lila-chat/src/auth.rs

extern crate log;
use crate::file_io::*;
use rocket::http::{Cookie, Cookies};
use crate::user::*;
use rocket_contrib::json::{Json, JsonValue};
use random_string::generate;
extern crate sha1;

// Post request to register a user and pin
#[post("/register", format = "json", data = "<data>")]
pub fn register(data: Json<RegisterEvent>) -> JsonValue {
    // check if the user exists
    if let Some(_user) = db_read_user(&data.name.to_lowercase()).ok().flatten() {
        warn!("Cannot create user {}! User is already in system.", data.name);
        return json!({
            "status": "fail",
            "reason": "user already exists",
        });
    } else {
        let pin_hashed = sha1::Sha1::from(&data.pin).digest().to_string(); // hash the pin
    
        let new_user: User = User {
            name: data.name.to_string().to_lowercase(),
            pin_hashed,
            pronouns: data.pronouns.to_string().to_lowercase(),
            session_token: "NULL".to_string(),
            role: UserType::Normal,

        };
    db_add(&new_user);

    info!(
        "succesfully created user {} with pin hash {}",
        new_user.name.to_string(),
        new_user.pin_hashed
    );
    return json!({
        "status": "ok",
        "reason": format!("user {} registered", new_user.name.to_string().to_lowercase()),
    });
    }
}

fn create_token(mut user: User) -> String {
    let charset = "1234567890abcdefghijklmnopqrstuvwxyz";

    user.session_token = generate(12, charset);
    db_add(&user);
    info!("succesfully created token for user {}", user.name);
    let token = user.session_token.clone();
    return token;
}

// Check if user is properly logged in
#[get("/token/<name>")]
pub fn check_token(name: String, mut cookies: Cookies) -> JsonValue {
    // check if the user is in the system
    if let Some(user) = db_read_user(&name.to_lowercase()).ok().flatten() {
        // get the token from the cookie
        let token = match cookies.get_private("token") {
            None => {
                warn!("couldn't get token cookie!");
                return json!({
                    "status": "fail",
                    "reason": "could not read cookie",
                });
            },
            Some(token) => token,
        };

        // check the token value
        if token.value() == "NULL" {
            warn!("NULL token!");
            return json!({
                "status": "fail",
                "reason": "NULL token",
            });
        } else if token.value() == user.session_token {
            info!("user {} has correct session token", name);
            return json!({
                "status": "ok",
                "reason": "correct token",
            });
        } else {
            info!("user {} has incorrect token!", name);
            return json!({
                "status": "fail",
                "reason": "incorrect token",
            });
        }
    } else {
    warn!("user {} not found", name);
    return json!({
        "status": "fail",
        "reason": "user not found",
    });
    }
}

// Logout API
#[post("/logout", format = "json", data = "<info>")]
pub fn logout(info: Json<LogoutEvent>, mut cookies: Cookies) -> JsonValue {
    if let Some(mut user) = db_read_user(&info.name.to_lowercase()).ok().flatten() {
        let token = match cookies.get_private("token") {
            None => {
                warn!("couldn't get token cookie!");
                return json!({
                    "status": "fail",
                    "reason": "could not read cookie",
                });
            },
            Some(token) => token,
        };
        if token.value() == "NULL" {
            warn!("NULL token!");
            return json!({
                "status": "fail",
                "reason": "NULL token",
            });
        } else if token.value() == user.session_token {
            cookies.remove_private(Cookie::named("token"));
            user.session_token = "NULL".to_string();
            db_add(&user);
            info!("logged out user {}", info.name);
            return json!({
                "status": "ok",
                "reason": "logged out",
            });
        } else {
            warn!("token does not match! cannot logout");
            return json!({
                "status": "fail",
                "reason": "token does not match",
            });
        }
    } else {
        warn!("failed to log out user {}, user not found", info.name);
        return json!({
            "status": "fail",
            "reason": "user not found",
        });
    }
}

// Check if pin matches user
#[post("/login", format = "json", data = "<data>")]
pub fn login(data: Json<LoginEvent>, mut cookies: Cookies) -> JsonValue {
    if let Some(user) = db_read_user(&data.name.to_lowercase()).ok().flatten() {
        let hashed_pin_input = sha1::Sha1::from(&data.pin.to_string()).digest().to_string();

        if user.pin_hashed == hashed_pin_input { // check if pin hash matches
            info!("pin correct for user {}", &user.name);

