changed auth calls to use the new db api

2020-10-21 21:40:55 -07:00 · 2020-10-21 21:40:55 -07:00 · ec732dfd34
commit ec732dfd34
parent 28dbbc4132
1 changed files with 11 additions and 19 deletions
--- a/server-api/src/auth.rs
+++ b/server-api/src/auth.rs
@ -2,7 +2,6 @@ use bcrypt;
 use mysql_async::{Pool};
 use mysql_async::error::Error as SqlError;

-use crate::db_types::{BigInt, Integer, UBigInt, VarChar};

 use crate::routes;

@ -19,27 +18,21 @@ pub enum AuthReason {
 }


-fn valid_user(secret: &str, row: &Option<(VarChar, VarChar, BigInt, Integer, UBigInt)>) -> bool {
-    match row {
-        Some(row) => {
-            match bcrypt::verify(secret, &row.0) {
-                Ok(result) => result, 
-                Err(_) => return false
-            }
-        },
-        _ => return false
+fn valid_user(given_pass: &str, hash: &str) -> bool {
+    return match bcrypt::verify(given_pass, hash) {
+        Ok(result) => result, 
+        Err(_) => return false
    }
 }

-fn valid_perms(user_opt: &Option<(VarChar, VarChar, BigInt, Integer, UBigInt)>, path: &str) -> bool {
+fn valid_perms(member: Member, path: &str) -> bool {
    use crate::perms;
-    if let Some(user) = user_opt {
-        if let Some(p) = perms::get_perm_mask(path) {
-            return (p & user.4) == p;
-        }
-        return true; // no perms required
+    // if there are perms on the current path make sure the user has them
+    if let Some(p) = perms::get_perm_mask(path) {
+        return (p & member.permissions) == p;
    }
-    return false;
+    // if no perms then we don't care
+    return true; 
 }

 pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) -> Result<AuthReason, SqlError> {
@ -52,7 +45,6 @@ pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) ->
            /* 
             * If we apparantly have user data then check for validity in credentials
             */
-
            (Some(id_v), Some(secret_v)) => {
                /* unwrapping because i couldn't care less about poorly formatted request data */
                let id = id_v.as_u64().unwrap_or(0); // basically nobody is allowed to have 0 as its supposed to be reserved
@ -60,7 +52,7 @@ pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) ->
                use std::borrow::Cow;
                return match Member::get(pool, id).await {
                    Response::Row(user) => {
-                        if user.secret == secret {
+                        if valid_user(secret, &user.secret) && valid_perms(user, path){
                            Ok(AuthReason::Good)
                        }
                        else {