> {
let all_perms = vec![
Self::SendMessage,
Self::CreateChannel,
Self::DeleteChannel,
Self::ManageChannel,
Self::CreateRole,
Self::DeleteRole,
Self::ManageRole,
Self::CreateInvite,
Self::ManageInvite,
Self::ManageServer,
Self::ManageMember,
];
all_perms
.into_iter()
.filter(|p| permissions & (*p as i64) != 0)
.collect()
}
}

68
src/objects/signature.rs
View file

@ -1,68 +0,0 @@
use std::collections::HashMap;
use actix_web::http::header::HeaderMap;
use url::Url;
use crate::error::Error;
pub struct Signature {
pub url: Url,
pub signature: String,
}
impl Signature {
pub fn from_signature_header(headers: &HeaderMap) -> Result<Signature, Error> {
let signature_header = headers.get(actix_web::http::header::HeaderName::from_static("signature"));
if signature_header.is_none() {
return Err(Error::Unauthorized(
"No signature header provided".to_string(),
));
}
let signature_raw = signature_header.unwrap().to_str()?;
let key_values = signature_raw.split_whitespace();
let mut hash_map = HashMap::new();
let results: Result<Vec<()>, Error> = key_values.map(|kv| {
let mut kv_split = kv.split('=');
let key = kv_split.next().unwrap().to_string();
let value = kv_split.next().ok_or(Error::BadRequest(format!(r#"Expected key="value", found {}"#, key)))?.trim_matches('"').to_string();
hash_map.insert(key, value);
Ok::<(), Error>(())
}).collect();
results?;
let key_id = hash_map.get("keyId");
let algorithm = hash_map.get("algorithm");
let signature = hash_map.get("signature");
if key_id.is_none() {
return Err(Error::BadRequest("No keyId was provided".to_string()))
}
if algorithm.is_none() {
return Err(Error::BadRequest("No key algorithm was provided".to_string()))
}
if signature.is_none() {
return Err(Error::BadRequest("No signature was provided".to_string()))
}
let key_id = key_id.unwrap();
let algorithm = algorithm.unwrap();
let signature = signature.unwrap();
if algorithm != "ed25519" {
return Err(Error::BadRequest(format!("Unsupported signature {}, please use ed25519", algorithm)))
}
Ok(Signature { url: key_id.parse()?, signature: signature.clone() })
}
}

24
src/schema.rs
View file

@ -31,15 +31,6 @@ diesel::table! {
}
}
diesel::table! {
federated_users (uuid) {
uuid -> Uuid,
email_verified -> Bool,
#[max_length = 8000]
instance_url -> Varchar,
}
}
diesel::table! {
guild_members (uuid) {
uuid -> Uuid,
@ -47,13 +38,13 @@ diesel::table! {
user_uuid -> Uuid,
#[max_length = 100]
nickname -> Nullable<Varchar>,
is_owner -> Bool,
}
}
diesel::table! {
guilds (uuid) {
uuid -> Uuid,
owner_uuid -> Uuid,
#[max_length = 100]
name -> Varchar,
#[max_length = 300]
@ -70,15 +61,6 @@ diesel::table! {
}
}
diesel::table! {
instances (instance_url) {
#[max_length = 8000]
instance_url -> Varchar,
#[max_length = 500]
public_key -> Varchar,
}
}
diesel::table! {
invites (id) {
#[max_length = 32]
@ -155,10 +137,8 @@ diesel::joinable!(access_tokens -> refresh_tokens (refresh_token));
diesel::joinable!(access_tokens -> users (uuid));
diesel::joinable!(channel_permissions -> channels (channel_uuid));
diesel::joinable!(channels -> guilds (guild_uuid));
diesel::joinable!(federated_users -> instances (instance_url));
diesel::joinable!(guild_members -> guilds (guild_uuid));
diesel::joinable!(guild_members -> users (user_uuid));
diesel::joinable!(guilds -> users (owner_uuid));
diesel::joinable!(instance_permissions -> users (uuid));
diesel::joinable!(invites -> guilds (guild_uuid));
diesel::joinable!(invites -> users (user_uuid));
@ -172,11 +152,9 @@ diesel::allow_tables_to_appear_in_same_query!(
access_tokens,
channel_permissions,
channels,
federated_users,
guild_members,
guilds,
instance_permissions,
instances,
invites,
messages,
refresh_tokens,

2
src/utils.rs
View file

@ -1,4 +1,4 @@
use std::{collections::HashMap, sync::LazyLock};
use std::sync::LazyLock;
use actix_web::{
cookie::{Cookie, SameSite, time::Duration},