strawberries/frangipane-backend
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added global rooms in backend and fixed room membership checks

Browse Source
This commit is contained in:
eiiko6
2025-12-17 17:14:39 +01:00
parent ffc2e99cc7
commit d20962101e
5 changed files with 81 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
db/init.sql
View File

@@ -10,7 +10,8 @@ CREATE TABLE IF NOT EXISTS room_ (
id SERIAL PRIMARY KEY,
uuid UUID UNIQUE,
owner INT NOT NULL REFERENCES user_(id) ON DELETE CASCADE,
name TEXT NOT NULL
name TEXT NOT NULL,
global BOOLEAN DEFAULT false
);
CREATE TABLE IF NOT EXISTS membership_ (

9
db/mock_data.sql
View File

@@ -3,14 +3,13 @@ INSERT INTO user_ (username, email, uuid, password_hash) VALUES
('bob', 'bob@example.com', '019b1e36-3b8c-7f82-b845-6bfeb72466ce', '$argon2id$v=19$m=19456,t=2,p=1$mzO6Qx8ZH4/wrj14ZgKiuA$7bxNWCgsIVEfPgtueFbjbi8mDjbAHMYAHOGpxTJnEpQ'),
('carol', 'carol@example.com', '019b1e36-7706-76e2-b9ce-b37916ddfc99', '$argon2id$v=19$m=19456,t=2,p=1$5rw/7uIJIKMnyqNrYQt92Q$DJVEfgbaZtkflsmDEkSoR3uDQmujI4T73cWq9hOBgVI');
INSERT INTO room_ (owner, name, uuid) VALUES
(1, 'General Discussion', '5dc599ee-1f5c-40c2-a22a-e40780d2d960'),
(2, 'Tech Talk', '6b14fe7b-2171-4464-95af-4888062b1b6d'),
(1, 'Random Memes', 'fb794f59-6b2d-4daa-8980-dc5255862657');
INSERT INTO room_ (owner, name, global, uuid) VALUES
(1, 'General Discussion', true, '5dc599ee-1f5c-40c2-a22a-e40780d2d960'),
(2, 'Tech Talk', false, '6b14fe7b-2171-4464-95af-4888062b1b6d'),
(1, 'Random Memes', false, 'fb794f59-6b2d-4daa-8980-dc5255862657');
INSERT INTO membership_ (user_id, room) VALUES
(1, 1), -- Alice in General Discussion
(2, 1), -- Bob in General Discussion
(2, 2), -- Bob in Tech Talk
(3, 1), -- Carol in General Discussion
(1, 3); -- Alice in Random Memes

20
src/routes/messages.rs
View File

@@ -7,7 +7,7 @@ use axum::{
use sqlx::PgPool;
use uuid::Uuid;
use crate::{auth::verify_jwt, db::room_id_from_uuid};
use crate::{auth::verify_jwt, db::room_id_from_uuid, routes::rooms::is_member};
use crate::{
db::{user_id_from_uuid, username_from_uuid},
realtime::Realtime,
@@ -51,15 +51,7 @@ async fn list_messages(
let user_id = user_id_from_uuid(&db, claims.sub).await?;
let room_id = room_id_from_uuid(&db, room_uuid).await?;
let membership: Vec<i32> =
sqlx::query_scalar("SELECT user_id FROM membership_ WHERE user_id = $1 AND room = $2")
.bind(user_id)
.bind(room_id)
.fetch_all(&db)
.await
.unwrap_or_else(|_| Vec::new());
if membership.is_empty() {
if !is_member(user_id, room_id, &db).await {
return Err((
StatusCode::UNAUTHORIZED,
String::from("You are not a member of this room"),
@@ -115,9 +107,15 @@ async fn create_message(
let claims = verify_jwt(headers)?;
let user_id = user_id_from_uuid(&db, claims.sub).await?;
let room_id = room_id_from_uuid(&db, room_uuid).await?;
if !is_member(user_id, room_id, &db).await {
return Err((
StatusCode::UNAUTHORIZED,
String::from("You are not a member of this room"),
));
}
let sent_at: chrono::NaiveDateTime = sqlx::query_scalar(
"INSERT INTO message_ (sender, room, message_type, content)
VALUES ($1, $2, $3, $4) RETURNING sent_at",

