forked from jmug/stoatchat
chore: migrate authifier into codebase (#658)
Co-authored-by: izzy <me@insrt.uk> Signed-off-by: Zomatree <me@zomatree.live> Signed-off-by: izzy <me@insrt.uk>
This commit is contained in:
1209
Cargo.lock
generated
1209
Cargo.lock
generated
File diff suppressed because it is too large
Load Diff
@@ -65,6 +65,7 @@ encoding_rs = "0.8.34"
|
|||||||
|
|
||||||
# Mail
|
# Mail
|
||||||
lettre = "0.10.0-alpha.4"
|
lettre = "0.10.0-alpha.4"
|
||||||
|
handlebars = "4.3.0"
|
||||||
|
|
||||||
# HTTP Requests
|
# HTTP Requests
|
||||||
reqwest = "0.13.2"
|
reqwest = "0.13.2"
|
||||||
@@ -155,9 +156,6 @@ opentelemetry_sdk = { version = "0.31.0", features = ["logs"] }
|
|||||||
opentelemetry-otlp = { version = "0.31.0", features = ["logs"] }
|
opentelemetry-otlp = { version = "0.31.0", features = ["logs"] }
|
||||||
opentelemetry-appender-tracing = "0.31.1"
|
opentelemetry-appender-tracing = "0.31.1"
|
||||||
|
|
||||||
# Authifier
|
|
||||||
authifier = "1.0.16"
|
|
||||||
|
|
||||||
# RabbitMQ
|
# RabbitMQ
|
||||||
lapin = "4.7.1"
|
lapin = "4.7.1"
|
||||||
|
|
||||||
@@ -185,6 +183,10 @@ url = "2.2.2"
|
|||||||
impl_ops = "0.1.1"
|
impl_ops = "0.1.1"
|
||||||
lazy_static = "1.5.0"
|
lazy_static = "1.5.0"
|
||||||
mime = "0.3.17"
|
mime = "0.3.17"
|
||||||
|
totp-lite = "2.0.0"
|
||||||
|
rust-argon2 = "1.0.0"
|
||||||
|
base32 = "0.4.0"
|
||||||
|
sha1 = "0.10.6"
|
||||||
futures-lite = "2.6.1"
|
futures-lite = "2.6.1"
|
||||||
|
|
||||||
# Build Dependencies
|
# Build Dependencies
|
||||||
|
|||||||
@@ -34,7 +34,6 @@ async-tungstenite = { workspace = true, features = ["async-std-runtime"] }
|
|||||||
async-std = { workspace = true }
|
async-std = { workspace = true }
|
||||||
|
|
||||||
# core
|
# core
|
||||||
authifier = { workspace = true }
|
|
||||||
revolt-result = { workspace = true }
|
revolt-result = { workspace = true }
|
||||||
revolt-models = { workspace = true }
|
revolt-models = { workspace = true }
|
||||||
revolt-config = { workspace = true }
|
revolt-config = { workspace = true }
|
||||||
|
|||||||
@@ -1,7 +1,6 @@
|
|||||||
use std::{collections::HashSet, net::SocketAddr, sync::Arc};
|
use std::{collections::HashSet, net::SocketAddr, sync::Arc};
|
||||||
|
|
||||||
use async_tungstenite::WebSocketStream;
|
use async_tungstenite::WebSocketStream;
|
||||||
use authifier::AuthifierEvent;
|
|
||||||
use fred::{
|
use fred::{
|
||||||
error::RedisErrorKind,
|
error::RedisErrorKind,
|
||||||
interfaces::{ClientLike, EventInterface, PubsubInterface},
|
interfaces::{ClientLike, EventInterface, PubsubInterface},
|
||||||
@@ -355,22 +354,20 @@ async fn listener(
|
|||||||
break 'out;
|
break 'out;
|
||||||
};
|
};
|
||||||
|
|
||||||
if let EventV1::Auth(auth) = &event {
|
if let EventV1::DeleteSession { session_id, .. } = &event {
|
||||||
if let AuthifierEvent::DeleteSession { session_id, .. } = auth {
|
if &state.session_id == session_id {
|
||||||
if &state.session_id == session_id {
|
event = EventV1::Logout;
|
||||||
event = EventV1::Logout;
|
}
|
||||||
}
|
} else if let EventV1::DeleteAllSessions {
|
||||||
} else if let AuthifierEvent::DeleteAllSessions {
|
exclude_session_id, ..
|
||||||
exclude_session_id, ..
|
} = &event
|
||||||
} = auth
|
{
|
||||||
{
|
if let Some(excluded) = exclude_session_id {
|
||||||
if let Some(excluded) = exclude_session_id {
|
if &state.session_id != excluded {
|
||||||
if &state.session_id != excluded {
|
|
||||||
event = EventV1::Logout;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
event = EventV1::Logout;
|
event = EventV1::Logout;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
event = EventV1::Logout;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
let should_send = state.handle_incoming_event_v1(db, &mut event).await;
|
let should_send = state.handle_incoming_event_v1(db, &mut event).await;
|
||||||
|
|||||||
@@ -14,13 +14,12 @@ anyhow = ["dep:sentry-anyhow"]
|
|||||||
report-macros = ["revolt-result"]
|
report-macros = ["revolt-result"]
|
||||||
sentry = ["dep:sentry"]
|
sentry = ["dep:sentry"]
|
||||||
test = ["async-std"]
|
test = ["async-std"]
|
||||||
default = ["test", "sentry"]
|
default = ["sentry"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
# Utility
|
# Utility
|
||||||
config = { workspace = true }
|
config = { workspace = true }
|
||||||
cached = { workspace = true }
|
cached = { workspace = true }
|
||||||
once_cell = { workspace = true }
|
|
||||||
|
|
||||||
# Serde
|
# Serde
|
||||||
serde = { workspace = true }
|
serde = { workspace = true }
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
environment = "test"
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
mongodb = "mongodb://localhost"
|
mongodb = "mongodb://localhost"
|
||||||
redis = "redis://localhost/"
|
redis = "redis://localhost/"
|
||||||
@@ -10,3 +12,12 @@ password = "rabbitpass"
|
|||||||
|
|
||||||
[features]
|
[features]
|
||||||
webhooks_enabled = true
|
webhooks_enabled = true
|
||||||
|
|
||||||
|
[api.smtp]
|
||||||
|
host = "localhost"
|
||||||
|
username = "smtp"
|
||||||
|
password = "smtp"
|
||||||
|
from_address = "development@stoat.chat"
|
||||||
|
reply_to = "support@stoat.chat"
|
||||||
|
port = 14025
|
||||||
|
use_tls = false
|
||||||
@@ -1,5 +1,6 @@
|
|||||||
production = false
|
production = false
|
||||||
disable_events_dont_use = false
|
disable_events_dont_use = false
|
||||||
|
environment = "dev"
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
# MongoDB connection URL
|
# MongoDB connection URL
|
||||||
@@ -53,6 +54,10 @@ from_address = "noreply@example.com"
|
|||||||
# port = 587
|
# port = 587
|
||||||
# use_tls = true
|
# use_tls = true
|
||||||
|
|
||||||
|
[api.smtp.expiry]
|
||||||
|
expire_verification = 604800 # 3600 * 24 * 7
|
||||||
|
expire_password_reset = 86400 # 3600 * 24
|
||||||
|
expire_account_deletion = 86400 # 3600 * 24
|
||||||
|
|
||||||
[api.security]
|
[api.security]
|
||||||
# Authifier Shield API key
|
# Authifier Shield API key
|
||||||
@@ -71,6 +76,10 @@ tenor_key = ""
|
|||||||
hcaptcha_key = ""
|
hcaptcha_key = ""
|
||||||
hcaptcha_sitekey = ""
|
hcaptcha_sitekey = ""
|
||||||
|
|
||||||
|
[api.security.shield]
|
||||||
|
host = ""
|
||||||
|
key = ""
|
||||||
|
|
||||||
[api.workers]
|
[api.workers]
|
||||||
# Maximum concurrent connections (to proxy server)
|
# Maximum concurrent connections (to proxy server)
|
||||||
max_concurrent_connections = 50
|
max_concurrent_connections = 50
|
||||||
|
|||||||
@@ -1,9 +1,10 @@
|
|||||||
use std::{collections::HashMap, path::Path};
|
#[cfg(feature = "test")]
|
||||||
|
use std::sync::OnceLock;
|
||||||
|
use std::{collections::HashMap, path::Path, sync::LazyLock};
|
||||||
|
|
||||||
use cached::proc_macro::cached;
|
use cached::proc_macro::cached;
|
||||||
use config::{Config, Environment, File, FileFormat};
|
use config::{Config, Environment, File, FileFormat};
|
||||||
use futures_locks::RwLock;
|
use futures_locks::RwLock;
|
||||||
use once_cell::sync::Lazy;
|
|
||||||
use serde::Deserialize;
|
use serde::Deserialize;
|
||||||
|
|
||||||
#[cfg(feature = "sentry")]
|
#[cfg(feature = "sentry")]
|
||||||
@@ -66,13 +67,28 @@ static CONFIG_SEARCH_PATHS: [&str; 3] = [
|
|||||||
static TEST_OVERRIDE_PATH: &str = "Revolt.test-overrides.toml";
|
static TEST_OVERRIDE_PATH: &str = "Revolt.test-overrides.toml";
|
||||||
|
|
||||||
/// Configuration builder
|
/// Configuration builder
|
||||||
static CONFIG_BUILDER: Lazy<RwLock<Config>> = Lazy::new(|| {
|
static CONFIG_BUILDER: LazyLock<RwLock<Config>> = LazyLock::new(|| {
|
||||||
RwLock::new({
|
RwLock::new({
|
||||||
let mut builder = Config::builder().add_source(File::from_str(
|
let mut builder = Config::builder().add_source(File::from_str(
|
||||||
include_str!("../Revolt.toml"),
|
include_str!("../Revolt.toml"),
|
||||||
FileFormat::Toml,
|
FileFormat::Toml,
|
||||||
));
|
));
|
||||||
|
|
||||||
|
let cwd = std::env::current_dir().unwrap();
|
||||||
|
let mut cwd: Option<&Path> = Some(&cwd);
|
||||||
|
|
||||||
|
while let Some(path) = cwd {
|
||||||
|
for config_path in CONFIG_SEARCH_PATHS {
|
||||||
|
let config_path = path.join(config_path);
|
||||||
|
if config_path.exists() {
|
||||||
|
builder = builder
|
||||||
|
.add_source(File::new(config_path.to_str().unwrap(), FileFormat::Toml));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
cwd = path.parent();
|
||||||
|
}
|
||||||
|
|
||||||
if std::env::var("TEST_DB").is_ok() {
|
if std::env::var("TEST_DB").is_ok() {
|
||||||
builder = builder.add_source(File::from_str(
|
builder = builder.add_source(File::from_str(
|
||||||
include_str!("../Revolt.test.toml"),
|
include_str!("../Revolt.test.toml"),
|
||||||
@@ -94,21 +110,6 @@ static CONFIG_BUILDER: Lazy<RwLock<Config>> = Lazy::new(|| {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let cwd = std::env::current_dir().unwrap();
|
|
||||||
let mut cwd: Option<&Path> = Some(&cwd);
|
|
||||||
|
|
||||||
while let Some(path) = cwd {
|
|
||||||
for config_path in CONFIG_SEARCH_PATHS {
|
|
||||||
let config_path = path.join(config_path);
|
|
||||||
if config_path.exists() {
|
|
||||||
builder = builder
|
|
||||||
.add_source(File::new(config_path.to_str().unwrap(), FileFormat::Toml));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
cwd = path.parent();
|
|
||||||
}
|
|
||||||
|
|
||||||
builder = builder.add_source(Environment::with_prefix("REVOLT").separator("__"));
|
builder = builder.add_source(Environment::with_prefix("REVOLT").separator("__"));
|
||||||
|
|
||||||
builder.build().unwrap()
|
builder.build().unwrap()
|
||||||
@@ -162,6 +163,18 @@ pub struct ApiSmtp {
|
|||||||
pub port: Option<i32>,
|
pub port: Option<i32>,
|
||||||
pub use_tls: Option<bool>,
|
pub use_tls: Option<bool>,
|
||||||
pub use_starttls: Option<bool>,
|
pub use_starttls: Option<bool>,
|
||||||
|
pub expiry: EmailExpiry,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Email expiration config
|
||||||
|
#[derive(Deserialize, Debug, Clone)]
|
||||||
|
pub struct EmailExpiry {
|
||||||
|
/// How long email verification codes should last for (in seconds)
|
||||||
|
pub expire_verification: i64,
|
||||||
|
/// How long password reset codes should last for (in seconds)
|
||||||
|
pub expire_password_reset: i64,
|
||||||
|
/// How long account deletion codes should last for (in seconds)
|
||||||
|
pub expire_account_deletion: i64,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Deserialize, Debug, Clone)]
|
#[derive(Deserialize, Debug, Clone)]
|
||||||
@@ -201,9 +214,15 @@ pub struct ApiSecurityCaptcha {
|
|||||||
pub hcaptcha_sitekey: String,
|
pub hcaptcha_sitekey: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(Deserialize, Debug, Clone)]
|
||||||
|
pub struct ApiSecurityShield {
|
||||||
|
pub host: String,
|
||||||
|
pub key: String,
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Deserialize, Debug, Clone)]
|
#[derive(Deserialize, Debug, Clone)]
|
||||||
pub struct ApiSecurity {
|
pub struct ApiSecurity {
|
||||||
pub authifier_shield_key: String,
|
pub shield: ApiSecurityShield,
|
||||||
pub voso_legacy_token: String,
|
pub voso_legacy_token: String,
|
||||||
pub captcha: ApiSecurityCaptcha,
|
pub captcha: ApiSecurityCaptcha,
|
||||||
pub trust_cloudflare: bool,
|
pub trust_cloudflare: bool,
|
||||||
@@ -449,6 +468,7 @@ pub struct Settings {
|
|||||||
pub features: Features,
|
pub features: Features,
|
||||||
pub sentry: Sentry,
|
pub sentry: Sentry,
|
||||||
pub production: bool,
|
pub production: bool,
|
||||||
|
pub environment: String,
|
||||||
pub disable_events_dont_use: bool,
|
pub disable_events_dont_use: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -475,8 +495,7 @@ pub async fn read() -> Config {
|
|||||||
CONFIG_BUILDER.read().await.clone()
|
CONFIG_BUILDER.read().await.clone()
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cached(time = 30)]
|
pub async fn config_no_cache() -> Settings {
|
||||||
pub async fn config() -> Settings {
|
|
||||||
let mut config = read().await.try_deserialize::<Settings>().unwrap();
|
let mut config = read().await.try_deserialize::<Settings>().unwrap();
|
||||||
|
|
||||||
// inject REDIS_URI for redis-kiss library
|
// inject REDIS_URI for redis-kiss library
|
||||||
@@ -494,6 +513,34 @@ pub async fn config() -> Settings {
|
|||||||
config
|
config
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cached(time = 30)]
|
||||||
|
pub async fn config() -> Settings {
|
||||||
|
#[cfg(feature = "test")]
|
||||||
|
if let Some(overwrites) = CONFIG_OVERWRITES.get() {
|
||||||
|
return overwrites.clone();
|
||||||
|
}
|
||||||
|
|
||||||
|
config_no_cache().await
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(feature = "test")]
|
||||||
|
static CONFIG_OVERWRITES: OnceLock<Settings> = OnceLock::new();
|
||||||
|
|
||||||
|
/// Modify the config values for a test, this can only be called once
|
||||||
|
///
|
||||||
|
/// This will also fail if two or more tests are running in the same process and both try to modify the config,
|
||||||
|
/// This could happen if tests where run under `cargo test` instead of `nextest`.
