postgres via sqlx - workable?
This commit is contained in:
@@ -1,13 +1,13 @@
|
||||
use axum::{
|
||||
Json,
|
||||
extract::Path,
|
||||
extract::{Path, State},
|
||||
http::{HeaderMap, StatusCode},
|
||||
response::{IntoResponse, Response},
|
||||
};
|
||||
use uuid::Uuid;
|
||||
|
||||
use crate::{
|
||||
database::{self},
|
||||
MnemoState,
|
||||
error::CompositeError,
|
||||
logs::{LogAction, LogEntry},
|
||||
users::{
|
||||
@@ -21,15 +21,17 @@ use crate::{
|
||||
const CANT_REVOKE: &str = "You don't have permission to revoke this user's sessions.";
|
||||
|
||||
pub async fn get_by_id(
|
||||
State(state): State<MnemoState>,
|
||||
Path(id): Path<Uuid>,
|
||||
headers: HeaderMap,
|
||||
) -> Result<Response, CompositeError> {
|
||||
let u = User::authenticate(&headers)?.required()?;
|
||||
let conn = database::conn()?;
|
||||
let s = Session::get_by_id(&conn, id)?;
|
||||
let mut conn = state.pool.acquire().await?;
|
||||
let u = User::authenticate(&mut conn, &headers).await?.required()?;
|
||||
let s = Session::get_by_id(&mut conn, id).await?;
|
||||
|
||||
match s.user_id == u.id
|
||||
|| u.has_permission(&conn, Permission::ListOthersSessions)
|
||||
|| u.has_permission(&mut conn, Permission::ListOthersSessions)
|
||||
.await
|
||||
.is_ok_and(|v| v)
|
||||
{
|
||||
true => Ok(Json(s).into_response()),
|
||||
@@ -38,25 +40,29 @@ pub async fn get_by_id(
|
||||
}
|
||||
|
||||
pub async fn revoke_by_id(
|
||||
State(state): State<MnemoState>,
|
||||
Path(id): Path<Uuid>,
|
||||
headers: HeaderMap,
|
||||
) -> Result<Response, CompositeError> {
|
||||
let u = User::authenticate(&headers)?.required()?;
|
||||
let mut conn = database::conn()?;
|
||||
let tx = conn.transaction()?;
|
||||
let mut tx = state.pool.begin().await?;
|
||||
let u = User::authenticate(&mut tx, &headers).await?.required()?;
|
||||
|
||||
let mut s = Session::get_by_id(&tx, id)?;
|
||||
let mut s = Session::get_by_id(&mut tx, id).await?;
|
||||
match s.user_id == u.id
|
||||
|| u.has_permission(&tx, Permission::RevokeOthersSessions)
|
||||
|| u.has_permission(&mut tx, Permission::RevokeOthersSessions)
|
||||
.await
|
||||
.is_ok_and(|v| v)
|
||||
{
|
||||
true => {
|
||||
s.revoke(&tx, Some(&u))?;
|
||||
LogEntry::new(&tx, u, LogAction::ManuallyRevokeSession { id })?;
|
||||
tx.commit()?;
|
||||
s.revoke(&mut tx, Some(&u)).await?;
|
||||
LogEntry::new(&mut tx, u, LogAction::ManuallyRevokeSession { id }).await?;
|
||||
tx.commit().await?;
|
||||
Ok(Json(s).into_response())
|
||||
}
|
||||
false => match u.has_permission(&tx, Permission::ListOthersSessions)? {
|
||||
false => match u
|
||||
.has_permission(&mut tx, Permission::ListOthersSessions)
|
||||
.await?
|
||||
{
|
||||
true => Ok((StatusCode::FORBIDDEN, CANT_REVOKE).into_response()),
|
||||
false => Err(SessionError::NoSessionWithId(id))?,
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user