From 0d9b9453018dbd82c940d71b46f4226a6e155ee5 Mon Sep 17 00:00:00 2001
From: shockrah <alejandros714@protonmail.com>
Date: Sat, 4 Jul 2020 23:05:58 -0700
Subject: [PATCH] *Speccing the rows which wall_entry requests Generally more
 explicit behavior is provided *NOTE: if this call succeeds then we have fully
 authenticated and subsequent calls should have acccess to "secret" in the
 serialized params structure, thus unwraps should be fine as they'll be proven
 via informal  induction

---
 server/src/auth.rs     | 15 ++++++++-------
 server/src/channels.rs |  7 ++++---
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/server/src/auth.rs b/server/src/auth.rs
index 255f33a..1b4e4d1 100644
--- a/server/src/auth.rs
+++ b/server/src/auth.rs
@@ -10,11 +10,12 @@ pub enum AuthReason {
     NoKey,
 }
 
-fn check_key_row(row: Option<(String, i32, i32)>) -> AuthReason {
+fn check_key_row(row: &Option<(i32, i32, u64)>) -> AuthReason {
+    // (limit, uses, _userid)
     use self::AuthReason::*;
     match row {
         Some(data) => {
-            if data.2 > data.1 {
+            if data.1 > data.0 {
                 LimitPassed
             }
             else {
@@ -35,15 +36,15 @@ pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) ->
         Ok(AuthReason::OpenAuth)
     }
     else {
-        if let Some(key) = params.get("key") {
+        if let Some(key) = params.get("secret") {
             let conn = pool.get_conn().await?;
-            // (id, limit, current counter)
-            let db_tup: (Conn, Option<(String, i32, i32)>) = conn
-                .first_exec(r"SELECT * FROM keys WHERE id = :id ", mysql_async::params!{ "id" => key})
+            // (id, name, secret)
+            let (_con, row): (Conn, Option<(i32, i32, u64)>) = conn
+                .first_exec(r"SELECT limit, uses, userid, FROM keys WHERE secret = :secret ", mysql_async::params!{ "secret" => key})
                 .await?;
             
             // Error case should probably have some kind of error checking
-            Ok(check_key_row(db_tup.1))
+            Ok(check_key_row(&row))
         }
         else {
             Ok(AuthReason::NoKey)
diff --git a/server/src/channels.rs b/server/src/channels.rs
index ab37cc0..687b6dc 100644
--- a/server/src/channels.rs
+++ b/server/src/channels.rs
@@ -49,8 +49,9 @@ impl ChannelType {
 }
 
 // Primary way of interpretting sql data on our channels table
+pub type ChannelID = u64;
 pub struct Channel {
-    id: i32,
+    id: u64,
     name: String,
     description: String,
     kind: ChannelType
@@ -67,7 +68,7 @@ impl Channel {
      * When our sql library queries things we generally get back tuples rather reasily 
      * we can use this method to get something that makes more sense
     */
-    fn from_tup(tup: (i32, String, String, i32))  -> Channel {
+    fn from_tup(tup: (u64, String, String, i32))  -> Channel {
         Channel {
             id: tup.0,
             name: tup.1,
@@ -103,7 +104,7 @@ impl Channel {
 async fn get_channels_vec(conn: Conn) -> Result<Vec<Channel>, Error> {
     let rows_db = conn.prep_exec(r"SELECT * FROM channels", ()).await?;
     let (_, rows) = rows_db.map_and_drop(|row| {
-        let (id, name, desc, kind): (i32, String, String, i32) = mysql_async::from_row(row);
+        let (id, name, desc, kind): (u64, String, String, i32) = mysql_async::from_row(row);
         Channel::from_tup((id, name, desc, kind))
     }).await?;