2022-06-12 22:37:29 +02:00
|
|
|
use actix_web::{get, http::StatusCode, patch, post, put, web, Responder};
|
2022-06-09 18:59:14 +02:00
|
|
|
use actix_web_grants::proc_macro::has_permissions;
|
2022-06-10 16:12:30 +02:00
|
|
|
use argon2::{
|
|
|
|
|
password_hash::{rand_core::OsRng, PasswordHash, SaltString},
|
|
|
|
|
Argon2, PasswordHasher, PasswordVerifier,
|
|
|
|
|
};
|
2022-06-08 18:06:40 +02:00
|
|
|
use serde::Serialize;
|
2022-06-07 22:05:35 +02:00
|
|
|
use simplelog::*;
|
2022-06-06 23:07:11 +02:00
|
|
|
|
2022-06-09 18:59:14 +02:00
|
|
|
use crate::api::{
|
|
|
|
|
auth::{create_jwt, Claims},
|
2022-06-09 22:17:03 +02:00
|
|
|
errors::ServiceError,
|
2022-06-13 13:54:36 +02:00
|
|
|
handles::{
|
|
|
|
|
db_add_user, db_get_settings, db_login, db_role, db_update_settings, db_update_user,
|
|
|
|
|
},
|
2022-06-12 22:37:29 +02:00
|
|
|
models::{LoginUser, Settings, User},
|
2022-06-09 18:59:14 +02:00
|
|
|
};
|
2022-06-06 23:07:11 +02:00
|
|
|
|
2022-06-08 18:06:40 +02:00
|
|
|
#[derive(Serialize)]
|
|
|
|
|
struct ResponseObj<T> {
|
|
|
|
|
message: String,
|
|
|
|
|
status: i32,
|
|
|
|
|
data: Option<T>,
|
2022-06-07 18:11:46 +02:00
|
|
|
}
|
2022-06-08 18:06:40 +02:00
|
|
|
|
2022-06-12 22:37:29 +02:00
|
|
|
/// curl -X GET http://127.0.0.1:8080/api/settings/1 -H "Authorization: Bearer <TOKEN>"
|
|
|
|
|
#[get("/settings/{id}")]
|
|
|
|
|
#[has_permissions("admin", "user")]
|
|
|
|
|
async fn get_settings(id: web::Path<i64>) -> Result<impl Responder, ServiceError> {
|
|
|
|
|
if let Ok(settings) = db_get_settings(&id).await {
|
|
|
|
|
return Ok(web::Json(ResponseObj {
|
|
|
|
|
message: format!("Settings from {}", settings.channel_name),
|
|
|
|
|
status: 200,
|
|
|
|
|
data: Some(settings),
|
|
|
|
|
}));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Err(ServiceError::InternalServerError)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// curl -X PATCH http://127.0.0.1:8080/api/settings/1 -H "Content-Type: application/json" \
|
|
|
|
|
/// --data '{"id":1,"channel_name":"Channel 1","preview_url":"http://localhost/live/stream.m3u8", \
|
|
|
|
|
/// "config_path":"/etc/ffplayout/ffplayout.yml","extra_extensions":".jpg,.jpeg,.png"}' \
|
|
|
|
|
/// -H "Authorization: Bearer <TOKEN>"
|
|
|
|
|
#[patch("/settings/{id}")]
|
2022-06-09 18:59:14 +02:00
|
|
|
#[has_permissions("admin")]
|
2022-06-12 22:37:29 +02:00
|
|
|
async fn patch_settings(
|
|
|
|
|
id: web::Path<i64>,
|
|
|
|
|
data: web::Json<Settings>,
|
|
|
|
|
) -> Result<impl Responder, ServiceError> {
|
2022-06-13 13:54:36 +02:00
|
|
|
if db_update_settings(*id, data.into_inner()).await.is_ok() {
|
2022-06-12 22:37:29 +02:00
|
|
|
return Ok("Update Success");
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Err(ServiceError::InternalServerError)
|
2022-06-09 18:59:14 +02:00
|
|
|
}
|
|
|
|
|
|
2022-06-10 16:15:52 +02:00
|
|
|
/// curl -X PUT http://localhost:8080/api/user/1 --header 'Content-Type: application/json' \
|
|
|
|
|
/// --data '{"email": "<EMAIL>", "password": "<PASS>"}' --header 'Authorization: <TOKEN>'
|
2022-06-12 22:37:29 +02:00
|
|
|
#[put("/user/{id}")]
|
|
|
|
|
#[has_permissions("admin", "user")]
|
2022-06-09 22:17:03 +02:00
|
|
|
async fn update_user(
|
2022-06-12 22:37:29 +02:00
|
|
|
id: web::Path<i64>,
|
2022-06-09 22:17:03 +02:00
|
|
|
user: web::ReqData<LoginUser>,
|
|
|
|
|
data: web::Json<User>,
|
|
|
|
|
) -> Result<impl Responder, ServiceError> {
|
2022-06-12 22:37:29 +02:00
|
|
|
if id.into_inner() == user.id {
|
2022-06-10 16:12:30 +02:00
|
|
|
let mut fields = String::new();
|
|
|
|
|
|
|
|
|
|
if let Some(email) = data.email.clone() {
|
|
|
|
|
fields.push_str(format!("email = '{email}'").as_str());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !data.password.is_empty() {
|
|
|
|
|
if !fields.is_empty() {
|
|
|
|
|
fields.push_str(", ");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let salt = SaltString::generate(&mut OsRng);
|
2022-06-13 13:54:36 +02:00