|
||||||
|
#[cfg(feature = "test")]
|
||||||
|
pub async fn overwrite_config(f: impl FnOnce(&mut Settings)) {
|
||||||
|
let mut config = config_no_cache().await;
|
||||||
|
|
||||||
|
f(&mut config);
|
||||||
|
|
||||||
|
CONFIG_OVERWRITES.set(config).expect(
|
||||||
|
"Cannot overwrite config multiple times, make sure you are running tests through nextest.",
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
/// Configure logging and common Rust variables
|
/// Configure logging and common Rust variables
|
||||||
#[cfg(feature = "sentry")]
|
#[cfg(feature = "sentry")]
|
||||||
pub async fn setup_logging(release: &'static str, dsn: String) -> Option<sentry::ClientInitGuard> {
|
pub async fn setup_logging(release: &'static str, dsn: String) -> Option<sentry::ClientInitGuard> {
|
||||||
|
|||||||
@@ -11,19 +11,18 @@ repository = "https://github.com/stoatchat/stoatchat"
|
|||||||
|
|
||||||
[features]
|
[features]
|
||||||
# Databases
|
# Databases
|
||||||
mongodb = ["dep:mongodb", "bson", "authifier/database-mongodb"]
|
mongodb = ["dep:mongodb", "bson"]
|
||||||
|
|
||||||
# ... Other
|
# ... Other
|
||||||
tasks = ["isahc", "linkify", "url-escape"]
|
tasks = ["isahc", "linkify", "url-escape"]
|
||||||
async-std-runtime = ["async-std", "authifier/async-std-runtime"]
|
async-std-runtime = ["async-std"]
|
||||||
rocket-impl = [
|
rocket-impl = [
|
||||||
"rocket",
|
"rocket",
|
||||||
"schemars",
|
"schemars",
|
||||||
"revolt_okapi",
|
"revolt_okapi",
|
||||||
"revolt_rocket_okapi",
|
"revolt_rocket_okapi",
|
||||||
"authifier/rocket_impl",
|
|
||||||
]
|
]
|
||||||
axum-impl = ["axum", "revolt-result/axum"]
|
axum-impl = ["axum", "revolt-result/axum", "utoipa"]
|
||||||
redis-is-patched = ["revolt-presence/redis-is-patched"]
|
redis-is-patched = ["revolt-presence/redis-is-patched"]
|
||||||
voice = ["livekit-api", "livekit-protocol", "livekit-runtime"]
|
voice = ["livekit-api", "livekit-protocol", "livekit-runtime"]
|
||||||
|
|
||||||
@@ -55,6 +54,8 @@ linkify = { workspace = true, optional = true }
|
|||||||
url-escape = { workspace = true, optional = true }
|
url-escape = { workspace = true, optional = true }
|
||||||
validator = { workspace = true, features = ["derive"] }
|
validator = { workspace = true, features = ["derive"] }
|
||||||
isahc = { workspace = true, features = ["json"], optional = true }
|
isahc = { workspace = true, features = ["json"], optional = true }
|
||||||
|
base32 = { workspace = true }
|
||||||
|
sha1 = { workspace = true }
|
||||||
|
|
||||||
# Serialisation
|
# Serialisation
|
||||||
serde_json = { workspace = true }
|
serde_json = { workspace = true }
|
||||||
@@ -84,6 +85,7 @@ async-std = { workspace = true, features = ["attributes"], optional = true }
|
|||||||
|
|
||||||
# Axum Impl
|
# Axum Impl
|
||||||
axum = { workspace = true, optional = true }
|
axum = { workspace = true, optional = true }
|
||||||
|
utoipa = { workspace = true, features = ["axum_extras"], optional = true }
|
||||||
|
|
||||||
# Rocket Impl
|
# Rocket Impl
|
||||||
schemars = { workspace = true, optional = true }
|
schemars = { workspace = true, optional = true }
|
||||||
@@ -91,9 +93,6 @@ rocket = { workspace = true, features = ["json"], optional = true }
|
|||||||
revolt_okapi = { workspace = true, optional = true }
|
revolt_okapi = { workspace = true, optional = true }
|
||||||
revolt_rocket_okapi = { workspace = true, optional = true }
|
revolt_rocket_okapi = { workspace = true, optional = true }
|
||||||
|
|
||||||
# Authifier
|
|
||||||
authifier = { workspace = true }
|
|
||||||
|
|
||||||
# RabbitMQ
|
# RabbitMQ
|
||||||
lapin = { workspace = true, features = ["tokio"] }
|
lapin = { workspace = true, features = ["tokio"] }
|
||||||
|
|
||||||
@@ -101,3 +100,14 @@ lapin = { workspace = true, features = ["tokio"] }
|
|||||||
livekit-api = { workspace = true, features = ["rustls-tls-native-roots"], optional = true }
|
livekit-api = { workspace = true, features = ["rustls-tls-native-roots"], optional = true }
|
||||||
livekit-protocol = { workspace = true, optional = true }
|
livekit-protocol = { workspace = true, optional = true }
|
||||||
livekit-runtime = { workspace = true, features = ["tokio"], optional = true }
|
livekit-runtime = { workspace = true, features = ["tokio"], optional = true }
|
||||||
|
|
||||||
|
# Security
|
||||||
|
totp-lite = { workspace = true }
|
||||||
|
rust-argon2 = { workspace = true }
|
||||||
|
|
||||||
|
# Email
|
||||||
|
lettre = { workspace = true }
|
||||||
|
handlebars = { workspace = true }
|
||||||
|
|
||||||
|
# Web Requests
|
||||||
|
reqwest = { workspace = true, features = ["json", "form"] }
|
||||||
|
|||||||
100005
crates/core/database/assets/pwned100k.txt
Normal file
100005
crates/core/database/assets/pwned100k.txt
Normal file
File diff suppressed because it is too large
Load Diff
555
crates/core/database/assets/revolt_source_list.txt
Normal file
555
crates/core/database/assets/revolt_source_list.txt
Normal file
@@ -0,0 +1,555 @@
|
|||||||
|
this is an assorted list of known disposable email providers
|
||||||
|
|
||||||
|
#region nobody will ever have an email @example.com so we can safely block it
|
||||||
|
----
|
||||||
|
example.com
|
||||||
|
|
||||||
|
#region list provided by michenriksen at https://gist.github.com/michenriksen/8710649
|
||||||
|
----
|
||||||
|
0815.ru
|
||||||
|
0wnd.net
|
||||||
|
0wnd.org
|
||||||
|
10minutemail.co.za
|
||||||
|
10minutemail.com
|
||||||
|
123-m.com
|
||||||
|
1fsdfdsfsdf.tk
|
||||||
|
1pad.de
|
||||||
|
20minutemail.com
|
||||||
|
21cn.com
|
||||||
|
2fdgdfgdfgdf.tk
|
||||||
|
2prong.com
|
||||||
|
30minutemail.com
|
||||||
|
33mail.com
|
||||||
|
3trtretgfrfe.tk
|
||||||
|
4gfdsgfdgfd.tk
|
||||||
|
4warding.com
|
||||||
|
5ghgfhfghfgh.tk
|
||||||
|
6hjgjhgkilkj.tk
|
||||||
|
6paq.com
|
||||||
|
7tags.com
|
||||||
|
9ox.net
|
||||||
|
a-bc.net
|
||||||
|
agedmail.com
|
||||||
|
ama-trade.de
|
||||||
|
amilegit.com
|
||||||
|
amiri.net
|
||||||
|
amiriindustries.com
|
||||||
|
anonmails.de
|
||||||
|
anonymbox.com
|
||||||
|
antichef.com
|
||||||
|
antichef.net
|
||||||
|
antireg.ru
|
||||||
|
antispam.de
|
||||||
|
antispammail.de
|
||||||
|
armyspy.com
|
||||||
|
artman-conception.com
|
||||||
|
azmeil.tk
|
||||||
|
baxomale.ht.cx
|
||||||
|
beefmilk.com
|
||||||
|
bigstring.com
|
||||||
|
binkmail.com
|
||||||
|
bio-muesli.net
|
||||||
|
bobmail.info
|
||||||
|
bodhi.lawlita.com
|
||||||
|
bofthew.com
|
||||||
|
bootybay.de
|
||||||
|
boun.cr
|
||||||
|
bouncr.com
|
||||||
|
breakthru.com
|
||||||
|
brefmail.com
|
||||||
|
bsnow.net
|
||||||
|
bspamfree.org
|
||||||
|
bugmenot.com
|
||||||
|
bund.us
|
||||||
|
burstmail.info
|
||||||
|
buymoreplays.com
|
||||||
|
byom.de
|
||||||
|
c2.hu
|
||||||
|
casualdx.com
|
||||||
|
cek.pm
|
||||||
|
centermail.com
|
||||||
|
centermail.net
|
||||||
|
chammy.info
|
||||||
|
childsavetrust.org
|
||||||
|
chogmail.com
|
||||||
|
choicemail1.com
|
||||||
|
clixser.com
|
||||||
|
cmail.net
|
||||||
|
cmail.org
|
||||||
|
coldemail.info
|
||||||
|
cool.fr.nf
|
||||||
|
courriel.fr.nf
|
||||||
|
courrieltemporaire.com
|
||||||
|
crapmail.org
|
||||||
|
cust.in
|
||||||
|
cuvox.de
|
||||||
|
d3p.dk
|
||||||
|
dacoolest.com
|
||||||
|
dandikmail.com
|
||||||
|
dayrep.com
|
||||||
|
dcemail.com
|
||||||
|
deadaddress.com
|
||||||
|
deadspam.com
|
||||||
|
delikkt.de
|
||||||
|
despam.it
|
||||||
|
despammed.com
|
||||||
|
devnullmail.com
|
||||||
|
dfgh.net
|
||||||
|
digitalsanctuary.com
|
||||||
|
dingbone.com
|
||||||
|
disposableaddress.com
|
||||||
|
disposableemailaddresses.com
|
||||||
|
disposableinbox.com
|
||||||
|
dispose.it
|
||||||
|
dispostable.com
|
||||||
|
dodgeit.com
|
||||||
|
dodgit.com
|
||||||
|
donemail.ru
|
||||||
|
dontreg.com
|
||||||
|
dontsendmespam.de
|
||||||
|
drdrb.net
|
||||||
|
dump-email.info
|
||||||
|
dumpandjunk.com
|
||||||
|
dumpyemail.com
|
||||||
|
e-mail.com
|
||||||
|
e-mail.org
|
||||||
|
e4ward.com
|
||||||
|
easytrashmail.com
|
||||||
|
einmalmail.de
|
||||||
|
einrot.com
|
||||||
|
eintagsmail.de
|
||||||
|
emailgo.de
|
||||||
|
emailias.com
|
||||||
|
emaillime.com
|
||||||
|
emailsensei.com
|
||||||
|
emailtemporanea.com
|
||||||
|
emailtemporanea.net
|
||||||
|
emailtemporar.ro
|
||||||
|
emailtemporario.com.br
|
||||||
|
emailthe.net
|
||||||
|
emailtmp.com
|
||||||
|
emailwarden.com
|
||||||
|
emailx.at.hm
|
||||||
|
emailxfer.com
|
||||||
|
emeil.in
|
||||||
|
emeil.ir
|
||||||
|
emz.net
|
||||||
|
ero-tube.org
|
||||||
|
evopo.com
|
||||||
|
explodemail.com
|
||||||
|
eyepaste.com
|
||||||
|
fakeinbox.com
|
||||||
|
fakeinformation.com
|
||||||
|
fansworldwide.de
|
||||||
|
fantasymail.de
|
||||||
|
fightallspam.com
|
||||||
|
filzmail.com
|
||||||
|
fivemail.de
|
||||||
|
fleckens.hu
|
||||||
|
frapmail.com
|
||||||
|
friendlymail.co.uk
|
||||||
|
fuckingduh.com
|
||||||
|
fudgerub.com
|
||||||
|
fyii.de
|
||||||
|
garliclife.com
|
||||||
|
gehensiemirnichtaufdensack.de
|
||||||
|
get2mail.fr
|
||||||
|
getairmail.com
|
||||||
|
getmails.eu
|
||||||
|
getonemail.com
|
||||||
|
giantmail.de
|
||||||
|
girlsundertheinfluence.com
|
||||||
|
gishpuppy.com
|
||||||
|
gmial.com
|
||||||
|
goemailgo.com
|
||||||
|
gotmail.net
|
||||||
|
gotmail.org
|
||||||
|
gotti.otherinbox.com
|
||||||
|
great-host.in
|
||||||
|
greensloth.com
|
||||||
|
grr.la
|
||||||
|
gsrv.co.uk
|
||||||
|
guerillamail.biz
|
||||||
|
guerillamail.com
|
||||||
|
guerrillamail.biz
|
||||||
|
guerrillamail.com
|
||||||
|
guerrillamail.de
|
||||||
|
guerrillamail.info
|
||||||
|
guerrillamail.net
|
||||||
|
guerrillamail.org
|
||||||
|
guerrillamailblock.com
|
||||||
|
gustr.com
|
||||||
|
harakirimail.com
|
||||||
|
hat-geld.de
|
||||||
|
hatespam.org
|
||||||
|
herp.in
|
||||||
|
hidemail.de
|
||||||
|
hidzz.com
|
||||||
|
hmamail.com
|
||||||
|
hopemail.biz
|
||||||
|
ieh-mail.de
|
||||||
|
ikbenspamvrij.nl
|
||||||
|
imails.info
|
||||||
|
inbax.tk
|
||||||
|
inbox.si
|
||||||
|
inboxalias.com
|
||||||
|
inboxclean.com
|
||||||
|
inboxclean.org
|
||||||
|
instant-mail.de
|
||||||
|
ip6.li
|
||||||
|
irish2me.com
|
||||||
|
iwi.net
|
||||||
|
jetable.com
|
||||||
|
jetable.fr.nf
|
||||||
|
jetable.net
|
||||||
|
jetable.org
|
||||||
|
jnxjn.com
|
||||||
|
jourrapide.com
|
||||||
|
jsrsolutions.com
|
||||||
|
kasmail.com
|
||||||
|
kaspop.com
|
||||||
|
killmail.com
|
||||||
|
killmail.net
|
||||||
|
klassmaster.com
|
||||||
|
klzlk.com
|
||||||
|
koszmail.pl
|
||||||
|
kurzepost.de
|
||||||
|
lawlita.com
|
||||||
|
letthemeatspam.com
|
||||||
|
lhsdv.com
|
||||||
|
lifebyfood.com
|
||||||
|
link2mail.net
|
||||||
|
litedrop.com
|
||||||
|
lol.ovpn.to
|
||||||
|
lolfreak.net
|
||||||
|
lookugly.com
|
||||||
|
lortemail.dk
|
||||||
|
lr78.com
|
||||||
|
lroid.com
|
||||||
|
lukop.dk
|
||||||
|
m21.cc
|
||||||
|
mail-filter.com
|
||||||
|
mail-temporaire.fr
|
||||||
|
mail.mezimages.net
|
||||||
|
mail1a.de
|
||||||
|
mail21.cc
|
||||||
|
mail2rss.org
