t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases 5 Packages Wiki Activity Actions

add: service edit date + browser session ids

Browse source
This commit is contained in:
trisua 2025-07-11 18:56:49 -04:00
parent 9aee80493f
commit cfcc2358f4
17 changed files with 148 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

14
crates/app/src/macros.rs
View file

@ -140,6 +140,20 @@ macro_rules! get_user_from_token {
None
}
}};
(--browser_session=$browser_session:expr, $db:expr) => {{
// browser session id
match $db.get_user_by_browser_session(&$browser_session).await {
Ok(ua) => {
if ua.permissions.check_banned() {
None
} else {
Some(ua)
}
}
Err(_) => None,
}
}};
}
#[macro_export]

2
crates/app/src/main.rs
View file

@ -123,7 +123,7 @@ async fn main() {
.merge(routes::routes(&config))
.layer(SetResponseHeaderLayer::if_not_present(
HeaderName::from_static("content-security-policy"),
HeaderValue::from_static("default-src 'self' *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' *; script-src 'self' 'unsafe-inline' *; worker-src * blob:; object-src 'self' *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self' *; frame-ancestors 'self'"),
HeaderValue::from_static("default-src 'self' *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' *; script-src 'self' 'unsafe-inline' *; worker-src * blob:; object-src 'self' *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self' blob: *; frame-ancestors 'self'"),
));
}

7
crates/app/src/public/html/littleweb/browser.lisp
View file

@ -55,7 +55,7 @@
(iframe
("id" "browser_iframe")
("frameborder" "0")
("src" "{% if path -%} {{ config.lw_host }}/api/v1/net/{{ path }} {%- endif %}"))
("src" "{% if path -%} {{ config.lw_host }}/api/v1/net/{{ path }}?s={{ session }} {%- endif %}"))
(style
("data-turbo-temporary" "true")
@ -116,14 +116,15 @@
}"))
(script
(text "function littleweb_navigate(uri) {
(text "globalThis.SECRET_SESSION = \"{{ session }}\";
function littleweb_navigate(uri) {
if (!uri.includes(\".html\")) {
uri = `${uri}/index.html`;
}
// ...
console.log(\"navigate\", uri);
document.getElementById(\"browser_iframe\").src = `{{ config.lw_host|safe }}/api/v1/net/${uri}`;
document.getElementById(\"browser_iframe\").src = `{{ config.lw_host|safe }}/api/v1/net/${uri}?s={{ session }}`;
}
document.getElementById(\"browser_iframe\").addEventListener(\"load\", (e) => {

5
crates/app/src/public/html/littleweb/services.lisp
View file

@ -73,7 +73,10 @@
(span
("class" "date")
(text "{{ item.created }}"))
(text "; {{ item.files|length }} files")))
(text "; Updated ")
(span
("class" "date")
(text "{{ item.revision }}"))))
(text "{% endfor %}"))))
(script

4
crates/app/src/public/js/proto_links.js
View file

@ -54,7 +54,7 @@ function fix_atto_links() {
`atto://${path.replace("atto://", "").split("/")[0]}${x}`;
} else {
y[property] =
`/api/v1/net/${path.replace("atto://", "").split("/")[0]}${x}`;
`/api/v1/net/${path.replace("atto://", "").split("/")[0]}${x}?s=${globalThis.SECRET_SESSION}`;
}
}
}
@ -112,7 +112,7 @@ function fix_atto_links() {
if (TETRATTO_LINK_HANDLER_CTX === "net") {
window.location.href = `/net/${href.replace("atto://", "")}`;
} else {
window.location.href = `/api/v1/net/${href}`;
window.location.href = `/api/v1/net/${href}?s=${globalThis.SECRET_SESSION}`;
}
});

