UEAuvergne/Alexandria
Archived
2
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: bal and user permission checks

Browse source
This commit is contained in:
Ninjdai 2025-08-03 20:10:00 +02:00
parent e3f954679a
commit e078bffc25
13 changed files with 207 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

37
src/entities/bal.rs Normal file
View file

@ -0,0 +1,37 @@
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize, utoipa::ToSchema)]
#[sea_orm(table_name = "BAL")]
#[schema(title="Book", as=entities::BAL)]
pub struct Model {
#[sea_orm(primary_key, auto_increment = true)]
pub id: u32,
pub user_id: u32,
pub name: String,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(has_many = "super::book_instance::Entity")]
BookInstance,
}
impl Related<super::book_instance::Entity> for Entity {
fn to() -> RelationDef {
Relation::BookInstance.def()
}
}
impl Entity {
pub async fn get_by_id<C>(db_conn: &C, id: u32) -> Option<Model>
where C: ConnectionTrait,
{
match Self::find_by_id(id).one(db_conn).await {
Ok(res) => res,
Err(_) => None
}
}
}
impl ActiveModelBehavior for ActiveModel {}

27
src/entities/book_instance.rs
View file

@ -11,9 +11,20 @@ pub struct Model {
pub sold_price: Option<i32>,
pub status: BookStatus,
pub book_id: u32,
pub owner_id: u32
pub owner_id: u32,
pub bal_id: u32
}
impl Entity {
pub async fn get_by_id<C>(db_conn: &C, id: u32) -> Option<Model>
where C: ConnectionTrait,
{
match Self::find_by_id(id).one(db_conn).await {
Ok(res) => res,
Err(_) => None
}
}
}
// Missing: Bal
#[derive(EnumIter, DeriveActiveEnum, PartialEq, Eq ,Deserialize, Serialize, Clone, Copy, Debug, utoipa::ToSchema)]
#[sea_orm(rs_type = "String", db_type = "String(StringLen::N(1))")]
@ -40,6 +51,12 @@ pub enum Relation {
to = "super::owner::Column::Id"
)]
Owner,
#[sea_orm(
belongs_to = "super::bal::Entity",
from = "Column::BalId",
to = "super::bal::Column::Id"
)]
Bal,
}
impl Related<super::book::Entity> for Entity {
@ -54,4 +71,10 @@ impl Related<super::owner::Entity> for Entity {
}
}
impl Related<super::bal::Entity> for Entity {
fn to() -> RelationDef {
Relation::Bal.def()
}
}
impl ActiveModelBehavior for ActiveModel {}

1
src/entities/mod.rs
View file

@ -1,5 +1,6 @@
pub mod prelude;
pub mod bal;
pub mod book;
pub mod book_instance;
pub mod owner;

26
src/entities/owner.rs
View file

@ -7,15 +7,33 @@ use serde::{Deserialize, Serialize};
pub struct Model {
#[sea_orm(primary_key, auto_increment = true)]
pub id: u32,
pub user_id: u32,
pub first_name: String,
pub last_name: String,
pub contact: String
}
impl Entity {
pub async fn get_by_id<C>(db_conn: &C, id: u32) -> Option<Model>
where C: ConnectionTrait,
{
match Self::find_by_id(id).one(db_conn).await {
Ok(res) => res,
Err(_) => None
}
}
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(has_many = "super::book_instance::Entity")]
BookInstance
BookInstance,
#[sea_orm(
belongs_to = "super::user::Entity",
from = "Column::UserId",
to = "super::user::Column::Id"
)]
User,
}
impl Related<super::book_instance::Entity> for Entity {
@ -24,4 +42,10 @@ impl Related<super::book_instance::Entity> for Entity {
}
}
impl Related<super::user::Entity> for Entity {
fn to() -> RelationDef {
Relation::User.def()
}
}
impl ActiveModelBehavior for ActiveModel {}

1
src/entities/prelude.rs
View file

@ -1,4 +1,5 @@
pub use super::bal::Entity as Bal;
pub use super::book::Entity as Book;
pub use super::book_instance::Entity as BookInstance;
pub use super::owner::Entity as Owner;

