t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add(ui): ability to log out

Browse source
This commit is contained in:
trisua 2025-03-23 16:37:43 -04:00
parent d2ca9e23d3
commit b3cac5f97a
29 changed files with 499 additions and 124 deletions
Download patch file Download diff file Expand all files Collapse all files

21
crates/core/src/database/auth.rs
View file

@ -1,4 +1,5 @@
use super::*;
use crate::model::permissions::FinePermission;
use crate::model::{Error, Result};
use crate::{execute, get, query_row};
@ -18,12 +19,13 @@ impl DataManager {
) -> User {
User {
id: get!(x->0(u64)) as usize,
created: get!(x->1(u64)) as usize as usize,
created: get!(x->1(u64)) as usize,
username: get!(x->2(String)),
password: get!(x->3(String)),
salt: get!(x->4(String)),
settings: serde_json::from_str(&get!(x->5(String)).to_string()).unwrap(),
tokens: serde_json::from_str(&get!(x->6(String)).to_string()).unwrap(),
permissions: FinePermission::from_bits(get!(x->7(u32))).unwrap(),
}
}
@ -124,15 +126,16 @@ impl DataManager {
let res = execute!(
&conn,
"INSERT INTO users VALUES ($1, $2, $3, $4, $5, $6, $7)",
"INSERT INTO users VALUES ($1, $2, $3, $4, $5, $6, $7, $8)",
&[
&data.id.to_string(),
&data.created.to_string(),
&data.username,
&data.password,
&data.salt,
&serde_json::to_string(&data.settings).unwrap(),
&serde_json::to_string(&data.tokens).unwrap(),
&data.id.to_string().as_str(),
&data.created.to_string().as_str(),
&data.username.as_str(),
&data.password.as_str(),
&data.salt.as_str(),
&serde_json::to_string(&data.settings).unwrap().as_str(),
&serde_json::to_string(&data.tokens).unwrap().as_str(),
&(FinePermission::DEFAULT.bits()).to_string().as_str()
]
);

3
crates/core/src/database/drivers/sql/create_users.sql
View file

@ -5,5 +5,6 @@ CREATE TABLE IF NOT EXISTS users (
password TEXT NOT NULL,
salt TEXT NOT NULL,
settings TEXT NOT NULL,
tokens TEXT NOT NULL
tokens TEXT NOT NULL,
permissions INTEGER NOT NULL
)

4
crates/core/src/model/auth.rs
View file

@ -5,6 +5,8 @@ use tetratto_shared::{
unix_epoch_timestamp,
};
use super::permissions::FinePermission;
/// `(ip, token, creation timestamp)`
pub type Token = (String, String, usize);
@ -17,6 +19,7 @@ pub struct User {
pub salt: String,
pub settings: UserSettings,
pub tokens: Vec<Token>,
pub permissions: FinePermission,
}
#[derive(Debug, Serialize, Deserialize)]
@ -45,6 +48,7 @@ impl User {
salt,
settings: UserSettings::default(),
tokens: Vec::new(),
permissions: FinePermission::DEFAULT,
}
}

19
crates/core/src/model/mod.rs
View file

@ -1,4 +1,5 @@
pub mod auth;
pub mod permissions;
use serde::{Deserialize, Serialize};
#[derive(Serialize, Deserialize)]
@ -18,6 +19,7 @@ pub enum Error {
RegistrationDisabled,
DatabaseError(String),
IncorrectPassword,
NotAllowed,
AlreadyAuthenticated,
DataTooLong(String),
DataTooShort(String),
@ -27,14 +29,15 @@ pub enum Error {
impl ToString for Error {
fn to_string(&self) -> String {
match self {
Error::DatabaseConnection(msg) => msg.to_owned(),
Error::DatabaseError(msg) => format!("Database error: {msg}"),
Error::UserNotFound => "Unable to find user with given parameters".to_string(),
Error::RegistrationDisabled => "Registration is disabled".to_string(),
Error::IncorrectPassword => "The given password is invalid".to_string(),
Error::AlreadyAuthenticated => "Already authenticated".to_string(),
Error::DataTooLong(name) => format!("Given {name} is too long!"),
Error::DataTooShort(name) => format!("Given {name} is too short!"),
Self::DatabaseConnection(msg) => msg.to_owned(),
Self::DatabaseError(msg) => format!("Database error: {msg}"),
Self::UserNotFound => "Unable to find user with given parameters".to_string(),
Self::RegistrationDisabled => "Registration is disabled".to_string(),
Self::IncorrectPassword => "The given password is invalid".to_string(),
Self::NotAllowed => "You are not allowed to do this".to_string(),
Self::AlreadyAuthenticated => "Already authenticated".to_string(),
Self::DataTooLong(name) => format!("Given {name} is too long!"),
Self::DataTooShort(name) => format!("Given {name} is too short!"),
_ => format!("An unknown error as occurred: ({:?})", self),
}
}

