ITsolved/rezervovator
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

User management completed. Leptos upgraded to 0.5.0.

Browse Source
This commit is contained in:
Josef Rokos
2023-10-09 17:33:20 +02:00
parent a7188e8153
commit e7af2d402d
18 changed files with 697 additions and 334 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/backend/data.rs
+13 -1
View File
@@ -1,5 +1,6 @@
//use chrono::{NaiveDate, NaiveTime, Weekday};
//use rust_decimal::Decimal;
#![allow(unused_variables)]
use serde::{Deserialize, Serialize};
//use uuid::Uuid;
use validator::Validate;
@@ -51,11 +52,16 @@ impl User {
#[derive(Clone, Serialize, Deserialize, Debug, PartialEq, Eq, Validate, Default)]
pub struct UserProfile {
#[validate(length(min = 1,message = "Username cannot be empty"))]
login: String,
#[validate(must_match(other = "password_ver", message = "Passwords doesn't match"))]
password: Option<String>,
password_ver: Option<String>,
full_name: String,
#[validate(email(message = "Enter valid email address"))]
email: String,
get_emails: Option<String>
get_emails: Option<String>,
admin: Option<String>
}
impl UserProfile {
@@ -75,6 +81,12 @@ impl UserProfile {
pub fn get_emails(&self) -> bool {
self.get_emails.is_some()
}
pub fn admin(&self) -> bool {
self.admin.is_some()
}
pub fn password(&self) -> &Option<String> {
&self.password
}
}
#[derive(Clone, Serialize, Deserialize, Debug, PartialEq, Eq, Validate, Default)]
src/backend/mod.rs
+9 -1
View File
@@ -28,8 +28,9 @@ macro_rules! user_check {
use crate::backend::user::logged_in_user;
perm_check!(is_logged_in);
let user = logged_in_user().await.unwrap_or(User::default());
if logged_in_user().await.unwrap_or(User::default()).login != $check {
if !user.admin && user.login != $check {
let response = expect_context::<ResponseOptions>();
response.set_status(StatusCode::FORBIDDEN);
@@ -41,6 +42,9 @@ macro_rules! user_check {
cfg_if!{
if #[cfg(feature = "ssr")] {
use sqlx::PgPool;
use actix_web::web::Data;
use leptos_actix::extract;
use leptos::ServerFnError;
#[derive(Clone)]
pub struct AppData {
@@ -58,5 +62,9 @@ cfg_if!{
&self.db_pool
}
}
pub async fn get_pool() -> Result<PgPool, ServerFnError> {
extract(|data: Data<AppData>| async move { data.db_pool().clone() }).await
}
}
}
src/backend/user.rs
+92 -23
View File
@@ -60,15 +60,13 @@ cfg_if! { if #[cfg(feature = "ssr")] {
#[server(Login, "/api")]
pub async fn login(username: String, password: String) -> Result<ApiResponse<()>, ServerFnError> {
use crate::backend::AppData;
use actix_session::*;
use actix_web::web::Data;
use leptos_actix::extract;
use actix_web::http::StatusCode;
use leptos_actix::ResponseOptions;
use crate::backend::get_pool;
let pool = extract(|data: Data<AppData>| async move { data.db_pool().clone() }).await?;
let pool = get_pool().await?;
let user = user_from_login(&pool, &username).await.unwrap_or(User::default());
if !user.login.is_empty() && pwhash::bcrypt::verify(password, &user.password) {
@@ -114,41 +112,48 @@ pub async fn get_user() -> Result<Option<User>, ServerFnError> {
#[server(GetUsers, "/api", "Url", "get_users")]
pub async fn get_users() -> Result<ApiResponse<Vec<User>>, ServerFnError> {
use crate::backend::AppData;
use actix_web::web::Data;
use leptos_actix::extract;
use crate::perm_check;
use crate::backend::get_pool;
perm_check!(is_admin);
let pool = extract(|data: Data<AppData>| async move { data.db_pool().clone() }).await?;
let users = sqlx::query_as::<_, User>(r#"SELECT * FROM "user""#).fetch_all(&pool).await?;
let pool = get_pool().await?;
let users = sqlx::query_as::<_, User>(r#"SELECT * FROM "user" ORDER BY login"#).fetch_all(&pool).await?;
Ok(ApiResponse::Data(users))
}
#[server]
pub async fn update_profile(user: UserProfile) -> Result<ApiResponse<()>, ServerFnError> {