            // Create token for user & set a cookie
            let token = create_token(user);
            let cookie = Cookie::build("token", token)
                .path("/")
                .finish();
            cookies.remove_private(Cookie::named("token"));
            cookies.add_private(cookie);
            info!("set the token cookie");

            return json!({
                "status": "ok",
                "reason": "pin matches",
            });
        } else {
            cookies.remove_private(Cookie::named("token"));
            info!("removed private cookie");
            warn!("pin incorrect for user {}", user.name);
            return json!({
                "status": "fail",
                "reason": "incorrect pin",
            });
        };
    } else {
        cookies.remove_private(Cookie::named("token"));
        info!("removed private cookie");
        warn!(
            "cannot check pin for user {} as they do not exist",
            data.name.to_string().to_lowercase()
        );
        return json!({
            "status": "fail",
            "reason": format!("user {} doesn't exist", data.name.to_string().to_lowercase()),
        });
    }
}

// Change info about a user
#[post("/change", format = "json", data = "<input>")]
pub fn change_info(input: Json<ChangeEvent>, mut cookies: Cookies) -> JsonValue {
    // get token from cookie
    let token = match cookies.get_private("token") {
        None => {
            warn!("couldn't get token cookie!");
            return json!({
                "status": "fail",
                "reason": "could not read cookie",
            });
        },
        Some(token) => token,
    };
    if token.value() == "NULL" {
        warn!("NULL token!");
        return json!({
            "status": "fail",
            "reason": "NULL token",
        });
    }

    // find the user
    if let Some(mut user) = db_read_user(&input.name.to_lowercase()).ok().flatten() {
        if token.value() == user.session_token { // & if token matches:
            match input.changed_event {
                ChangeEventType::Name => {
                    // remove the user first
                    db_remove(&user);
                    // change the name
                    user.name = input.new_event.clone();
                    info!("changed name of {} to {}", input.name, input.new_event);
                    db_add(&user);
                    return json!({
                        "status": "ok",
                        "reason": format!("changed name of {} to {}", input.name, input.new_event),
                    });
                },
                ChangeEventType::Pin => {
                    // change the pin
                    let new_hashed_pin = sha1::Sha1::from(&input.new_event).digest().to_string();
                    user.pin_hashed = new_hashed_pin.clone();
                    db_add(&user);
                    info!("changed pin of {}", input.name);
                    return json!({
                        "status": "ok",
                        "reason": "changed pin",
                    });
                },
                ChangeEventType::Pronouns => {
                    // change the pronouns
                    user.pronouns = input.new_event.clone();
                    info!("changed pronouns of {} to {}", input.name, input.new_event);
                    db_add(&user);
                    return json!({
                        "status": "ok",
                        "reason": "successfully changed pronouns",
                    });
                },
            };
        } else {
            warn!("incorrect pin for user {}", input.name);
            return json!({
               "status": "fail",
                "reason": "incorrect pin",
            });
       };
    } else {
        warn!("couldn't change users info, user does not exist");
        return json!({
            "status": "fail",
            "reason": "user doesn't exist",
        });
    }
}

#[get("/users/<name>")]
pub fn get_user(name: String) -> JsonValue {
    if let Some(user) = db_read_user(&name.to_lowercase()).ok().flatten() {
        return json!({
            "status":"ok",
            "user": {
                "name": user.name.to_lowercase(),
                "pronouns": user.pronouns,
                "role": user.role,
            },
        });
    } else {
        return json!({
            "status": "fail",
            "reason": format!("user {} not found", name),
        });
    }
}

