Chewing_Bever
/
otter
1
0
Fork 0
Code Issues 10 Packages Releases 4 Activity

Compare commits

base: Chewing_Bever:69e84b42660ce8e8778a6fc0724481d40b00412b
Branches Tags
Chewing_Bever:main
Chewing_Bever:signup-links
Chewing_Bever:episode-actions
Chewing_Bever:0.3.0
Chewing_Bever:0.2.1
Chewing_Bever:0.2.0
Chewing_Bever:0.1.0
..
compare: Chewing_Bever:97b30b1840ba25035aeacb3d8ce2d457cac0c6cf
Branches Tags
Chewing_Bever:main
Chewing_Bever:signup-links
Chewing_Bever:episode-actions
Chewing_Bever:0.3.0
Chewing_Bever:0.2.1
Chewing_Bever:0.2.0
Chewing_Bever:0.1.0

No commits in common. "69e84b42660ce8e8778a6fc0724481d40b00412b" and "97b30b1840ba25035aeacb3d8ce2d457cac0c6cf" have entirely different histories.
69e84b4266 ... 97b30b1840

11 changed files with 43 additions and 241 deletions
Show Stats Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -8,7 +8,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased](https://git.rustybever.be/Chewing_Bever/otter) ## [Unreleased](https://git.rustybever.be/Chewing_Bever/otter)
* CLI command to add new users * CLI command to add new users
* Added public sign-up page (disabled by default)
## [0.2.1](https://git.rustybever.be/Chewing_Bever/otter/src/tag/0.2.1) ## [0.2.1](https://git.rustybever.be/Chewing_Bever/otter/src/tag/0.2.1)

2
otter.toml
View File

@ -1,8 +1,6 @@
data_dir = "./data" data_dir = "./data"
log_level = "debug" log_level = "debug"
allow_public_signup = true
[net] [net]
type = "tcp" type = "tcp"
domain = "127.0.0.1" domain = "127.0.0.1"

1
otter/src/cli/serve.rs
View File

@ -23,7 +23,6 @@ pub fn serve(config: &crate::config::Config) -> Result<(), CliError> {
let ctx = server::Context { let ctx = server::Context {
store, store,
tera: Arc::new(tera), tera: Arc::new(tera),
config: config.clone(),
}; };
let app = server::app(ctx.clone()); let app = server::app(ctx.clone());

6
otter/src/config.rs
View File

@ -23,7 +23,7 @@ impl From<LogLevel> for tracing::Level {
} }
} }
#[derive(Serialize, Deserialize, Clone)] #[derive(Serialize, Deserialize)]
#[serde(rename_all = "lowercase")] #[serde(rename_all = "lowercase")]
#[serde(tag = "type")] #[serde(tag = "type")]
pub enum NetConfig { pub enum NetConfig {
@ -31,13 +31,12 @@ pub enum NetConfig {
Unix { path: PathBuf }, Unix { path: PathBuf },
} }
#[derive(Serialize, Deserialize, Clone)] #[derive(Serialize, Deserialize)]
pub struct Config { pub struct Config {
pub net: NetConfig, pub net: NetConfig,
pub data_dir: PathBuf, pub data_dir: PathBuf,
pub session_cleanup_interval: u64, pub session_cleanup_interval: u64,
pub log_level: LogLevel, pub log_level: LogLevel,
pub allow_public_signup: bool,
} }
impl Default for Config { impl Default for Config {
@ -51,7 +50,6 @@ impl Default for Config {
// Once per day // Once per day
session_cleanup_interval: 60 * 60 * 24, session_cleanup_interval: 60 * 60 * 24,
log_level: LogLevel::Warn, log_level: LogLevel::Warn,
allow_public_signup: false,
} }
} }
} }

1
otter/src/server/mod.rs
View File

@ -20,7 +20,6 @@ use tower_http::trace::TraceLayer;
pub struct Context { pub struct Context {
pub store: ::gpodder::GpodderRepository, pub store: ::gpodder::GpodderRepository,
pub tera: Arc<tera::Tera>, pub tera: Arc<tera::Tera>,
pub config: crate::config::Config,
} }
pub fn app(ctx: Context) -> Router { pub fn app(ctx: Context) -> Router {

