Scoped PATs (#651)

* Scoped PATs

* fix threads issues

* fix migration

src/routes/maven.rs

@@ -1,8 +1,9 @@
 use crate::auth::{get_user_from_headers, is_authorized_version};
 use crate::database::models::project_item::QueryProject;
 use crate::database::models::version_item::{QueryFile, QueryVersion};
+use crate::models::pats::Scopes;
 use crate::models::projects::{ProjectId, VersionId};
-use crate::queue::session::SessionQueue;
+use crate::queue::session::AuthQueue;
 use crate::routes::ApiError;
 use crate::{auth::is_authorized, database};
 use actix_web::{get, route, web, HttpRequest, HttpResponse};
@@ -68,7 +69,7 @@ pub async fn maven_metadata(
     params: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<deadpool_redis::Pool>,
-    session_queue: web::Data<SessionQueue>,
+    session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     let project_id = params.into_inner().0;
     let project_data = database::models::Project::get(&project_id, &**pool, &redis).await?;
@@ -79,9 +80,16 @@ pub async fn maven_metadata(
         return Ok(HttpResponse::NotFound().body(""));
     };
 
-    let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
-        .await
-        .ok();
+    let user_option = get_user_from_headers(
+        &req,
+        &**pool,
+        &redis,
+        &session_queue,
+        Some(&[Scopes::PROJECT_READ]),
+    )
+    .await
+    .map(|x| x.1)
+    .ok();
 
     if !is_authorized(&data.inner, &user_option, &pool).await? {
         return Ok(HttpResponse::NotFound().body(""));
@@ -190,7 +198,7 @@ pub async fn version_file(
     params: web::Path<(String, String, String)>,
     pool: web::Data<PgPool>,
     redis: web::Data<deadpool_redis::Pool>,
-    session_queue: web::Data<SessionQueue>,
+    session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     let (project_id, vnum, file) = params.into_inner();
     let project_data = database::models::Project::get(&project_id, &**pool, &redis).await?;
@@ -201,9 +209,16 @@ pub async fn version_file(
         return Ok(HttpResponse::NotFound().body(""));
     };
 
-    let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
-        .await
-        .ok();
+    let user_option = get_user_from_headers(
+        &req,
+        &**pool,
+        &redis,
+        &session_queue,
+        Some(&[Scopes::PROJECT_READ]),
+    )
+    .await
+    .map(|x| x.1)
+    .ok();
 
     if !is_authorized(&project.inner, &user_option, &pool).await? {
         return Ok(HttpResponse::NotFound().body(""));
@@ -274,7 +289,7 @@ pub async fn version_file_sha1(
     params: web::Path<(String, String, String)>,
     pool: web::Data<PgPool>,
     redis: web::Data<deadpool_redis::Pool>,
-    session_queue: web::Data<SessionQueue>,
+    session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     let (project_id, vnum, file) = params.into_inner();
     let project_data = database::models::Project::get(&project_id, &**pool, &redis).await?;
@@ -285,9 +300,16 @@ pub async fn version_file_sha1(
         return Ok(HttpResponse::NotFound().body(""));
     };
 
-    let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
-        .await
-        .ok();
+    let user_option = get_user_from_headers(
+        &req,
+        &**pool,
+        &redis,
+        &session_queue,
+        Some(&[Scopes::PROJECT_READ]),
+    )
+    .await
+    .map(|x| x.1)
+    .ok();
 
     if !is_authorized(&project.inner, &user_option, &pool).await? {
         return Ok(HttpResponse::NotFound().body(""));
@@ -332,7 +354,7 @@ pub async fn version_file_sha512(
     params: web::Path<(String, String, String)>,
     pool: web::Data<PgPool>,
     redis: web::Data<deadpool_redis::Pool>,
-    session_queue: web::Data<SessionQueue>,
+    session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     let (project_id, vnum, file) = params.into_inner();
     let project_data = database::models::Project::get(&project_id, &**pool, &redis).await?;
@@ -343,9 +365,16 @@ pub async fn version_file_sha512(
         return Ok(HttpResponse::NotFound().body(""));
     };
 
-    let user_option = get_user_from_headers(&req, &**pool, &redis, &session_queue)
-        .await
-        .ok();
+    let user_option = get_user_from_headers(
+        &req,
+        &**pool,
+        &redis,
+        &session_queue,
+        Some(&[Scopes::PROJECT_READ]),
+    )
+    .await
+    .map(|x| x.1)
+    .ok();
 
     if !is_authorized(&project.inner, &user_option, &pool).await? {
         return Ok(HttpResponse::NotFound().body(""));