8
src/entities/user.rs
View file

@ -21,6 +21,14 @@ impl Model {
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(has_many = "super::owner::Entity")]
Owner,
}
impl Related<super::owner::Entity> for Entity {
fn to() -> RelationDef {
Relation::Owner.def()
}
}
impl ActiveModelBehavior for ActiveModel {}

2
src/routes/auth.rs
View file

@ -53,6 +53,7 @@ pub async fn auth(State(state): State<Arc<AppState>>, Json(payload): Json<AuthPa
let claims = Claims {
sub: user.username,
exp: 2000000000,
user_id: user.id
};
let token = encode(&Header::default(), &claims, &KEYS.encoding)
.map_err(|_| AuthError::TokenCreation)?;
@ -121,6 +122,7 @@ impl Keys {
pub struct Claims {
sub: String,
exp: usize,
pub user_id: u32,
}
#[derive(Debug, Serialize, utoipa::ToSchema)]

46
src/routes/book_instance.rs
View file

@ -2,11 +2,11 @@ use std::sync::Arc;
use axum::{extract::{Path, State}, Json};
use reqwest::{StatusCode};
use sea_orm::{ActiveModelTrait, ActiveValue::Set, EntityTrait, TryIntoModel};
use sea_orm::{ActiveModelTrait, ActiveValue::{NotSet, Set}, EntityTrait, TryIntoModel};
use serde::{Deserialize, Serialize};
use utoipa::IntoParams;
use crate::{entities::{book_instance, prelude::BookInstance}, AppState};
use crate::{entities::{book_instance, prelude::*}, routes::auth::Claims, utils::auth::{user_is_bal_owner, user_is_book_instance_owner}, AppState};
#[derive(IntoParams)]
@ -43,6 +43,7 @@ pub async fn get_book_instance_by_id(
pub struct BookInstanceCreateParams {
book_id: u32,
owner_id: u32,
bal_id: u32,
price: i32,
}
@ -54,6 +55,7 @@ pub struct BookInstanceCreateParams {
security(("jwt" = [])),
responses(
(status = OK, body = book_instance::Model, description = "Successfully created book instance"),
(status = FORBIDDEN, description = "You don't own the specified BAL"),
),
summary = "Create a new book instance",
description = "Create a new book instance",
@ -61,12 +63,17 @@ pub struct BookInstanceCreateParams {
)]
pub async fn create_book_instance(
State(state): State<Arc<AppState>>,
claims: Claims,
Json(instance_payload): Json<BookInstanceCreateParams>,
) -> (StatusCode, Json<Option<book_instance::Model>>) {
if !user_is_bal_owner(claims.user_id, instance_payload.bal_id, state.db_conn.as_ref()).await {
return (StatusCode::FORBIDDEN, Json(None));
}
let book_instance = book_instance::ActiveModel {
book_id: Set(instance_payload.book_id),
owner_id: Set(instance_payload.owner_id),
bal_id: Set(instance_payload.bal_id),
price: Set(instance_payload.price),
status: Set(book_instance::BookStatus::Available),
..Default::default()
@ -99,6 +106,7 @@ pub struct BookInstanceUpdateParams {
responses(
(status = OK, body = book_instance::Model, description = "Successfully updated book instance"),
(status = NOT_FOUND, description = "No book instance with specified id was found"),
(status = FORBIDDEN, description = "You don't own the specified book instance"),
),
summary = "Update a book instance",
description = "Update a book instance",
@ -106,9 +114,13 @@ pub struct BookInstanceUpdateParams {
)]
pub async fn update_book_instance(
State(state): State<Arc<AppState>>,
claims: Claims,
Path(id): Path<u32>,
Json(instance_payload): Json<BookInstanceUpdateParams>,
) -> (StatusCode, Json<Option<book_instance::Model>>) {
if !user_is_book_instance_owner(claims.user_id, id, state.db_conn.as_ref()).await {
return (StatusCode::FORBIDDEN, Json(None));
}
if let Ok(Some(book_instance)) = BookInstance::find_by_id(id).one(state.db_conn.as_ref()).await {
let mut book_instance: book_instance::ActiveModel = book_instance.into();
@ -162,9 +174,13 @@ pub struct BookInstanceSaleParams {
)]
pub async fn sell_book_instance(
State(state): State<Arc<AppState>>,
claims: Claims,
Path(id): Path<u32>,
Json(instance_payload): Json<BookInstanceSaleParams>,
) -> (StatusCode, Json<Option<book_instance::Model>>) {
if !user_is_book_instance_owner(claims.user_id, id, state.db_conn.as_ref()).await {
return (StatusCode::FORBIDDEN, Json(None));
}
if let Ok(Some(book_instance)) = BookInstance::find_by_id(id).one(state.db_conn.as_ref()).await {
let mut book_instance: book_instance::ActiveModel = book_instance.into();
@ -185,6 +201,7 @@ pub async fn sell_book_instance(
(StatusCode::NOT_FOUND, Json(None))
}
}
#[axum::debug_handler]
#[utoipa::path(
post,
@ -193,6 +210,7 @@ pub async fn sell_book_instance(
security(("jwt" = [])),
responses(
(status = OK, description = "Successfully created book instances"),
(status = FORBIDDEN, description = "You don't own at least one specified bal of the book instances sent"),
),
summary = "Create new book instances in bulk",
description = "Create new book instances in bulk",
@ -200,17 +218,27 @@ pub async fn sell_book_instance(
)]
pub async fn bulk_create_book_instance(
State(state): State<Arc<AppState>>,
claims: Claims,
Json(instance_payload): Json<Vec<BookInstanceCreateParams>>,
) -> StatusCode {
for i in &instance_payload {
if !user_is_bal_owner(claims.user_id, i.bal_id, state.db_conn.as_ref()).await {
return StatusCode::FORBIDDEN;
}
}
let instances = instance_payload
let instances = instance_payload
.into_iter()
.map(|p| book_instance::ActiveModel {
book_id: Set(p.book_id),
owner_id: Set(p.owner_id),
price: Set(p.price),
status: Set(book_instance::BookStatus::Available),
..Default::default()
.map(|p| {
book_instance::ActiveModel {
book_id: Set(p.book_id),
owner_id: Set(p.owner_id),
bal_id: Set(p.bal_id),
price: Set(p.price),
status: Set(book_instance::BookStatus::Available),
id: NotSet,
sold_price: NotSet
}
});
match BookInstance::insert_many(instances).exec(state.db_conn.as_ref()).await {

