Enforce permissions

teambtcmap · Oct 5, 2024 · 9015543 · 9015543
1 parent d2bdc34
commit 9015543
Show file tree

Hide file tree

Showing 24 changed files with 122 additions and 150 deletions.
diff --git a/src/admin/service.rs b/src/admin/service.rs
@@ -19,6 +19,29 @@ pub async fn mock_admin(password: &str, pool: &Pool) -> Admin {
         .unwrap()
 }
 
+pub async fn check_rpc(password: &str, action: &str, pool: &Pool) -> Result<Admin> {
+    let password = password.to_string();
+    let admin = pool
+        .get()
+        .await?
+        .interact(move |conn| Admin::select_by_password(&password, conn))
+        .await??
+        .unwrap();
+    if !admin.allowed_actions.contains(&"all".into())
+        && !admin.allowed_actions.contains(&action.into())
+    {
+        let log_message = format!(
+            "{} tried to call action {} without proper permissions",
+            admin.name, action,
+        );
+        discord::send_message_to_channel(&log_message, discord::CHANNEL_API).await;
+        Err(Error::HttpUnauthorized(format!(
+            "You are not allowed to perform this action"
+        )))?
+    }
+    Ok(admin)
+}
+
 pub async fn check(req: &HttpRequest, pool: &Pool) -> Result<Admin> {
     let headers = req.headers().clone();
     let guard = pool.get().await.unwrap();

diff --git a/src/db.rs b/src/db.rs
@@ -42,6 +42,8 @@ pub fn pool() -> Result<Pool> {
             conn.pragma_update(None, "journal_mode", "WAL").unwrap();
             conn.pragma_update(None, "synchronous", "NORMAL").unwrap();
             conn.pragma_update(None, "foreign_keys", "ON").unwrap();
+            conn.pragma_update(None, "busy_timeout", 10 * 60 * 1000)
+                .unwrap();
             // > The default suggested cache size is -2000, which means the cache size is limited to 2048000 bytes of memory
             // Source: https://www.sqlite.org/pragma.html#pragma_cache_size
             // The default page size is 4096 bytes, cache_size sets the number of pages

diff --git a/src/rpc/add_admin.rs b/src/rpc/add_admin.rs
@@ -1,10 +1,15 @@
-use crate::{admin::Admin, discord, Result};
+use crate::{
+    admin::{self, Admin},
+    discord, Result,
+};
 use deadpool_sqlite::Pool;
 use jsonrpc_v2::{Data, Params};
 use serde::{Deserialize, Serialize};
 use std::sync::Arc;
 use tracing::info;
 
+const NAME: &str = "add_admin";
+
 #[derive(Deserialize)]
 #[allow(dead_code)]
 pub struct Args {
@@ -21,12 +26,7 @@ pub struct Res {
 }
 
 pub async fn run(Params(args): Params<Args>, pool: Data<Arc<Pool>>) -> Result<Res> {
-    let admin = pool
-        .get()
-        .await?
-        .interact(move |conn| Admin::select_by_password(&args.password, conn))
-        .await??
-        .unwrap();
+    let admin = admin::service::check_rpc(&args.password, NAME, &pool).await?;
     let new_admin = pool
         .get()
         .await?

diff --git a/src/rpc/add_allowed_action.rs b/src/rpc/add_allowed_action.rs
@@ -1,10 +1,15 @@
-use crate::{admin::Admin, discord, Result};
+use crate::{
+    admin::{self, Admin},
+    discord, Result,
+};
 use deadpool_sqlite::Pool;
 use jsonrpc_v2::{Data, Params};
 use serde::{Deserialize, Serialize};
 use std::sync::Arc;
 use tracing::info;
 
+const NAME: &str = "add_allowed_action";
+
 #[derive(Deserialize)]
 pub struct Args {
     pub password: String,
@@ -19,12 +24,7 @@ pub struct Res {
 }
 
 pub async fn run(Params(args): Params<Args>, pool: Data<Arc<Pool>>) -> Result<Res> {
-    let source_admin = pool
-        .get()
-        .await?
-        .interact(move |conn| Admin::select_by_password(&args.password, conn))
-        .await??
-        .unwrap();
+    let source_admin = admin::service::check_rpc(&args.password, NAME, &pool).await?;
     let target_admin = pool
         .get()
         .await?

diff --git a/src/rpc/add_area.rs b/src/rpc/add_area.rs
@@ -1,5 +1,5 @@
 use super::model::RpcArea;
-use crate::admin::Admin;
+use crate::admin;
 use crate::Result;
 use crate::{area, discord};
 use deadpool_sqlite::Pool;
@@ -9,19 +9,16 @@ use serde_json::{Map, Value};
 use std::sync::Arc;
 use tracing::info;
 
+const NAME: &str = "add_area";
+
 #[derive(Deserialize)]
 pub struct Args {
     pub password: String,
     pub tags: Map<String, Value>,
 }
 
 pub async fn run(Params(args): Params<Args>, pool: Data<Arc<Pool>>) -> Result<RpcArea> {
-    let admin = pool
-        .get()
-        .await?
-        .interact(move |conn| Admin::select_by_password(&args.password, conn))
-        .await??
-        .unwrap();
+    let admin = admin::service::check_rpc(&args.password, NAME, &pool).await?;
     let area = pool
         .get()
         .await?

