eightequal/AstralRinth
1
0
Fork 0
forked from didirus/AstralRinth
Code Pull Requests Activity

Fix access controls (#109)

Browse Source 
* Fix access controls

* Remove CF indexing, fix some stuff
This commit is contained in:
Geometrically
2020-12-02 10:24:20 -07:00
committed by GitHub
parent b3f724c799
commit df5684a9f8
9 changed files with 69 additions and 448 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/routes/mod.rs
View File

@@ -106,6 +106,8 @@ pub enum ApiError {
InvalidInputError(String),
#[error("Search Error: {0}")]
SearchError(#[from] meilisearch_sdk::errors::Error),
#[error("Indexing Error: {0}")]
IndexingError(#[from] crate::search::indexing::IndexingError),
}
impl actix_web::ResponseError for ApiError {
@@ -117,6 +119,7 @@ impl actix_web::ResponseError for ApiError {
ApiError::CustomAuthenticationError(..) => actix_web::http::StatusCode::UNAUTHORIZED,
ApiError::JsonError(..) => actix_web::http::StatusCode::BAD_REQUEST,
ApiError::SearchError(..) => actix_web::http::StatusCode::INTERNAL_SERVER_ERROR,
ApiError::IndexingError(..) => actix_web::http::StatusCode::INTERNAL_SERVER_ERROR,
ApiError::FileHostingError(..) => actix_web::http::StatusCode::INTERNAL_SERVER_ERROR,
ApiError::InvalidInputError(..) => actix_web::http::StatusCode::BAD_REQUEST,
}
@@ -132,6 +135,7 @@ impl actix_web::ResponseError for ApiError {
ApiError::CustomAuthenticationError(..) => "unauthorized",
ApiError::JsonError(..) => "json_error",
ApiError::SearchError(..) => "search_error",
ApiError::IndexingError(..) => "indexing_error",
ApiError::FileHostingError(..) => "file_hosting_error",
ApiError::InvalidInputError(..) => "invalid_input",
},

14
src/routes/mod_creation.rs
View File

@@ -165,7 +165,7 @@ pub async fn mod_create(
&mut transaction,
&***file_host,
&mut uploaded_files,
&***indexing_queue,
&***indexing_queue
)
.await;
@@ -557,7 +557,7 @@ async fn mod_create_inner(
body_url: mod_builder.body_url.clone(),
published: now,
updated: now,
status,
status: status.clone(),
license: License {
id: mod_create_data.license_id.clone(),
name: "".to_string(),
@@ -582,10 +582,12 @@ async fn mod_create_inner(
let _mod_id = mod_builder.insert(&mut *transaction).await?;
let index_mod =
crate::search::indexing::local_import::query_one(mod_id.into(), &mut *transaction)
.await?;
indexing_queue.add(index_mod);
if status.is_searchable() {
let index_mod =
crate::search::indexing::local_import::query_one(mod_id.into(), &mut *transaction)
.await?;
indexing_queue.add(index_mod);
}
Ok(HttpResponse::Ok().json(response))
}

17
src/routes/mods.rs
View File

@@ -11,6 +11,8 @@ use futures::StreamExt;
use serde::{Deserialize, Serialize};
use sqlx::PgPool;
use std::sync::Arc;
use crate::search::indexing::queue::CreationQueue;
use actix_web::web::Data;
#[get("mod")]
pub async fn mod_search(
@@ -58,7 +60,7 @@ pub async fn mods_get(
let user_id: database::models::ids::UserId = user.id.into();
let mod_exists = sqlx::query!(
"SELECT EXISTS(SELECT 1 FROM team_members WHERE id = $1 AND user_id = $2)",
"SELECT EXISTS(SELECT 1 FROM team_members WHERE team_id = $1 AND user_id = $2)",
mod_data.inner.team_id as database::models::ids::TeamId,
user_id as database::models::ids::UserId,
)
@@ -104,7 +106,7 @@ pub async fn mod_slug_get(
let user_id: database::models::ids::UserId = user.id.into();
let mod_exists = sqlx::query!(
"SELECT EXISTS(SELECT 1 FROM team_members WHERE id = $1 AND user_id = $2)",
"SELECT EXISTS(SELECT 1 FROM team_members WHERE team_id = $1 AND user_id = $2)",
data.inner.team_id as database::models::ids::TeamId,
user_id as database::models::ids::UserId,
)
@@ -151,7 +153,7 @@ pub async fn mod_get(
let user_id: database::models::ids::UserId = user.id.into();
let mod_exists = sqlx::query!(
"SELECT EXISTS(SELECT 1 FROM team_members WHERE id = $1 AND user_id = $2)",
"SELECT EXISTS(SELECT 1 FROM team_members WHERE team_id = $1 AND user_id = $2)",
data.inner.team_id as database::models::ids::TeamId,
user_id as database::models::ids::UserId,
)
@@ -265,6 +267,7 @@ pub async fn mod_edit(
config: web::Data<SearchConfig>,
file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
new_mod: web::Json<EditMod>,
indexing_queue: Data<Arc<CreationQueue>>,
) -> Result<HttpResponse, ApiError> {
let user = get_user_from_headers(req.headers(), &**pool).await?;
@@ -378,8 +381,14 @@ pub async fn mod_edit(
.await
.map_err(|e| ApiError::DatabaseError(e.into()))?;
if mod_item.status.is_searchable() && status.is_searchable() {
if mod_item.status.is_searchable() && !status.is_searchable() {
delete_from_index(id.into(), config).await?;
} else if !mod_item.status.is_searchable() && status.is_searchable() {
let index_mod =
crate::search::indexing::local_import::query_one(mod_id.into(), &mut *transaction)
.await?;
indexing_queue.add(index_mod);
}
}

4
src/routes/versions.rs
View File

@@ -81,7 +81,7 @@ pub async fn versions_get(
let user_id: database::models::ids::UserId = user.id.into();
let member_exists = sqlx::query!(
"SELECT EXISTS(SELECT 1 FROM team_members tm INNER JOIN mods m ON m.team_id = tm.id AND m.id = $1 WHERE tm.user_id = $2)",
"SELECT EXISTS(SELECT 1 FROM team_members tm INNER JOIN mods m ON m.team_id = tm.team_id AND m.id = $1 WHERE tm.user_id = $2)",
version.mod_id as database::models::ModId,
user_id as database::models::ids::UserId,
)
@@ -123,7 +123,7 @@ pub async fn version_get(
let user_id: database::models::ids::UserId = user.id.into();
let member_exists = sqlx::query!(
"SELECT EXISTS(SELECT 1 FROM team_members tm INNER JOIN mods m ON m.team_id = tm.id AND m.id = $1 WHERE tm.user_id = $2)",
"SELECT EXISTS(SELECT 1 FROM team_members tm INNER JOIN mods m ON m.team_id = tm.team_id AND m.id = $1 WHERE tm.user_id = $2)",
data.mod_id as database::models::ModId,
user_id as database::models::ids::UserId,
)