|
||||||
|
mail333.com
|
||||||
|
mailbidon.com
|
||||||
|
mailbiz.biz
|
||||||
|
mailblocks.com
|
||||||
|
mailbucket.org
|
||||||
|
mailcat.biz
|
||||||
|
mailcatch.com
|
||||||
|
mailde.de
|
||||||
|
mailde.info
|
||||||
|
maildrop.cc
|
||||||
|
maileimer.de
|
||||||
|
mailexpire.com
|
||||||
|
mailfa.tk
|
||||||
|
mailforspam.com
|
||||||
|
mailfreeonline.com
|
||||||
|
mailguard.me
|
||||||
|
mailin8r.com
|
||||||
|
mailinater.com
|
||||||
|
mailinator.com
|
||||||
|
mailinator.net
|
||||||
|
mailinator.org
|
||||||
|
mailinator2.com
|
||||||
|
mailincubator.com
|
||||||
|
mailismagic.com
|
||||||
|
mailme.lv
|
||||||
|
mailme24.com
|
||||||
|
mailmetrash.com
|
||||||
|
mailmoat.com
|
||||||
|
mailms.com
|
||||||
|
mailnesia.com
|
||||||
|
mailnull.com
|
||||||
|
mailorg.org
|
||||||
|
mailpick.biz
|
||||||
|
mailrock.biz
|
||||||
|
mailscrap.com
|
||||||
|
mailshell.com
|
||||||
|
mailsiphon.com
|
||||||
|
mailtemp.info
|
||||||
|
mailtome.de
|
||||||
|
mailtothis.com
|
||||||
|
mailtrash.net
|
||||||
|
mailtv.net
|
||||||
|
mailtv.tv
|
||||||
|
mailzilla.com
|
||||||
|
makemetheking.com
|
||||||
|
manybrain.com
|
||||||
|
mbx.cc
|
||||||
|
mega.zik.dj
|
||||||
|
meinspamschutz.de
|
||||||
|
meltmail.com
|
||||||
|
messagebeamer.de
|
||||||
|
mezimages.net
|
||||||
|
ministry-of-silly-walks.de
|
||||||
|
mintemail.com
|
||||||
|
misterpinball.de
|
||||||
|
moncourrier.fr.nf
|
||||||
|
monemail.fr.nf
|
||||||
|
monmail.fr.nf
|
||||||
|
monumentmail.com
|
||||||
|
mt2009.com
|
||||||
|
mt2014.com
|
||||||
|
mycleaninbox.net
|
||||||
|
mymail-in.net
|
||||||
|
mypacks.net
|
||||||
|
mypartyclip.de
|
||||||
|
myphantomemail.com
|
||||||
|
mysamp.de
|
||||||
|
mytempemail.com
|
||||||
|
mytempmail.com
|
||||||
|
mytrashmail.com
|
||||||
|
nabuma.com
|
||||||
|
neomailbox.com
|
||||||
|
nepwk.com
|
||||||
|
nervmich.net
|
||||||
|
nervtmich.net
|
||||||
|
netmails.com
|
||||||
|
netmails.net
|
||||||
|
neverbox.com
|
||||||
|
nice-4u.com
|
||||||
|
nincsmail.hu
|
||||||
|
nnh.com
|
||||||
|
no-spam.ws
|
||||||
|
noblepioneer.com
|
||||||
|
nomail.pw
|
||||||
|
nomail.xl.cx
|
||||||
|
nomail2me.com
|
||||||
|
nomorespamemails.com
|
||||||
|
nospam.ze.tc
|
||||||
|
nospam4.us
|
||||||
|
nospamfor.us
|
||||||
|
nospammail.net
|
||||||
|
notmailinator.com
|
||||||
|
nowhere.org
|
||||||
|
nowmymail.com
|
||||||
|
nurfuerspam.de
|
||||||
|
nus.edu.sg
|
||||||
|
objectmail.com
|
||||||
|
obobbo.com
|
||||||
|
odnorazovoe.ru
|
||||||
|
oneoffemail.com
|
||||||
|
onewaymail.com
|
||||||
|
onlatedotcom.info
|
||||||
|
online.ms
|
||||||
|
ordinaryamerican.net
|
||||||
|
otherinbox.com
|
||||||
|
ovpn.to
|
||||||
|
owlpic.com
|
||||||
|
pancakemail.com
|
||||||
|
pcusers.otherinbox.com
|
||||||
|
pjjkp.com
|
||||||
|
plexolan.de
|
||||||
|
poczta.onet.pl
|
||||||
|
politikerclub.de
|
||||||
|
poofy.org
|
||||||
|
pookmail.com
|
||||||
|
privacy.net
|
||||||
|
privatdemail.net
|
||||||
|
proxymail.eu
|
||||||
|
prtnx.com
|
||||||
|
putthisinyourspamdatabase.com
|
||||||
|
putthisinyourspamdatabase.com
|
||||||
|
quickinbox.com
|
||||||
|
rcpt.at
|
||||||
|
reallymymail.com
|
||||||
|
realtyalerts.ca
|
||||||
|
recode.me
|
||||||
|
recursor.net
|
||||||
|
reliable-mail.com
|
||||||
|
rhyta.com
|
||||||
|
rmqkr.net
|
||||||
|
royal.net
|
||||||
|
rtrtr.com
|
||||||
|
s0ny.net
|
||||||
|
safersignup.de
|
||||||
|
safetymail.info
|
||||||
|
safetypost.de
|
||||||
|
saynotospams.com
|
||||||
|
schafmail.de
|
||||||
|
schrott-email.de
|
||||||
|
secretemail.de
|
||||||
|
secure-mail.biz
|
||||||
|
senseless-entertainment.com
|
||||||
|
services391.com
|
||||||
|
sharklasers.com
|
||||||
|
shieldemail.com
|
||||||
|
shiftmail.com
|
||||||
|
shitmail.me
|
||||||
|
shitware.nl
|
||||||
|
shmeriously.com
|
||||||
|
shortmail.net
|
||||||
|
sinnlos-mail.de
|
||||||
|
slapsfromlastnight.com
|
||||||
|
slaskpost.se
|
||||||
|
smashmail.de
|
||||||
|
smellfear.com
|
||||||
|
snakemail.com
|
||||||
|
sneakemail.com
|
||||||
|
sneakmail.de
|
||||||
|
snkmail.com
|
||||||
|
sofimail.com
|
||||||
|
solvemail.info
|
||||||
|
sogetthis.com
|
||||||
|
soodonims.com
|
||||||
|
spam4.me
|
||||||
|
spamail.de
|
||||||
|
spamarrest.com
|
||||||
|
spambob.net
|
||||||
|
spambog.ru
|
||||||
|
spambox.us
|
||||||
|
spamcannon.com
|
||||||
|
spamcannon.net
|
||||||
|
spamcon.org
|
||||||
|
spamcorptastic.com
|
||||||
|
spamcowboy.com
|
||||||
|
spamcowboy.net
|
||||||
|
spamcowboy.org
|
||||||
|
spamday.com
|
||||||
|
spamex.com
|
||||||
|
spamfree.eu
|
||||||
|
spamfree24.com
|
||||||
|
spamfree24.de
|
||||||
|
spamfree24.org
|
||||||
|
spamgoes.in
|
||||||
|
spamgourmet.com
|
||||||
|
spamgourmet.net
|
||||||
|
spamgourmet.org
|
||||||
|
spamherelots.com
|
||||||
|
spamherelots.com
|
||||||
|
spamhereplease.com
|
||||||
|
spamhereplease.com
|
||||||
|
spamhole.com
|
||||||
|
spamify.com
|
||||||
|
spaml.de
|
||||||
|
spammotel.com
|
||||||
|
spamobox.com
|
||||||
|
spamslicer.com
|
||||||
|
spamspot.com
|
||||||
|
spamthis.co.uk
|
||||||
|
spamtroll.net
|
||||||
|
speed.1s.fr
|
||||||
|
spoofmail.de
|
||||||
|
stuffmail.de
|
||||||
|
super-auswahl.de
|
||||||
|
supergreatmail.com
|
||||||
|
supermailer.jp
|
||||||
|
superrito.com
|
||||||
|
superstachel.de
|
||||||
|
suremail.info
|
||||||
|
talkinator.com
|
||||||
|
teewars.org
|
||||||
|
teleworm.com
|
||||||
|
teleworm.us
|
||||||
|
temp-mail.org
|
||||||
|
temp-mail.ru
|
||||||
|
tempe-mail.com
|
||||||
|
tempemail.co.za
|
||||||
|
tempemail.com
|
||||||
|
tempemail.net
|
||||||
|
tempemail.net
|
||||||
|
tempinbox.co.uk
|
||||||
|
tempinbox.com
|
||||||
|
tempmail.eu
|
||||||
|
tempmaildemo.com
|
||||||
|
tempmailer.com
|
||||||
|
tempmailer.de
|
||||||
|
tempomail.fr
|
||||||
|
temporaryemail.net
|
||||||
|
temporaryforwarding.com
|
||||||
|
temporaryinbox.com
|
||||||
|
temporarymailaddress.com
|
||||||
|
tempthe.net
|
||||||
|
thankyou2010.com
|
||||||
|
thc.st
|
||||||
|
thelimestones.com
|
||||||
|
thisisnotmyrealemail.com
|
||||||
|
thismail.net
|
||||||
|
throwawayemailaddress.com
|
||||||
|
tilien.com
|
||||||
|
tittbit.in
|
||||||
|
tizi.com
|
||||||
|
tmailinator.com
|
||||||
|
toomail.biz
|
||||||
|
topranklist.de
|
||||||
|
tradermail.info
|
||||||
|
trash-mail.at
|
||||||
|
trash-mail.com
|
||||||
|
trash-mail.de
|
||||||
|
trash2009.com
|
||||||
|
trashdevil.com
|
||||||
|
trashemail.de
|
||||||
|
trashmail.at
|
||||||
|
trashmail.com
|
||||||
|
trashmail.de
|
||||||
|
trashmail.me
|
||||||
|
trashmail.net
|
||||||
|
trashmail.org
|
||||||
|
trashymail.com
|
||||||
|
trialmail.de
|
||||||
|
trillianpro.com
|
||||||
|
twinmail.de
|
||||||
|
tyldd.com
|
||||||
|
uggsrock.com
|
||||||
|
umail.net
|
||||||
|
uroid.com
|
||||||
|
us.af
|
||||||
|
venompen.com
|
||||||
|
veryrealemail.com
|
||||||
|
viditag.com
|
||||||
|
viralplays.com
|
||||||
|
vpn.st
|
||||||
|
vsimcard.com
|
||||||
|
vubby.com
|
||||||
|
wasteland.rfc822.org
|
||||||
|
webemail.me
|
||||||
|
weg-werf-email.de
|
||||||
|
wegwerf-emails.de
|
||||||
|
wegwerfadresse.de
|
||||||
|
wegwerfemail.com
|
||||||
|
wegwerfemail.de
|
||||||
|
wegwerfmail.de
|
||||||
|
wegwerfmail.info
|
||||||
|
wegwerfmail.net
|
||||||
|
wegwerfmail.org
|
||||||
|
wh4f.org
|
||||||
|
whyspam.me
|
||||||
|
willhackforfood.biz
|
||||||
|
willselfdestruct.com
|
||||||
|
winemaven.info
|
||||||
|
wronghead.com
|
||||||
|
www.e4ward.com
|
||||||
|
www.mailinator.com
|
||||||
|
wwwnew.eu
|
||||||
|
x.ip6.li
|
||||||
|
xagloo.com
|
||||||
|
xemaps.com
|
||||||
|
xents.com
|
||||||
|
xmaily.com
|
||||||
|
xoxy.net
|
||||||
|
yep.it
|
||||||
|
yogamaven.com
|
||||||
|
yopmail.com
|
||||||
|
yopmail.fr
|
||||||
|
yopmail.net
|
||||||
|
yourdomain.com
|
||||||
|
yuurok.com
|
||||||
|
z1p.biz
|
||||||
|
za.com
|
||||||
|
zehnminuten.de
|
||||||
|
zehnminutenmail.de
|
||||||
|
zippymail.info
|
||||||
|
zoemail.net
|
||||||
|
zomg.info
|
||||||
|
|
||||||
|
#region public emails provided by mail.tm
|
||||||
|
----
|
||||||
|
trythe.net
|
||||||
|
leadwizzer.com
|
||||||
|
metalunits.com
|
||||||
|
scpulse.com
|
||||||
@@ -2,16 +2,7 @@
|
|||||||
mod mongodb;
|
mod mongodb;
|
||||||
mod reference;
|
mod reference;
|
||||||
|
|
||||||
use authifier::config::Captcha;
|
|
||||||
use authifier::config::EmailVerificationConfig;
|
|
||||||
use authifier::config::PasswordScanning;
|
|
||||||
use authifier::config::ResolveIp;
|
|
||||||
use authifier::config::SMTPSettings;
|
|
||||||
use authifier::config::Shield;
|
|
||||||
use authifier::config::Template;
|
|
||||||
use authifier::config::Templates;
|
|
||||||
use authifier::config::EmailExpiryConfig;
|
|
||||||
use authifier::Authifier;
|
|
||||||
use rand::Rng;
|
use rand::Rng;
|
||||||
use revolt_config::config;
|
use revolt_config::config;
|
||||||
|
|
||||||
@@ -112,143 +103,3 @@ impl DatabaseInfo {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Database {
|
|
||||||
/// Create an Authifier reference
|
|
||||||
pub async fn to_authifier(self) -> Authifier {
|
|
||||||
let config = config().await;
|
|
||||||
|
|
||||||
let mut auth_config = authifier::Config {
|
|
||||||
password_scanning: if config.api.security.easypwned.is_empty() {
|
|
||||||
Default::default()
|
|
||||||
} else {
|
|
||||||
PasswordScanning::EasyPwned {
|
|
||||||
endpoint: config.api.security.easypwned,
|
|
||||||
}
|
|
||||||
},
|
|
||||||
email_verification: if !config.api.smtp.host.is_empty() {
|
|
||||||
EmailVerificationConfig::Enabled {
|
|
||||||
smtp: SMTPSettings {
|
|
||||||
from: config.api.smtp.from_address,
|
|
||||||
host: config.api.smtp.host,
|
|
||||||
username: config.api.smtp.username,
|
|
||||||
password: config.api.smtp.password,
|
|
||||||
reply_to: Some(
|
|
||||||
config
|
|
||||||
.api
|
|
||||||
.smtp
|
|
||||||
.reply_to
|
|
||||||
.unwrap_or("support@stoat.chat".into()),
|
|
||||||
),
|
|
||||||
port: config.api.smtp.port,
|
|
||||||
use_tls: config.api.smtp.use_tls,
|
|
||||||
use_starttls: config.api.smtp.use_starttls,
|
|
||||||
},
|
|
||||||
expiry: EmailExpiryConfig {
|
|
||||||
expire_verification: 3600 * 24 * 7,
|
|
||||||
expire_password_reset: 3600 * 24,
|
|
||||||
expire_account_deletion: 3600 * 24,
|
|
||||||
},
|
|
||||||
templates: if config.production {
|
|
||||||
Templates {
|
|
||||||
verify: Template {
|
|
||||||
title: "Verify your Stoat account.".into(),
|
|
||||||
text: include_str!("../../templates/verify.txt").into(),
|
|
||||||
url: format!("{}/login/verify/", config.hosts.app),
|
|
||||||
html: Some(include_str!("../../templates/verify.html").into()),
|
|
||||||
},
|
|
||||||
reset: Template {
|
|
||||||
title: "Reset your Stoat password.".into(),
|
|
||||||
text: include_str!("../../templates/reset.txt").into(),
|
|
||||||
url: format!("{}/login/reset/", config.hosts.app),
|
|
||||||
html: Some(include_str!("../../templates/reset.html").into()),
|
|
||||||
},
|
|
||||||
reset_existing: Template {
|
|
||||||
title: "You already have a Stoat account, reset your password."
