!* Splitting up the admin module

This is primarily for organizational reasons however it should make things easier to track as the complexity increases with features getting filled out.
2022-03-22 20:01:19 -07:00
parent 7c85c656e9
commit 0d9991c557
5 changed files with 90 additions and 95 deletions
--- a/api/src/admin/apikey.rs
+++ b/api/src/admin/apikey.rs
@@ -0,0 +1,46 @@
+use rocket::request::{Outcome, Request, FromRequest};
+use rocket::async_trait;
+use rocket::http::Status;
+
+use crate::db::{self, DB_PATH};
+
+pub struct ApiKey {
+    uid: String,
+    key: String
+}
+
+#[derive(Debug)]
+pub enum ApiKeyError {
+    Missing,
+    Invalid,
+}
+
+
+#[async_trait]
+impl<'r> FromRequest<'r> for ApiKey {
+    type Error = ApiKeyError;
+    async fn from_request(req: &'r Request<'_>) -> Outcome<Self, Self::Error> {
+        let key = req.headers().get_one("ADMIN-API-KEY");
+        let uid = req.headers().get_one("ADMIN-API-UID");
+
+        if key.is_none() || uid.is_none() {
+            return Outcome::Failure((Status::Forbidden, ApiKeyError::Missing));
+        }
+
+        let (key, uid) = (key.unwrap(), uid.unwrap());
+
+        println!("Path to use for db file {:?}", DB_PATH.to_string());
+        let db = db::Database::load(DB_PATH.as_str().into()).unwrap();
+        if let Some(stored) = db.get(uid) {
+            if stored == key {
+                return Outcome::Success(ApiKey {
+                    key: key.into(),
+                    uid: uid.into()
+                })
+            }
+            return Outcome::Failure((Status::Forbidden, ApiKeyError::Invalid))
+        }
+
+        return Outcome::Failure((Status::Forbidden, ApiKeyError::Invalid))
+    }
+}
--- a/api/src/admin/mod.rs
+++ b/api/src/admin/mod.rs
@@ -0,0 +1,39 @@
+#[cfg(feature = "admin")]
+
+mod apikey;
+mod response;
+
+use std::collections::HashMap;
+use apikey::ApiKey;
+use response::ActionResponse;
+use rocket::serde::json::Json;
+
+
+
+use rocket_dyn_templates::Template;
+
+#[get("/dashboard")]
+pub async fn login_dashboard() -> Template {
+    // This page is basically just a login form
+    // However the rest of the form is present on this page, just hidden
+    let h: HashMap<i32,i32> = HashMap::new(); // does not allocate
+    return Template::render("admin", &h);
+}
+
+#[post("/dashboard")]
+pub async fn dashboard(_key: ApiKey) -> Json<ActionResponse> {
+    // API Key auth'd for us so we don't need to bother checking,
+    // this just serves to confirm the credentials are correct
+    Json(ActionResponse("ok"))
+}
+
+
+#[post("/upload-video?<category>&<filename>")]
+async fn updload_video(_key: ApiKey, category: String, filename: String) -> &'static str {
+    todo!()
+}
+
+#[delete("/remove-video?<category>&<filename>")]
+async fn remove_video(_key: ApiKey, category: String, filename: String) -> &'static str {
+    todo!()
+}
--- a/api/src/admin/response.rs
+++ b/api/src/admin/response.rs
@@ -0,0 +1,4 @@
+use serde::Serialize;
+
+#[derive(Serialize)]
+pub struct ActionResponse(pub &'static str);