190
otter/src/server/web/auth.rs
View File

@ -21,7 +21,7 @@ use crate::{
}; };
pub fn router(ctx: Context) -> Router<Context> { pub fn router(ctx: Context) -> Router<Context> {
let mut router = Router::new() Router::new()
// .layer(middleware::from_fn_with_state( // .layer(middleware::from_fn_with_state(
// ctx.clone(), // ctx.clone(),
// auth_web_middleware, // auth_web_middleware,
@ -29,60 +29,7 @@ pub fn router(ctx: Context) -> Router<Context> {
// Login route needs to be handled differently, as the middleware turns it into a redirect // Login route needs to be handled differently, as the middleware turns it into a redirect
// loop // loop
.route("/login", get(get_login).post(post_login)) .route("/login", get(get_login).post(post_login))
.route("/logout", post(post_logout)); .route("/logout", post(post_logout))
// If public signups aren't allowed, we don't even register the route to prevent any dumb
// security mistakes
if ctx.config.allow_public_signup {
router = router.route("/signup", get(get_signup).post(post_signup))
}
router
}
/// Middleware that authenticates the current user via the session token. If the credentials are
/// invalid, the user is redirected to the login page.
pub async fn auth_web_middleware(
State(ctx): State<Context>,
mut req: Request,
next: Next,
) -> Response {
// SAFETY: this extractor's error type is Infallible
let jar: CookieJar = req.extract_parts().await.unwrap();
let redirect = Redirect::to("/login");
match extract_session(ctx, &jar).await {
Ok(Some(session)) => {
req.extensions_mut().insert(session);
next.run(req).await
}
Ok(None) => redirect.into_response(),
Err(err) => err.into_response(),
}
}
pub async fn extract_session(ctx: Context, jar: &CookieJar) -> AppResult<Option<Session>> {
if let Some(session_id) = jar
.get(super::SESSION_ID_COOKIE)
.and_then(|c| c.value().parse::<i64>().ok())
{
match tokio::task::spawn_blocking(move || {
let session = ctx.store.get_session(session_id)?;
ctx.store.refresh_session(&session)?;
Ok(session)
})
.await
.unwrap()
{
Ok(session) => Ok(Some(session)),
Err(gpodder::AuthErr::UnknownSession) => Ok(None),
Err(err) => Err(AppError::from(err)),
}
} else {
Ok(None)
}
} }
async fn get_login(State(ctx): State<Context>, headers: HeaderMap, jar: CookieJar) -> Response { async fn get_login(State(ctx): State<Context>, headers: HeaderMap, jar: CookieJar) -> Response {
@ -94,12 +41,10 @@ async fn get_login(State(ctx): State<Context>, headers: HeaderMap, jar: CookieJa
{ {
Redirect::to("/").into_response() Redirect::to("/").into_response()
} else { } else {
View::Login { View::Login
signup_note: ctx.config.allow_public_signup, .page(&headers)
} .response(&ctx.tera)
.page(&headers) .into_response()
.response(&ctx.tera)
.into_response()
} }
} }
@ -158,106 +103,47 @@ async fn post_logout(State(ctx): State<Context>, jar: CookieJar) -> AppResult<im
Ok(([("HX-Redirect", "/")], jar.remove(super::SESSION_ID_COOKIE))) Ok(([("HX-Redirect", "/")], jar.remove(super::SESSION_ID_COOKIE)))
} }
#[derive(Deserialize)] pub async fn extract_session(ctx: Context, jar: &CookieJar) -> AppResult<Option<Session>> {
struct SignupForm { if let Some(session_id) = jar
