t/pastry
1
0
Fork 0
generated from t/malachite
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add: users table

Browse source
This commit is contained in:
trisua 2025-08-30 11:27:44 -04:00
parent fda4d01883
commit 56c5b71881
9 changed files with 253 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -1,3 +1 @@
# 🪨 malachite # 🧁 Pastry.diy
simple template for building backends with a structure similar to how the [tetratto](https://trisua.com/t/tetratto) repository is organized

2
src/config.rs
View file

@ -19,7 +19,7 @@ pub struct Config {
} }
fn default_name() -> String { fn default_name() -> String {
"App".to_string() "Pastry.diy".to_string()
} }
fn default_theme_color() -> String { fn default_theme_color() -> String {

3
src/database/mod.rs
View file

@ -1,4 +1,5 @@
mod sql; mod sql;
mod users;
use crate::config::Config; use crate::config::Config;
use oiseau::{execute, postgres::DataManager as OiseauManager, postgres::Result as PgResult}; use oiseau::{execute, postgres::DataManager as OiseauManager, postgres::Result as PgResult};
@ -22,7 +23,7 @@ impl DataManager {
Err(e) => return Err(Error::DatabaseConnection(e.to_string())), Err(e) => return Err(Error::DatabaseConnection(e.to_string())),
}; };
// execute!(&conn, sql::CREATE_TABLE_ENTRIES).unwrap(); execute!(&conn, sql::CREATE_TABLE_USERS).unwrap();
Ok(()) Ok(())
} }

13
src/database/sql/create_users.sql Normal file
View file

@ -0,0 +1,13 @@
CREATE TABLE IF NOT EXISTS p_users (
id TEXT NOT NULL,
created BIGINT NOT NULL,
username TEXT NOT NULL,
password TEXT NOT NULL,
salt TEXT NOT NULL,
sessions TEXT NOT NULL,
username_changed BIGINT NOT NULL,
role TEXT NOT NULL,
banned INT NOT NULL,
settings TEXT NOT NULL,
legacy_token TEXT NOT NULL, -- to remove in the future
)

2
src/database/sql/mod.rs
View file

@ -1 +1 @@
// pub const CREATE_TABLE_ENTRIES: &str = include_str!("./create_entries.sql"); pub const CREATE_TABLE_USERS: &str = include_str!("./create_users.sql");