|
|
||||||
.into(),
|
|
||||||
text: include_str!("../../templates/reset-existing.txt").into(),
|
|
||||||
url: format!("{}/login/reset/", config.hosts.app),
|
|
||||||
html: Some(
|
|
||||||
include_str!("../../templates/reset-existing.html").into(),
|
|
||||||
),
|
|
||||||
},
|
|
||||||
deletion: Template {
|
|
||||||
title: "Confirm account deletion.".into(),
|
|
||||||
text: include_str!("../../templates/deletion.txt").into(),
|
|
||||||
url: format!("{}/delete/", config.hosts.app),
|
|
||||||
html: Some(include_str!("../../templates/deletion.html").into()),
|
|
||||||
},
|
|
||||||
welcome: None,
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
Templates {
|
|
||||||
verify: Template {
|
|
||||||
title: "Verify your account.".into(),
|
|
||||||
text: include_str!("../../templates/verify.whitelabel.txt").into(),
|
|
||||||
url: format!("{}/login/verify/", config.hosts.app),
|
|
||||||
html: None,
|
|
||||||
},
|
|
||||||
reset: Template {
|
|
||||||
title: "Reset your password.".into(),
|
|
||||||
text: include_str!("../../templates/reset.whitelabel.txt").into(),
|
|
||||||
url: format!("{}/login/reset/", config.hosts.app),
|
|
||||||
html: None,
|
|
||||||
},
|
|
||||||
reset_existing: Template {
|
|
||||||
title: "Reset your password.".into(),
|
|
||||||
text: include_str!("../../templates/reset.whitelabel.txt").into(),
|
|
||||||
url: format!("{}/login/reset/", config.hosts.app),
|
|
||||||
html: None,
|
|
||||||
},
|
|
||||||
deletion: Template {
|
|
||||||
title: "Confirm account deletion.".into(),
|
|
||||||
text: include_str!("../../templates/deletion.whitelabel.txt")
|
|
||||||
.into(),
|
|
||||||
url: format!("{}/delete/", config.hosts.app),
|
|
||||||
html: None,
|
|
||||||
},
|
|
||||||
welcome: None,
|
|
||||||
}
|
|
||||||
},
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
EmailVerificationConfig::Disabled
|
|
||||||
},
|
|
||||||
..Default::default()
|
|
||||||
};
|
|
||||||
|
|
||||||
auth_config.invite_only = config.api.registration.invite_only;
|
|
||||||
|
|
||||||
if !config.api.security.captcha.hcaptcha_key.is_empty() {
|
|
||||||
auth_config.captcha = Captcha::HCaptcha {
|
|
||||||
secret: config.api.security.captcha.hcaptcha_key,
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
if !config.api.security.authifier_shield_key.is_empty() {
|
|
||||||
auth_config.shield = Shield::Enabled {
|
|
||||||
api_key: config.api.security.authifier_shield_key,
|
|
||||||
strict: false,
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
if config.api.security.trust_cloudflare {
|
|
||||||
auth_config.resolve_ip = ResolveIp::Cloudflare;
|
|
||||||
}
|
|
||||||
|
|
||||||
Authifier {
|
|
||||||
database: match self {
|
|
||||||
Database::Reference(_) => Default::default(),
|
|
||||||
#[cfg(feature = "mongodb")]
|
|
||||||
Database::MongoDb(MongoDb(client, _)) => authifier::Database::MongoDb(
|
|
||||||
authifier::database::MongoDb(client.database("revolt")),
|
|
||||||
),
|
|
||||||
},
|
|
||||||
config: auth_config,
|
|
||||||
#[cfg(feature = "tasks")]
|
|
||||||
event_channel: Some(crate::tasks::authifier_relay::sender()),
|
|
||||||
#[cfg(not(feature = "tasks"))]
|
|
||||||
event_channel: None,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ use futures::lock::Mutex;
|
|||||||
use crate::{
|
use crate::{
|
||||||
Bot, Channel, ChannelCompositeKey, ChannelUnread, Emoji, File, FileHash, Invite, Member,
|
Bot, Channel, ChannelCompositeKey, ChannelUnread, Emoji, File, FileHash, Invite, Member,
|
||||||
MemberCompositeKey, Message, PolicyChange, RatelimitEvent, Report, Server, ServerBan, Snapshot,
|
MemberCompositeKey, Message, PolicyChange, RatelimitEvent, Report, Server, ServerBan, Snapshot,
|
||||||
User, UserSettings, Webhook,
|
User, UserSettings, Webhook, Account, AccountInvite, Session, MFATicket
|
||||||
};
|
};
|
||||||
|
|
||||||
database_derived!(
|
database_derived!(
|
||||||
@@ -30,5 +30,9 @@ database_derived!(
|
|||||||
pub servers: Arc<Mutex<HashMap<String, Server>>>,
|
pub servers: Arc<Mutex<HashMap<String, Server>>>,
|
||||||
pub safety_reports: Arc<Mutex<HashMap<String, Report>>>,
|
pub safety_reports: Arc<Mutex<HashMap<String, Report>>>,
|
||||||
pub safety_snapshots: Arc<Mutex<HashMap<String, Snapshot>>>,
|
pub safety_snapshots: Arc<Mutex<HashMap<String, Snapshot>>>,
|
||||||
|
pub accounts: Arc<Mutex<HashMap<String, Account>>>,
|
||||||
|
pub account_invites: Arc<Mutex<HashMap<String, AccountInvite>>>,
|
||||||
|
pub sessions: Arc<Mutex<HashMap<String, Session>>>,
|
||||||
|
pub tickets: Arc<Mutex<HashMap<String, MFATicket>>>,
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|||||||
@@ -1,4 +1,3 @@
|
|||||||
use authifier::AuthifierEvent;
|
|
||||||
use revolt_result::Error;
|
use revolt_result::Error;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
@@ -11,7 +10,7 @@ use revolt_models::v0::{
|
|||||||
UserVoiceState, Webhook,
|
UserVoiceState, Webhook,
|
||||||
};
|
};
|
||||||
|
|
||||||
use crate::Database;
|
use crate::{Account, Database, Session};
|
||||||
|
|
||||||
/// Ping Packet
|
/// Ping Packet
|
||||||
#[derive(Serialize, Deserialize, Debug, Clone)]
|
#[derive(Serialize, Deserialize, Debug, Clone)]
|
||||||
@@ -329,7 +328,20 @@ pub enum EventV1 {
|
|||||||
},
|
},
|
||||||
|
|
||||||
/// Auth events
|
/// Auth events
|
||||||
Auth(AuthifierEvent),
|
CreateAccount {
|
||||||
|
account: Account,
|
||||||
|
},
|
||||||
|
CreateSession {
|
||||||
|
session: Session,
|
||||||
|
},
|
||||||
|
DeleteSession {
|
||||||
|
user_id: String,
|
||||||
|
session_id: String,
|
||||||
|
},
|
||||||
|
DeleteAllSessions {
|
||||||
|
user_id: String,
|
||||||
|
exclude_session_id: Option<String>,
|
||||||
|
},
|
||||||
|
|
||||||
/// Voice events
|
/// Voice events
|
||||||
VoiceChannelJoin {
|
VoiceChannelJoin {
|
||||||
|
|||||||
5
crates/core/database/src/models/account_invites/mod.rs
Normal file
5
crates/core/database/src/models/account_invites/mod.rs
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
mod model;
|
||||||
|
mod ops;
|
||||||
|
|
||||||
|
pub use model::*;
|
||||||
|
pub use ops::*;
|
||||||
25
crates/core/database/src/models/account_invites/model.rs
Normal file
25
crates/core/database/src/models/account_invites/model.rs
Normal file
@@ -0,0 +1,25 @@
|
|||||||
|
use crate::{if_false, Database};
|
||||||
|
use revolt_result::Result;
|
||||||
|
|
||||||
|
auto_derived_partial!(
|
||||||
|
/// Account invite ticket
|
||||||
|
pub struct AccountInvite {
|
||||||
|
/// Invite code
|
||||||
|
#[serde(rename = "_id")]
|
||||||
|
pub id: String,
|
||||||
|
/// Whether this invite ticket has been used
|
||||||
|
#[serde(skip_serializing_if = "if_false", default)]
|
||||||
|
pub used: bool,
|
||||||
|
/// User ID that this invite was claimed by
|
||||||
|
#[serde(skip_serializing_if = "Option::is_none")]
|
||||||
|
pub claimed_by: Option<String>,
|
||||||
|
},
|
||||||
|
"PartialAccountInvite"
|
||||||
|
);
|
||||||
|
|
||||||
|
impl AccountInvite {
|
||||||
|
/// Save model
|
||||||
|
pub async fn save(&self, db: &Database) -> Result<()> {
|
||||||
|
db.save_account_invite(self).await
|
||||||
|
}
|
||||||
|
}
|
||||||
16
crates/core/database/src/models/account_invites/ops.rs
Normal file
16
crates/core/database/src/models/account_invites/ops.rs
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
use revolt_result::Result;
|
||||||
|
|
||||||
|
use crate::AccountInvite;
|
||||||
|
|
||||||
|
#[cfg(feature = "mongodb")]
|
||||||
|
mod mongodb;
|
||||||
|
mod reference;
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
pub trait AbstractAccountInvites: Sync + Send {
|
||||||
|
/// Find invite by id
|
||||||
|
async fn fetch_account_invite(&self, id: &str) -> Result<AccountInvite>;
|
||||||
|
|
||||||
|
/// Save invite
|
||||||
|
async fn save_account_invite(&self, invite: &AccountInvite) -> Result<()>;
|
||||||
|
}
|
||||||
@@ -0,0 +1,31 @@
|
|||||||
|
use crate::{AbstractAccountInvites, AccountInvite, MongoDb};
|
||||||
|
use bson::to_document;
|
||||||
|
use mongodb::options::UpdateOptions;
|
||||||
|
use revolt_result::Result;
|
||||||
|
|
||||||
|
const COL: &str = "account_invites";
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
impl AbstractAccountInvites for MongoDb {
|
||||||
|
/// Find invite by id
|
||||||
|
async fn fetch_account_invite(&self, id: &str) -> Result<AccountInvite> {
|
||||||
|
query!(self, find_one_by_id, COL, id)?.ok_or_else(|| create_error!(InvalidInvite))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Save invite
|
||||||
|
async fn save_account_invite(&self, invite: &AccountInvite) -> Result<()> {
|
||||||
|
self.col::<AccountInvite>(COL)
|
||||||
|
.update_one(
|
||||||
|
doc! {
|
||||||
|
"_id": &invite.id
|
||||||
|
},
|
||||||
|
doc! {
|
||||||
|
"$set": to_document(invite).map_err(|_| create_database_error!("to_document", COL))?,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
.with_options(UpdateOptions::builder().upsert(true).build())
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_database_error!("upsert_one", COL))
|
||||||
|
.map(|_| ())
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,21 @@
|
|||||||
|
use crate::{AbstractAccountInvites, AccountInvite, ReferenceDb};
|
||||||
|
use revolt_result::Result;
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
impl AbstractAccountInvites for ReferenceDb {
|
||||||
|
/// Find invite by id
|
||||||
|
async fn fetch_account_invite(&self, id: &str) -> Result<AccountInvite> {
|
||||||
|
let invites = self.account_invites.lock().await;
|
||||||
|
invites
|
||||||
|
.get(id)
|
||||||
|
.cloned()
|
||||||
|
.ok_or_else(|| create_error!(InvalidInvite))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Save invite
|
||||||
|
async fn save_account_invite(&self, invite: &AccountInvite) -> Result<()> {
|
||||||
|
let mut invites = self.account_invites.lock().await;
|
||||||
|
invites.insert(invite.id.to_string(), invite.clone());
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
||||||
22
crates/core/database/src/models/accounts/axum.rs
Normal file
22
crates/core/database/src/models/accounts/axum.rs
Normal file
@@ -0,0 +1,22 @@
|
|||||||
|
use axum::{extract::{FromRef, FromRequestParts}, http::request::Parts};
|
||||||
|
|
||||||
|
use revolt_result::{Error, Result};
|
||||||
|
|
||||||
|
use crate::{Account, Database, Session};
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
impl<S> FromRequestParts<S> for Account
|
||||||
|
where
|
||||||
|
Database: FromRef<S>,
|
||||||
|
S: Send + Sync
|
||||||
|
{
|
||||||
|
type Rejection = Error;
|
||||||
|
|
||||||
|
async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self> {
|
||||||
|
let db = Database::from_ref(state);
|
||||||
|
|
||||||
|
let session = Session::from_request_parts(parts, state).await?;
|
||||||
|
|
||||||
|
db.fetch_account(&session.user_id).await
|
||||||
|
}
|
||||||
|
}
|
||||||
11
crates/core/database/src/models/accounts/mod.rs
Normal file
11
crates/core/database/src/models/accounts/mod.rs
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
#[cfg(feature = "axum-impl")]
|
||||||
|
mod axum;
|
||||||
|
mod model;
|
||||||
|
mod ops;
|
||||||
|
#[cfg(feature = "rocket-impl")]
|
||||||
|
mod rocket;
|
||||||
|
#[cfg(feature = "rocket-impl")]
|
||||||
|
mod schema;
|
||||||
|
|
||||||
|
pub use model::*;
|
||||||
|
pub use ops::*;
|
||||||
656
crates/core/database/src/models/accounts/model.rs
Normal file
656
crates/core/database/src/models/accounts/model.rs
Normal file
@@ -0,0 +1,656 @@
|
|||||||
|
use iso8601_timestamp::{Duration, Timestamp};
|
||||||
|
|
||||||
|
use nanoid::nanoid;
|
||||||
|
use revolt_config::config;
|
||||||
|
use revolt_result::Result;
|
||||||
|
use serde_json::json;
|
||||||
|
|
||||||
|
use crate::{
|
||||||
|
events::client::EventV1,
|
||||||
|
util::{
|
||||||
|
email::{email_templates, normalise_email, send_email},
|
||||||
|
password::hash_password,
|
||||||
|
},
|
||||||
|
Database, MFATicket, Session,
|
||||||
|
};
|
||||||
|
use revolt_models::v0;
|
||||||
|
|
||||||
|
auto_derived_partial!(
|
||||||
|
/// Account model
|
||||||
|
pub struct Account {
|
||||||
|
/// Unique Id
|
||||||
|
#[serde(rename = "_id")]
|
||||||
|
pub id: String,
|
||||||
|
|
||||||
|
/// User's email
|
||||||
|
pub email: String,
|
||||||
|
|
||||||
|
/// Normalised email
|
||||||
|
///
|
||||||
|
/// (see https://github.com/insertish/authifier/#how-does-authifier-work)
