@@ -152,6 +152,17 @@ pub mod requests {
|
||||
pub otp: Option<String>
|
||||
}
|
||||
|
||||
#[derive(Debug, Deserialize, Serialize, Clone)]
|
||||
pub struct SendRecoveryKey {
|
||||
pub username: String
|
||||
}
|
||||
|
||||
#[derive(Debug, Deserialize, Serialize, Clone)]
|
||||
pub struct ResetPassword {
|
||||
pub key: String,
|
||||
pub password: String
|
||||
}
|
||||
|
||||
#[derive(Debug, Deserialize, Serialize, Clone)]
|
||||
pub struct TfaSetup {
|
||||
pub mail: bool
|
||||
|
||||
@@ -15,7 +15,7 @@ use tiny_http::{Method, Request, Response, ResponseBox, Server, StatusCode};
|
||||
use crate::{
|
||||
db::DBConnection,
|
||||
metrics::TRACER,
|
||||
routes::{get_reply, header, AppError}
|
||||
routes::{header, AppError}
|
||||
};
|
||||
|
||||
static THREAD_COUNT: usize = 10;
|
||||
@@ -117,6 +117,8 @@ fn handle_api_request(span: &mut Span, req: &mut Request, pool: db::DBPool) -> R
|
||||
("/api/metrics", Method::Get) => metrics::get_metrics(),
|
||||
("/api/auth/login", Method::Post) => parse_body(span, req).and_then(|v|routes::auth::basic::login(span, req, db, v)),
|
||||
("/api/auth/signup", Method::Post) => parse_body(span, req).and_then(|v| routes::auth::basic::signup(span, req, db, v)),
|
||||
("/api/auth/send_key", Method::Post) => parse_body(span, req).and_then(|v| routes::auth::basic::send_key(span, req, db, v)),
|
||||
("/api/auth/reset", Method::Post) => parse_body(span, req).and_then(|v| routes::auth::basic::reset(span, req, db, v)),
|
||||
("/api/auth/gitlab", Method::Get) => routes::auth::gitlab::gitlab(span, req, db),
|
||||
("/api/auth/gitlab_callback", Method::Get) => routes::auth::gitlab::gitlab_callback(span, req, db, &query),
|
||||
("/api/fs/download", Method::Post) => routes::fs::routes::download(span, req, db),
|
||||
@@ -143,7 +145,7 @@ fn handle_api_request(span: &mut Span, req: &mut Request, pool: db::DBPool) -> R
|
||||
("/api/admin/logout", Method::Post, None) => parse_body(span, req).and_then(|v| routes::admin::logout(span, req, db, info, v)),
|
||||
("/api/admin/delete", Method::Post, None) => parse_body(span, req).and_then(|v| routes::admin::delete_user(span, req, db, info, v)),
|
||||
("/api/admin/disable_2fa", Method::Post, None) => parse_body(span, req).and_then(|v| routes::admin::disable_2fa(span, req, db, info, v)),
|
||||
("/api/admin/is_admin", Method::Post, None) => get_reply(&dto::responses::Success { statusCode: 200 }),
|
||||
("/api/admin/is_admin", Method::Get, None) => routes::admin::is_admin(span, req, db, info),
|
||||
("/api/admin/get_token", Method::Get, Some(v)) => routes::admin::get_token(span, req, db, info, v),
|
||||
("/api/auth/refresh", Method::Post, None) => routes::auth::basic::refresh(span, req, db, info),
|
||||
("/api/auth/logout_all", Method::Post, None) => routes::auth::basic::logout_all(span, req, db, info),
|
||||
|
||||
@@ -110,6 +110,14 @@ pub fn disable_2fa(
|
||||
get_reply(&dto::responses::Success { statusCode: 200 })
|
||||
}
|
||||
|
||||