|
|
|
let password_hash = Argon2::default()
|
2022-06-10 16:12:30 +02:00
|
|
|
.hash_password(data.password.clone().as_bytes(), &salt)
|
|
|
|
|
.unwrap();
|
|
|
|
|
|
|
|
|
|
fields.push_str(format!("password = '{}', salt = '{salt}'", password_hash).as_str());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if db_update_user(user.id, fields).await.is_ok() {
|
|
|
|
|
return Ok("Update Success");
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
return Err(ServiceError::InternalServerError);
|
2022-06-09 18:59:14 +02:00
|
|
|
}
|
|
|
|
|
|
2022-06-09 22:17:03 +02:00
|
|
|
Err(ServiceError::Unauthorized)
|
2022-06-09 18:59:14 +02:00
|
|
|
}
|
|
|
|
|
|
2022-06-13 13:54:36 +02:00
|
|
|
/// curl -X POST 'http://localhost:8080/api/user/' --header 'Content-Type: application/json' \
|
|
|
|
|
/// -d '{"email": "<EMAIL>", "username": "<USER>", "password": "<PASS>", "role_id": 1}' \
|
|
|
|
|
/// --header 'Authorization: Bearer <TOKEN>'
|
|
|
|
|
#[post("/user/")]
|
|
|
|
|
#[has_permissions("admin")]
|
|
|
|
|
async fn add_user(data: web::Json<User>) -> Result<impl Responder, ServiceError> {
|
|
|
|
|
match db_add_user(data.into_inner()).await {
|
|
|
|
|
Ok(_) => Ok("Add User Success"),
|
|
|
|
|
Err(e) => {
|
|
|
|
|
error!("{e}");
|
|
|
|
|
Err(ServiceError::InternalServerError)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-10 16:15:52 +02:00
|
|
|
/// curl -X POST http://127.0.0.1:8080/auth/login/ -H "Content-Type: application/json" \
|
2022-06-13 13:54:36 +02:00
|
|
|
/// -d '{"username": "<USER>", "password": "<PASS>" }'
|
2022-06-07 18:11:46 +02:00
|
|
|
#[post("/auth/login/")]
|
2022-06-09 19:20:09 +02:00
|
|
|
pub async fn login(credentials: web::Json<User>) -> impl Responder {
|
2022-06-10 16:12:30 +02:00
|
|
|
match db_login(&credentials.username).await {
|
2022-06-08 18:06:40 +02:00
|
|
|
Ok(mut user) => {
|
|
|
|
|
let pass = user.password.clone();
|
2022-06-13 13:54:36 +02:00
|
|
|
let hash = PasswordHash::new(&pass).unwrap();
|
2022-06-08 18:06:40 +02:00
|
|
|
user.password = "".into();
|
|
|
|
|
user.salt = None;
|
2022-06-07 22:05:35 +02:00
|
|
|
|
|
|
|
|
if Argon2::default()
|
|
|
|
|
.verify_password(credentials.password.as_bytes(), &hash)
|
|
|
|
|
.is_ok()
|
|
|
|
|
{
|
2022-06-10 16:12:30 +02:00
|
|
|
let role = db_role(&user.role_id.unwrap_or_default())
|
2022-06-09 18:59:14 +02:00
|
|
|
.await
|
|
|
|
|
.unwrap_or_else(|_| "guest".to_string());
|
|
|
|
|
let claims = Claims::new(user.id, user.username.clone(), vec![role.clone()]);
|
|
|
|
|
|
|
|
|
|
if let Ok(token) = create_jwt(claims) {
|
|
|
|
|
user.token = Some(token);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
info!("user {} login, with role: {role}", credentials.username);
|
2022-06-07 18:11:46 +02:00
|
|
|
|
2022-06-08 18:06:40 +02:00
|
|
|
web::Json(ResponseObj {
|
|
|
|
|
message: "login correct!".into(),
|
|
|
|
|
status: 200,
|
|
|
|
|
data: Some(user),
|
|
|
|
|
})
|
2022-06-08 18:16:58 +02:00
|
|
|
.customize()
|
|
|
|
|
.with_status(StatusCode::OK)
|
2022-06-08 18:06:40 +02:00
|
|
|
} else {
|
|
|
|
|
error!("Wrong password for {}!", credentials.username);
|
|
|
|
|
web::Json(ResponseObj {
|
|
|
|
|
message: "Wrong password!".into(),
|
2022-06-13 13:54:36 +02:00
|
|
|
status: 403,
|
2022-06-08 18:06:40 +02:00
|
|
|
data: None,
|
|
|
|
|
})
|
2022-06-08 18:16:58 +02:00
|
|
|
.customize()
|
|
|
|
|
.with_status(StatusCode::FORBIDDEN)
|
2022-06-08 18:06:40 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
Err(e) => {
|
|
|
|
|
error!("Login {} failed! {e}", credentials.username);
|
|
|
|
|
return web::Json(ResponseObj {
|
|
|
|
|
message: format!("Login {} failed!", credentials.username),
|
2022-06-08 18:16:58 +02:00
|
|
|
status: 400,
|
2022-06-08 18:06:40 +02:00
|
|
|
data: None,
|
2022-06-08 18:16:58 +02:00
|
|
|
})
|
|
|
|
|
.customize()
|
|
|
|
|
.with_status(StatusCode::BAD_REQUEST);
|
2022-06-08 18:06:40 +02:00
|
|
|
}
|
|
|
|
|
}
|
2022-06-07 18:11:46 +02:00
|
|
|
}
|