161
src/database/users.rs Normal file
View file

@ -0,0 +1,161 @@
use super::DataManager;
use crate::{
database::NAME_REGEX,
model::{User, UserSession, UserSettings},
};
use oiseau::{PostgresRow, cache::Cache, execute, get, params, query_row};
use tetratto_core::{
auto_method,
model::{Error, Result},
};
use tetratto_shared::{
hash::{hash, salt},
unix_epoch_timestamp,
};
impl DataManager {
/// Get a [`User`] from an SQL row.
pub(crate) fn get_user_from_row(x: &PostgresRow) -> User {
User {
id: get!(x->0(String)),
created: get!(x->1(i64)) as usize,
username: get!(x->2(String)),
password: get!(x->3(String)),
salt: get!(x->4(String)),
sessions: serde_json::from_str(&get!(x->5(String))).unwrap(),
username_changed: get!(x->6(i64)) as usize,
role: serde_json::from_str(&get!(x->7(String))).unwrap(),
banned: get!(x->8(i32)) == 1,
settings: serde_json::from_str(&get!(x->8(String))).unwrap(),
legacy_token: get!(x->9(String)),
}
}
auto_method!(get_user_by_id(usize as i64)@get_user_from_row -> "SELECT * FROM p_users WHERE id = $1" --name="user" --returns=User --cache-key-tmpl="pstr.user:{}");
auto_method!(get_user_by_username(&str)@get_user_from_row -> "SELECT * FROM p_users WHERE username = $1" --name="user" --returns=User --cache-key-tmpl="pstr.user:{}");
/// Create a new user in the database.
///
/// # Arguments
/// * `data` - a mock [`User`] object to insert
pub async fn create_user(&self, data: User) -> Result<User> {
// check values
if data.username.trim().len() < 2 {
return Err(Error::DataTooShort("username".to_string()));
} else if data.username.len() > 32 {
return Err(Error::DataTooLong("username".to_string()));
}
// check characters
let regex = regex::RegexBuilder::new(NAME_REGEX)
.multi_line(true)
.build()
.unwrap();
if regex.captures(&data.username).is_some() {
return Err(Error::MiscError(
"Username contains invalid characters".to_string(),
));
}
// ...
let conn = match self.0.connect().await {
Ok(c) => c,
Err(e) => return Err(Error::DatabaseConnection(e.to_string())),
};
let res = execute!(
&conn,
"INSERT INTO p_users VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
params![
&data.id,
&(data.created as i64),
&data.username,
&data.password,
&data.salt,
&serde_json::to_string(&data.sessions).unwrap(),
&(data.username_changed as i64),
&serde_json::to_string(&data.role).unwrap(),
&if data.banned { 1_i32 } else { 0_i32 },
&serde_json::to_string(&data.settings).unwrap(),
&data.legacy_token
]
);
if let Err(e) = res {
return Err(Error::DatabaseError(e.to_string()));
}
Ok(data)
}
pub async fn update_user_password(&self, id: usize, x: String) -> Result<()> {
let y = self.get_user_by_id(id).await?;
let new_salt = salt();
let hashed = hash(x + &new_salt);
let conn = match self.0.connect().await {
Ok(c) => c,
Err(e) => return Err(Error::DatabaseConnection(e.to_string())),
};
let res = execute!(
&conn,
"UPDATE users SET password = $1, salt = $2 WHERE id = $2",
params![&hashed, &new_salt, &(id as i64)]
);
if let Err(e) = res {
return Err(Error::DatabaseError(e.to_string()));
}
self.cache_clear_user(&y).await;
Ok(())
}
const USERNAME_CHANGE_WAIT_TIME: usize = 604800000; // 1 week
pub async fn update_user_username(&self, id: usize, x: String) -> Result<()> {
let y = self.get_user_by_id(id).await?;
let now = unix_epoch_timestamp();
if now - y.username_changed < Self::USERNAME_CHANGE_WAIT_TIME {
return Err(Error::MiscError(
"Username changed too recently".to_string(),
));
}
let conn = match self.0.connect().await {
Ok(c) => c,
Err(e) => return Err(Error::DatabaseConnection(e.to_string())),
};
let res = execute!(
&conn,
"UPDATE users SET username = $1, username_changed = $2 WHERE id = $2",
params![&x, &(now as i64), &(id as i64)]
);
if let Err(e) = res {
return Err(Error::DatabaseError(e.to_string()));
}
self.cache_clear_user(&y).await;
Ok(())
}
pub async fn cache_clear_user(&self, user: &User) -> bool {
self.0.1.remove(format!("pstr.user:{}", user.id)).await
&& self
.0
.1
.remove(format!("pstr.user:{}", user.username))
.await
}
auto_method!(update_user_banned(i32)@get_user_by_id -> "UPDATE users SET banned = $1 WHERE id = $2" --cache-key-tmpl=cache_clear_user);
auto_method!(update_user_settings(UserSettings)@get_user_by_id -> "UPDATE users SET settings = $1 WHERE id = $2" --serde --cache-key-tmpl=cache_clear_user);
auto_method!(update_user_sessions(Vec<UserSession>)@get_user_by_id -> "UPDATE users SET sessions = $1 WHERE id = $2" --serde --cache-key-tmpl=cache_clear_user);
}

