diff options
| author | metamuffin <metamuffin@disroot.org> | 2025-01-29 18:03:06 +0100 |
|---|---|---|
| committer | metamuffin <metamuffin@disroot.org> | 2025-01-29 18:03:06 +0100 |
| commit | db511d3fe50f05329615f718515fab1b80d9e06a (patch) | |
| tree | 7969fea01be100cbe4385ad13a14940a987ac513 /server/src/routes/ui/account | |
| parent | 82e8a55a1496ae9132e13e7286fe1c0d57d586d3 (diff) | |
| download | jellything-db511d3fe50f05329615f718515fab1b80d9e06a.tar jellything-db511d3fe50f05329615f718515fab1b80d9e06a.tar.bz2 jellything-db511d3fe50f05329615f718515fab1b80d9e06a.tar.zst | |
no direct redb access
Diffstat (limited to 'server/src/routes/ui/account')
| -rw-r--r-- | server/src/routes/ui/account/mod.rs | 54 | ||||
| -rw-r--r-- | server/src/routes/ui/account/session/guard.rs | 17 | ||||
| -rw-r--r-- | server/src/routes/ui/account/settings.rs | 66 |
3 files changed, 47 insertions, 90 deletions
diff --git a/server/src/routes/ui/account/mod.rs b/server/src/routes/ui/account/mod.rs index d73cf4c..6139a08 100644 --- a/server/src/routes/ui/account/mod.rs +++ b/server/src/routes/ui/account/mod.rs @@ -8,7 +8,7 @@ pub mod settings; use super::{error::MyError, layout::LayoutPage}; use crate::{ - database::DataAcid, + database::Database, routes::ui::{ account::session::Session, error::MyResult, home::rocket_uri_macro_r_home, layout::DynLayoutPage, @@ -18,10 +18,7 @@ use crate::{ use anyhow::anyhow; use argon2::{password_hash::Salt, Argon2, PasswordHasher}; use chrono::Duration; -use jellybase::{ - database::{Ser, TableExt, T_INVITE, T_USER}, - CONF, -}; +use jellybase::CONF; use jellycommon::user::{User, UserPermission}; use rocket::{ form::{Contextual, Form}, @@ -124,7 +121,7 @@ pub fn r_account_logout() -> DynLayoutPage<'static> { #[post("/account/register", data = "<form>")] pub fn r_account_register_post<'a>( - database: &'a State<DataAcid>, + database: &'a State<Database>, _sess: Option<Session>, form: Form<Contextual<'a, RegisterForm>>, ) -> MyResult<DynLayoutPage<'a>> { @@ -134,31 +131,16 @@ pub fn r_account_register_post<'a>( None => return Err(format_form_error(form)), }; - let txn = database.begin_write()?; - let mut invites = txn.open_table(T_INVITE)?; - let mut users = txn.open_table(T_USER)?; - - if invites.remove(&*form.invitation)?.is_none() { - Err(anyhow!("invitation invalid"))?; - } - let prev_user = users - .insert( - &*form.username, - Ser(User { - display_name: form.username.clone(), - name: form.username.clone(), - password: hash_password(&form.username, &form.password), - ..Default::default() - }), - )? - .map(|x| x.value().0); - if prev_user.is_some() { - Err(anyhow!("username taken"))?; - } - - drop(users); - drop(invites); - txn.commit()?; + database.register_user( + &form.invitation, + &form.username, + User { + display_name: form.username.clone(), + name: form.username.clone(), + password: hash_password(&form.username, &form.password), + ..Default::default() + }, + )?; Ok(LayoutPage { title: "Registration successful".to_string(), @@ -175,7 +157,7 @@ pub fn r_account_register_post<'a>( #[post("/account/login", data = "<form>")] pub fn r_account_login_post( - database: &State<DataAcid>, + database: &State<Database>, jar: &CookieJar, form: Form<Contextual<LoginForm>>, ) -> MyResult<Redirect> { @@ -202,17 +184,17 @@ pub fn r_account_logout_post(jar: &CookieJar) -> MyResult<Redirect> { } pub fn login_logic( - database: &DataAcid, + database: &Database, username: &str, password: &str, expire: Option<i64>, drop_permissions: Option<HashSet<UserPermission>>, ) -> MyResult<String> { - // hashing the password regardless if the accounts exists to prevent timing attacks + // hashing the password regardless if the accounts exists to better resist timing attacks let password = hash_password(username, password); - let mut user = T_USER - .get(database, username)? + let mut user = database + .get_user(username)? .ok_or(anyhow!