pub fn is_admin(_: &Span, _: &mut Request, _: &mut DBConnection, info: UserInfo) -> Result<ResponseBox, AppError> {
|
||||
if info.0.role != UserRole::Admin {
|
||||
return AppError::Forbidden("Forbidden").err();
|
||||
}
|
||||
|
||||
get_reply(&dto::responses::Success { statusCode: 200 })
|
||||
}
|
||||
|
||||
pub fn get_token(
|
||||
span: &Span,
|
||||
_: &mut Request,
|
||||
|
||||
@@ -1,12 +1,23 @@
|
||||
use std::{collections::HashMap, ops::Add};
|
||||
|
||||
use lettre::Transport;
|
||||
use once_cell::sync::Lazy;
|
||||
use parking_lot::Mutex;
|
||||
use ring::rand::SecureRandom;
|
||||
use rustracing_jaeger::Span;
|
||||
use tiny_http::{Request, ResponseBox};
|
||||
|
||||
use crate::{
|
||||
db::{DBConnection, TfaTypes, UserRole},
|
||||
dto,
|
||||
routes::{filters::UserInfo, get_reply, AppError}
|
||||
metrics,
|
||||
routes::{auth::tfa::MAIL_SENDER, filters::UserInfo, get_reply, AppError}
|
||||
};
|
||||
|
||||
type RecoveryKeyMap = HashMap<String, (i32, chrono::DateTime<chrono::Utc>)>;
|
||||
static RECOVERY_KEYS: Lazy<Mutex<RecoveryKeyMap>> = Lazy::new(|| Mutex::new(RecoveryKeyMap::new()));
|
||||
const KEY_CHARSET: &[u8] = b"ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
||||
|
||||
pub fn login(
|
||||
span: &Span,
|
||||
_: &mut Request,
|
||||
@@ -60,6 +71,70 @@ pub fn signup(
|
||||
get_reply(&dto::responses::Success { statusCode: 200 })
|
||||
}
|
||||
|
||||
pub fn send_key(
|
||||
span: &Span,
|
||||
_: &mut Request,
|
||||
db: &mut DBConnection,
|
||||
data: dto::requests::SendRecoveryKey
|
||||
) -> Result<ResponseBox, AppError> {
|
||||
// Silently fail to prevent information leak about usernames
|
||||
if let Some(user) = db.find_user(span, &data.username, false) {
|
||||
let _span = metrics::span("send_recovery_key", span);
|
||||
|
||||
let mut bin = [0_u8; 10];
|
||||
crate::routes::auth::SEC_RANDOM.fill(&mut bin).expect("Failed to generate recovery key");
|
||||
let code_arr = bin.map(|v| KEY_CHARSET[v as usize % KEY_CHARSET.len()]);
|
||||
let code = String::from_utf8_lossy(&code_arr);
|
||||
|
||||
{
|
||||
RECOVERY_KEYS.lock().insert(
|
||||
code.to_string(),
|
||||
(
|
||||
user.id,
|
||||
chrono::Utc::now().add(chrono::Duration::minutes(5))
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
let mail = lettre::Message::builder()
|
||||
.from("fileserver@mattv.de".parse().unwrap())
|
||||
.to(user.name.parse().unwrap())
|
||||
.subject("MFileserver - Password reset")
|
||||
.body(format!(
|
||||
"Your recovery key is: {}\r\nIt is valid for 5 minutes",
|
||||
code
|
||||
))
|
||||
.unwrap();
|
||||
|
||||
MAIL_SENDER.send(&mail).expect("Failed to send mail");
|
||||
}
|
||||
|
||||
get_reply(&dto::responses::Success { statusCode: 200 })
|
||||
}
|
||||
|
||||
pub fn reset(
|
||||
span: &Span,
|
||||
_: &mut Request,
|
||||
db: &mut DBConnection,
|
||||
data: dto::requests::ResetPassword
|
||||
) -> Result<ResponseBox, AppError> {
|
||||
if let Some(entry) = { RECOVERY_KEYS.lock().get(&data.key) } {
|
||||
if entry.1 < chrono::Utc::now() {