|
||||||
|
pub email_normalised: String,
|
||||||
|
|
||||||
|
/// Argon2 hashed password
|
||||||
|
pub password: String,
|
||||||
|
|
||||||
|
/// Whether the account is disabled
|
||||||
|
#[serde(default)]
|
||||||
|
pub disabled: bool,
|
||||||
|
|
||||||
|
/// Email verification status
|
||||||
|
pub verification: EmailVerification,
|
||||||
|
|
||||||
|
/// Password reset information
|
||||||
|
pub password_reset: Option<PasswordReset>,
|
||||||
|
|
||||||
|
/// Account deletion information
|
||||||
|
pub deletion: Option<DeletionInfo>,
|
||||||
|
|
||||||
|
/// Account lockout
|
||||||
|
pub lockout: Option<Lockout>,
|
||||||
|
|
||||||
|
/// Multi-factor authentication information
|
||||||
|
pub mfa: MultiFactorAuthentication,
|
||||||
|
},
|
||||||
|
"PartialAccount"
|
||||||
|
);
|
||||||
|
|
||||||
|
auto_derived!(
|
||||||
|
/// Email verification status
|
||||||
|
#[serde(tag = "status")]
|
||||||
|
pub enum EmailVerification {
|
||||||
|
/// Account is verified
|
||||||
|
Verified,
|
||||||
|
/// Pending email verification
|
||||||
|
Pending { token: String, expiry: Timestamp },
|
||||||
|
/// Moving to a new email
|
||||||
|
Moving {
|
||||||
|
new_email: String,
|
||||||
|
token: String,
|
||||||
|
expiry: Timestamp,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Password reset information
|
||||||
|
pub struct PasswordReset {
|
||||||
|
/// Token required to change password
|
||||||
|
pub token: String,
|
||||||
|
/// Time at which this token expires
|
||||||
|
pub expiry: Timestamp,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Account deletion information
|
||||||
|
#[serde(tag = "status")]
|
||||||
|
pub enum DeletionInfo {
|
||||||
|
/// The user must confirm deletion by email
|
||||||
|
WaitingForVerification { token: String, expiry: Timestamp },
|
||||||
|
/// The account is scheduled for deletion
|
||||||
|
Scheduled { after: Timestamp },
|
||||||
|
/// This account was deleted
|
||||||
|
Deleted,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Lockout information
|
||||||
|
pub struct Lockout {
|
||||||
|
/// Attempt counter
|
||||||
|
pub attempts: i32,
|
||||||
|
/// Time at which this lockout expires
|
||||||
|
pub expiry: Option<Timestamp>,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// MFA configuration
|
||||||
|
#[derive(Default)]
|
||||||
|
pub struct MultiFactorAuthentication {
|
||||||
|
/// Allow password-less email OTP login
|
||||||
|
/// (1-Factor)
|
||||||
|
// #[serde(skip_serializing_if = "is_false", default)]
|
||||||
|
// pub enable_email_otp: bool,
|
||||||
|
|
||||||
|
/// Allow trusted handover
|
||||||
|
/// (1-Factor)
|
||||||
|
// #[serde(skip_serializing_if = "is_false", default)]
|
||||||
|
// pub enable_trusted_handover: bool,
|
||||||
|
|
||||||
|
/// Allow email MFA
|
||||||
|
/// (2-Factor)
|
||||||
|
// #[serde(skip_serializing_if = "is_false", default)]
|
||||||
|
// pub enable_email_mfa: bool,
|
||||||
|
|
||||||
|
/// TOTP MFA token, enabled if present
|
||||||
|
/// (2-Factor)
|
||||||
|
#[serde(skip_serializing_if = "Totp::is_empty", default)]
|
||||||
|
pub totp_token: Totp,
|
||||||
|
|
||||||
|
/// Security Key MFA token, enabled if present
|
||||||
|
/// (2-Factor)
|
||||||
|
// #[serde(skip_serializing_if = "Option::is_none")]
|
||||||
|
// pub security_key_token: Option<String>,
|
||||||
|
|
||||||
|
/// Recovery codes
|
||||||
|
#[serde(skip_serializing_if = "Vec::is_empty", default)]
|
||||||
|
pub recovery_codes: Vec<String>,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// MFA method
|
||||||
|
#[derive(Hash)]
|
||||||
|
pub enum MFAMethod {
|
||||||
|
Password,
|
||||||
|
Recovery,
|
||||||
|
Totp,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Default)]
|
||||||
|
#[serde(tag = "status")]
|
||||||
|
pub enum Totp {
|
||||||
|
/// Disabled
|
||||||
|
#[default]
|
||||||
|
Disabled,
|
||||||
|
/// Waiting for user activation
|
||||||
|
Pending { secret: String },
|
||||||
|
/// Required on account
|
||||||
|
Enabled { secret: String },
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
impl MultiFactorAuthentication {
|
||||||
|
// Check whether MFA is in-use
|
||||||
|
pub fn is_active(&self) -> bool {
|
||||||
|
matches!(self.totp_token, Totp::Enabled { .. })
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check whether there are still usable recovery codes
|
||||||
|
pub fn has_recovery(&self) -> bool {
|
||||||
|
!self.recovery_codes.is_empty()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get available MFA methods
|
||||||
|
pub fn get_methods(&self) -> Vec<MFAMethod> {
|
||||||
|
if let Totp::Enabled { .. } = self.totp_token {
|
||||||
|
let mut methods = vec![MFAMethod::Totp];
|
||||||
|
|
||||||
|
if self.has_recovery() {
|
||||||
|
methods.push(MFAMethod::Recovery);
|
||||||
|
}
|
||||||
|
|
||||||
|
methods
|
||||||
|
} else {
|
||||||
|
vec![MFAMethod::Password]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Generate new recovery codes
|
||||||
|
pub fn generate_recovery_codes(&mut self) {
|
||||||
|
static ALPHABET: [char; 32] = [
|
||||||
|
'1', '2', '3', '4', '5', '6', '7', '8', '9', '0', 'a', 'b', 'c', 'd', 'e', 'f', 'g',
|
||||||
|
'h', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'v', 'w', 'x', 'y', 'z',
|
||||||
|
];
|
||||||
|
|
||||||
|
let mut codes = vec![];
|
||||||
|
for _ in 1..=10 {
|
||||||
|
codes.push(format!(
|
||||||
|
"{}-{}",
|
||||||
|
nanoid!(5, &ALPHABET),
|
||||||
|
nanoid!(5, &ALPHABET)
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
self.recovery_codes = codes;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Generate new TOTP secret
|
||||||
|
pub fn generate_new_totp_secret(&mut self) -> Result<String> {
|
||||||
|
if let Totp::Enabled { .. } = self.totp_token {
|
||||||
|
return Err(create_error!(OperationFailed));
|
||||||
|
}
|
||||||
|
|
||||||
|
let secret: [u8; 10] = rand::random();
|
||||||
|
let secret = base32::encode(base32::Alphabet::RFC4648 { padding: false }, &secret);
|
||||||
|
|
||||||
|
self.totp_token = Totp::Pending {
|
||||||
|
secret: secret.clone(),
|
||||||
|
};
|
||||||
|
|
||||||
|
Ok(secret)
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Enable TOTP using a given MFA response
|
||||||
|
pub fn enable_totp(&mut self, response: v0::MFAResponse) -> Result<()> {
|
||||||
|
if let v0::MFAResponse::Totp { totp_code } = response {
|
||||||
|
let code = self.totp_token.generate_code()?;
|
||||||
|
|
||||||
|
if code == totp_code {
|
||||||
|
let mut totp = Totp::Disabled;
|
||||||
|
std::mem::swap(&mut totp, &mut self.totp_token);
|
||||||
|
|
||||||
|
if let Totp::Pending { secret } = totp {
|
||||||
|
self.totp_token = Totp::Enabled { secret };
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
} else {
|
||||||
|
Err(create_error!(OperationFailed))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Err(create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Err(create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Totp {
|
||||||
|
/// Whether TOTP information is empty
|
||||||
|
pub fn is_empty(&self) -> bool {
|
||||||
|
matches!(self, Totp::Disabled)
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Whether TOTP is disabled
|
||||||
|
pub fn is_disabled(&self) -> bool {
|
||||||
|
!matches!(self, Totp::Enabled { .. })
|
||||||
|
}
|
||||||
|
|
||||||
|
// Generate a TOTP code from secret
|
||||||
|
pub fn generate_code(&self) -> Result<String> {
|
||||||
|
if let Totp::Enabled { secret } | Totp::Pending { secret } = &self {
|
||||||
|
let seconds: u64 = std::time::SystemTime::now()
|
||||||
|
.duration_since(std::time::UNIX_EPOCH)
|
||||||
|
.unwrap()
|
||||||
|
.as_secs();
|
||||||
|
|
||||||
|
Ok(totp_lite::totp_custom::<totp_lite::Sha1>(
|
||||||
|
totp_lite::DEFAULT_STEP,
|
||||||
|
6,
|
||||||
|
&base32::decode(base32::Alphabet::RFC4648 { padding: false }, secret)
|
||||||
|
.expect("valid base32 secret"),
|
||||||
|
seconds,
|
||||||
|
))
|
||||||
|
} else {
|
||||||
|
Err(create_error!(OperationFailed))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Account {
|
||||||
|
/// Save model
|
||||||
|
pub async fn save(&self, db: &Database) -> Result<()> {
|
||||||
|
db.save_account(self).await
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Create a new account
|
||||||
|
pub async fn new(
|
||||||
|
db: &Database,
|
||||||
|
email: String,
|
||||||
|
plaintext_password: String,
|
||||||
|
verify_email: bool,
|
||||||
|
) -> Result<Account> {
|
||||||
|
// Get a normalised representation of the user's email
|
||||||
|
let email_normalised = normalise_email(email.clone());
|
||||||
|
|
||||||
|
// Try to find an existing account
|
||||||
|
if let Some(mut account) = db
|
||||||
|
.fetch_account_by_normalised_email(&email_normalised)
|
||||||
|
.await?
|
||||||
|
{
|
||||||
|
// Resend account verification or send password reset
|
||||||
|
if let EmailVerification::Pending { .. } = &account.verification {
|
||||||
|
account.start_email_verification(db).await?;
|
||||||
|
} else {
|
||||||
|
account.start_password_reset(db, true).await?;
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(account)
|
||||||
|
} else {
|
||||||
|
// Hash the user's password
|
||||||
|
let password = hash_password(plaintext_password)?;
|
||||||
|
|
||||||
|
// Create a new account
|
||||||
|
let mut account = Account {
|
||||||
|
id: ulid::Ulid::new().to_string(),
|
||||||
|
|
||||||
|
email,
|
||||||
|
email_normalised,
|
||||||
|
password,
|
||||||
|
|
||||||
|
disabled: false,
|
||||||
|
verification: EmailVerification::Verified,
|
||||||
|
password_reset: None,
|
||||||
|
deletion: None,
|
||||||
|
lockout: None,
|
||||||
|
|
||||||
|
mfa: Default::default(),
|
||||||
|
};
|
||||||
|
|
||||||
|
// Send email verification
|
||||||
|
if verify_email {
|
||||||
|
account.start_email_verification(db).await?;
|
||||||
|
} else {
|
||||||
|
account.save(db).await?;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create and push event
|
||||||
|
EventV1::CreateAccount {
|
||||||
|
account: account.clone(),
|
||||||
|
}
|
||||||
|
.global()
|
||||||
|
.await;
|
||||||
|
|
||||||
|
Ok(account)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Create a new session
|
||||||
|
pub async fn create_session(&self, db: &Database, name: String) -> Result<Session> {
|
||||||
|
let config = config().await;
|
||||||
|
|
||||||
|
let session = Session {
|
||||||
|
id: ulid::Ulid::new().to_string(),
|
||||||
|
token: nanoid!(64),
|
||||||
|
|
||||||
|
user_id: self.id.clone(),
|
||||||
|
name,
|
||||||
|
|
||||||
|
last_seen: Timestamp::now_utc(),
|
||||||
|
|
||||||
|
origin: Some(config.environment),
|
||||||
|
subscription: None,
|
||||||
|
};
|
||||||
|
|
||||||
|
// Save to database
|
||||||
|
db.save_session(&session).await?;
|
||||||
|
|
||||||
|
// Create and push event
|
||||||
|
EventV1::CreateSession {
|
||||||
|
session: session.clone(),
|
||||||
|
}
|
||||||
|
.global()
|
||||||
|
.await;
|
||||||
|
|
||||||
|
Ok(session)
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Send account verification email
|
||||||
|
pub async fn start_email_verification(&mut self, db: &Database) -> Result<()> {
|
||||||
|
let config = config().await;
|
||||||
|
|
||||||
|
if !config.api.smtp.host.is_empty() {
|
||||||
|
let templates = email_templates().await;
|
||||||
|
|
||||||
|
let token = nanoid!(32);
|
||||||
|
let url = format!("{}{}", templates.verify.url, token);
|
||||||
|
|
||||||
|
send_email(
|
||||||
|
&config.api.smtp,
|
||||||
|
self.email.clone(),
|
||||||
|
&templates.verify,
|
||||||
|
json!({
|
||||||
|
"email": self.email.clone(),
|
||||||
|
"url": url
|
||||||
|
}),
|
||||||
|
)?;
|
||||||
|
|
||||||
|
self.verification = EmailVerification::Pending {
|
||||||
|
token,
|
||||||
|
expiry: Timestamp::now_utc()
|
||||||
|
.checked_add(Duration::seconds(
|
||||||
|
config.api.smtp.expiry.expire_verification,
|
||||||
|
))
|
||||||
|
.unwrap(),
|
||||||
|
};
|
||||||
|
} else {
|
||||||
|
self.verification = EmailVerification::Verified;
|
||||||
|
}
|
||||||
|
|
||||||
|
self.save(db).await
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Send account verification to new email
|
||||||
|
pub async fn start_email_move(&mut self, db: &Database, new_email: String) -> Result<()> {
|
||||||
|
// This method should and will never be called on an unverified account,
|
||||||
|
// but just validate this just in case.