("invalid password"))?; if user.password != password { diff --git a/server/src/routes/ui/account/session/guard.rs b/server/src/routes/ui/account/session/guard.rs index 6a9bdaf..57540cf 100644 --- a/server/src/routes/ui/account/session/guard.rs +++ b/server/src/routes/ui/account/session/guard.rs @@ -4,9 +4,8 @@ Copyright (C) 2025 metamuffin <metamuffin.org> */ use super::{AdminSession, Session}; -use crate::{database::DataAcid, routes::ui::error::MyError}; +use crate::{database::Database, routes::ui::error::MyError}; use anyhow::anyhow; -use jellybase::database::T_USER; use log::warn; use rocket::{ async_trait, @@ -36,19 +35,9 @@ impl Session { username = "admin".to_string(); } - let db = req.guard::<&State<DataAcid>>().await.unwrap(); + let db = req.guard::<&State<Database>>().await.unwrap(); - let user = { - let txn = db.inner.begin_read()?; - let table = txn.open_table(T_USER)?; - let user = table - .get(&*username)? - .ok_or(anyhow!("user not found"))? - .value() - .0; - drop(table); - user - }; + let user = db.get_user(&username)?.ok_or(anyhow!("user not found"))?; Ok(Session { user }) } diff --git a/server/src/routes/ui/account/settings.rs b/server/src/routes/ui/account/settings.rs index 24e90de..06754b1 100644 --- a/server/src/routes/ui/account/settings.rs +++ b/server/src/routes/ui/account/settings.rs @@ -5,7 +5,7 @@ */ use super::{format_form_error, hash_password}; use crate::{ - database::DataAcid, + database::Database, routes::ui::{ account::{rocket_uri_macro_r_account_login, session::Session}, error::MyResult, @@ -13,11 +13,7 @@ use crate::{ }, uri, }; -use anyhow::anyhow; -use jellybase::{ - database::{redb::ReadableTable, Ser, T_USER}, - permission::PermissionSetExt, -}; +use jellybase::permission::PermissionSetExt; use jellycommon::user::{PlayerKind, Theme, UserPermission}; use markup::{Render, RenderAttributeValue}; use rocket::{ @@ -117,7 +113,7 @@ pub fn r_account_settings(session: Session) -> DynLayoutPage<'static> { #[post("/account/settings", data = "<form>")] pub fn r_account_settings_post( session: Session, - database: &State<DataAcid>, + database: &State<Database>, form: Form<Contextual<SettingsForm>>, ) -> MyResult<DynLayoutPage<'static>> { session @@ -132,39 +128,29 @@ pub fn r_account_settings_post( let mut out = String::new(); - let txn = database.begin_write()?; - let mut users = txn.open_table(T_USER)?; - - let mut user = users - .get(&*session.user.name)? - .ok_or(anyhow!("user missing"))? - .value() - .0; - - if let Some(password) = &form.password { - user.password = hash_password(&session.user.name, password); - out += "Password updated\n"; - } - if let Some(display_name) = &form.display_name { - user.display_name = display_name.clone(); - out += "Display name updated\n"; - } - if let Some(theme) = form.theme { - user.theme = theme; - out += "Theme updated\n"; - } - if let Some(player_preference) = form.player_preference { - user.player_preference = player_preference; - out += "Player preference changed.\n"; - } - if let Some(native_secret) = &form.native_secret { - user.native_secret = native_secret.to_owned(); - out += "Native secret updated.\n"; - } - - users.insert(&*session.user.name, Ser(user))?; - drop(users); - txn.commit()?; + database.update_user(&session.user.name, |user| { + if let Some(password) = &form.password { + user.password = hash_password(&session.user.name, password); + out += "Password updated\n"; + } + if let Some(display_name) = &form.display_name { + user.display_name = display_name.clone(); + out += "Display name updated\n"; + } + if let Some(theme) = form.theme { + user.theme = theme; + out += "Theme updated\n"; + } + if let Some(player_preference) = form.player_preference { + user.player_preference = player_preference; + out += "Player preference changed.\n"; + } + if let Some(native_secret) = &form.native_secret { + user.native_secret = native_secret.to_owned(); + out += "Native secret updated.\n"; + } + Ok(()) + })?; Ok(settings_page( session, // using the old session here, results in outdated theme being displayed |