11
src/main.rs
View file

@ -1,7 +1,6 @@
#![doc = include_str!("../README.md")] #![doc = include_str!("../README.md")]
mod config; mod config;
mod database; mod database;
mod markdown;
mod model; mod model;
mod routes; mod routes;
@ -23,13 +22,6 @@ use tracing::{Level, info};
pub(crate) type InnerState = (DataManager, Tera, String); pub(crate) type InnerState = (DataManager, Tera, String);
pub(crate) type State = Arc<RwLock<InnerState>>; pub(crate) type State = Arc<RwLock<InnerState>>;
fn render_markdown(value: &Value, _: &HashMap<String, Value>) -> tera::Result<Value> {
Ok(markdown::render_markdown(value.as_str().unwrap())
.replace("\\@", "@")
.replace("%5C@", "@")
.into())
}
fn remove_script_tags(value: &Value, _: &HashMap<String, Value>) -> tera::Result<Value> { fn remove_script_tags(value: &Value, _: &HashMap<String, Value>) -> tera::Result<Value> {
Ok(value Ok(value
.as_str() .as_str()
@ -100,7 +92,6 @@ async fn main() {
} }
}; };
tera.register_filter("markdown", render_markdown);
tera.register_filter("remove_script_tags", remove_script_tags); tera.register_filter("remove_script_tags", remove_script_tags);
// create app // create app
@ -125,7 +116,7 @@ async fn main() {
.await .await
.unwrap(); .unwrap();
info!("🪨 malachite."); info!("🧁 pastry.diy.");
info!("listening on http://0.0.0.0:{}", port); info!("listening on http://0.0.0.0:{}", port);
axum::serve( axum::serve(
listener, listener,

18
src/markdown.rs
View file

@ -1,18 +0,0 @@
use std::collections::HashSet;
pub fn render_markdown(input: &str) -> String {
let html = tetratto_shared::markdown::render_markdown_dirty(input);
let mut allowed_attributes = HashSet::new();
allowed_attributes.insert("id");
allowed_attributes.insert("class");
allowed_attributes.insert("ref");
allowed_attributes.insert("aria-label");
allowed_attributes.insert("lang");
allowed_attributes.insert("title");
allowed_attributes.insert("align");
allowed_attributes.insert("src");
allowed_attributes.insert("style");
tetratto_shared::markdown::clean_html(html, allowed_attributes)
}

74
src/model.rs
View file

@ -1 +1,73 @@
//! Base types matching SQL table structures. use serde::{Deserialize, Serialize};
use tetratto_shared::{
hash::{hash, salt, uuid},
unix_epoch_timestamp,
};
#[derive(Deserialize, Serialize, PartialEq, Eq)]
pub enum UserRole {
#[serde(alias = "user")]
User,
#[serde(alias = "admin")]
Admin,
}
/// `(hashed token, ip, created)`
pub type UserSession = (String, String, usize);
#[derive(Serialize, Deserialize)]
pub struct User {
pub id: String,
pub created: usize,
pub username: String,
pub password: String,
pub salt: String,
pub sessions: Vec<UserSession>,
/// The time at which the user's username was last changed.
///
/// Users can only change their username once a week.
pub username_changed: usize,
pub role: UserRole,
pub banned: bool,
pub settings: UserSettings,
/// The user's old log-in method. Users with a token and NOT a password
/// will be prompted to add a password to the account.
pub legacy_token: String,
}
#[derive(Serialize, Deserialize, Default)]
pub struct UserSettings {
/// The user's biography text.
pub bio: String,
/// The CSS string embeded on the user's profile.
pub css: String,
/// The URL of the user's avatar.
pub avatar_url: String,
}
impl User {
/// Create a new [`User`].
pub fn new(username: String, unhashed_password: String) -> Self {
let salt = salt();
let password = hash(unhashed_password + &salt);
Self {
id: uuid(),
created: unix_epoch_timestamp(),
username,
password,
salt,
sessions: Vec::new(),
username_changed: 0,
role: UserRole::User,
banned: false,
settings: UserSettings::default(),
legacy_token: String::new(),
}
}
/// Check the given password against the user's password.
pub fn check_password(&self, password: String) -> bool {
hash(password + &self.salt) == self.password
}
}