|
||||||
|
if let EmailVerification::Pending { .. } = self.verification {
|
||||||
|
return Err(create_error!(UnverifiedAccount));
|
||||||
|
}
|
||||||
|
|
||||||
|
let config = config().await;
|
||||||
|
|
||||||
|
if !config.api.smtp.host.is_empty() {
|
||||||
|
let templates = email_templates().await;
|
||||||
|
|
||||||
|
let token = nanoid!(32);
|
||||||
|
let url = format!("{}{}", templates.verify.url, token);
|
||||||
|
|
||||||
|
send_email(
|
||||||
|
&config.api.smtp,
|
||||||
|
new_email.clone(),
|
||||||
|
&templates.verify,
|
||||||
|
json!({
|
||||||
|
"email": self.email.clone(),
|
||||||
|
"url": url
|
||||||
|
}),
|
||||||
|
)?;
|
||||||
|
|
||||||
|
self.verification = EmailVerification::Moving {
|
||||||
|
new_email,
|
||||||
|
token,
|
||||||
|
expiry: Timestamp::now_utc()
|
||||||
|
.checked_add(Duration::seconds(
|
||||||
|
config.api.smtp.expiry.expire_verification,
|
||||||
|
))
|
||||||
|
.unwrap(),
|
||||||
|
};
|
||||||
|
} else {
|
||||||
|
self.email_normalised = normalise_email(new_email.clone());
|
||||||
|
self.email = new_email;
|
||||||
|
}
|
||||||
|
|
||||||
|
self.save(db).await
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Send password reset email
|
||||||
|
pub async fn start_password_reset(
|
||||||
|
&mut self,
|
||||||
|
db: &Database,
|
||||||
|
existing_account: bool,
|
||||||
|
) -> Result<()> {
|
||||||
|
let config = config().await;
|
||||||
|
|
||||||
|
if !config.api.smtp.host.is_empty() {
|
||||||
|
let templates = email_templates().await;
|
||||||
|
|
||||||
|
let template = if existing_account {
|
||||||
|
&templates.reset_existing
|
||||||
|
} else {
|
||||||
|
&templates.reset
|
||||||
|
};
|
||||||
|
|
||||||
|
let token = nanoid!(32);
|
||||||
|
let url = format!("{}{}", template.url, token);
|
||||||
|
|
||||||
|
send_email(
|
||||||
|
&config.api.smtp,
|
||||||
|
self.email.clone(),
|
||||||
|
template,
|
||||||
|
json!({
|
||||||
|
"email": self.email.clone(),
|
||||||
|
"url": url
|
||||||
|
}),
|
||||||
|
)?;
|
||||||
|
|
||||||
|
self.password_reset = Some(PasswordReset {
|
||||||
|
token,
|
||||||
|
expiry: Timestamp::now_utc()
|
||||||
|
.checked_add(Duration::seconds(
|
||||||
|
config.api.smtp.expiry.expire_password_reset,
|
||||||
|
))
|
||||||
|
.unwrap(),
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
return Err(create_error!(OperationFailed));
|
||||||
|
}
|
||||||
|
|
||||||
|
self.save(db).await
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Begin account deletion process by sending confirmation email
|
||||||
|
///
|
||||||
|
/// If email verification is not on, the account will be marked for deletion instantly
|
||||||
|
pub async fn start_account_deletion(&mut self, db: &Database) -> Result<()> {
|
||||||
|
let config = config().await;
|
||||||
|
|
||||||
|
if !config.api.smtp.host.is_empty() {
|
||||||
|
let templates = email_templates().await;
|
||||||
|
|
||||||
|
let token = nanoid!(32);
|
||||||
|
let url = format!("{}{}", templates.deletion.url, token);
|
||||||
|
|
||||||
|
send_email(
|
||||||
|
&config.api.smtp,
|
||||||
|
self.email.clone(),
|
||||||
|
&templates.deletion,
|
||||||
|
json!({
|
||||||
|
"email": self.email.clone(),
|
||||||
|
"url": url
|
||||||
|
}),
|
||||||
|
)?;
|
||||||
|
|
||||||
|
self.deletion = Some(DeletionInfo::WaitingForVerification {
|
||||||
|
token,
|
||||||
|
expiry: Timestamp::now_utc()
|
||||||
|
.checked_add(Duration::seconds(
|
||||||
|
config.api.smtp.expiry.expire_password_reset,
|
||||||
|
))
|
||||||
|
.unwrap(),
|
||||||
|
});
|
||||||
|
|
||||||
|
self.save(db).await
|
||||||
|
} else {
|
||||||
|
self.schedule_deletion(db).await
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Verify a user's password is correct
|
||||||
|
pub fn verify_password(&self, plaintext_password: &str) -> Result<()> {
|
||||||
|
argon2::verify_encoded(&self.password, plaintext_password.as_bytes())
|
||||||
|
.map(|v| {
|
||||||
|
if v {
|
||||||
|
Ok(())
|
||||||
|
} else {
|
||||||
|
Err(create_error!(InvalidCredentials))
|
||||||
|
}
|
||||||
|
})
|
||||||
|
// To prevent user enumeration, we should ignore
|
||||||
|
// the error and pretend the password is wrong.
|
||||||
|
.map_err(|_| create_error!(InvalidCredentials))?
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Validate an MFA response
|
||||||
|
pub async fn consume_mfa_response(
|
||||||
|
&mut self,
|
||||||
|
db: &Database,
|
||||||
|
response: v0::MFAResponse,
|
||||||
|
ticket: Option<MFATicket>,
|
||||||
|
) -> Result<()> {
|
||||||
|
let allowed_methods = self.mfa.get_methods();
|
||||||
|
|
||||||
|
match response {
|
||||||
|
v0::MFAResponse::Password { password } => {
|
||||||
|
if allowed_methods.contains(&MFAMethod::Password) {
|
||||||
|
self.verify_password(&password)
|
||||||
|
} else {
|
||||||
|
Err(create_error!(DisallowedMFAMethod))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
v0::MFAResponse::Totp { totp_code } => {
|
||||||
|
if allowed_methods.contains(&MFAMethod::Totp) {
|
||||||
|
if let Totp::Enabled { .. } = &self.mfa.totp_token {
|
||||||
|
// Use TOTP code at generation if applicable
|
||||||
|
if let Some(ticket) = ticket {
|
||||||
|
if let Some(code) = ticket.last_totp_code {
|
||||||
|
if code == totp_code {
|
||||||
|
return Ok(());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Otherwise read current TOTP token
|
||||||
|
if self.mfa.totp_token.generate_code()? == totp_code {
|
||||||
|
Ok(())
|
||||||
|
} else {
|
||||||
|
Err(create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
unreachable!()
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Err(create_error!(DisallowedMFAMethod))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
v0::MFAResponse::Recovery { recovery_code } => {
|
||||||
|
if allowed_methods.contains(&MFAMethod::Recovery) {
|
||||||
|
if let Some(index) = self
|
||||||
|
.mfa
|
||||||
|
.recovery_codes
|
||||||
|
.iter()
|
||||||
|
.position(|x| x == &recovery_code)
|
||||||
|
{
|
||||||
|
self.mfa.recovery_codes.remove(index);
|
||||||
|
self.save(db).await
|
||||||
|
} else {
|
||||||
|
Err(create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Err(create_error!(DisallowedMFAMethod))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Delete all sessions for an account
|
||||||
|
pub async fn delete_all_sessions(
|
||||||
|
&self,
|
||||||
|
db: &Database,
|
||||||
|
exclude_session_id: Option<String>,
|
||||||
|
) -> Result<()> {
|
||||||
|
db.delete_all_sessions(&self.id, exclude_session_id.clone())
|
||||||
|
.await?;
|
||||||
|
|
||||||
|
// Create and push event
|
||||||
|
EventV1::DeleteAllSessions {
|
||||||
|
user_id: self.id.clone(),
|
||||||
|
exclude_session_id,
|
||||||
|
}
|
||||||
|
.private(self.id.clone())
|
||||||
|
.await;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Disable an account
|
||||||
|
pub async fn disable(&mut self, db: &Database) -> Result<()> {
|
||||||
|
self.disabled = true;
|
||||||
|
self.delete_all_sessions(db, None).await?;
|
||||||
|
self.save(db).await
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Schedule an account for deletion
|
||||||
|
pub async fn schedule_deletion(&mut self, db: &Database) -> Result<()> {
|
||||||
|
self.deletion = Some(DeletionInfo::Scheduled {
|
||||||
|
after: Timestamp::now_utc()
|
||||||
|
.checked_add(Duration::weeks(1))
|
||||||
|
.unwrap(),
|
||||||
|
});
|
||||||
|
|
||||||
|
self.disable(db).await
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Removes all information from the account and marks it as fully deleted
|
||||||
|
pub async fn mark_deleted(&mut self, db: &Database) -> Result<()> {
|
||||||
|
self.email = format!("Deleted User {}", &self.id);
|
||||||
|
self.email_normalised = format!("Deleted User {}", &self.id);
|
||||||
|
self.deletion = Some(DeletionInfo::Deleted);
|
||||||
|
|
||||||
|
self.save(db).await?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
||||||
34
crates/core/database/src/models/accounts/ops.rs
Normal file
34
crates/core/database/src/models/accounts/ops.rs
Normal file
@@ -0,0 +1,34 @@
|
|||||||
|
use revolt_result::Result;
|
||||||
|
|
||||||
|
use crate::Account;
|
||||||
|
|
||||||
|
#[cfg(feature = "mongodb")]
|
||||||
|
mod mongodb;
|
||||||
|
mod reference;
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
pub trait AbstractAccounts: Sync + Send {
|
||||||
|
/// Find account by id
|
||||||
|
async fn fetch_account(&self, id: &str) -> Result<Account>;
|
||||||
|
|
||||||
|
/// Find account by normalised email
|
||||||
|
async fn fetch_account_by_normalised_email(
|
||||||
|
&self,
|
||||||
|
normalised_email: &str,
|
||||||
|
) -> Result<Option<Account>>;
|
||||||
|
|
||||||
|
/// Find account with active pending email verification
|
||||||
|
async fn fetch_account_with_email_verification(&self, token: &str) -> Result<Account>;
|
||||||
|
|
||||||
|
/// Find account with active password reset
|
||||||
|
async fn fetch_account_with_password_reset(&self, token: &str) -> Result<Account>;
|
||||||
|
|
||||||
|
/// Find account with active deletion token
|
||||||
|
async fn fetch_account_with_deletion_token(&self, token: &str) -> Result<Account>;
|
||||||
|
|
||||||
|
/// Find accounts which are due to be deleted
|
||||||
|
async fn fetch_accounts_due_for_deletion(&self) -> Result<Vec<Account>>;
|
||||||
|
|
||||||
|
// Save account
|
||||||
|
async fn save_account(&self, account: &Account) -> Result<()>;
|
||||||
|
}
|
||||||
118
crates/core/database/src/models/accounts/ops/mongodb.rs
Normal file
118
crates/core/database/src/models/accounts/ops/mongodb.rs
Normal file
@@ -0,0 +1,118 @@
|
|||||||
|
use crate::{AbstractAccounts, Account, MongoDb};
|
||||||
|
use bson::{to_bson, to_document};
|
||||||
|
use iso8601_timestamp::Timestamp;
|
||||||
|
use mongodb::options::{Collation, CollationStrength, FindOneOptions, UpdateOptions};
|
||||||
|
use revolt_result::Result;
|
||||||
|
|
||||||
|
const COL: &str = "accounts";
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
impl AbstractAccounts for MongoDb {
|
||||||
|
/// Find account by id
|
||||||
|
async fn fetch_account(&self, id: &str) -> Result<Account> {
|
||||||
|
query!(self, find_one_by_id, COL, id)?.ok_or_else(|| create_error!(UnknownUser))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find account by normalised email
|
||||||
|
async fn fetch_account_by_normalised_email(
|
||||||
|
&self,
|
||||||
|
normalised_email: &str,
|
||||||
|
) -> Result<Option<Account>> {
|
||||||
|
query!(
|
||||||
|
self,
|
||||||
|
find_one_with_options,
|
||||||
|
COL,
|
||||||
|
doc! {
|
||||||
|
"email_normalised": normalised_email
|
||||||
|
},
|
||||||
|
FindOneOptions::builder()
|
||||||
|
.collation(
|
||||||
|
Collation::builder()
|
||||||
|
.locale("en")
|
||||||
|
.strength(CollationStrength::Secondary)
|
||||||
|
.build(),
|
||||||
|
)
|
||||||
|
.build()
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find account with active pending email verification
|
||||||
|
async fn fetch_account_with_email_verification(&self, token: &str) -> Result<Account> {
|
||||||
|
query!(
|
||||||
|
self,
|
||||||
|
find_one,
|
||||||
|
COL,
|
||||||
|
doc! {
|
||||||
|
"verification.token": token,
|
||||||
|
"verification.expiry": {
|
||||||
|
"$gte": to_bson(&Timestamp::now_utc()).unwrap()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
)?