username: String, .get(super::SESSION_ID_COOKIE)
password: String, .and_then(|c| c.value().parse::<i64>().ok())
password_confirm: String,
}
struct SignupValidation {
username_available: bool,
passwords_match: bool,
}
impl SignupForm {
fn validate(&self, ctx: &Context) -> AppResult<SignupValidation> {
let username_available = match ctx.store.get_user(&self.username) {
Ok(_) => false,
Err(AuthErr::UnknownUser) => true,
Err(err) => {
return Err(err.into());
}
};
let passwords_match = self.password == self.password_confirm;
Ok(SignupValidation {
username_available,
passwords_match,
})
}
}
impl SignupValidation {
pub fn valid(&self) -> bool {
self.username_available && self.passwords_match
}
}
async fn get_signup(State(ctx): State<Context>, headers: HeaderMap, jar: CookieJar) -> Response {
if extract_session(ctx.clone(), &jar)
.await
.ok()
.flatten()
.is_some()
{ {
Redirect::to("/").into_response()
} else {
View::Signup {
username: None,
username_available: true,
passwords_match: true,
}
.page(&headers)
.response(&ctx.tera)
.into_response()
}
}
async fn post_signup(
State(ctx): State<Context>,
jar: CookieJar,
headers: HeaderMap,
user_agent: Option<TypedHeader<UserAgent>>,
Form(signup): Form<SignupForm>,
) -> AppResult<Response> {
let validation = signup.validate(&ctx)?;
if validation.valid() {
// Create the user and log them in
match tokio::task::spawn_blocking(move || { match tokio::task::spawn_blocking(move || {
let user = ctx.store.create_user(&signup.username, &signup.password)?; let session = ctx.store.get_session(session_id)?;
let user_agent = user_agent.map(|header| header.to_string()); ctx.store.refresh_session(&session)?;
let session = ctx.store.user(&user).create_session(user_agent)?;
Ok::<_, AuthErr>(session) Ok(session)
}) })
.await .await
.unwrap() .unwrap()
{ {
Ok(session) => Ok(( Ok(session) => Ok(Some(session)),
// Redirect forces htmx to reload the full page, refreshing the navbar Err(gpodder::AuthErr::UnknownSession) => Ok(None),
[("HX-Redirect", "/")],
(jar.add(
Cookie::build((super::SESSION_ID_COOKIE, session.id.to_string()))
.secure(true)
.same_site(cookie::SameSite::Lax)
.http_only(true)
.path("/")
.max_age(Duration::days(365)),
)),
)
.into_response()),
Err(err) => Err(AppError::from(err)), Err(err) => Err(AppError::from(err)),
} }
} else { } else {
Ok(View::Signup { Ok(None)
username: Some(signup.username), }
username_available: validation.username_available, }
passwords_match: validation.passwords_match,
} /// Middleware that authenticates the current user via the session token. If the credentials are
.page(&headers) /// invalid, the user is redirected to the login page.
.response(&ctx.tera) pub async fn auth_web_middleware(
.into_response()) State(ctx): State<Context>,
mut req: Request,
next: Next,
) -> Response {
// SAFETY: this extractor's error type is Infallible
let jar: CookieJar = req.extract_parts().await.unwrap();
let redirect = Redirect::to("/login");
match extract_session(ctx, &jar).await {
Ok(Some(session)) => {
req.extensions_mut().insert(session);
next.run(req).await
}
Ok(None) => redirect.into_response(),
Err(err) => err.into_response(),
} }
} }