98
src/routes/rooms.rs
View File

@@ -4,7 +4,7 @@ use axum::{
http::{HeaderMap, StatusCode},
routing::{get, post},
};
use sqlx::PgPool;
use sqlx::{PgPool, Pool, Postgres};
use uuid::Uuid;
use crate::db::user_id_from_uuid;
@@ -20,13 +20,35 @@ pub struct Room {
#[derive(serde::Deserialize)]
pub struct NewRoomPayload {
pub name: String,
pub global: bool,
}
pub fn routes() -> Router {
Router::new()
.route("/rooms/{user_uuid}", get(list_rooms))
.route("/rooms", post(create_room))
.route("/rooms/{user_uuid}/{room_id}", get(get_room))
// .route("/rooms/{user_uuid}/{room_id}", get(get_room))
}
pub async fn is_member(user_id: i32, room_id: i32, db: &Pool<Postgres>) -> bool {
sqlx::query_scalar(
r#"
SELECT r.global
OR EXISTS (
SELECT 1
FROM membership_ m
WHERE m.user_id = $1
AND m.room = r.id
)
FROM room_ r
WHERE r.id = $2
"#,
)
.bind(user_id)
.bind(room_id)
.fetch_one(db)
.await
.unwrap_or(false)
}
async fn list_rooms(
@@ -43,17 +65,19 @@ async fn list_rooms(
let rooms = sqlx::query_as::<_, Room>(
r#"
SELECT uuid, owner, name FROM room_ r
JOIN membership_ m ON m.user_id = $1 AND m.room = r.id
SELECT r.uuid, r.owner, r.name
FROM room_ r
WHERE r.global OR EXISTS (
SELECT 1
FROM membership_ m
WHERE m.user_id = $1 AND m.room = r.id
)
"#,
)
.bind(user_id)
.fetch_all(&db)
.await
.unwrap_or_else(|e| {
tracing::error!("faied to list rooms: {e}");
Vec::new()
});
.unwrap_or_else(|_| Vec::new());
Ok(Json(rooms))
}
@@ -70,18 +94,20 @@ async fn create_room(
let room_uuid = uuid::Uuid::now_v7();
sqlx::query(
"INSERT INTO room_ (uuid, owner, name)
VALUES ($1, $2, $3)",
"INSERT INTO room_ (uuid, owner, name, global)
VALUES ($1, $2, $3, $4)",
)
.bind(room_uuid)
.bind(user_id)
.bind(&payload.name)
.bind(&payload.global)
.execute(&db)
.await
.map_err(|_| (StatusCode::BAD_REQUEST, format!("Could not create room")))?;
let room_id = room_id_from_uuid(&db, room_uuid).await?;
// We do this even for the owner
sqlx::query("INSERT INTO membership_ (user_id, room) VALUES ($1, $2)")
.bind(user_id)
.bind(room_id)
@@ -99,29 +125,29 @@ async fn create_room(
))
}
async fn get_room(
Path((user_uuid, room_uuid)): Path<(Uuid, Uuid)>,
headers: HeaderMap,
Extension(db): Extension<PgPool>,
) -> Result<Json<Room>, (StatusCode, String)> {
let claims = verify_jwt(headers)?;
if claims.sub != user_uuid {
return Err((StatusCode::FORBIDDEN, "Forbidden".to_string()));
}
let user_id = user_id_from_uuid(&db, user_uuid).await?;
let room: Room =
sqlx::query_as("SELECT uuid, owner, name FROM room_ WHERE uuid = $1 AND owner = $2")
.bind(room_uuid)
.bind(user_id)
.fetch_one(&db)
.await
.map_err(|_| (StatusCode::NOT_FOUND, "Room not found".to_string()))?;
Ok(Json(Room {
uuid: room_uuid,
owner: room.owner,
name: room.name,
}))
}
// async fn get_room(
// Path((user_uuid, room_uuid)): Path<(Uuid, Uuid)>,
// headers: HeaderMap,
// Extension(db): Extension<PgPool>,
// ) -> Result<Json<Room>, (StatusCode, String)> {
// let claims = verify_jwt(headers)?;
// if claims.sub != user_uuid {
// return Err((StatusCode::FORBIDDEN, "Forbidden".to_string()));
// }
//
// let user_id = user_id_from_uuid(&db, user_uuid).await?;
//
// let room: Room =
// sqlx::query_as("SELECT uuid, owner, name FROM room_ WHERE uuid = $1 AND owner = $2")
// .bind(room_uuid)
// .bind(user_id)
// .fetch_one(&db)
// .await
// .map_err(|_| (StatusCode::NOT_FOUND, "Room not found".to_string()))?;
//
// Ok(Json(Room {
// uuid: room_uuid,
// owner: room.owner,
// name: room.name,
// }))
// }

16
src/routes/ws.rs
View File

@@ -14,6 +14,7 @@ use uuid::Uuid;
use crate::auth::{create_jwt, verify_jwt};
use crate::db::user_id_from_uuid;
use crate::routes::rooms::is_member;
use crate::{db::room_id_from_uuid, realtime::Realtime};
#[derive(sqlx::FromRow, serde::Serialize, Deserialize)]
@@ -37,15 +38,7 @@ pub async fn issue_ws_token(
let room_id = room_id_from_uuid(&db, room_uuid).await?;
let user_id = user_id_from_uuid(&db, claims.sub).await?;
let membership: Vec<i32> =
sqlx::query_scalar("SELECT user_id FROM membership_ WHERE user_id = $1 AND room = $2")
.bind(user_id)
.bind(room_id)
.fetch_all(&db)
.await
.unwrap_or_else(|_| Vec::new());
if membership.is_empty() {
if !is_member(user_id, room_id, &db).await {
return Err((
StatusCode::UNAUTHORIZED,
String::from("You are not a member of this room"),
@@ -70,11 +63,10 @@ pub async fn issue_ws_token(
.bind(room_id)
.execute(&db)
.await
.map_err(|e| {
tracing::error!("failed to insert ws token: {e}");
.map_err(|_| {
(
StatusCode::INTERNAL_SERVER_ERROR,
format!("failed to insert ws token: {e}"),
format!("failed to provide ws token"),
)
})?;