You've already forked AstralRinth
forked from didirus/AstralRinth
Fix access controls (#109)
* Fix access controls * Remove CF indexing, fix some stuff
This commit is contained in:
@@ -106,6 +106,8 @@ pub enum ApiError {
|
||||
InvalidInputError(String),
|
||||
#[error("Search Error: {0}")]
|
||||
SearchError(#[from] meilisearch_sdk::errors::Error),
|
||||
#[error("Indexing Error: {0}")]
|
||||
IndexingError(#[from] crate::search::indexing::IndexingError),
|
||||
}
|
||||
|
||||
impl actix_web::ResponseError for ApiError {
|
||||
@@ -117,6 +119,7 @@ impl actix_web::ResponseError for ApiError {
|
||||
ApiError::CustomAuthenticationError(..) => actix_web::http::StatusCode::UNAUTHORIZED,
|
||||
ApiError::JsonError(..) => actix_web::http::StatusCode::BAD_REQUEST,
|
||||
ApiError::SearchError(..) => actix_web::http::StatusCode::INTERNAL_SERVER_ERROR,
|
||||
ApiError::IndexingError(..) => actix_web::http::StatusCode::INTERNAL_SERVER_ERROR,
|
||||
ApiError::FileHostingError(..) => actix_web::http::StatusCode::INTERNAL_SERVER_ERROR,
|
||||
ApiError::InvalidInputError(..) => actix_web::http::StatusCode::BAD_REQUEST,
|
||||
}
|
||||
@@ -132,6 +135,7 @@ impl actix_web::ResponseError for ApiError {
|
||||
ApiError::CustomAuthenticationError(..) => "unauthorized",
|
||||
ApiError::JsonError(..) => "json_error",
|
||||
ApiError::SearchError(..) => "search_error",
|
||||
ApiError::IndexingError(..) => "indexing_error",
|
||||
ApiError::FileHostingError(..) => "file_hosting_error",
|
||||
ApiError::InvalidInputError(..) => "invalid_input",
|
||||
},
|
||||
|
||||
@@ -165,7 +165,7 @@ pub async fn mod_create(
|
||||
&mut transaction,
|
||||
&***file_host,
|
||||
&mut uploaded_files,
|
||||
&***indexing_queue,
|
||||
&***indexing_queue
|
||||
)
|
||||
.await;
|
||||
|
||||
@@ -557,7 +557,7 @@ async fn mod_create_inner(
|
||||
body_url: mod_builder.body_url.clone(),
|
||||
published: now,
|
||||
updated: now,
|
||||
status,
|
||||
status: status.clone(),
|
||||
license: License {
|
||||
id: mod_create_data.license_id.clone(),
|
||||
name: "".to_string(),
|
||||
@@ -582,10 +582,12 @@ async fn mod_create_inner(
|
||||
|
||||
let _mod_id = mod_builder.insert(&mut *transaction).await?;
|
||||
|
||||
let index_mod =
|
||||
crate::search::indexing::local_import::query_one(mod_id.into(), &mut *transaction)
|
||||
.await?;
|
||||
indexing_queue.add(index_mod);
|
||||
if status.is_searchable() {
|
||||
let index_mod =
|
||||
crate::search::indexing::local_import::query_one(mod_id.into(), &mut *transaction)
|
||||
.await?;
|
||||
indexing_queue.add(index_mod);
|
||||
}
|
||||
|
||||
Ok(HttpResponse::Ok().json(response))
|
||||
}
|
||||
|
||||
@@ -11,6 +11,8 @@ use futures::StreamExt;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use sqlx::PgPool;
|
||||
use std::sync::Arc;
|
||||
use crate::search::indexing::queue::CreationQueue;
|
||||
use actix_web::web::Data;
|
||||
|
||||
#[get("mod")]
|
||||
pub async fn mod_search(
|
||||
@@ -58,7 +60,7 @@ pub async fn mods_get(
|
||||
let user_id: database::models::ids::UserId = user.id.into();
|
||||
|
||||
let mod_exists = sqlx::query!(
|
||||
"SELECT EXISTS(SELECT 1 FROM team_members WHERE id = $1 AND user_id = $2)",
|
||||