11
otter/src/web/mod.rs
View File

@ -78,7 +78,7 @@ pub fn initialize_tera() -> tera::Result<tera::Tera> {
include_str!("templates/views/index.html"), include_str!("templates/views/index.html"),
), ),
( (
View::Login { signup_note: false }.template(), View::Login.template(),
include_str!("templates/views/login.html"), include_str!("templates/views/login.html"),
), ),
( (
@ -89,15 +89,6 @@ pub fn initialize_tera() -> tera::Result<tera::Tera> {
View::Users(Vec::new(), 0, None).template(), View::Users(Vec::new(), 0, None).template(),
include_str!("templates/views/users.html"), include_str!("templates/views/users.html"),
), ),
(
View::Signup {
username: None,
username_available: true,
passwords_match: true,
}
.template(),
include_str!("templates/views/signup.html"),
),
])?; ])?;
Ok(tera) Ok(tera)

4
otter/src/web/templates/views/login.html
View File

@ -6,8 +6,4 @@
<input type="password" id="password" name="password"> <input type="password" id="password" name="password">
<input type="submit" value="Login"> <input type="submit" value="Login">
</form> </form>
{% if signup_note %}
<p>Don't have an account yet? <a hx-get="/signup" hx-target="#inner" hx-push-url="/signup">Create one here</a>!</p>
{% endif %}
</article> </article>

34
otter/src/web/templates/views/signup.html
View File

@ -1,34 +0,0 @@
<article>
<form hx-post hx-target="#inner">
<label for="username">Username:</label>
<input
type="text"
id="username"
name="username"
value="{{ username }}"
{% if not username_available %}
aria-invalid="true"
aria-describedby="username-helper"
{% endif %}
>
{% if not username_available %}
<small id="username-helper">Username not available</small>
{% endif %}
<label for="password">Password:</label>
<input type="password" id="password" name="password">
<label for="password_confirm">Confirm password:</label>
<input
type="password"
id="password_confirm"
name="password_confirm"
{% if not passwords_match %}
aria-invalid="true"
aria-describedby="password-helper"
{% endif %}
>
{% if not passwords_match %}
<small id="password-helper">Passwords don't match</small>
{% endif %}
<input type="submit" value="Sign Up">
</form>
</article>

10
otter/src/web/templates/views/users.html
View File

@ -12,21 +12,11 @@
<table id="users"> <table id="users">
<thead> <thead>
<th>Username</th> <th>Username</th>
<th>Action</th>
</thead> </thead>
<tbody> <tbody>
{%- for user in users %} {%- for user in users %}
<tr> <tr>
<th>{{ user.username }}</th> <th>{{ user.username }}</th>
<th>
{%- if user.id != current_user_id -%}
<a hx-delete="/users/{{ user.id }}"
hx-target="closest tr"
>Remove</a>
{%- else -%}
Current user
{%- endif -%}
</th>
</tr> </tr>
{% endfor -%} {% endfor -%}

24
otter/src/web/view.rs
View File

@ -5,16 +5,9 @@ use super::{Query, Template};
pub enum View { pub enum View {
Index, Index,
Login { Login,
signup_note: bool,
},
Sessions(Vec<gpodder::Session>, i64, Option<Query>), Sessions(Vec<gpodder::Session>, i64, Option<Query>),
Users(Vec<gpodder::User>, i64, Option<Query>), Users(Vec<gpodder::User>, i64, Option<Query>),
Signup {
username: Option<String>,
username_available: bool,
passwords_match: bool,
},
} }
#[derive(Serialize)] #[derive(Serialize)]
@ -34,10 +27,9 @@ impl Template for View {
fn template(&self) -> &'static str { fn template(&self) -> &'static str {
match self { match self {
Self::Index => "views/index.html", Self::Index => "views/index.html",
Self::Login { .. } => "views/login.html", Self::Login => "views/login.html",
Self::Sessions(..) => "views/sessions.html", Self::Sessions(..) => "views/sessions.html",
Self::Users(..) => "views/users.html", Self::Users(..) => "views/users.html",
Self::Signup { .. } => "views/signup.html",
} }
} }
@ -69,18 +61,6 @@ impl Template for View {
ctx.insert("next_page_query", &query.encode()); ctx.insert("next_page_query", &query.encode());
} }
} }
Self::Signup {
username,
username_available,
passwords_match,
} => {
ctx.insert("username", &username);
ctx.insert("username_available", &username_available);
ctx.insert("passwords_match", &passwords_match);
}
Self::Login { signup_note } => {
ctx.insert("signup_note", &signup_note);
}
_ => {} _ => {}
}; };