123
crates/core/src/model/permissions.rs Normal file
View file

@ -0,0 +1,123 @@
use bitflags::bitflags;
use serde::{
Deserialize, Deserializer, Serialize,
de::{Error as DeError, Visitor},
};
bitflags! {
/// Fine-grained permissions built using bitwise operations.
#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub struct FinePermission: u32 {
const DEFAULT = 1 << 0;
const ADMINISTRATOR = 1 << 1;
const MANAGE_JOURNAL_PAGES = 1 << 2;
const MANAGE_JOURNAL_ENTRIES = 1 << 3;
const MANAGE_JOURNAL_ENTRY_COMMENTS = 1 << 4;
const MANAGE_USERS = 1 << 5;
const MANAGE_BANS = 1 << 6; // includes managing IP bans
const MANAGE_WARNINGS = 1 << 7;
const MANAGE_NOTIFICATIONS = 1 << 8;
const VIEW_REPORTS = 1 << 9;
const VIEW_AUDIT_LOG = 1 << 10;
const _ = !0;
}
}
impl Serialize for FinePermission {
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where
S: serde::Serializer,
{
serializer.serialize_u32(self.bits())
}
}
struct FinePermissionVisitor;
impl<'de> Visitor<'de> for FinePermissionVisitor {
type Value = FinePermission;
fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
formatter.write_str("u32")
}
fn visit_u32<E>(self, value: u32) -> Result<Self::Value, E>
where
E: DeError,
{
if let Some(permission) = FinePermission::from_bits(value) {
Ok(permission)
} else {
Ok(FinePermission::from_bits_retain(value))
}
}
fn visit_i32<E>(self, value: i32) -> Result<Self::Value, E>
where
E: DeError,
{
if let Some(permission) = FinePermission::from_bits(value as u32) {
Ok(permission)
} else {
Ok(FinePermission::from_bits_retain(value as u32))
}
}
fn visit_u64<E>(self, value: u64) -> Result<Self::Value, E>
where
E: DeError,
{
if let Some(permission) = FinePermission::from_bits(value as u32) {
Ok(permission)
} else {
Ok(FinePermission::from_bits_retain(value as u32))
}
}
}
impl<'de> Deserialize<'de> for FinePermission {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where
D: Deserializer<'de>,
{
deserializer.deserialize_any(FinePermissionVisitor)
}
}
impl FinePermission {
/// Join two [`FinePermission`]s into a single `u32`.
pub fn join(lhs: FinePermission, rhs: FinePermission) -> FinePermission {
lhs | rhs
}
/// Check if the given `input` contains the given [`FinePermission`].
pub fn check(self, permission: FinePermission) -> bool {
if (self & FinePermission::ADMINISTRATOR) == FinePermission::ADMINISTRATOR {
// has administrator permission, meaning everything else is automatically true
return true;
}
(self & permission) == permission
}
/// Check if thhe given [`FinePermission`] is qualifies as "Helper" status.
pub fn check_helper(self) -> bool {
self.check(FinePermission::MANAGE_JOURNAL_ENTRIES)
&& self.check(FinePermission::MANAGE_JOURNAL_PAGES)
&& self.check(FinePermission::MANAGE_JOURNAL_ENTRY_COMMENTS)
&& self.check(FinePermission::MANAGE_WARNINGS)
&& self.check(FinePermission::VIEW_REPORTS)
&& self.check(FinePermission::VIEW_AUDIT_LOG)
}
/// Check if thhe given [`FinePermission`] is qualifies as "Manager" status.
pub fn check_manager(self) -> bool {
self.check_helper() && self.check(FinePermission::ADMINISTRATOR)
}
}
impl Default for FinePermission {
fn default() -> Self {
Self::DEFAULT
}
}