/* User Management */
#[post("/mod", format = "json", data = "<data>")]
pub fn moderation_actions(data: Json<ModerationAction>, mut cookies: Cookies) -> JsonValue {
    let token = match cookies.get_private("token") {
        None => {
            warn!("couldn't get token cookie!");
            return json!({
                "status": "fail",
                "reason": "could not read cookie",
            });
        },
        Some(token) => token,
    };
    if let Some(user) = db_read_user(&data.name.to_lowercase()).ok().flatten() {
        if token.value() == "NULL" { // fail if token is NULL
            warn!("NULL token!");
            return json!({
                "status": "fail",
                "reason": "NULL token",
            });
        } else if user.session_token == token.value() { // if token matches
            if user.role == UserType::Normal {
            match data.action {
                    ModActions::Kick => {
                        info!("kicked user {}", data.target)
                    },
                    ModActions::Ban => info!("banned user {}", data.target),
                    _ => info!("F"),
                };
                return json!({
                    "status": "ok",
                    "reason": "completed action",
                });
            } else {
                warn!("user does not have sufficient permissions to perform that action!");
                return json!({
                    "status": "fail",
                    "reason": "insufficient permissions",
                });
            };
        } else {
            warn!("token does not match!");
            return json!({
                "status": "fail",
                "reason": "token does not match",
            })
        };
    } else {
        warn!("user not found");
        return json!({
            "status": "fail",
            "reason": "user not found"
        });
    }
}
Add setup for chat core, add proper logging 2021-07-17 18:45:52 +00:00			`extern crate log;`
Remove deprecated functions 2021-07-23 13:48:57 +00:00			`use crate::file_io::*;`
Add user roles 2021-07-22 21:17:55 +00:00			`use rocket::http::{Cookie, Cookies};`
Add structs and enums in src/auth.rs into seperate file 2021-07-22 21:31:18 +00:00			`use crate::user::*;`
Add json api for changing user details 2021-07-18 20:36:23 +00:00			`use rocket_contrib::json::{Json, JsonValue};`
Fix newline error in users.json maybe? 2021-07-18 18:11:54 +00:00			`use random_string::generate;`
Rename project & split into multiple files 2021-07-17 15:40:05 +00:00			`extern crate sha1;`
Backport to Rocket v0.4, fix all warnings & errors 2021-07-18 00:32:57 +00:00
Rename project & split into multiple files 2021-07-17 15:40:05 +00:00			`// Post request to register a user and pin`
/register & /login now use json post requests, change event uses enum 2021-07-23 14:08:54 +00:00			`#[post("/register", format = "json", data = "<data>")]`
			`pub fn register(data: Json<RegisterEvent>) -> JsonValue {`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`// check if the user exists`
Lowercase all incoming names 2021-07-23 17:05:56 +00:00			`if let Some(_user) = db_read_user(&data.name.to_lowercase()).ok().flatten() {`
/register & /login now use json post requests, change event uses enum 2021-07-23 14:08:54 +00:00			`warn!("Cannot create user {}! User is already in system.", data.name);`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`return json!({`
			`"status": "fail",`
			`"reason": "user already exists",`
			`});`
			`} else {`
/register & /login now use json post requests, change event uses enum 2021-07-23 14:08:54 +00:00			`let pin_hashed = sha1::Sha1::from(&data.pin).digest().to_string(); // hash the pin`
Add user roles 2021-07-22 21:17:55 +00:00
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`let new_user: User = User {`
/register & /login now use json post requests, change event uses enum 2021-07-23 14:08:54 +00:00			`name: data.name.to_string().to_lowercase(),`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`pin_hashed,`
/register & /login now use json post requests, change event uses enum 2021-07-23 14:08:54 +00:00			`pronouns: data.pronouns.to_string().to_lowercase(),`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`session_token: "NULL".to_string(),`
			`role: UserType::Normal,`
Move file functions to seperate file 2021-07-17 19:53:10 +00:00
Merge branch 'main' into chat-enhancements 2021-07-23 15:25:49 +00:00			`};`
Use database for storing users 2021-07-22 15:01:07 +00:00			`db_add(&new_user);`
Add setup for chat core, add proper logging 2021-07-17 18:45:52 +00:00
Run 'cargo fmt' 2021-07-18 00:33:22 +00:00			`info!(`
			`"succesfully created user {} with pin hash {}",`
Use database for storing users 2021-07-22 15:01:07 +00:00			`new_user.name.to_string(),`
			`new_user.pin_hashed`
Run 'cargo fmt' 2021-07-18 00:33:22 +00:00			`);`
Switch to returning json for all http requests 2021-07-18 16:06:05 +00:00			`return json!({`
			`"status": "ok",`
Add json api for changing user details 2021-07-18 20:36:23 +00:00			`"reason": format!("user {} registered", new_user.name.to_string().to_lowercase()),`
Switch to returning json for all http requests 2021-07-18 16:06:05 +00:00			`});`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`}`
Rename project & split into multiple files 2021-07-17 15:40:05 +00:00			`}`

Lowercase all incoming names 2021-07-23 17:05:56 +00:00			`fn create_token(mut user: User) -> String {`
Fix newline error in users.json maybe? 2021-07-18 18:11:54 +00:00			`let charset = "1234567890abcdefghijklmnopqrstuvwxyz";`

Lowercase all incoming names 2021-07-23 17:05:56 +00:00			`user.session_token = generate(12, charset);`
			`db_add(&user);`
			`info!("succesfully created token for user {}", user.name);`
			`let token = user.session_token.clone();`
			`return token;`
Serve frontend code 2021-07-18 17:16:00 +00:00			`}`