11
src/routes/owner.rs
View file

@ -6,7 +6,7 @@ use sea_orm::{ActiveModelTrait, ActiveValue::{NotSet, Set, Unchanged}, EntityTra
use serde::{Deserialize, Serialize};
use utoipa::IntoParams;
use crate::{entities::{owner, prelude::Owner}, utils::events::{Event, WebsocketMessage}, AppState};
use crate::{entities::{owner, prelude::Owner}, routes::auth::Claims, utils::events::{Event, WebsocketMessage}, AppState};
#[derive(IntoParams)]
@ -61,6 +61,7 @@ pub struct OwnerCreateParams {
)]
pub async fn create_owner(
State(state): State<Arc<AppState>>,
claims: Claims,
Json(instance_payload): Json<OwnerCreateParams>,
) -> (StatusCode, Json<Option<owner::Model>>) {
@ -68,6 +69,7 @@ pub async fn create_owner(
first_name: Set(instance_payload.first_name),
last_name: Set(instance_payload.last_name),
contact: Set(instance_payload.contact),
user_id: Set(claims.user_id),
id: NotSet
};
@ -101,7 +103,8 @@ pub struct OwnerUpdateParams {
security(("jwt" = [])),
responses(
(status = OK, body = owner::Model, description = "Successfully updated owner"),
(status = NOT_FOUND, description = "No owner with this id exists in the database")
(status = NOT_FOUND, description = "No owner with this id exists in the database"),
(status = FORBIDDEN, description = "The owner doesn't belong to this account"),
),
summary = "Update an owner",
description = "Update an owner",
@ -109,11 +112,15 @@ pub struct OwnerUpdateParams {
)]
pub async fn update_owner(
State(state): State<Arc<AppState>>,
claims: Claims,
Path(id): Path<u32>,
Json(instance_payload): Json<OwnerUpdateParams>,
) -> (StatusCode, Json<Option<owner::Model>>) {
if let Ok(Some(owner)) = Owner::find_by_id(id).one(state.db_conn.as_ref()).await {
if owner.user_id != claims.user_id {
return (StatusCode::FORBIDDEN, Json(None));
}
let mut owner: owner::ActiveModel = owner.into();
owner.first_name = match instance_payload.first_name {
None => owner.first_name,