diff --git a/src/rpc/add_element_comment.rs b/src/rpc/add_element_comment.rs
@@ -1,10 +1,12 @@
-use crate::{admin::Admin, discord, element::Element, element_comment::ElementComment, Result};
+use crate::{admin, discord, element::Element, element_comment::ElementComment, Result};
 use deadpool_sqlite::Pool;
 use jsonrpc_v2::{Data, Params};
 use serde::Deserialize;
 use std::sync::Arc;
 use tracing::info;
 
+const NAME: &str = "add_element_comment";
+
 #[derive(Deserialize)]
 pub struct Args {
     pub password: String,
@@ -13,12 +15,7 @@ pub struct Args {
 }
 
 pub async fn run(Params(args): Params<Args>, pool: Data<Arc<Pool>>) -> Result<ElementComment> {
-    let admin = pool
-        .get()
-        .await?
-        .interact(move |conn| Admin::select_by_password(&args.password, conn))
-        .await??
-        .unwrap();
+    let admin = admin::service::check_rpc(&args.password, NAME, &pool).await?;
     let element = pool
         .get()
         .await?

diff --git a/src/rpc/boost_element.rs b/src/rpc/boost_element.rs
@@ -1,4 +1,4 @@
-use crate::{admin::Admin, discord, element::Element, Result};
+use crate::{admin, discord, element::Element, Result};
 use deadpool_sqlite::Pool;
 use jsonrpc_v2::{Data, Params};
 use rusqlite::Connection;
@@ -8,6 +8,8 @@ use std::sync::Arc;
 use time::{format_description::well_known::Iso8601, Duration, OffsetDateTime};
 use tracing::info;
 
+const NAME: &str = "boost_element";
+
 #[derive(Deserialize)]
 pub struct Args {
     pub password: String,
@@ -16,12 +18,7 @@ pub struct Args {
 }
 
 pub async fn run(Params(args): Params<Args>, pool: Data<Arc<Pool>>) -> Result<Element> {
-    let admin = pool
-        .get()
-        .await?
-        .interact(move |conn| Admin::select_by_password(&args.password, conn))
-        .await??
-        .unwrap();
+    let admin = admin::service::check_rpc(&args.password, NAME, &pool).await?;
     let element = pool
         .get()
         .await?

diff --git a/src/rpc/generate_areas_elements_mapping.rs b/src/rpc/generate_areas_elements_mapping.rs
@@ -1,5 +1,5 @@
 use crate::{
-    admin::Admin,
+    admin,
     area::Area,
     area_element::{self},
     discord,
@@ -13,6 +13,8 @@ use serde::{Deserialize, Serialize};
 use std::sync::Arc;
 use tracing::info;
 
+const NAME: &str = "generate_areas_elements_mapping";
+
 #[derive(Deserialize)]
 pub struct Args {
     password: String,
@@ -27,12 +29,7 @@ pub struct Res {
 }
 
 pub async fn run(Params(args): Params<Args>, pool: Data<Arc<Pool>>) -> Result<Res> {
-    let admin = pool
-        .get()
-        .await?
-        .interact(move |conn| Admin::select_by_password(&args.password, conn))
-        .await??
-        .unwrap();
+    let admin = admin::service::check_rpc(&args.password, NAME, &pool).await?;
     let res = pool
         .get()
         .await?

diff --git a/src/rpc/generate_element_categories.rs b/src/rpc/generate_element_categories.rs
@@ -1,11 +1,13 @@
-use crate::{admin::Admin, discord, element::Element, osm::overpass::OverpassElement, Result};
+use crate::{admin, discord, element::Element, osm::overpass::OverpassElement, Result};
 use deadpool_sqlite::Pool;
 use jsonrpc_v2::{Data, Params};
 use rusqlite::Connection;
 use serde::{Deserialize, Serialize};
 use std::sync::Arc;
 use tracing::info;
 
+const NAME: &str = "generate_element_categories";
+
 #[derive(Deserialize)]
 pub struct Args {
     password: String,
@@ -19,12 +21,7 @@ pub struct Res {
 }
 
 pub async fn run(Params(args): Params<Args>, pool: Data<Arc<Pool>>) -> Result<Res> {
-    let admin = pool
-        .get()
-        .await?
-        .interact(move |conn| Admin::select_by_password(&args.password, conn))
-        .await??
-        .unwrap();
+    let admin = admin::service::check_rpc(&args.password, NAME, &pool).await?;
     let res = pool
         .get()
         .await?

diff --git a/src/rpc/generate_element_icons.rs b/src/rpc/generate_element_icons.rs
@@ -1,11 +1,13 @@
-use crate::{admin::Admin, discord, element::Element, osm::overpass::OverpassElement, Result};
+use crate::{admin, discord, element::Element, osm::overpass::OverpassElement, Result};
 use deadpool_sqlite::Pool;
 use jsonrpc_v2::{Data, Params};
 use rusqlite::Connection;
 use serde::{Deserialize, Serialize};
 use std::sync::Arc;
 use tracing::info;
 