Use session_token for most actions, fail on NULL token 2021-07-22 17:01:30 +00:00			`// Check if user is properly logged in`
			`#[get("/token/<name>")]`
			`pub fn check_token(name: String, mut cookies: Cookies) -> JsonValue {`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`// check if the user is in the system`
Lowercase all incoming names 2021-07-23 17:05:56 +00:00			`if let Some(user) = db_read_user(&name.to_lowercase()).ok().flatten() {`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`// get the token from the cookie`
			`let token = match cookies.get_private("token") {`
			`None => {`
			`warn!("couldn't get token cookie!");`
Use session_token for most actions, fail on NULL token 2021-07-22 17:01:30 +00:00			`return json!({`
			`"status": "fail",`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`"reason": "could not read cookie",`
Use session_token for most actions, fail on NULL token 2021-07-22 17:01:30 +00:00			`});`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`},`
			`Some(token) => token,`
			`};`

			`// check the token value`
			`if token.value() == "NULL" {`
			`warn!("NULL token!");`
			`return json!({`
			`"status": "fail",`
			`"reason": "NULL token",`
			`});`
			`} else if token.value() == user.session_token {`
			`info!("user {} has correct session token", name);`
			`return json!({`
			`"status": "ok",`
			`"reason": "correct token",`
			`});`
			`} else {`
			`info!("user {} has incorrect token!", name);`
			`return json!({`
			`"status": "fail",`
			`"reason": "incorrect token",`
			`});`
Use session_token for most actions, fail on NULL token 2021-07-22 17:01:30 +00:00			`}`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`} else {`
Use session_token for most actions, fail on NULL token 2021-07-22 17:01:30 +00:00			`warn!("user {} not found", name);`
			`return json!({`
			`"status": "fail",`
			`"reason": "user not found",`
			`});`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`}`
Use session_token for most actions, fail on NULL token 2021-07-22 17:01:30 +00:00			`}`

Add logout API 2021-07-22 18:23:59 +00:00			`// Logout API`
			`#[post("/logout", format = "json", data = "<info>")]`
			`pub fn logout(info: Json<LogoutEvent>, mut cookies: Cookies) -> JsonValue {`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`if let Some(mut user) = db_read_user(&info.name.to_lowercase()).ok().flatten() {`
			`let token = match cookies.get_private("token") {`
			`None => {`
			`warn!("couldn't get token cookie!");`
Add logout API 2021-07-22 18:23:59 +00:00			`return json!({`
			`"status": "fail",`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`"reason": "could not read cookie",`
Add logout API 2021-07-22 18:23:59 +00:00			`});`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`},`
			`Some(token) => token,`
			`};`
			`if token.value() == "NULL" {`
			`warn!("NULL token!");`
			`return json!({`
			`"status": "fail",`
			`"reason": "NULL token",`
			`});`
			`} else if token.value() == user.session_token {`
			`cookies.remove_private(Cookie::named("token"));`
			`user.session_token = "NULL".to_string();`
			`db_add(&user);`
			`info!("logged out user {}", info.name);`
			`return json!({`
			`"status": "ok",`
			`"reason": "logged out",`
			`});`
			`} else {`
			`warn!("token does not match! cannot logout");`
			`return json!({`
			`"status": "fail",`
			`"reason": "token does not match",`
			`});`
Add logout API 2021-07-22 18:23:59 +00:00			`}`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`} else {`
			`warn!("failed to log out user {}, user not found", info.name);`
			`return json!({`
			`"status": "fail",`
			`"reason": "user not found",`
			`});`
Add logout API 2021-07-22 18:23:59 +00:00			`}`
			`}`

Rename project & split into multiple files 2021-07-17 15:40:05 +00:00			`// Check if pin matches user`
/register & /login now use json post requests, change event uses enum 2021-07-23 14:08:54 +00:00			`#[post("/login", format = "json", data = "<data>")]`
			`pub fn login(data: Json<LoginEvent>, mut cookies: Cookies) -> JsonValue {`
			`if let Some(user) = db_read_user(&data.name.to_lowercase()).ok().flatten() {`
			`let hashed_pin_input = sha1::Sha1::from(&data.pin.to_string()).digest().to_string();`
Switch to private cookies, and make other cookie improvements Signed-off-by: Erin Nova <erin@the-system.eu.org> 2021-07-22 15:44:31 +00:00
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`if user.pin_hashed == hashed_pin_input { // check if pin hash matches`
			`info!("pin correct for user {}", &user.name);`
Set token as cookie 2021-07-18 17:26:26 +00:00
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`// Create token for user & set a cookie`
Lowercase all incoming names 2021-07-23 17:05:56 +00:00			`let token = create_token(user);`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`let cookie = Cookie::build("token", token)`
			`.path("/")`
			`.finish();`
			`cookies.remove_private(Cookie::named("token"));`
			`cookies.add_private(cookie);`
			`info!("set the token cookie");`

