shockrah/freechat
shockrah/freechat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

+ checkin mod::auth for valid permissions

Browse Source 
+ helper function for getting a permission mask from permissions module
This commit is contained in:
shockrah 2020-08-25 23:27:41 -07:00
parent ef5b7a13f9
commit 9eff4284a9
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
server-api/src/auth.rs
View File

@ -27,6 +27,17 @@ fn valid_user(secret: &str, row: &Option<(VarChar, VarChar, BigInt, Integer, UBi
} }
} }
fn valid_perms(user_opt: &Option<(VarChar, VarChar, BigInt, Integer, UBigInt)>, path: &str) -> bool {
use crate::perms;
if let Some(user) = user_opt {
if let Some(p) = perms::get_perm_mask(path) {
return (p & user.4) == p;
}
return true; // no perms required
}
return false;
}
pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) -> Result<AuthReason, mysql_async::error::Error> { pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) -> Result<AuthReason, mysql_async::error::Error> {
// Start by Checking if the api key is in our keystore // Start by Checking if the api key is in our keystore
if routes::is_open(path) { if routes::is_open(path) {
@ -34,14 +45,20 @@ pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) ->
} }
else { else {
match (params.get("id"), params.get("secret")) { match (params.get("id"), params.get("secret")) {
/*
* If we apparantly have user data then check for validity in credentials
*/
(Some(id_v), Some(secret_v)) => { (Some(id_v), Some(secret_v)) => {
/* unwrapping because i couldn't care less about poorly formatted request data */
let id = id_v.as_u64().unwrap(); let id = id_v.as_u64().unwrap();
let secret = secret_v.as_str().unwrap(); let secret = secret_v.as_str().unwrap();
let conn = pool.get_conn().await?; let conn = pool.get_conn().await?;
let db_tup: (Conn, Option<(VarChar, VarChar, BigInt, Integer, UBigInt)>) = conn.first_exec( let db_tup: (Conn, Option<(VarChar, VarChar, BigInt, Integer, UBigInt)>) = conn.first_exec(
"SELECT secret, name, joindate, status, permissions FROM members WHERE id = :id", "SELECT secret, name, joindate, status, permissions FROM members WHERE id = :id",
mysql_async::params!{"id" => id}).await?; mysql_async::params!{"id" => id}).await?;
if valid_user(secret, &db_tup.1) { let user_data = &db_tup.1;
if valid_user(secret, user_data) && valid_perms(user_data, path) {
Ok(AuthReason::Good) Ok(AuthReason::Good)
} }
else { else {

19
server-api/src/perms.rs
View File

@ -8,6 +8,7 @@ pub const CREATE_TMP_INVITES:u64 = 4;
pub const CREATE_PERM_INVITES:u64 = 8; // to make perma invites you need both flags pub const CREATE_PERM_INVITES:u64 = 8; // to make perma invites you need both flags
pub const OWNER: u64 = 1 << 63; pub const OWNER: u64 = 1 << 63;
pub const ADMIN: u64 = 1 << 62; // can make other admins but can't really touch the owner pub const ADMIN: u64 = 1 << 62; // can make other admins but can't really touch the owner
@ -19,3 +20,21 @@ pub const DELETE_CHANNEL:u64 = 128;
pub const OWNER_PERMS: u64 = std::u64::MAX; pub const OWNER_PERMS: u64 = std::u64::MAX;
pub const GENERAL_NEW: u64 = JOIN_VOICE | SEND_MESSAGES | ALLOW_PFP | CHANGE_NICK; pub const GENERAL_NEW: u64 = JOIN_VOICE | SEND_MESSAGES | ALLOW_PFP | CHANGE_NICK;
pub const ADMIN_PERMS: u64 = !(std::u64::MAX & OWNER); // filter the only perm admins don't get pub const ADMIN_PERMS: u64 = !(std::u64::MAX & OWNER); // filter the only perm admins don't get
pub fn get_perm_mask(path: &str) -> Option<u64> {
use crate::routes::{
INVITE_CREATE,
CHANNELS_LIST, CHANNELS_CREATE, CHANNELS_DELETE,
MESSAGE_SEND,
SERVER_META,
};
match path {
INVITE_CREATE => Some(CREATE_TMP_INVITES),
CHANNELS_LIST => None,
CHANNELS_CREATE => Some(CREATE_CHANNEL),
CHANNELS_DELETE => Some(DELETE_CHANNEL),
MESSAGE_SEND => Some(SEND_MESSAGES),
SERVER_META => None,
_ => Some(0)
}
}