+const NAME: &str = "generate_element_icons";
+
 #[derive(Deserialize)]
 pub struct Args {
     password: String,
@@ -19,12 +21,7 @@ pub struct Res {
 }
 
 pub async fn run(Params(args): Params<Args>, pool: Data<Arc<Pool>>) -> Result<Res> {
-    let admin = pool
-        .get()
-        .await?
-        .interact(move |conn| Admin::select_by_password(&args.password, conn))
-        .await??
-        .unwrap();
+    let admin = admin::service::check_rpc(&args.password, NAME, &pool).await?;
     let res = pool
         .get()
         .await?

diff --git a/src/rpc/generate_element_issues.rs b/src/rpc/generate_element_issues.rs
@@ -1,6 +1,5 @@
 use crate::{
-    admin::Admin,
-    discord,
+    admin, discord,
     element::{self, Element},
     Result,
 };
@@ -11,6 +10,8 @@ use std::sync::Arc;
 use time::OffsetDateTime;
 use tracing::info;
 
+const NAME: &str = "generate_element_issues";
+
 #[derive(Deserialize)]
 pub struct Args {
     pub password: String,
@@ -27,12 +28,7 @@ pub struct Res {
 }
 
 pub async fn run(Params(args): Params<Args>, pool: Data<Arc<Pool>>) -> Result<Res> {
-    let admin = pool
-        .get()
-        .await?
-        .interact(move |conn| Admin::select_by_password(&args.password, conn))
-        .await??
-        .unwrap();
+    let admin = admin::service::check_rpc(&args.password, NAME, &pool).await?;
     let elements: Vec<Element> = pool
         .get()
         .await?

diff --git a/src/rpc/generate_reports.rs b/src/rpc/generate_reports.rs
@@ -1,4 +1,4 @@
-use crate::{admin::Admin, area::Area, discord, element::Element, report::Report, Result};
+use crate::{admin, area::Area, discord, element::Element, report::Report, Result};
 use deadpool_sqlite::Pool;
 use jsonrpc_v2::{Data, Params};
 use rusqlite::Connection;
@@ -8,6 +8,8 @@ use std::{collections::HashMap, sync::Arc};
 use time::{format_description::well_known::Iso8601, OffsetDateTime};
 use tracing::info;
 
+const NAME: &str = "generate_reports";
+
 #[derive(Deserialize)]
 pub struct Args {
     pub password: String,
@@ -24,12 +26,7 @@ pub struct Res {
 }
 
 pub async fn run(Params(args): Params<Args>, pool: Data<Arc<Pool>>) -> Result<Res> {
-    let admin = pool
-        .get()
-        .await?
-        .interact(move |conn| Admin::select_by_password(&args.password, conn))
-        .await??
-        .unwrap();
+    let admin = admin::service::check_rpc(&args.password, NAME, &pool).await?;
     let started_at = OffsetDateTime::now_utc();
     let res = pool
         .get()

diff --git a/src/rpc/get_area.rs b/src/rpc/get_area.rs
@@ -1,22 +1,20 @@
 use super::model::RpcArea;
-use crate::{admin::Admin, area::Area, Result};
+use crate::{admin, area::Area, Result};
 use deadpool_sqlite::Pool;
 use jsonrpc_v2::{Data, Params};
 use serde::Deserialize;
 use std::sync::Arc;
 
+const NAME: &str = "get_area";
+
 #[derive(Deserialize)]
 pub struct Args {
     pub password: String,
     pub id: String,
 }
 
 pub async fn run(Params(args): Params<Args>, pool: Data<Arc<Pool>>) -> Result<RpcArea> {
-    pool.get()
-        .await?
-        .interact(move |conn| Admin::select_by_password(&args.password, conn))
-        .await??
-        .unwrap();
+    admin::service::check_rpc(&args.password, NAME, &pool).await?;
     let area = pool
         .get()
         .await?

diff --git a/src/rpc/get_element.rs b/src/rpc/get_element.rs
@@ -1,22 +1,20 @@
 use crate::Result;
-use crate::{admin::Admin, element::model::Element};
+use crate::{admin, element::model::Element};
 use deadpool_sqlite::Pool;
 use jsonrpc_v2::{Data, Params};
 use serde::Deserialize;
 use std::sync::Arc;
 
+const NAME: &str = "get_element";
+
 #[derive(Deserialize)]
 pub struct Args {
     pub password: String,
     pub id: String,
 }
 
 pub async fn run(Params(args): Params<Args>, pool: Data<Arc<Pool>>) -> Result<Element> {
-    pool.get()
-        .await?
-        .interact(move |conn| Admin::select_by_password(&args.password, conn))
-        .await??
-        .unwrap();
+    admin::service::check_rpc(&args.password, NAME, &pool).await?;
     let element = pool
         .get()
         .await?