			`return json!({`
			`"status": "ok",`
			`"reason": "pin matches",`
			`});`
			`} else {`
			`cookies.remove_private(Cookie::named("token"));`
			`info!("removed private cookie");`
			`warn!("pin incorrect for user {}", user.name);`
			`return json!({`
			`"status": "fail",`
			`"reason": "incorrect pin",`
			`});`
Rename project & split into multiple files 2021-07-17 15:40:05 +00:00			`};`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`} else {`
			`cookies.remove_private(Cookie::named("token"));`
			`info!("removed private cookie");`
			`warn!(`
			`"cannot check pin for user {} as they do not exist",`
/register & /login now use json post requests, change event uses enum 2021-07-23 14:08:54 +00:00			`data.name.to_string().to_lowercase()`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`);`
			`return json!({`
			`"status": "fail",`
/register & /login now use json post requests, change event uses enum 2021-07-23 14:08:54 +00:00			`"reason": format!("user {} doesn't exist", data.name.to_string().to_lowercase()),`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`});`
Run 'cargo fmt' 2021-07-18 00:33:22 +00:00			`}`
Rename project & split into multiple files 2021-07-17 15:40:05 +00:00			`}`

Add json api for changing user details 2021-07-18 20:36:23 +00:00			`// Change info about a user`
Improve API docs 2021-07-23 14:35:14 +00:00			`#[post("/change", format = "json", data = "<input>")]`
Add logout API 2021-07-22 18:23:59 +00:00			`pub fn change_info(input: Json<ChangeEvent>, mut cookies: Cookies) -> JsonValue {`
Use session_token for most actions, fail on NULL token 2021-07-22 17:01:30 +00:00			`// get token from cookie`
			`let token = match cookies.get_private("token") {`
			`None => {`
			`warn!("couldn't get token cookie!");`
			`return json!({`
			`"status": "fail",`
			`"reason": "could not read cookie",`
			`});`
			`},`
			`Some(token) => token,`
			`};`
			`if token.value() == "NULL" {`
			`warn!("NULL token!");`
			`return json!({`
			`"status": "fail",`
			`"reason": "NULL token",`
			`});`
			`}`
Add json api for changing user details 2021-07-18 20:36:23 +00:00
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`// find the user`
Lowercase all incoming names 2021-07-23 17:05:56 +00:00			`if let Some(mut user) = db_read_user(&input.name.to_lowercase()).ok().flatten() {`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`if token.value() == user.session_token { // & if token matches:`
/register & /login now use json post requests, change event uses enum 2021-07-23 14:08:54 +00:00			`match input.changed_event {`
			`ChangeEventType::Name => {`
			`// remove the user first`
			`db_remove(&user);`
			`// change the name`
			`user.name = input.new_event.clone();`
			`info!("changed name of {} to {}", input.name, input.new_event);`
			`db_add(&user);`
			`return json!({`
			`"status": "ok",`
			`"reason": format!("changed name of {} to {}", input.name, input.new_event),`
			`});`
			`},`
			`ChangeEventType::Pin => {`
			`// change the pin`
			`let new_hashed_pin = sha1::Sha1::from(&input.new_event).digest().to_string();`
			`user.pin_hashed = new_hashed_pin.clone();`
			`db_add(&user);`
			`info!("changed pin of {}", input.name);`
			`return json!({`
			`"status": "ok",`
			`"reason": "changed pin",`
			`});`
			`},`
			`ChangeEventType::Pronouns => {`
			`// change the pronouns`
			`user.pronouns = input.new_event.clone();`
			`info!("changed pronouns of {} to {}", input.name, input.new_event);`
			`db_add(&user);`
			`return json!({`
			`"status": "ok",`
			`"reason": "successfully changed pronouns",`
			`});`
			`},`
Add json api for changing user details 2021-07-18 20:36:23 +00:00			`};`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`} else {`
			`warn!("incorrect pin for user {}", input.name);`
			`return json!({`
			`"status": "fail",`
			`"reason": "incorrect pin",`
			`});`
			`};`
			`} else {`
			`warn!("couldn't change users info, user does not exist");`
			`return json!({`
			`"status": "fail",`
			`"reason": "user doesn't exist",`
			`});`
			`}`
Add json api for changing user details 2021-07-18 20:36:23 +00:00			`}`

