This commit is contained in:
Tyler Murphy 2023-01-29 19:34:59 -05:00
parent ac58a612a3
commit 8af75aef17
8 changed files with 58 additions and 43 deletions

View file

@ -3,7 +3,10 @@ use lazy_static::lazy_static;
use rand::{distributions::Alphanumeric, Rng};
use tokio::sync::Mutex;
use crate::{types::{user::User, http::ResponseCode, post::Post, session::Session}, console::{self, sanatize}};
use crate::{
console::{self, sanatize},
types::{http::ResponseCode, post::Post, session::Session, user::User},
};
lazy_static! {
static ref SECRET: Mutex<String> = Mutex::new(String::new());
@ -22,17 +25,16 @@ pub async fn get_secret() -> String {
if secret.is_empty() {
*secret = new_secret();
}
return secret.clone();
secret.clone()
}
pub async fn regen_secret() -> String {
let mut secret = SECRET.lock().await;
*secret = new_secret();
return secret.clone();
secret.clone()
}
pub fn generate_users() -> Response {
let users = match User::reterieve_all() {
Ok(users) => users,
Err(err) => return err,
@ -51,7 +53,8 @@ pub fn generate_users() -> Response {
<th>Month</th>
<th>Year</th>
</tr>
"#.to_string();
"#
.to_string();
for user in users {
html.push_str(
@ -66,7 +69,6 @@ pub fn generate_users() -> Response {
}
pub fn generate_posts() -> Response {
let posts = match Post::reterieve_all() {
Ok(posts) => posts,
Err(err) => return err,
@ -81,26 +83,28 @@ pub fn generate_posts() -> Response {
<th>Comments</th>
<th>Date</th>
</tr>
"#.to_string();
"#
.to_string();
for post in posts {
let Ok(likes) = serde_json::to_string(&post.likes) else { continue };
let Ok(comments) = serde_json::to_string(&post.comments) else { continue };
html.push_str(
&format!("<tr><td>{}</td><td>{}</td><td>{}</td><td>{}</td><td>{}</td><td>{}</td></tr>",
post.post_id, post.user_id, sanatize(post.content), console::beautify(likes),
console::beautify(comments), post.date
)
);
html.push_str(&format!(
"<tr><td>{}</td><td>{}</td><td>{}</td><td>{}</td><td>{}</td><td>{}</td></tr>",
post.post_id,
post.user_id,
sanatize(post.content),
console::beautify(likes),
console::beautify(comments),
post.date
));
}
ResponseCode::Success.text(&html)
}
pub fn generate_sessions() -> Response {
let sessions = match Session::reterieve_all() {
Ok(sessions) => sessions,
Err(err) => return err,
@ -111,15 +115,15 @@ pub fn generate_sessions() -> Response {
<th>User ID</th>
<th>Token</th>
</tr>
"#.to_string();
"#
.to_string();
for session in sessions {
html.push_str(
&format!("<tr><td>{}</td><td>{}</td></tr>",
session.user_id, session.token
)
);
html.push_str(&format!(
"<tr><td>{}</td><td>{}</td></tr>",
session.user_id, session.token
));
}
ResponseCode::Success.text(&html)
}
}

View file

@ -1,10 +1,16 @@
use std::env;
use axum::{response::Response, Router, routing::post};
use axum::{response::Response, routing::post, Router};
use serde::Deserialize;
use tower_cookies::{Cookies, Cookie};
use tower_cookies::{Cookie, Cookies};
use crate::{types::{extract::{Check, CheckResult, Json, AdminUser, Log}, http::ResponseCode}, admin, database};
use crate::{
admin, database,
types::{
extract::{AdminUser, Check, CheckResult, Json, Log},
http::ResponseCode,
},
};
#[derive(Deserialize)]
struct AdminAuthRequest {
@ -17,11 +23,10 @@ impl Check for AdminAuthRequest {
}
}
async fn auth(cookies: Cookies, Json(body) : Json<AdminAuthRequest>) -> Response {
let check = env::var("SECRET").unwrap_or("admin".to_string());
async fn auth(cookies: Cookies, Json(body): Json<AdminAuthRequest>) -> Response {
let check = env::var("SECRET").unwrap_or_else(|_| "admin".to_string());
if check != body.secret {
return ResponseCode::BadRequest.text("Invalid admin secret")
return ResponseCode::BadRequest.text("Invalid admin secret");
}
let mut cookie = Cookie::new("admin", admin::regen_secret().await);
@ -45,10 +50,12 @@ impl Check for QueryRequest {
}
}
async fn query(_: AdminUser, Json(body) : Json<QueryRequest>) -> Response {
async fn query(_: AdminUser, Json(body): Json<QueryRequest>) -> Response {
match database::query(body.query) {
Ok(changes) => ResponseCode::Success.text(&format!("Query executed successfully. {} lines changed.", changes)),
Err(err) => ResponseCode::InternalServerError.text(&format!("{}", err))
Ok(changes) => ResponseCode::Success.text(&format!(
"Query executed successfully. {changes} lines changed."
)),
Err(err) => ResponseCode::InternalServerError.text(&format!("{err}")),
}
}

View file

@ -1,5 +1,5 @@
pub mod admin;
pub mod auth;
pub mod pages;
pub mod posts;
pub mod users;
pub mod admin;

View file

@ -6,7 +6,10 @@ use axum::{
use crate::{
console,
types::{extract::{AuthorizedUser, Log}, http::ResponseCode},
types::{
extract::{AuthorizedUser, Log},
http::ResponseCode,
},
};
async fn root(user: Option<AuthorizedUser>, _: Log) -> Response {

View file

@ -46,7 +46,6 @@ lazy_static! {
}
pub async fn log(ip: IpAddr, method: Method, uri: Uri, path: Option<String>, body: Option<String>) {
let path = path.unwrap_or_default();
let body = body.unwrap_or_default();
@ -202,11 +201,13 @@ impl Formatter for HtmlFormatter {
}
pub fn sanatize(input: String) -> String {
input.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;")
input
.replace('&', "&amp;")
.replace('<', "&lt;")
.replace('>', "&gt;")
}
pub fn beautify(body: String) -> String {
let body = sanatize(body);
if body.is_empty() {

View file

@ -20,4 +20,4 @@ pub fn query(query: String) -> Result<usize, rusqlite::Error> {
tracing::trace!("Running custom query");
let conn = connect()?;
conn.execute(&query, [])
}
}

View file

@ -19,11 +19,11 @@ use crate::{
types::extract::RouterURI,
};
mod admin;
mod api;
mod console;
mod database;
mod types;
mod admin;
async fn serve<B>(req: Request<B>, next: Next<B>) -> Response
where

View file

@ -14,12 +14,12 @@ use bytes::Bytes;
use serde::de::DeserializeOwned;
use crate::{
console,
admin, console,
types::{
http::{ResponseCode, Result},
session::Session,
user::User,
}, admin,
},
};
pub struct AuthorizedUser(pub User);
@ -71,12 +71,12 @@ where
return Err(ResponseCode::Forbidden.text("No admin secret provided"))
};
println!("{}", secret);
println!("{secret}");
let check = admin::get_secret().await;
if check != secret {
return Err(ResponseCode::Unauthorized.text("Auth token invalid"))
return Err(ResponseCode::Unauthorized.text("Auth token invalid"));
}
Ok(Self)