
462 lines
15 KiB
Raw Normal View History

extern crate log;
2021-07-23 13:48:57 +00:00
use crate::file_io::*;
use crate::user::*;
2021-07-18 18:11:54 +00:00
use random_string::generate;
2021-07-26 18:09:10 +00:00
use rocket::http::{Cookie, Cookies};
use rocket_contrib::json::{Json, JsonValue};
use uuid::Uuid;
extern crate sha1;
// Post request to register a user and pin
#[post("/register", format = "json", data = "<data>")]
pub fn register(data: Json<RegisterEvent>) -> JsonValue {
// check if the user exists
2021-07-23 17:05:56 +00:00
if let Some(_user) = db_read_user(& {
2021-07-26 18:09:10 +00:00
"Cannot create user {}! User is already in system.",
return json!({
"status": "fail",
"reason": "user already exists",
} else {
let pin_hashed = sha1::Sha1::from(&; // hash the pin
2021-07-26 18:09:10 +00:00
2021-07-25 22:38:04 +00:00
let mut new_user: User = User {
pronouns: data.pronouns.to_string().to_lowercase(),
session_token: "NULL".to_string(),
role: UserType::Normal,
2021-07-25 21:12:50 +00:00
id: Uuid::new_v4(),
2021-07-25 22:38:04 +00:00
2021-07-26 18:09:10 +00:00
if == "admin".to_string() {
// if name is admin, make them an admin
2021-07-25 22:38:04 +00:00
new_user.role = UserType::Admin;
2021-07-26 18:09:10 +00:00
2021-07-26 18:09:10 +00:00
"succesfully created user {} with pin hash {}",,
return json!({
"status": "ok",
"reason": format!("user {} registered",,
2021-07-23 17:05:56 +00:00
fn create_token(mut user: User) -> String {
2021-07-18 18:11:54 +00:00
let charset = "1234567890abcdefghijklmnopqrstuvwxyz";
2021-07-23 17:05:56 +00:00
user.session_token = generate(12, charset);
info!("succesfully created token for user {}",;
let token = user.session_token.clone();
return token;
2021-07-18 17:16:00 +00:00
// Check if user is properly logged in
pub fn check_token(name: String, mut cookies: Cookies) -> JsonValue {
// check if the user is in the system
2021-07-23 17:05:56 +00:00
if let Some(user) = db_read_user(&name.to_lowercase()).ok().flatten() {
// get the token from the cookie
let token = match cookies.get_private("token") {
None => {
warn!("couldn't get token cookie!");
return json!({
"status": "fail",
"reason": "could not read cookie",
2021-07-26 18:09:10 +00:00
Some(token) => token,
// check the token value
if token.value() == "NULL" {
warn!("NULL token!");
return json!({
"status": "fail",
"reason": "NULL token",
} else if token.value() == user.session_token {
info!("user {} has correct session token", name);
return json!({
"status": "ok",
"reason": "correct token",
} else {
info!("user {} has incorrect token!", name);
return json!({
"status": "fail",
"reason": "incorrect token",
} else {
2021-07-26 18:09:10 +00:00
warn!("user {} not found", name);
return json!({
"status": "fail",
"reason": "user not found",
2021-07-22 18:23:59 +00:00
// Logout API
#[post("/logout", format = "json", data = "<info>")]
pub fn logout(info: Json<LogoutEvent>, mut cookies: Cookies) -> JsonValue {
if let Some(mut user) = db_read_user(& {
let token = match cookies.get_private("token") {
None => {
warn!("couldn't get token cookie!");
2021-07-22 18:23:59 +00:00
return json!({
"status": "fail",
"reason": "could not read cookie",
2021-07-22 18:23:59 +00:00
2021-07-26 18:09:10 +00:00
Some(token) => token,
if token.value() == "NULL" {
warn!("NULL token!");
return json!({
"status": "fail",
"reason": "NULL token",
} else if token.value() == user.session_token {
user.session_token = "NULL".to_string();
info!("logged out user {}",;
return json!({
"status": "ok",
"reason": "logged out",
} else {
warn!("token does not match! cannot logout");
return json!({
"status": "fail",
"reason": "token does not match",
2021-07-22 18:23:59 +00:00
} else {
warn!("failed to log out user {}, user not found",;
return json!({
"status": "fail",
"reason": "user not found",