10
src/routes/websocket.rs
View file

@ -8,7 +8,7 @@ use axum::{
}, response::IntoResponse
};
use crate::{utils::events, AppState};
use crate::{routes::auth::Claims, utils::events, AppState};
use futures_util::{sink::SinkExt, stream::StreamExt};
@ -27,14 +27,15 @@ use futures_util::{sink::SinkExt, stream::StreamExt};
pub async fn ws_handler(
ws: WebSocketUpgrade,
ConnectInfo(addr): ConnectInfo<SocketAddr>,
claims: Claims,
State(state): State<Arc<AppState>>
) -> impl IntoResponse {
log::debug!(target: "websocket", "{addr} connected.");
ws.on_upgrade(move |socket| handle_socket(socket, addr, state))
ws.on_upgrade(move |socket| handle_socket(socket, addr, state, claims))
}
async fn handle_socket(mut socket: WebSocket, who: SocketAddr, state: Arc<AppState>) {
async fn handle_socket(mut socket: WebSocket, who: SocketAddr, state: Arc<AppState>, claims: Claims) {
if socket
.send(Message::Ping(Bytes::from_static(&[4, 2])))
.await
@ -73,6 +74,9 @@ async fn handle_socket(mut socket: WebSocket, who: SocketAddr, state: Arc<AppSta
Ok(event) => {
match event {
events::Event::WebsocketBroadcast(message) => {
if !message.should_user_receive(claims.user_id) {
continue;
};
log::debug!(target: "websocket", "Sent {message:?} to {who}");
let _ = sender.send(Message::Text(Utf8Bytes::from(message.to_json().to_string()))).await;
}

42
src/utils/auth.rs Normal file
View file

@ -0,0 +1,42 @@
use sea_orm::ConnectionTrait;
use crate::entities::prelude::*;
pub async fn user_is_bal_owner<C>(
user_id: u32,
bal_id: u32,
db_conn: &C
) -> bool
where C: ConnectionTrait,
{
match Bal::get_by_id(db_conn, bal_id).await {
Some(bal) => user_id == bal.user_id,
None => false
}
}
pub async fn user_is_book_instance_owner<C>(
user_id: u32,
book_instance_id: u32,
db_conn: &C
) -> bool
where C: ConnectionTrait,
{
match BookInstance::get_by_id(db_conn, book_instance_id).await {
Some(instance) => user_is_bal_owner(user_id, instance.bal_id, db_conn).await,
None => false
}
}
pub async fn user_is_owner_owner<C>(
user_id: u32,
owner_id: u32,
db_conn: &C
) -> bool
where C: ConnectionTrait,
{
match Owner::get_by_id(db_conn, owner_id).await {
Some(owner) => owner.user_id == user_id,
None => false
}
}

14
src/utils/events.rs
View file

@ -11,18 +11,28 @@ pub enum Event {
#[derive(Clone, Debug)]
pub enum WebsocketMessage {
NewOwner(Arc<owner::Model>)
NewOwner(Arc<owner::Model>),
Ping
}
impl WebsocketMessage {
pub fn to_json(self) -> Value {
pub fn to_json(&self) -> Value {
json!({
"type": match self {
Self::NewOwner(_) => "new_owner",
Self::Ping => "ping",
},
"data": match self {
Self::NewOwner(owner) => json!(owner),
Self::Ping => json!(null),
}
})
}
pub fn should_user_receive(&self, user_id: u32) -> bool {
match self {
Self::NewOwner(owner) => owner.user_id == user_id,
_ => true
}
}
}

1
src/utils/mod.rs
View file

@ -1,3 +1,4 @@
pub mod auth;
pub mod cli;
pub mod events;
pub mod open_library;