From ec732dfd3420268cc9b8d60e5bdc8c7da403a010 Mon Sep 17 00:00:00 2001
From: shockrah <alejandros714@protonmail.com>
Date: Wed, 21 Oct 2020 21:40:55 -0700
Subject: [PATCH] changed auth calls to use the new db api

---
 server-api/src/auth.rs | 30 +++++++++++-------------------
 1 file changed, 11 insertions(+), 19 deletions(-)

diff --git a/server-api/src/auth.rs b/server-api/src/auth.rs
index a4b77b6..8a11c6a 100644
--- a/server-api/src/auth.rs
+++ b/server-api/src/auth.rs
@@ -2,7 +2,6 @@ use bcrypt;
 use mysql_async::{Pool};
 use mysql_async::error::Error as SqlError;
 
-use crate::db_types::{BigInt, Integer, UBigInt, VarChar};
 
 use crate::routes;
 
@@ -19,27 +18,21 @@ pub enum AuthReason {
 }
 
 
-fn valid_user(secret: &str, row: &Option<(VarChar, VarChar, BigInt, Integer, UBigInt)>) -> bool {
-    match row {
-        Some(row) => {
-            match bcrypt::verify(secret, &row.0) {
-                Ok(result) => result, 
-                Err(_) => return false
-            }
-        },
-        _ => return false
+fn valid_user(given_pass: &str, hash: &str) -> bool {
+    return match bcrypt::verify(given_pass, hash) {
+        Ok(result) => result, 
+        Err(_) => return false
     }
 }
 
-fn valid_perms(user_opt: &Option<(VarChar, VarChar, BigInt, Integer, UBigInt)>, path: &str) -> bool {
+fn valid_perms(member: Member, path: &str) -> bool {
     use crate::perms;
-    if let Some(user) = user_opt {
-        if let Some(p) = perms::get_perm_mask(path) {
-            return (p & user.4) == p;
-        }
-        return true; // no perms required
+    // if there are perms on the current path make sure the user has them
+    if let Some(p) = perms::get_perm_mask(path) {
+        return (p & member.permissions) == p;
     }
-    return false;
+    // if no perms then we don't care
+    return true; 
 }
 
 pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) -> Result<AuthReason, SqlError> {
@@ -52,7 +45,6 @@ pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) ->
             /* 
              * If we apparantly have user data then check for validity in credentials
              */
-
             (Some(id_v), Some(secret_v)) => {
                 /* unwrapping because i couldn't care less about poorly formatted request data */
                 let id = id_v.as_u64().unwrap_or(0); // basically nobody is allowed to have 0 as its supposed to be reserved
@@ -60,7 +52,7 @@ pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) ->
                 use std::borrow::Cow;
                 return match Member::get(pool, id).await {
                     Response::Row(user) => {
-                        if user.secret == secret {
+                        if valid_user(secret, &user.secret) && valid_perms(user, path){
                             Ok(AuthReason::Good)
                         }
                         else {