|
||||
return AppError::BadRequest("Invalid key").err();
|
||||
}
|
||||
if let Some(mut user) = db.get_user(span, entry.0) {
|
||||
user.password = super::hash_password(&data.password);
|
||||
db.save_user(span, &user);
|
||||
db.delete_all_tokens(span, user.id);
|
||||
get_reply(&dto::responses::Success { statusCode: 200 })
|
||||
} else {
|
||||
AppError::BadRequest("Invalid user").err()
|
||||
}
|
||||
} else {
|
||||
AppError::BadRequest("Invalid key").err()
|
||||
}
|
||||
}
|
||||
|
||||
pub fn refresh(span: &Span, _: &mut Request, db: &mut DBConnection, info: UserInfo) -> Result<ResponseBox, AppError> {
|
||||
db.delete_token(span, info.1.id);
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ fn build_mail_sender() -> lettre::SmtpTransport {
|
||||
.build()
|
||||
}
|
||||
|
||||
static MAIL_SENDER: Lazy<lettre::SmtpTransport> = Lazy::new(build_mail_sender);
|
||||
pub static MAIL_SENDER: Lazy<lettre::SmtpTransport> = Lazy::new(build_mail_sender);
|
||||
|
||||
fn get_totp(user: &db::User) -> totp_rs::TOTP {
|
||||
totp_rs::TOTP::from_rfc6238(
|
||||
|
||||
@@ -6,10 +6,9 @@ use std::{
|
||||
ops::DerefMut,
|
||||
sync::atomic::Ordering
|
||||
};
|
||||
use image::DynamicImage;
|
||||
|
||||
use fast_image_resize as fir;
|
||||
use fast_image_resize::PixelType;
|
||||
use image::DynamicImage;
|
||||
use rustracing_jaeger::Span;
|
||||
use tiny_http::{Request, Response, ResponseBox, StatusCode};
|
||||
|
||||
@@ -212,18 +211,54 @@ pub fn upload(
|
||||
let width = NonZeroU32::try_from(img.width()).unwrap();
|
||||
let height = NonZeroU32::try_from(img.height()).unwrap();
|
||||
match img {
|
||||
DynamicImage::ImageLuma8(v) => fir::Image::from_vec_u8(width, height, v.into_raw(), fir::PixelType::U8),
|
||||
DynamicImage::ImageLumaA8(v) => fir::Image::from_vec_u8(width, height, v.into_raw(), fir::PixelType::U8x2),
|
||||
DynamicImage::ImageRgb8(v) => fir::Image::from_vec_u8(width, height, v.into_raw(), fir::PixelType::U8x3),
|
||||
DynamicImage::ImageRgba8(v) => fir::Image::from_vec_u8(width, height, v.into_raw(), fir::PixelType::U8x4),
|
||||
DynamicImage::ImageLuma16(_) => fir::Image::from_vec_u8(width, height, img.to_luma8().into_raw(), fir::PixelType::U8),
|
||||
DynamicImage::ImageLumaA16(_) => fir::Image::from_vec_u8(width, height, img.to_luma_alpha8().into_raw(), fir::PixelType::U8x2),
|
||||
DynamicImage::ImageRgb16(_) => fir::Image::from_vec_u8(width, height, img.to_rgb8().into_raw(), fir::PixelType::U8x3),
|
||||
DynamicImage::ImageRgba16(_) => fir::Image::from_vec_u8(width, height, img.to_rgba8().into_raw(), fir::PixelType::U8x4),
|
||||
DynamicImage::ImageRgb32F(_) => fir::Image::from_vec_u8(width, height, img.to_rgb8().into_raw(), fir::PixelType::U8x3),
|
||||
DynamicImage::ImageRgba32F(_) => fir::Image::from_vec_u8(width, height, img.to_rgba8().into_raw(), fir::PixelType::U8x4),
|
||||
_ => fir::Image::from_vec_u8(width, height, img.to_rgba8().into_raw(), fir::PixelType::U8x4)
|
||||
}.expect("Failed to convert preview image")