59
crates/app/src/routes/api/v1/domains.rs
View file

@ -3,13 +3,21 @@ use crate::{
routes::api::v1::{CreateDomain, UpdateDomainData},
State,
};
use axum::{extract::Path, response::IntoResponse, http::StatusCode, Extension, Json};
use axum::{
extract::{Path, Query},
http::StatusCode,
response::IntoResponse,
Extension, Json,
};
use axum_extra::extract::CookieJar;
use tetratto_core::model::{
auth::AchievementName,
littleweb::{Domain, ServiceFsMime},
oauth, ApiReturn, Error,
oauth,
permissions::FinePermission,
ApiReturn, Error,
};
use serde::Deserialize;
pub async fn get_request(
Path(id): Path<usize>,
@ -119,9 +127,16 @@ pub async fn delete_request(
}
}
#[derive(Deserialize)]
pub struct GetFileQuery {
#[serde(default, alias = "s")]
pub session: String,
}
pub async fn get_file_request(
Path(mut addr): Path<String>,
Extension(data): Extension<State>,
Query(props): Query<GetFileQuery>,
) -> impl IntoResponse {
if !addr.starts_with("atto://") {
addr = format!("atto://{addr}");
@ -129,8 +144,21 @@ pub async fn get_file_request(
// ...
let data = &(data.read().await).0;
let user = get_user_from_token!(--browser_session = props.session, data);
let (subdomain, domain, tld, path) = Domain::from_str(&addr);
if path.starts_with("$") && user.is_none() {
return Err((StatusCode::BAD_REQUEST, Error::NotAllowed.to_string()));
} else if let Some(ref ua) = user
&& path.starts_with("$paid")
&& !ua.permissions.check(FinePermission::SUPPORTER)
{
return Err((
StatusCode::BAD_REQUEST,
Error::RequiresSupporter.to_string(),
));
}
// resolve domain
let domain = match data.get_domain_by_name_tld(&domain, &tld).await {
Ok(x) => x,
@ -160,17 +188,28 @@ pub async fn get_file_request(
Some((f, _)) => Ok((
[("Content-Type".to_string(), f.mime.to_string())],
if f.mime == ServiceFsMime::Html {
f.content.replace(
"</body>",
&format!(
"<script src=\"{}/js/proto_links.js\" defer></script></body>",
data.0.0.host
),
)
f.content
.replace(
"</body>",
&format!(
"<script src=\"{}/js/proto_links.js\" defer></script><script>
globalThis.SECRET_SESSION = \"{}\";
</script></body>",
data.0.0.host, props.session
),
)
.replace(
".js\"",
&format!(".js?r={}&s={}\"", service.revision, props.session),
)
.replace(
".css\"",
&format!(".css?r={}&s={}\"", service.revision, props.session),
)
} else {
f.content
}
.replace("atto://", "/api/v1/net/atto://"),
.replace("atto://", "/api/v1/net/"),
)),
None => {
return Err((

17
crates/app/src/routes/api/v1/services.rs
View file

@ -8,6 +8,7 @@ use crate::{
use axum::{extract::Path, response::IntoResponse, Extension, Json};
use axum_extra::extract::CookieJar;
use tetratto_core::model::{auth::AchievementName, littleweb::Service, oauth, ApiReturn, Error};
use tetratto_shared::unix_epoch_timestamp;
pub async fn get_request(
Path(id): Path<usize>,
@ -156,11 +157,17 @@ pub async fn update_content_request(
// ...
match data.update_service_files(id, &user, service.files).await {
Ok(_) => Json(ApiReturn {
ok: true,
message: "Service updated".to_string(),
payload: (),
}),
Ok(_) => match data
.update_service_revision(id, unix_epoch_timestamp() as i64)
.await
{
Ok(_) => Json(ApiReturn {
ok: true,
message: "Service updated".to_string(),
payload: (),
}),
Err(e) => Json(e.into()),
},
Err(e) => Json(e.into()),
}
}

2
crates/app/src/routes/pages/journals.rs
View file

@ -365,7 +365,7 @@ pub async fn global_view_request(
Ok((
[(
"content-security-policy",
"default-src 'self' *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' *; script-src 'self' 'unsafe-inline' *; worker-src * blob:; object-src 'self' *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self' *; frame-ancestors *",
"default-src 'self' *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' *; script-src 'self' 'unsafe-inline' *; worker-src * blob:; object-src 'self' *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self' blob: *; frame-ancestors *",
)],
Html(data.1.render("journals/app.html", &context).unwrap()),
))

33
crates/app/src/routes/pages/littleweb.rs
View file

@ -11,6 +11,7 @@ use axum::{
use axum_extra::extract::CookieJar;
use tetratto_core::model::{littleweb::TLDS_VEC, permissions::SecondaryPermission, Error};
use serde::Deserialize;
use tetratto_shared::hash::salt;
/// `/services`
pub async fn services_request(
@ -230,12 +231,26 @@ pub async fn browser_home_request(
let data = data.read().await;
let user = get_user_from_token!(jar, data.0);
// update session
let session = salt();
if let Some(ref ua) = user {
if let Err(e) = data.0.update_user_browser_session(ua.id, &session).await {
return Err(Html(render_error(e.into(), &jar, &data, &None).await));
}
}
// ...
let lang = get_lang!(jar, data.0);
let mut context = initial_context(&data.0.0.0, lang, &user).await;
context.insert("path", &"");
context.insert("session", &session);
// return
Html(data.1.render("littleweb/browser.html", &context).unwrap())
Ok(Html(
data.1.render("littleweb/browser.html", &context).unwrap(),
))
}
/// `/net/{uri}`
@ -255,10 +270,24 @@ pub async fn browser_request(
uri = format!("atto://{uri}");
}
// update session
let session = salt();
if let Some(ref ua) = user {
if let Err(e) = data.0.update_user_browser_session(ua.id, &session).await {
return Err(Html(render_error(e.into(), &jar, &data, &None).await));
}
}
// ...
let lang = get_lang!(jar, data.0);
let mut context = initial_context(&data.0.0.0, lang, &user).await;
context.insert("session", &session);
context.insert("path", &uri.replace("atto://", ""));
// return
Html(data.1.render("littleweb/browser.html", &context).unwrap())
Ok(Html(
data.1.render("littleweb/browser.html", &context).unwrap(),
))
}