|
||||||
|
.ok_or_else(|| create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find account with active password reset
|
||||||
|
async fn fetch_account_with_password_reset(&self, token: &str) -> Result<Account> {
|
||||||
|
query!(
|
||||||
|
self,
|
||||||
|
find_one,
|
||||||
|
COL,
|
||||||
|
doc! {
|
||||||
|
"password_reset.token": token,
|
||||||
|
"password_reset.expiry": {
|
||||||
|
"$gte": to_bson(&Timestamp::now_utc()).unwrap()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
)?
|
||||||
|
.ok_or_else(|| create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find account with active deletion token
|
||||||
|
async fn fetch_account_with_deletion_token(&self, token: &str) -> Result<Account> {
|
||||||
|
query!(
|
||||||
|
self,
|
||||||
|
find_one,
|
||||||
|
COL,
|
||||||
|
doc! {
|
||||||
|
"deletion.token": token,
|
||||||
|
"deletion.expiry": {
|
||||||
|
"$gte": to_bson(&Timestamp::now_utc()).unwrap()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
)?
|
||||||
|
.ok_or_else(|| create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find accounts which are due to be deleted
|
||||||
|
async fn fetch_accounts_due_for_deletion(&self) -> Result<Vec<Account>> {
|
||||||
|
query!(
|
||||||
|
self,
|
||||||
|
find,
|
||||||
|
COL,
|
||||||
|
doc! {
|
||||||
|
"deletion.status": "Scheduled",
|
||||||
|
"deletion.after": {
|
||||||
|
"$lte": to_bson(&Timestamp::now_utc()).unwrap()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Save account
|
||||||
|
async fn save_account(&self, account: &Account) -> Result<()> {
|
||||||
|
self.col::<Account>(COL)
|
||||||
|
.update_one(
|
||||||
|
doc! {
|
||||||
|
"_id": &account.id
|
||||||
|
},
|
||||||
|
doc! {
|
||||||
|
"$set": to_document(account).map_err(|_| create_database_error!("to_document", COL))?
|
||||||
|
},
|
||||||
|
)
|
||||||
|
.with_options(UpdateOptions::builder().upsert(true).build())
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_database_error!("find_one", COL))
|
||||||
|
.map(|_| ())
|
||||||
|
}
|
||||||
|
}
|
||||||
99
crates/core/database/src/models/accounts/ops/reference.rs
Normal file
99
crates/core/database/src/models/accounts/ops/reference.rs
Normal file
@@ -0,0 +1,99 @@
|
|||||||
|
use crate::{AbstractAccounts, Account, DeletionInfo, EmailVerification, ReferenceDb};
|
||||||
|
use iso8601_timestamp::Timestamp;
|
||||||
|
use revolt_result::Result;
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
impl AbstractAccounts for ReferenceDb {
|
||||||
|
/// Find account by id
|
||||||
|
async fn fetch_account(&self, id: &str) -> Result<Account> {
|
||||||
|
let accounts = self.accounts.lock().await;
|
||||||
|
accounts
|
||||||
|
.get(id)
|
||||||
|
.cloned()
|
||||||
|
.ok_or_else(|| create_error!(UnknownUser))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find account by normalised email
|
||||||
|
async fn fetch_account_by_normalised_email(
|
||||||
|
&self,
|
||||||
|
normalised_email: &str,
|
||||||
|
) -> Result<Option<Account>> {
|
||||||
|
let accounts = self.accounts.lock().await;
|
||||||
|
Ok(accounts
|
||||||
|
.values()
|
||||||
|
.find(|account| account.email_normalised == normalised_email)
|
||||||
|
.cloned())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find account with active pending email verification
|
||||||
|
async fn fetch_account_with_email_verification(&self, token_to_match: &str) -> Result<Account> {
|
||||||
|
let accounts = self.accounts.lock().await;
|
||||||
|
accounts
|
||||||
|
.values()
|
||||||
|
.find(|account| match &account.verification {
|
||||||
|
EmailVerification::Pending { token, .. }
|
||||||
|
| EmailVerification::Moving { token, .. } => token == token_to_match,
|
||||||
|
_ => false,
|
||||||
|
})
|
||||||
|
.cloned()
|
||||||
|
.ok_or_else(|| create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find account with active password reset
|
||||||
|
async fn fetch_account_with_password_reset(&self, token: &str) -> Result<Account> {
|
||||||
|
let accounts = self.accounts.lock().await;
|
||||||
|
accounts
|
||||||
|
.values()
|
||||||
|
.find(|account| {
|
||||||
|
if let Some(reset) = &account.password_reset {
|
||||||
|
reset.token == token
|
||||||
|
} else {
|
||||||
|
false
|
||||||
|
}
|
||||||
|
})
|
||||||
|
.cloned()
|
||||||
|
.ok_or_else(|| create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find account with active deletion token
|
||||||
|
async fn fetch_account_with_deletion_token(&self, token_to_match: &str) -> Result<Account> {
|
||||||
|
let accounts = self.accounts.lock().await;
|
||||||
|
accounts
|
||||||
|
.values()
|
||||||
|
.find(|account| {
|
||||||
|
if let Some(DeletionInfo::WaitingForVerification { token, .. }) = &account.deletion
|
||||||
|
{
|
||||||
|
token == token_to_match
|
||||||
|
} else {
|
||||||
|
false
|
||||||
|
}
|
||||||
|
})
|
||||||
|
.cloned()
|
||||||
|
.ok_or_else(|| create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find accounts which are due to be deleted
|
||||||
|
async fn fetch_accounts_due_for_deletion(&self) -> Result<Vec<Account>> {
|
||||||
|
let now = Timestamp::now_utc();
|
||||||
|
let accounts = self.accounts.lock().await;
|
||||||
|
|
||||||
|
Ok(accounts
|
||||||
|
.values()
|
||||||
|
.filter(|account| {
|
||||||
|
if let Some(DeletionInfo::Scheduled { after }) = &account.deletion {
|
||||||
|
after <= &now
|
||||||
|
} else {
|
||||||
|
false
|
||||||
|
}
|
||||||
|
})
|
||||||
|
.cloned()
|
||||||
|
.collect())
|
||||||
|
}
|
||||||
|
|
||||||
|
// Save account
|
||||||
|
async fn save_account(&self, account: &Account) -> Result<()> {
|
||||||
|
let mut accounts = self.accounts.lock().await;
|
||||||
|
accounts.insert(account.id.to_string(), account.clone());
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
||||||
32
crates/core/database/src/models/accounts/rocket.rs
Normal file
32
crates/core/database/src/models/accounts/rocket.rs
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
use crate::{Account, Database, Session};
|
||||||
|
use revolt_result::Error;
|
||||||
|
use rocket::{
|
||||||
|
http::Status,
|
||||||
|
request::{FromRequest, Outcome},
|
||||||
|
Request,
|
||||||
|
};
|
||||||
|
|
||||||
|
#[rocket::async_trait]
|
||||||
|
impl<'r> FromRequest<'r> for Account {
|
||||||
|
type Error = Error;
|
||||||
|
|
||||||
|
async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
|
||||||
|
match request.guard::<Session>().await {
|
||||||
|
Outcome::Success(session) => {
|
||||||
|
if let Ok(account) = request
|
||||||
|
.rocket()
|
||||||
|
.state::<Database>()
|
||||||
|
.expect("`Database`")
|
||||||
|
.fetch_account(&session.user_id)
|
||||||
|
.await
|
||||||
|
{
|
||||||
|
Outcome::Success(account)
|
||||||
|
} else {
|
||||||
|
Outcome::Error((Status::InternalServerError, create_error!(InternalError)))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Outcome::Forward(_) => unreachable!(),
|
||||||
|
Outcome::Error(err) => Outcome::Error(err),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
32
crates/core/database/src/models/accounts/schema.rs
Normal file
32
crates/core/database/src/models/accounts/schema.rs
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
use revolt_okapi::openapi3::{SecurityScheme, SecuritySchemeData};
|
||||||
|
use revolt_rocket_okapi::{
|
||||||
|
gen::OpenApiGenerator,
|
||||||
|
request::{OpenApiFromRequest, RequestHeaderInput},
|
||||||
|
};
|
||||||
|
|
||||||
|
use crate::Account;
|
||||||
|
|
||||||
|
|
||||||
|
impl<'r> OpenApiFromRequest<'r> for Account {
|
||||||
|
fn from_request_input(
|
||||||
|
_gen: &mut OpenApiGenerator,
|
||||||
|
_name: String,
|
||||||
|
_required: bool,
|
||||||
|
) -> revolt_rocket_okapi::Result<RequestHeaderInput> {
|
||||||
|
let mut requirements = schemars::Map::new();
|
||||||
|
requirements.insert("Session Token".to_owned(), vec![]);
|
||||||
|
|
||||||
|
Ok(RequestHeaderInput::Security(
|
||||||
|
"Session Token".to_owned(),
|
||||||
|
SecurityScheme {
|
||||||
|
data: SecuritySchemeData::ApiKey {
|
||||||
|
name: "x-session-token".to_owned(),
|
||||||
|
location: "header".to_owned(),
|
||||||
|
},
|
||||||
|
description: Some("Used to authenticate as a user.".to_owned()),
|
||||||
|
extensions: schemars::Map::new(),
|
||||||
|
},
|
||||||
|
requirements,
|
||||||
|
))
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -98,6 +98,18 @@ pub async fn create_database(db: &MongoDb) {
|
|||||||
.await
|
.await
|
||||||
.expect("Failed to create pubsub collection.");
|
.expect("Failed to create pubsub collection.");
|
||||||
|
|
||||||
|
db.create_collection("sessions")
|
||||||
|
.await
|
||||||
|
.expect("Failed to create sessions collection.");
|
||||||
|
|
||||||
|
db.create_collection("account_invites")
|
||||||
|
.await
|
||||||
|
.expect("Failed to create account_invites collection.");
|
||||||
|
|
||||||
|
db.create_collection("mfa_tickets")
|
||||||
|
.await
|
||||||
|
.expect("Failed to create mfa_tickets collection.");
|
||||||
|
|
||||||
db.run_command(doc! {
|
db.run_command(doc! {
|
||||||
"createIndexes": "users",
|
"createIndexes": "users",
|
||||||
"indexes": [
|
"indexes": [
|
||||||
@@ -263,5 +275,89 @@ pub async fn create_database(db: &MongoDb) {
|
|||||||
.await
|
.await
|
||||||
.expect("Failed to create ratelimit_events index.");
|
.expect("Failed to create ratelimit_events index.");
|
||||||
|
|
||||||
|
db.run_command(doc! {
|
||||||
|
"createIndexes": "accounts",
|
||||||
|
"indexes": [
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"email": 1
|
||||||
|
},
|
||||||
|
"name": "email",
|
||||||
|
"unique": true,
|
||||||
|
"collation": {
|
||||||
|
"locale": "en",
|
||||||
|
"strength": 2
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"email_normalised": 1
|
||||||
|
},
|
||||||
|
"name": "email_normalised",
|
||||||
|
"unique": true,
|
||||||
|
"collation": {
|
||||||
|
"locale": "en",
|
||||||
|
"strength": 2
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"verification.token": 1
|
||||||
|
},
|
||||||
|
"name": "email_verification"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"password_reset.token": 1
|
||||||
|
},
|
||||||
|
"name": "password_reset"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"deletion.token": 1
|
||||||
|
},
|
||||||
|
"name": "account_deletion"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.unwrap();
|
||||||
|
|
||||||
|
db.run_command(doc! {
|
||||||
|
"createIndexes": "sessions",
|
||||||
|
"indexes": [
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"token": 1
|
||||||
|
},
|
||||||
|
"name": "token",
|
||||||
|
"unique": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"user_id": 1
|
||||||
|
},
|
||||||
|
"name": "user_id"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.unwrap();
|
||||||
|
|
||||||
|
db.run_command(doc! {
|
||||||
|
"createIndexes": "mfa_tickets",
|
||||||
|
"indexes": [
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"token": 1
|
||||||
|
},
|
||||||
|
"name": "token",
|
||||||
|
"unique": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.unwrap();
|
||||||
|
|
||||||
info!("Created database.");
|
info!("Created database.");
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -17,6 +17,7 @@ use iso8601_timestamp::Timestamp;
|
|||||||
use rand::seq::SliceRandom;
|
use rand::seq::SliceRandom;
|
||||||
use revolt_permissions::{ChannelPermission, DEFAULT_WEBHOOK_PERMISSIONS};
|
use revolt_permissions::{ChannelPermission, DEFAULT_WEBHOOK_PERMISSIONS};
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
use ulid::Ulid;
|
||||||
use unicode_segmentation::UnicodeSegmentation;
|
use unicode_segmentation::UnicodeSegmentation;
|
||||||
|
|
||||||
#[derive(Serialize, Deserialize)]
|
#[derive(Serialize, Deserialize)]
|
||||||
@@ -25,7 +26,7 @@ struct MigrationInfo {
|
|||||||
revision: i32,
|
revision: i32,
|
||||||
}
|
}
|
||||||
|
|
||||||
pub const LATEST_REVISION: i32 = 50; // MUST BE +1 to last migration
|
pub const LATEST_REVISION: i32 = 51; // MUST BE +1 to last migration
|
||||||
|
|
||||||
pub async fn migrate_database(db: &MongoDb) {
|
pub async fn migrate_database(db: &MongoDb) {
|
||||||
let migrations = db.col::<Document>("migrations");
|
let migrations = db.col::<Document>("migrations");
|
||||||
@@ -573,20 +574,145 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
|||||||
if revision <= 15 {
|
if revision <= 15 {
|
||||||
info!("Running migration [revision 15 / 04-06-2022]: Migrate Authifier to latest version.");
|
info!("Running migration [revision 15 / 04-06-2022]: Migrate Authifier to latest version.");
|
||||||
|
|
||||||
let db = authifier::Database::MongoDb(authifier::database::MongoDb(db.db()));
|
if !db
|
||||||
db.run_migration(authifier::Migration::M2022_06_03EnsureUpToSpec)
|
.db()
|
||||||
|
.collection::<Document>("mfa_tickets")
|
||||||
|
.list_index_names()
|
||||||
.await
|
.await
|
||||||
.unwrap();
|
.unwrap_or_default()
|
||||||
|
.contains(&"token".to_owned())
|
||||||
|
{
|
||||||
|
// Make sure all collections exist
|
||||||
|
let list = db.db().list_collection_names().await.unwrap();
|
||||||
|
let collections = ["accounts", "sessions", "invites", "mfa_tickets"];
|
||||||
|
|
||||||
|
for name in collections {
|
||||||
|