|
||||
DynamicImage::ImageLuma8(v) =>
|
||||
fir::Image::from_vec_u8(width, height, v.into_raw(), fir::PixelType::U8),
|
||||
DynamicImage::ImageLumaA8(v) =>
|
||||
fir::Image::from_vec_u8(width, height, v.into_raw(), fir::PixelType::U8x2),
|
||||
DynamicImage::ImageRgb8(v) =>
|
||||
fir::Image::from_vec_u8(width, height, v.into_raw(), fir::PixelType::U8x3),
|
||||
DynamicImage::ImageRgba8(v) =>
|
||||
fir::Image::from_vec_u8(width, height, v.into_raw(), fir::PixelType::U8x4),
|
||||
DynamicImage::ImageLuma16(_) =>
|
||||
fir::Image::from_vec_u8(width, height, img.to_luma8().into_raw(), fir::PixelType::U8),
|
||||
DynamicImage::ImageLumaA16(_) => fir::Image::from_vec_u8(
|
||||
width,
|
||||
height,
|
||||
img.to_luma_alpha8().into_raw(),
|
||||
fir::PixelType::U8x2
|
||||
),
|
||||
DynamicImage::ImageRgb16(_) => fir::Image::from_vec_u8(
|
||||
width,
|
||||
height,
|
||||
img.to_rgb8().into_raw(),
|
||||
fir::PixelType::U8x3
|
||||
),
|
||||
DynamicImage::ImageRgba16(_) => fir::Image::from_vec_u8(
|
||||
width,
|
||||
height,
|
||||
img.to_rgba8().into_raw(),
|
||||
fir::PixelType::U8x4
|
||||
),
|
||||
DynamicImage::ImageRgb32F(_) => fir::Image::from_vec_u8(
|
||||
width,
|
||||
height,
|
||||
img.to_rgb8().into_raw(),
|
||||
fir::PixelType::U8x3
|
||||
),
|
||||
DynamicImage::ImageRgba32F(_) => fir::Image::from_vec_u8(
|
||||
width,
|
||||
height,
|
||||
img.to_rgba8().into_raw(),
|
||||
fir::PixelType::U8x4
|
||||
),
|
||||
_ => fir::Image::from_vec_u8(
|
||||
width,
|
||||
height,
|
||||
img.to_rgba8().into_raw(),
|
||||
fir::PixelType::U8x4
|
||||
)
|
||||
}
|
||||
.expect("Failed to convert preview image")
|
||||
};
|
||||
let img = {
|
||||
let _span = metrics::span("generate_preview_resize", &prev_span);
|
||||
@@ -233,12 +268,9 @@ pub fn upload(
|
||||
NonZeroU32::try_from(new_dim.1).unwrap(),
|
||||
img.pixel_type()
|
||||
);
|
||||
fir::Resizer::new(fir::ResizeAlg::SuperSampling(
|
||||
fir::FilterType::Hamming,
|
||||
2
|
||||
))
|
||||
.resize(&img.view(), &mut dst.view_mut())
|
||||
.expect("Failed to resize preview image");
|
||||
fir::Resizer::new(fir::ResizeAlg::SuperSampling(fir::FilterType::Hamming, 2))
|
||||
.resize(&img.view(), &mut dst.view_mut())
|
||||
.expect("Failed to resize preview image");
|
||||
dst
|
||||
};
|
||||
let _span = metrics::span("generate_preview_save", &prev_span);
|
||||
@@ -252,10 +284,10 @@ pub fn upload(
|
||||
img.width().get(),
|
||||
img.height().get(),
|
||||
match img.pixel_type() {
|
||||
PixelType::U8 => image::ColorType::L8,
|
||||
PixelType::U8x2 => image::ColorType::La8,
|
||||
PixelType::U8x3 => image::ColorType::Rgb8,
|
||||
PixelType::U8x4 => image::ColorType::Rgba8,
|
||||
fir::PixelType::U8 => image::ColorType::L8,
|
||||
fir::PixelType::U8x2 => image::ColorType::La8,
|
||||
fir::PixelType::U8x3 => image::ColorType::Rgb8,
|
||||
fir::PixelType::U8x4 => image::ColorType::Rgba8,
|
||||
_ => unreachable!()
|
||||
}
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user