Skip to content

Commit

Permalink
Linting and Access Controls
Browse files Browse the repository at this point in the history
  • Loading branch information
jabbate19 committed Sep 23, 2024
1 parent 28c6dc7 commit 75f7683
Show file tree
Hide file tree
Showing 12 changed files with 111 additions and 67 deletions.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 8 additions & 8 deletions src/api/v1/auth/csh.rs
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
use crate::api::v1::auth::models::UserRealm;
use crate::api::v1::auth::models::{CSHUserInfo, UserInfo};
use crate::AppState;
use actix_session::Session;
use actix_web::http::header;
use actix_web::{get, Scope};
use actix_web::{web, HttpResponse, Responder};
use oauth2::reqwest::async_http_client;
use oauth2::{AuthorizationCode, TokenResponse};
use reqwest::Client;
use utoipa::{OpenApi, ToSchema};

use crate::api::v1::auth::models::{CSHUserInfo, UserInfo, UserRealm};
use crate::AppState;
use actix_web::{get, Scope};
use serde::Deserialize;
use utoipa::{OpenApi, ToSchema};

use crate::api::v1::auth::common;

Expand All @@ -34,7 +34,7 @@ async fn login(data: web::Data<AppState>) -> impl Responder {
#[derive(Deserialize, ToSchema)]
pub struct AuthRequest {
code: String,
state: String,
_state: String,
}

#[utoipa::path(
Expand Down Expand Up @@ -72,11 +72,11 @@ async fn auth(
sqlx::query!(
"INSERT INTO users (id, realm, name) VALUES ($1, $2, $3) ON CONFLICT (id) DO UPDATE SET realm = EXCLUDED.realm, name = EXCLUDED.name;",
user_info.ldap_id,
UserRealm::CSH as _,
UserRealm::Csh as _,
format!("{} {}", user_info.given_name, user_info.family_name)
)
.execute(&data.db)
.await;
.await.unwrap();

session.insert("login", true).unwrap();
session
Expand Down
16 changes: 8 additions & 8 deletions src/api/v1/auth/google.rs
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
use crate::api::v1::auth::common;
use crate::api::v1::auth::models::UserRealm;
use crate::api::v1::auth::models::{GoogleUserInfo, UserInfo};
use crate::AppState;
use actix_session::Session;
use actix_web::http::header;
use actix_web::{get, web, Scope};
use actix_web::{HttpResponse, Responder};
use oauth2::reqwest::async_http_client;
use oauth2::{AuthorizationCode, TokenResponse};
use reqwest::Client;
use utoipa::{OpenApi, ToSchema};

use crate::api::v1::auth::common;
use crate::api::v1::auth::models::{GoogleUserInfo, UserInfo, UserRealm};
use crate::AppState;
use actix_web::{get, web, Scope};
use serde::Deserialize;
use utoipa::{OpenApi, ToSchema};

#[derive(OpenApi)]
#[openapi(paths(login, auth,), components(schemas(AuthRequest)))]
Expand All @@ -37,7 +37,7 @@ async fn login(data: web::Data<AppState>) -> impl Responder {
#[derive(Deserialize, ToSchema)]
pub struct AuthRequest {
code: String,
state: String,
_state: String,
}

#[utoipa::path(
Expand Down Expand Up @@ -81,7 +81,7 @@ async fn auth(
format!("{} {}", user_info.given_name, user_info.family_name)
)
.execute(&data.db)
.await;
.await.unwrap();

session.insert("login", true).unwrap();
session
Expand Down
2 changes: 1 addition & 1 deletion src/api/v1/auth/models.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ use utoipa::ToSchema;
#[derive(sqlx::Type)]
#[sqlx(type_name = "user_realm", rename_all = "lowercase")]
pub enum UserRealm {
CSH,
Csh,
Google,
}

Expand Down
42 changes: 23 additions & 19 deletions src/api/v1/event/car/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,10 @@ use actix_web::{
};
use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use sqlx::query_as;
use sqlx::{query, query_as};
use utoipa::{OpenApi, ToSchema};

use log::{debug, error};
use log::error;

mod rider;

Expand Down Expand Up @@ -89,15 +89,25 @@ async fn create_car(
path: web::Path<i32>,
) -> impl Responder {
let event_id: i32 = path.into_inner();
let user_id = session.get::<UserInfo>("userinfo").unwrap().unwrap().id;
if car.max_capacity < 0 {
return HttpResponse::BadRequest()
.body("Sorry @cinnamon, you can't have negative people in your car :)");
}
let check = query!(
r#"SELECT COUNT(*) as count FROM (SELECT id FROM car WHERE event_id = $1 AND driver = $2 UNION SELECT rider.car_id FROM rider JOIN car ON rider.car_id = car.id WHERE car.event_id = $1 AND rider.rider = $2)"#,
event_id, user_id
).fetch_one(&data.db).await.unwrap();

