eightequal/AstralRinth
1
0
Fork 0
forked from didirus/AstralRinth
Code Pull Requests Activity

github token support (#629)

Browse Source 
* github token support

* sqlx-data

* renamed github, modrinth tokens

* removed prints
This commit is contained in:
Wyatt Verchere
2023-06-08 16:35:12 -07:00
committed by GitHub
parent abc99c7e69
commit b84d9c5d55
6 changed files with 89 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
sqlx-data.json
View File

@@ -4827,6 +4827,19 @@
}, },
"query": "\n DELETE FROM dependencies WHERE mod_dependency_id = NULL AND dependency_id = NULL AND dependency_file_name = NULL\n " "query": "\n DELETE FROM dependencies WHERE mod_dependency_id = NULL AND dependency_id = NULL AND dependency_file_name = NULL\n "
}, },
"af3f99ebd31aab8c911c9843dd8be814f302b41c9f7712944af14ab291fc0bdc": {
"describe": {
"columns": [],
"nullable": [],
"parameters": {
"Left": [
"Int8",
"Text"
]
}
},
"query": "\n UPDATE users\n SET github_id = $1\n WHERE kratos_id = $2\n "
},
"b0c29c51bd3ae5b93d487471a98ee9bbb43a4df468ba781852b137dd315b9608": { "b0c29c51bd3ae5b93d487471a98ee9bbb43a4df468ba781852b137dd315b9608": {
"describe": { "describe": {
"columns": [], "columns": [],

39
src/routes/v2/admin.rs
View File

@@ -20,6 +20,7 @@ pub fn config(cfg: &mut web::ServiceConfig) {
web::scope("admin") web::scope("admin")
.service(count_download) .service(count_download)
.service(add_minos_user) .service(add_minos_user)
.service(edit_github_id)
.service(get_legacy_account) .service(get_legacy_account)
.service(process_payout), .service(process_payout),
); );
@@ -39,6 +40,44 @@ pub async fn add_minos_user(
Ok(HttpResponse::Ok().finish()) Ok(HttpResponse::Ok().finish())
} }
// Add or update a user's GitHub ID by their kratos id
// OIDC ids should be kept in Minos, but Github is duplicated in Labrinth for legacy support
// This should not be directly useable by applications, only by the Minos backend
// user id is passed in path, github id is passed in body
#[derive(Deserialize)]
pub struct EditGithubId {
github_id: Option<String>,
}
#[post("_edit_github_id/{kratos_id}", guard = "admin_key_guard")]
pub async fn edit_github_id(
pool: web::Data<PgPool>,
kratos_id: web::Path<String>,
github_id: web::Json<EditGithubId>,
) -> Result<HttpResponse, ApiError> {
let github_id = github_id.into_inner().github_id;
// Parse error if github inner id not a number
let github_id = github_id
.as_ref()
.map(|x| x.parse::<i64>())
.transpose()
.map_err(|_| ApiError::InvalidInput("Github id must be a number".to_string()))?;
let mut transaction = pool.begin().await?;
sqlx::query!(
"
UPDATE users
SET github_id = $1
WHERE kratos_id = $2
",
github_id,
kratos_id.into_inner()
)
.execute(&mut transaction)
.await?;
transaction.commit().await?;
Ok(HttpResponse::Ok().finish())
}
#[get("_legacy_account/{github_id}", guard = "admin_key_guard")] #[get("_legacy_account/{github_id}", guard = "admin_key_guard")]
pub async fn get_legacy_account( pub async fn get_legacy_account(

2
src/routes/v2/pats.rs
View File

@@ -78,7 +78,7 @@ pub async fn get_pats(req: HttpRequest, pool: Data<PgPool>) -> Result<HttpRespon
// POST /pat // POST /pat
// Create a new personal access token for the given user. Minos/Kratos cookie must be attached for it to work. // Create a new personal access token for the given user. Minos/Kratos cookie must be attached for it to work.
// All PAT tokens are base62 encoded, and are prefixed with "mod_" // All PAT tokens are base62 encoded, and are prefixed with "modrinth_pat_"
#[post("pat")] #[post("pat")]
pub async fn create_pat( pub async fn create_pat(
req: HttpRequest, req: HttpRequest,