Serve frontend code 2021-07-18 17:16:00 +00:00			`#[get("/users/<name>")]`
Switch to returning json for all http requests 2021-07-18 16:06:05 +00:00			`pub fn get_user(name: String) -> JsonValue {`
Fix some warnings 2021-07-23 16:45:29 +00:00			`if let Some(user) = db_read_user(&name.to_lowercase()).ok().flatten() {`
			`return json!({`
Switch to returning json for all http requests 2021-07-18 16:06:05 +00:00			`"status":"ok",`
			`"user": {`
Lowercase all incoming names 2021-07-23 17:05:56 +00:00			`"name": user.name.to_lowercase(),`
Switch to returning json for all http requests 2021-07-18 16:06:05 +00:00			`"pronouns": user.pronouns,`
Add user roles 2021-07-22 21:17:55 +00:00			`"role": user.role,`
Switch to returning json for all http requests 2021-07-18 16:06:05 +00:00			`},`
Fix some warnings 2021-07-23 16:45:29 +00:00			`});`
			`} else {`
			`return json!({`
Switch to returning json for all http requests 2021-07-18 16:06:05 +00:00			`"status": "fail",`
			`"reason": format!("user {} not found", name),`
Fix some warnings 2021-07-23 16:45:29 +00:00			`});`
Move file functions to seperate file 2021-07-17 19:53:10 +00:00			`}`
			`}`
Add basic support for moderation actions, delete previous user before changing name 2021-07-23 11:55:24 +00:00
Add user roles 2021-07-22 21:17:55 +00:00			`/* User Management */`
			`#[post("/mod", format = "json", data = "<data>")]`
Add basic support for moderation actions, delete previous user before changing name 2021-07-23 11:55:24 +00:00			`pub fn moderation_actions(data: Json<ModerationAction>, mut cookies: Cookies) -> JsonValue {`
Add structs and enums in src/auth.rs into seperate file 2021-07-22 21:31:18 +00:00			`let token = match cookies.get_private("token") {`
			`None => {`
			`warn!("couldn't get token cookie!");`
			`return json!({`
			`"status": "fail",`
			`"reason": "could not read cookie",`
			`});`
			`},`
			`Some(token) => token,`
			`};`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`if let Some(user) = db_read_user(&data.name.to_lowercase()).ok().flatten() {`
			`if token.value() == "NULL" { // fail if token is NULL`
			`warn!("NULL token!");`
			`return json!({`
			`"status": "fail",`
			`"reason": "NULL token",`
			`});`
			`} else if user.session_token == token.value() { // if token matches`
			`if user.role == UserType::Normal {`
			`match data.action {`
			`ModActions::Kick => {`
			`info!("kicked user {}", data.target)`
			`},`
			`ModActions::Ban => info!("banned user {}", data.target),`
			`_ => info!("F"),`
			`};`
Add basic support for moderation actions, delete previous user before changing name 2021-07-23 11:55:24 +00:00			`return json!({`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`"status": "ok",`
			`"reason": "completed action",`
Add basic support for moderation actions, delete previous user before changing name 2021-07-23 11:55:24 +00:00			`});`
			`} else {`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`warn!("user does not have sufficient permissions to perform that action!");`
Add basic support for moderation actions, delete previous user before changing name 2021-07-23 11:55:24 +00:00			`return json!({`
			`"status": "fail",`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`"reason": "insufficient permissions",`
			`});`
Add basic support for moderation actions, delete previous user before changing name 2021-07-23 11:55:24 +00:00			`};`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`} else {`
			`warn!("token does not match!");`
			`return json!({`
			`"status": "fail",`
			`"reason": "token does not match",`
			`})`
Add basic support for moderation actions, delete previous user before changing name 2021-07-23 11:55:24 +00:00			`};`
Add error handling to database functions, use db_read_user() 2021-07-23 13:42:33 +00:00			`} else {`
			`warn!("user not found");`
			`return json!({`
			`"status": "fail",`
			`"reason": "user not found"`
			`});`
			`}`
Add basic support for moderation actions, delete previous user before changing name 2021-07-23 11:55:24 +00:00			`}`