if check.count.unwrap() > 0 {
return HttpResponse::BadRequest().body("User is already in a car.");
}

let result = sqlx::query!(
r#"
INSERT INTO car (event_id, driver, max_capacity, departure_time, return_time, comment) VALUES ($1, $2, $3, $4, $5, $6) RETURNING id
"#,
event_id, session.get::<UserInfo>("userinfo").unwrap().unwrap().id, car.max_capacity, car.departure_time, car.return_time, car.comment
event_id, user_id, car.max_capacity, car.departure_time, car.return_time, car.comment
)
.fetch_one(&data.db)
.await;
Expand All @@ -117,11 +127,7 @@ async fn create_car(
)
)]
#[get("/{car_id}", wrap = "SessionAuth")]
async fn get_car(
data: web::Data<AppState>,
session: Session,
path: web::Path<(i32, i32)>,
) -> impl Responder {
async fn get_car(data: web::Data<AppState>, path: web::Path<(i32, i32)>) -> impl Responder {
let (event_id, car_id) = path.into_inner();
let result: Option<CarData> = query_as!(
CarData,
Expand Down Expand Up @@ -155,11 +161,7 @@ async fn get_car(
)
)]
#[get("/", wrap = "SessionAuth")]
async fn get_all_cars(
data: web::Data<AppState>,
session: Session,
path: web::Path<i32>,
) -> impl Responder {
async fn get_all_cars(data: web::Data<AppState>, path: web::Path<i32>) -> impl Responder {
let event_id: i32 = path.into_inner();
let result = query_as!(
CarData,
Expand Down Expand Up @@ -213,21 +215,22 @@ async fn update_car(
departure_time = COALESCE($2, departure_time),
return_time = COALESCE($3, return_time),
comment = COALESCE($4, comment)
WHERE event_id = $5 AND id = $6 RETURNING id
WHERE event_id = $5 AND id = $6 AND driver = $7 RETURNING id
"#,
car.max_capacity,
car.departure_time,
car.return_time,
car.comment,
event_id,
car_id
car_id,
session.get::<UserInfo>("userinfo").unwrap().unwrap().id
)
.fetch_optional(&data.db)
.await;

match updated {
Ok(Some(_)) => HttpResponse::Ok().body("Car updated successfully"),
Ok(None) => HttpResponse::NotFound().body("Car not found"),
Ok(None) => HttpResponse::NotFound().body("Car not found or you are not the driver."),
Err(_) => HttpResponse::InternalServerError().body("Failed to update car"),
}
}
Expand All @@ -249,16 +252,17 @@ async fn delete_car(
let (event_id, car_id) = path.into_inner();

let deleted = sqlx::query!(
"DELETE FROM car WHERE event_id = $1 AND id = $2 RETURNING id",
"DELETE FROM car WHERE event_id = $1 AND id = $2 AND driver = $3 RETURNING id",
event_id,
car_id
car_id,
session.get::<UserInfo>("userinfo").unwrap().unwrap().id
)
.fetch_optional(&data.db)
.await;

match deleted {
Ok(Some(_)) => HttpResponse::Ok().body("Car deleted"),
Ok(None) => HttpResponse::NotFound().body("Car not found"),
Ok(None) => HttpResponse::NotFound().body("Car not found or you are not the driver."),
Err(_) => HttpResponse::InternalServerError().body("Failed to delete car"),
}
}
Expand Down
19 changes: 15 additions & 4 deletions src/api/v1/event/car/rider/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ use actix_web::{
HttpResponse, Responder, Scope,
};
use log::error;
use serde::{Deserialize, Serialize};
use utoipa::{OpenApi, ToSchema};
use sqlx::query;
use utoipa::OpenApi;

#[derive(OpenApi)]
#[openapi(paths(create_rider, delete_rider))]
Expand All @@ -30,13 +30,24 @@ async fn create_rider(
session: Session,
path: web::Path<(i32, i32)>,
) -> impl Responder {
let (_event_id, car_id) = path.into_inner();
let (event_id, car_id) = path.into_inner();
let user_id = session.get::<UserInfo>("userinfo").unwrap().unwrap().id;

let check = query!(
r#"SELECT COUNT(*) as count FROM (SELECT id FROM car WHERE event_id = $1 AND driver = $2 UNION SELECT rider.car_id FROM rider JOIN car ON rider.car_id = car.id WHERE car.event_id = $1 AND rider.rider = $2)"#,
event_id, user_id
).fetch_one(&data.db).await.unwrap();

if check.count.unwrap() > 0 {
return HttpResponse::BadRequest().body("User is already in a car.");
}

let result = sqlx::query!(
r#"
INSERT INTO rider (car_id, rider) VALUES ($1, $2)
"#,
car_id,
session.get::<UserInfo>("userinfo").unwrap().unwrap().id
user_id
)
.execute(&data.db)
.await;
Expand Down
Loading

0 comments on commit 75f7683

Please sign in to comment.