use crate::backend::AppData;
use actix_web::web::Data;
use leptos_actix::extract;
use crate::user_check;
use crate::backend::get_pool;
user_check!(user.login());
let usr = logged_in_user().await.unwrap_or(User::default());
let pool = extract(|data: Data<AppData>| async move { data.db_pool().clone() }).await?;
sqlx::query(r#"UPDATE "user" SET full_name = $1, email = $2, get_emails = $3 WHERE login = $4"#)
if !usr.admin && user.admin() {
let response = expect_context::<ResponseOptions>();
response.set_status(StatusCode::FORBIDDEN);
return Ok(ApiResponse::Error("You can't escalate your privileges".to_string()))
}
let pool = get_pool().await?;
sqlx::query(r#"UPDATE "user" SET full_name = $1, email = $2, get_emails = $3, admin = $4 WHERE login = $5"#)
.bind(user.full_name())
.bind(user.email())
.bind(user.get_emails())
.bind(user.admin())
.bind(user.login())
.execute(&pool)
.await?;
let usr = user_from_login(&pool, user.login()).await?;
extract(|session: Session| async move {
let _ = session.insert("user", usr);
}).await?;
if logged_in_user().await.unwrap_or_default().login == user.login() {
let usr = user_from_login(&pool, user.login()).await?;
extract(|session: Session| async move {
let _ = session.insert("user", usr);
}).await?;
}
Ok(ApiResponse::Data(()))
}
@@ -161,17 +166,17 @@ impl ForValidation for UpdateProfile {
#[server]
pub async fn change_pwd(new_pw: PwdChange) -> Result<ApiResponse<()>, ServerFnError> {
use crate::backend::AppData;
use actix_web::web::Data;
use leptos_actix::extract;
use crate::user_check;
use crate::backend::get_pool;
user_check!(new_pw.login());
let pool = extract(|data: Data<AppData>| async move { data.db_pool().clone() }).await?;
let pool = get_pool().await?;
let usr = user_from_login(&pool, new_pw.login()).await?;
let user = logged_in_user().await.unwrap_or(User::default());
if !pwhash::bcrypt::verify(new_pw.old_password(), &usr.password) {
if (!user.admin || user.login == new_pw.login())
&& !pwhash::bcrypt::verify(new_pw.old_password(), &usr.password) {
let response = expect_context::<ResponseOptions>();
response.set_status(StatusCode::UNAUTHORIZED);
@@ -191,4 +196,68 @@ impl ForValidation for ChangePwd {
fn entity(&self) -> &dyn Validate {
&self.new_pw
}
}
#[server]
pub async fn create_user(user: UserProfile) -> Result<ApiResponse<()>, ServerFnError> {
use crate::perm_check;
use crate::backend::get_pool;
perm_check!(is_admin);
let pool = get_pool().await?;
let count: (i64,) = sqlx::query_as(r#"SELECT COUNT(id) FROM "user" WHERE login = $1"#)
.bind(user.login())
.fetch_one(&pool)
.await?;
if count.0 != 0 {
let response = expect_context::<ResponseOptions>();
response.set_status(StatusCode::CONFLICT);
return Ok(ApiResponse::Error("Username already exists".to_string()));
}
let usr_pw = user.password().clone();
sqlx::query(r#"INSERT INTO "user"(login, password, full_name, email, admin, get_emails) VALUES($1, $2, $3, $4, $5, $6)"#)
.bind(user.login())
.bind(pwhash::bcrypt::hash(usr_pw.unwrap_or("".to_string())).unwrap())
.bind(user.full_name())
.bind(user.email())
.bind(user.admin())
.bind(user.get_emails())
.execute(&pool)
.await?;
Ok(ApiResponse::Data(()))
}
impl ForValidation for CreateUser {
fn entity(&self) -> &dyn Validate {
&self.user
}
}
#[server]
pub async fn delete_user(id: i32) -> Result<ApiResponse<()>, ServerFnError> {
use crate::perm_check;
use crate::backend::get_pool;
perm_check!(is_admin);
let user = logged_in_user().await.unwrap_or_default();
if user.id() == id {
let response = expect_context::<ResponseOptions>();
response.set_status(StatusCode::NOT_ACCEPTABLE);
return Ok(ApiResponse::Error("You can't delete yourself".to_string()))
}
sqlx::query(r#"DELETE FROM "user" WHERE id=$1"#)
.bind(id)
.execute(&get_pool().await?)
.await?;
Ok(ApiResponse::Data(()))
}