2021-07-22 18:23:59 +00:00
// Check if pin matches user
#[post("/login", format = "json", data = "<data>")]
pub fn login(data: Json<LoginEvent>, mut cookies: Cookies) -> JsonValue {
if let Some(user) = db_read_user(& {
let hashed_pin_input = sha1::Sha1::from(&;
2021-07-26 18:09:10 +00:00
if user.pin_hashed == hashed_pin_input {
// check if pin hash matches
info!("pin correct for user {}", &;
2021-07-18 17:26:26 +00:00
// Create token for user & set a cookie
2021-07-23 17:05:56 +00:00
let token = create_token(user);
2021-07-26 18:09:10 +00:00
let cookie = Cookie::build("token", token).path("/").finish();
info!("set the token cookie");
return json!({
"status": "ok",
"reason": "pin matches",
} else {
info!("removed private cookie");
warn!("pin incorrect for user {}",;
return json!({
"status": "fail",
"reason": "incorrect pin",
} else {
info!("removed private cookie");
"cannot check pin for user {} as they do not exist",
return json!({
"status": "fail",
"reason": format!("user {} doesn't exist",,
2021-07-18 00:33:22 +00:00
2021-07-18 20:36:23 +00:00
// Change info about a user
2021-07-23 14:35:14 +00:00
#[post("/change", format = "json", data = "<input>")]
2021-07-22 18:23:59 +00:00
pub fn change_info(input: Json<ChangeEvent>, mut cookies: Cookies) -> JsonValue {
// get token from cookie
let token = match cookies.get_private("token") {
None => {
warn!("couldn't get token cookie!");
return json!({
"status": "fail",
"reason": "could not read cookie",
2021-07-26 18:09:10 +00:00
Some(token) => token,
if token.value() == "NULL" {
warn!("NULL token!");
return json!({
"status": "fail",
"reason": "NULL token",
2021-07-18 20:36:23 +00:00
// find the user
2021-07-23 17:05:56 +00:00
if let Some(mut user) = db_read_user(& {
2021-07-26 18:09:10 +00:00
if token.value() == user.session_token {
// & if token matches:
match input.changed_event {
ChangeEventType::Name => {
// remove the user first
// change the name = input.new_event.clone();
info!("changed name of {} to {}",, input.new_event);
return json!({
"status": "ok",
"reason": format!("changed name of {} to {}",, input.new_event),
2021-07-26 18:09:10 +00:00
ChangeEventType::Pin => {
// change the pin
let new_hashed_pin = sha1::Sha1::from(&input.new_event).digest().to_string();
user.pin_hashed = new_hashed_pin.clone();
info!("changed pin of {}",;
return json!({
"status": "ok",
"reason": "changed pin",
2021-07-26 18:09:10 +00:00
ChangeEventType::Pronouns => {
// change the pronouns
user.pronouns = input.new_event.clone();
info!("changed pronouns of {} to {}",, input.new_event);
return json!({
"status": "ok",
"reason": "successfully changed pronouns",
2021-07-26 18:09:10 +00:00
2021-07-18 20:36:23 +00:00
} else {
warn!("incorrect pin for user {}",;
return json!({
"status": "fail",
"reason": "incorrect pin",
2021-07-26 18:09:10 +00:00
} else {
warn!("couldn't change users info, user does not exist");
return json!({
"status": "fail",
"reason": "user doesn't exist",
2021-07-18 20:36:23 +00:00
2021-07-18 17:16:00 +00:00
pub fn get_user(name: String) -> JsonValue {
2021-07-23 16:45:29 +00:00
if let Some(user) = db_read_user(&name.to_lowercase()).ok().flatten() {
return json!({
"user": {
2021-07-23 17:05:56 +00:00
"pronouns": user.pronouns,
2021-07-22 21:17:55 +00:00
"role": user.role,
2021-07-25 21:12:50 +00:00
2021-07-23 16:45:29 +00:00
} else {
return json!({
"status": "fail",
"reason": format!("user {} not found", name),
2021-07-23 16:45:29 +00:00
2021-07-17 19:53:10 +00:00
// Make a user into a moderator
fn premote(name: &str) -> JsonValue {
if let Some(mut user) = db_read_user(&name.to_lowercase()).ok().flatten() {
2021-07-26 18:09:10 +00:00
if user.role != UserType::Admin {
// make sure mods can't demote admins ;3
user.role = UserType::Moderator;
info!("succesfully premoted user {}", &;
