Rustic cleanups, dedups and making the code less hard to read in general (#251)

* typos :help_me: * (part 1/?) massive cleanup to make the code more Rust-ic and cut down heap allocations. * (part 2/?) massive cleanup to make the code more Rust-ic and cut down heap allocations. * (part 3/?) cut down some pretty major heap allocations here - more Bytes and BytesMuts, less Vec<u8>s also I don't really understand why you need to `to_vec` when you don't really use it again afterwards * (part 4/?) deduplicate error handling in backblaze logic * (part 5/?) fixes, cleanups, refactors, and reformatting * (part 6/?) cleanups and refactors * remove loads of `as_str` in types that already are `Display` * Revert "remove loads of `as_str` in types that already are `Display`" This reverts commit 4f974310cfb167ceba03001d81388db4f0fbb509. * reformat and move routes util to the util module * use streams * Run prepare + formatting issues Co-authored-by: Jai A <jaiagr+gpg@pm.me> Co-authored-by: Geometrically <18202329+Geometrically@users.noreply.github.com>
2021-10-12 11:26:59 +08:00
parent 0010119440
commit 13187de97d
53 changed files with 997 additions and 1129 deletions
--- a/src/util/auth.rs
+++ b/src/util/auth.rs
@@ -1,7 +1,12 @@
+use crate::database;
 use crate::database::models;
+use crate::database::models::project_item::QueryProject;
 use crate::models::users::{Role, User, UserId};
+use crate::routes::ApiError;
 use actix_web::http::HeaderMap;
+use actix_web::web;
 use serde::{Deserialize, Serialize};
+use sqlx::PgPool;
 use thiserror::Error;

 #[derive(Error, Debug)]
@@ -11,7 +16,7 @@ pub enum AuthenticationError {
    #[error("Database Error: {0}")]
    DatabaseError(#[from] crate::database::models::DatabaseError),
    #[error("Error while parsing JSON: {0}")]
-    SerDeError(#[from] serde_json::Error),
+    SerdeError(#[from] serde_json::Error),
    #[error("Error while communicating to GitHub OAuth2: {0}")]
    GithubError(#[from] reqwest::Error),
    #[error("Invalid Authentication Credentials")]
@@ -65,7 +70,7 @@ where
            avatar_url: result.avatar_url,
            bio: result.bio,
            created: result.created,
-            role: Role::from_string(&*result.role),
+            role: Role::from_string(&result.role),
        }),
        None => Err(AuthenticationError::InvalidCredentialsError),
    }
@@ -116,3 +121,33 @@ where
        _ => Err(AuthenticationError::InvalidCredentialsError),
    }
 }
+
+pub async fn is_authorized(
+    project_data: &QueryProject,
+    user_option: &Option<User>,
+    pool: &web::Data<PgPool>,
+) -> Result<bool, ApiError> {
+    let mut authorized = !project_data.status.is_hidden();
+
+    if let Some(user) = &user_option {
+        if !authorized {
+            if user.role.is_mod() {
+                authorized = true;
+            } else {
+                let user_id: database::models::ids::UserId = user.id.into();
+
+                let project_exists = sqlx::query!(
+                    "SELECT EXISTS(SELECT 1 FROM team_members WHERE team_id = $1 AND user_id = $2)",
+                    project_data.inner.team_id as database::models::ids::TeamId,
+                    user_id as database::models::ids::UserId,
+                )
+                .fetch_one(&***pool)
+                .await?
+                .exists;
+
+                authorized = project_exists.unwrap_or(false);
+            }
+        }
+    }
+    Ok(authorized)
+}