"SELECT EXISTS(SELECT 1 FROM team_members WHERE team_id = $1 AND user_id = $2)",
|
||||
mod_data.inner.team_id as database::models::ids::TeamId,
|
||||
user_id as database::models::ids::UserId,
|
||||
)
|
||||
@@ -104,7 +106,7 @@ pub async fn mod_slug_get(
|
||||
let user_id: database::models::ids::UserId = user.id.into();
|
||||
|
||||
let mod_exists = sqlx::query!(
|
||||
"SELECT EXISTS(SELECT 1 FROM team_members WHERE id = $1 AND user_id = $2)",
|
||||
"SELECT EXISTS(SELECT 1 FROM team_members WHERE team_id = $1 AND user_id = $2)",
|
||||
data.inner.team_id as database::models::ids::TeamId,
|
||||
user_id as database::models::ids::UserId,
|
||||
)
|
||||
@@ -151,7 +153,7 @@ pub async fn mod_get(
|
||||
let user_id: database::models::ids::UserId = user.id.into();
|
||||
|
||||
let mod_exists = sqlx::query!(
|
||||
"SELECT EXISTS(SELECT 1 FROM team_members WHERE id = $1 AND user_id = $2)",
|
||||
"SELECT EXISTS(SELECT 1 FROM team_members WHERE team_id = $1 AND user_id = $2)",
|
||||
data.inner.team_id as database::models::ids::TeamId,
|
||||
user_id as database::models::ids::UserId,
|
||||
)
|
||||
@@ -265,6 +267,7 @@ pub async fn mod_edit(
|
||||
config: web::Data<SearchConfig>,
|
||||
file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
|
||||
new_mod: web::Json<EditMod>,
|
||||
indexing_queue: Data<Arc<CreationQueue>>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
let user = get_user_from_headers(req.headers(), &**pool).await?;
|
||||
|
||||
@@ -378,8 +381,14 @@ pub async fn mod_edit(
|
||||
.await
|
||||
.map_err(|e| ApiError::DatabaseError(e.into()))?;
|
||||
|
||||
if mod_item.status.is_searchable() && status.is_searchable() {
|
||||
if mod_item.status.is_searchable() && !status.is_searchable() {
|
||||
delete_from_index(id.into(), config).await?;
|
||||
} else if !mod_item.status.is_searchable() && status.is_searchable() {
|
||||
let index_mod =
|
||||
crate::search::indexing::local_import::query_one(mod_id.into(), &mut *transaction)
|
||||
.await?;
|
||||
|
||||
indexing_queue.add(index_mod);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -81,7 +81,7 @@ pub async fn versions_get(
|
||||
let user_id: database::models::ids::UserId = user.id.into();
|
||||
|
||||
let member_exists = sqlx::query!(
|
||||
"SELECT EXISTS(SELECT 1 FROM team_members tm INNER JOIN mods m ON m.team_id = tm.id AND m.id = $1 WHERE tm.user_id = $2)",
|
||||
"SELECT EXISTS(SELECT 1 FROM team_members tm INNER JOIN mods m ON m.team_id = tm.team_id AND m.id = $1 WHERE tm.user_id = $2)",
|
||||
version.mod_id as database::models::ModId,
|
||||
user_id as database::models::ids::UserId,
|
||||
)
|
||||
@@ -123,7 +123,7 @@ pub async fn version_get(
|
||||
let user_id: database::models::ids::UserId = user.id.into();
|
||||
|
||||
let member_exists = sqlx::query!(
|
||||
"SELECT EXISTS(SELECT 1 FROM team_members tm INNER JOIN mods m ON m.team_id = tm.id AND m.id = $1 WHERE tm.user_id = $2)",
|
||||
"SELECT EXISTS(SELECT 1 FROM team_members tm INNER JOIN mods m ON m.team_id = tm.team_id AND m.id = $1 WHERE tm.user_id = $2)",
|
||||
data.mod_id as database::models::ModId,
|
||||
user_id as database::models::ids::UserId,
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user