return json!({
"status": "ok",
"reason": "premoted user",
} else {
warn!("user is an admin, cannot make moderator");
return json!({
"status": "fail",
"reason": "user is admin",
} else {
warn!("could not premote {}, user not found", &name);
return json!({
"status": "fail",
"reason": "user not found",
// Make a user into a normal user
fn demote(name: &str) -> JsonValue {
if let Some(mut user) = db_read_user(&name.to_lowercase()).ok().flatten() {
2021-07-26 18:09:10 +00:00
if user.role != UserType::Admin {
// make sure mods can't demote admins ;3
user.role = UserType::Normal;
info!("succesfully demoted user {}", &;
return json!({
"status": "ok",
"reason": "demoted user",
} else {
warn!("user is an admin, cannot demote");
return json!({
"status": "fail",
"reason": "user is admin",
} else {
warn!("could not demote {}, user not found", &name);
return json!({
"status": "fail",
"reason": "user not found",
2021-07-25 22:03:32 +00:00
// Kick a user (temporarilly log them out for a certain amount of time)
fn kick(name: &str) -> JsonValue {
if let Some(mut user) = db_read_user(&name.to_lowercase()).ok().flatten() {
2021-07-26 18:09:10 +00:00
if user.role != UserType::Admin {
// make sure mods can't kick admins
user.session_token = "NULL".to_string();
info!("succesfully kicked user {}", &;
return json!({
"status": "ok",
"reason": "kicked user",
} else {
warn!("user is an admin, cannot kick");
return json!({
"status": "fail",
"reason": "user is admin",
} else {
warn!("could not kick {}, user not found", &name);
2021-07-25 22:03:32 +00:00
return json!({
"status": "fail",
"reason": "user not found",
2021-07-25 22:03:32 +00:00
// Ban a user (remove their account)
fn ban(name: &str) -> JsonValue {
if let Some(mut user) = db_read_user(&name.to_lowercase()).ok().flatten() {
2021-07-26 18:09:10 +00:00
if user.role != UserType::Admin {
// make sure mods can't kick admins
info!("succesfully banned user {}", &;
return json!({
"status": "ok",
"reason": "banned user",
} else {
warn!("user is an admin, cannot ban");
return json!({
"status": "fail",
"reason": "user is admin",
2021-07-25 22:03:32 +00:00
} else {
warn!("could not ban {}, user not found", &name);
2021-07-25 22:03:32 +00:00
return json!({
"status": "fail",
"reason": "user not found",
2021-07-22 21:17:55 +00:00
/* User Management */
#[post("/mod", format = "json", data = "<data>")]
pub fn moderation_actions(data: Json<ModerationAction>, mut cookies: Cookies) -> JsonValue {
let token = match cookies.get_private("token") {
None => {
warn!("couldn't get token cookie!");
return json!({
"status": "fail",
"reason": "could not read cookie",
2021-07-26 18:09:10 +00:00
Some(token) => token,
if let Some(user) = db_read_user(& {
2021-07-26 18:09:10 +00:00
if token.value() == "NULL" {
// fail if token is NULL
warn!("NULL token!");
return json!({
"status": "fail",
"reason": "NULL token",
2021-07-26 18:09:10 +00:00
} else if user.session_token == token.value() {
// if token matches
if user.role == UserType::Moderator || user.role == UserType::Admin {
2021-07-26 18:09:10 +00:00
match data.action {
2021-07-25 22:03:32 +00:00
ModActions::Kick => kick(&,
ModActions::Ban => ban(&,
ModActions::Demote => demote(&,
ModActions::Premote => premote(&,
2021-07-25 22:03:32 +00:00
_ => return json!({"status":"fail","reason":"bad command"}),
2021-07-25 22:03:32 +00:00
return json!({"status":"fail","reason":"idk"});
} else {
warn!("user does not have sufficient permissions to perform that action!");
return json!({
"status": "fail",
"reason": "insufficient permissions",
} else {
warn!("token does not match!");
return json!({
"status": "fail",
"reason": "token does not match",
2021-07-26 18:09:10 +00:00
} else {
warn!("user not found");
return json!({
"status": "fail",
"reason": "user not found"