36
src/util/auth.rs
View File

@@ -313,9 +313,12 @@ where
let token: &str = token.trim_start_matches("Bearer "); let token: &str = token.trim_start_matches("Bearer ");
// Tokens beginning with Ory are considered to be Kratos tokens (in reality, extracted cookies) and can be forwarded to Minos // Tokens beginning with Ory are considered to be Kratos tokens (in reality, extracted cookies) and can be forwarded to Minos
let possible_user = match token.split_at(4) { let possible_user = match token.split_once('_') {
("mod_", _) => get_user_from_pat(token, executor).await?, Some(("modrinth", _)) => get_user_from_pat(token, executor).await?,
("ory_", _) => get_user_from_minos_session_token(token, executor).await?, Some(("ory", _)) => get_user_from_minos_session_token(token, executor).await?,
Some(("github", _)) | Some(("gho", _)) | Some(("ghp", _)) => {
get_user_from_github_token(token, executor).await?
}
_ => return Err(AuthenticationError::InvalidAuthMethod), _ => return Err(AuthenticationError::InvalidAuthMethod),
}; };
Ok(possible_user) Ok(possible_user)
@@ -341,11 +344,36 @@ where
); );
let res = req.send().await?.error_for_status()?; let res = req.send().await?.error_for_status()?;
let minos_user: MinosUser = res.json().await?; let minos_user: MinosUser = res.json().await?;
let db_user = models::User::get_from_minos_kratos_id(minos_user.id.clone(), executor).await?; let db_user = models::User::get_from_minos_kratos_id(minos_user.id.clone(), executor).await?;
Ok(db_user) Ok(db_user)
} }
#[derive(Serialize, Deserialize, Debug)]
pub struct GitHubUser {
pub id: u64,
}
// Get a database user from a GitHub PAT
pub async fn get_user_from_github_token<'a, E>(
access_token: &str,
executor: E,
) -> Result<Option<user_item::User>, AuthenticationError>
where
E: sqlx::Executor<'a, Database = sqlx::Postgres>,
{
let github_user: GitHubUser = reqwest::Client::new()
.get("https://api.github.com/user")
.header(reqwest::header::USER_AGENT, "Modrinth")
.header(
reqwest::header::AUTHORIZATION,
format!("token {access_token}"),
)
.send()
.await?
.json()
.await?;
Ok(user_item::User::get_from_github_id(github_user.id, executor).await?)
}
pub async fn check_is_moderator_from_headers<'a, 'b, E>( pub async fn check_is_moderator_from_headers<'a, 'b, E>(
headers: &HeaderMap, headers: &HeaderMap,
executor: E, executor: E,

1
src/util/guards.rs
View File

@@ -4,7 +4,6 @@ pub const ADMIN_KEY_HEADER: &str = "Modrinth-Admin";
pub fn admin_key_guard(ctx: &GuardContext) -> bool { pub fn admin_key_guard(ctx: &GuardContext) -> bool {
let admin_key = std::env::var("LABRINTH_ADMIN_KEY") let admin_key = std::env::var("LABRINTH_ADMIN_KEY")
.expect("No admin key provided, this should have been caught by check_env_vars"); .expect("No admin key provided, this should have been caught by check_env_vars");
ctx.head() ctx.head()
.headers() .headers()
.get(ADMIN_KEY_HEADER) .get(ADMIN_KEY_HEADER)

8
src/util/pat.rs
View File

@@ -75,7 +75,7 @@ where
Ok(None) Ok(None)
} }
// Generate a new 128 char PAT token starting with 'mod_' // Generate a new 128 char PAT token starting with 'modrinth_pat_'
pub async fn generate_pat( pub async fn generate_pat(
con: &mut sqlx::Transaction<'_, sqlx::Postgres>, con: &mut sqlx::Transaction<'_, sqlx::Postgres>,
) -> Result<String, DatabaseError> { ) -> Result<String, DatabaseError> {
@@ -86,9 +86,9 @@ pub async fn generate_pat(
// First generate the PAT token as a random 128 char string. This may include uppercase and lowercase and numbers only. // First generate the PAT token as a random 128 char string. This may include uppercase and lowercase and numbers only.
loop { loop {
let mut access_token = String::with_capacity(63); let mut access_token = String::with_capacity(63);
access_token.push_str("mod_"); access_token.push_str("modrinth_pat_");
for _ in 0..60 { for _ in 0..51 {
let c = rng.gen_range(0..60); let c = rng.gen_range(0..62);
if c < 10 { if c < 10 {
access_token.push(char::from_u32(c + 48).unwrap()); // 0-9 access_token.push(char::from_u32(c + 48).unwrap()); // 0-9
} else if c < 36 { } else if c < 36 {