if !list.contains(&name.to_string()) {
|
||||||
|
db.db().create_collection(name).await.unwrap();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Setup index for `accounts`
|
||||||
|
let col = db.db().collection::<Document>("accounts");
|
||||||
|
col.drop_indexes().await.unwrap();
|
||||||
|
|
||||||
|
db.db()
|
||||||
|
.run_command(doc! {
|
||||||
|
"createIndexes": "accounts",
|
||||||
|
"indexes": [
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"email": 1
|
||||||
|
},
|
||||||
|
"name": "email",
|
||||||
|
"unique": true,
|
||||||
|
"collation": {
|
||||||
|
"locale": "en",
|
||||||
|
"strength": 2
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"email_normalised": 1
|
||||||
|
},
|
||||||
|
"name": "email_normalised",
|
||||||
|
"unique": true,
|
||||||
|
"collation": {
|
||||||
|
"locale": "en",
|
||||||
|
"strength": 2
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"verification.token": 1
|
||||||
|
},
|
||||||
|
"name": "email_verification"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"password_reset.token": 1
|
||||||
|
},
|
||||||
|
"name": "password_reset"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.unwrap();
|
||||||
|
|
||||||
|
// Setup index for `sessions`
|
||||||
|
let col = db.db().collection::<Document>("sessions");
|
||||||
|
col.drop_indexes().await.unwrap();
|
||||||
|
|
||||||
|
db.db()
|
||||||
|
.run_command(doc! {
|
||||||
|
"createIndexes": "sessions",
|
||||||
|
"indexes": [
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"token": 1
|
||||||
|
},
|
||||||
|
"name": "token",
|
||||||
|
"unique": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"user_id": 1
|
||||||
|
},
|
||||||
|
"name": "user_id"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.unwrap();
|
||||||
|
|
||||||
|
// Setup index for `mfa_tickets`
|
||||||
|
let col = db.db().collection::<Document>("mfa_tickets");
|
||||||
|
col.drop_indexes().await.unwrap();
|
||||||
|
|
||||||
|
db.db()
|
||||||
|
.run_command(doc! {
|
||||||
|
"createIndexes": "mfa_tickets",
|
||||||
|
"indexes": [
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"token": 1
|
||||||
|
},
|
||||||
|
"name": "token",
|
||||||
|
"unique": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.unwrap();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if revision <= 16 {
|
if revision <= 16 {
|
||||||
info!("Running migration [revision 16 / 07-07-2022]: Add `emojis` collection and Authifier migration.");
|
info!("Running migration [revision 16 / 07-07-2022]: Add `emojis` collection and Authifier migration.");
|
||||||
|
|
||||||
let authifier_db = authifier::Database::MongoDb(authifier::database::MongoDb(db.db()));
|
if !db
|
||||||
authifier_db
|
.db()
|
||||||
.run_migration(authifier::Migration::M2022_06_09AddIndexForDeletion)
|
.collection::<Document>("accounts")
|
||||||
|
.list_index_names()
|
||||||
.await
|
.await
|
||||||
.unwrap();
|
.expect("list of index names")
|
||||||
|
.contains(&"account_deletion".to_owned())
|
||||||
|
{
|
||||||
|
db.db()
|
||||||
|
.run_command(doc! {
|
||||||
|
"createIndexes": "accounts",
|
||||||
|
"indexes": [
|
||||||
|
{
|
||||||
|
"key": {
|
||||||
|
"deletion.token": 1
|
||||||
|
},
|
||||||
|
"name": "account_deletion"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.unwrap();
|
||||||
|
}
|
||||||
|
|
||||||
db.db()
|
db.db()
|
||||||
.create_collection("emojis")
|
.create_collection("emojis")
|
||||||
@@ -1085,7 +1211,7 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
|||||||
enum Channel {
|
enum Channel {
|
||||||
Group { owner: String },
|
Group { owner: String },
|
||||||
TextChannel { server: String },
|
TextChannel { server: String },
|
||||||
VoiceChannel { server: String }
|
VoiceChannel { server: String },
|
||||||
}
|
}
|
||||||
|
|
||||||
let webhooks = db
|
let webhooks = db
|
||||||
@@ -1099,7 +1225,12 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
|||||||
.await;
|
.await;
|
||||||
|
|
||||||
for webhook in webhooks {
|
for webhook in webhooks {
|
||||||
match db.col::<Channel>("channels").find_one(doc! { "_id": &webhook.channel_id }).await.unwrap() {
|
match db
|
||||||
|
.col::<Channel>("channels")
|
||||||
|
.find_one(doc! { "_id": &webhook.channel_id })
|
||||||
|
.await
|
||||||
|
.unwrap()
|
||||||
|
{
|
||||||
Some(channel) => {
|
Some(channel) => {
|
||||||
let creator_id = match channel {
|
let creator_id = match channel {
|
||||||
Channel::Group { owner, .. } => owner,
|
Channel::Group { owner, .. } => owner,
|
||||||
@@ -1141,10 +1272,51 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
|||||||
"Running migration [revision 32 / 12-05-2025]: (Authifier) Add last_seen to sessions."
|
"Running migration [revision 32 / 12-05-2025]: (Authifier) Add last_seen to sessions."
|
||||||
);
|
);
|
||||||
|
|
||||||
let db = authifier::Database::MongoDb(authifier::database::MongoDb(db.db()));
|
loop {
|
||||||
db.run_migration(authifier::Migration::M2025_02_20AddLastSeenToSession)
|
#[derive(Deserialize)]
|
||||||
.await
|
struct SessionId {
|
||||||
.unwrap();
|
_id: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
let sessions: Vec<SessionId> = db
|
||||||
|
.db()
|
||||||
|
.collection("sessions")
|
||||||
|
.find(doc! {
|
||||||
|
"$or": [
|
||||||
|
{ "last_seen": { "$exists": false } },
|
||||||
|
{ "last_seen": "1970-01-01T00:00:00.000Z" }
|
||||||
|
]
|
||||||
|
})
|
||||||
|
.limit(50_000) // about 400 batches for 2 million
|
||||||
|
.await
|
||||||
|
.expect("Failed to create cursor for sessions!")
|
||||||
|
.map(|doc| doc.expect("id and username"))
|
||||||
|
.collect()
|
||||||
|
.await;
|
||||||
|
|
||||||
|
if sessions.is_empty() {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
for session in sessions {
|
||||||
|
let timestamp = iso8601_timestamp::Timestamp::from(Ulid::from_string(&session._id).unwrap().datetime());
|
||||||
|
|
||||||
|
db.db()
|
||||||
|
.collection::<Document>("sessions")
|
||||||
|
.update_one(
|
||||||
|
doc! {
|
||||||
|
"_id": &session._id.to_string(),
|
||||||
|
},
|
||||||
|
doc! {
|
||||||
|
"$set": {
|
||||||
|
"last_seen": timestamp.format().to_string()
|
||||||
|
}
|
||||||
|
},
|
||||||
|
)
|
||||||
|
.await
|
||||||
|
.expect("Failed to update a session.");
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if revision <= 40 {
|
if revision <= 40 {
|
||||||
@@ -1240,7 +1412,7 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
|||||||
"channel_type": "TextChannel",
|
"channel_type": "TextChannel",
|
||||||
"voice": {}
|
"voice": {}
|
||||||
}
|
}
|
||||||
}
|
},
|
||||||
)
|
)
|
||||||
.await
|
.await
|
||||||
.expect("Failed to update voice channels");
|
.expect("Failed to update voice channels");
|
||||||
@@ -1292,10 +1464,7 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
|||||||
let mut doc = doc! {};
|
let mut doc = doc! {};
|
||||||
|
|
||||||
for id in server.roles.keys() {
|
for id in server.roles.keys() {
|
||||||
doc.insert(
|
doc.insert(format!("roles.{id}._id"), id);
|
||||||
format!("roles.{id}._id"),
|
|
||||||
id,
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
db.db()
|
db.db()
|
||||||
@@ -1306,6 +1475,21 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
if revision <= 50 {
|
||||||
|
info!("Running migration [revision 50 / 13-04-2026]: Rename invites collection to account_invites");
|
||||||
|
|
||||||
|
db.db()
|
||||||
|
.client()
|
||||||
|
.database("admin")
|
||||||
|
.run_command(doc! {
|
||||||
|
"renameCollection": "revolt.invites",
|
||||||
|
"to": "revolt.account_invites",
|
||||||
|
"dropTarget": true
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.unwrap();
|
||||||
|
}
|
||||||
|
|
||||||
// Reminder to update LATEST_REVISION when adding new migrations.
|
// Reminder to update LATEST_REVISION when adding new migrations.
|
||||||
LATEST_REVISION.max(revision)
|
LATEST_REVISION.max(revision)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -408,7 +408,10 @@ impl Channel {
|
|||||||
/// Check whether has a user as a recipient
|
/// Check whether has a user as a recipient
|
||||||
pub fn contains_user(&self, user_id: &str) -> bool {
|
pub fn contains_user(&self, user_id: &str) -> bool {
|
||||||
match self {
|
match self {
|
||||||
Channel::Group { recipients, .. } => recipients.contains(&String::from(user_id)),
|
Channel::Group { recipients, .. } | Channel::DirectMessage { recipients, .. } => {
|
||||||
|
recipients.iter().any(|recipient| recipient == user_id)
|
||||||
|
}
|
||||||
|
Channel::SavedMessages { user, .. } => user == user_id,
|
||||||
_ => false,
|
_ => false,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -416,7 +419,9 @@ impl Channel {
|
|||||||
/// Get list of recipients
|
/// Get list of recipients
|
||||||
pub fn users(&self) -> Result<Vec<String>> {
|
pub fn users(&self) -> Result<Vec<String>> {
|
||||||
match self {
|
match self {
|
||||||
Channel::Group { recipients, .. } => Ok(recipients.to_owned()),
|
Channel::Group { recipients, .. } | Channel::DirectMessage { recipients, .. } => {
|
||||||
|
Ok(recipients.to_owned())
|
||||||
|
}
|
||||||
_ => Err(create_error!(NotFound)),
|
_ => Err(create_error!(NotFound)),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
use crate::{revolt_result::Result, Channel, FieldsChannel, PartialChannel};
|
use crate::{Channel, FieldsChannel, PartialChannel, revolt_result::Result, util::ChunkedDatabaseGenerator};
|
||||||
use revolt_permissions::OverrideField;
|
use revolt_permissions::OverrideField;
|
||||||
|
|
||||||
#[cfg(feature = "mongodb")]
|
#[cfg(feature = "mongodb")]
|
||||||
@@ -19,6 +19,9 @@ pub trait AbstractChannels: Sync + Send {
|
|||||||
/// Fetch all direct messages for a user
|
/// Fetch all direct messages for a user
|
||||||
async fn find_direct_messages(&self, user_id: &str) -> Result<Vec<Channel>>;
|
async fn find_direct_messages(&self, user_id: &str) -> Result<Vec<Channel>>;
|
||||||
|
|
||||||
|
// Fetch all group dms for a user
|
||||||
|
async fn find_group_message_channels(&self, user_id: &str) -> Result<ChunkedDatabaseGenerator<Channel>>;
|
||||||
|
|
||||||
// Fetch saved messages channel
|
// Fetch saved messages channel
|
||||||
async fn find_saved_messages_channel(&self, user_id: &str) -> Result<Channel>;
|
async fn find_saved_messages_channel(&self, user_id: &str) -> Result<Channel>;
|
||||||
|
|
||||||
@@ -47,6 +50,9 @@ pub trait AbstractChannels: Sync + Send {
|
|||||||
// Remove a user from a group
|
// Remove a user from a group
|
||||||
async fn remove_user_from_group(&self, channel_id: &str, user_id: &str) -> Result<()>;
|
async fn remove_user_from_group(&self, channel_id: &str, user_id: &str) -> Result<()>;
|
||||||
|
|
||||||
|
// Remove a user from all specified groups
|
||||||
|
async fn remove_user_from_groups(&self, channel_ids: Vec<String>, user_id: &str) -> Result<()>;
|
||||||
|
|
||||||
// Delete a channel
|
// Delete a channel
|
||||||
async fn delete_channel(&self, channel_id: &Channel) -> Result<()>;
|
async fn delete_channel(&self, channel_id: &Channel) -> Result<()>;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,7 +1,8 @@
|
|||||||
use super::AbstractChannels;
|
use super::AbstractChannels;
|
||||||
use crate::{AbstractServers, Channel, FieldsChannel, IntoDocumentPath, MongoDb, PartialChannel};
|
use crate::{AbstractServers, Channel, FieldsChannel, IntoDocumentPath, MongoDb, PartialChannel, util::ChunkedDatabaseGenerator};
|
||||||
use bson::{Bson, Document};
|
use bson::{Bson, Document};
|
||||||
use futures::StreamExt;
|
use futures::StreamExt;
|
||||||
|
use mongodb::options::ReadConcern;
|
||||||
use revolt_permissions::OverrideField;
|
use revolt_permissions::OverrideField;
|
||||||
use revolt_result::Result;
|
use revolt_result::Result;
|
||||||
|
|
||||||
@@ -69,6 +70,32 @@ impl AbstractChannels for MongoDb {
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Fetch all group dms for a user
|
||||||
|
async fn find_group_message_channels(&self, user_id: &str) -> Result<ChunkedDatabaseGenerator<Channel>> {
|
||||||
|
let mut session = self
|
||||||
|
.start_session()
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_database_error!("start_session", COL))?;
|
||||||
|
|
||||||
|
session
|
||||||
|
.start_transaction()
|
||||||
|
.read_concern(ReadConcern::snapshot())
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_database_error!("start_transaction", COL))?;
|
||||||
|
|
||||||
|
let cursor = self.col(COL)
|
||||||
|
.find(doc! {
|
||||||
|
"channel_type": "Group",
|
||||||
|
"recipients": user_id
|
||||||
|
})
|
||||||
|
.session(&mut session)
|
||||||
|
.batch_size(100)
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_database_error!("find", COL))?;
|
||||||
|
|
||||||
|
Ok(ChunkedDatabaseGenerator::new_mongo(session, cursor))
|
||||||
|
}
|
||||||
|
|
||||||
// Fetch saved messages channel
|
// Fetch saved messages channel
|
||||||
async fn find_saved_messages_channel(&self, user_id: &str) -> Result<Channel> {
|
async fn find_saved_messages_channel(&self, user_id: &str) -> Result<Channel> {
|
||||||
query!(
|
query!(
|
||||||
@@ -180,13 +207,29 @@ impl AbstractChannels for MongoDb {
|
|||||||
.map_err(|_| create_database_error!("update_one", "channels"))
|
.map_err(|_| create_database_error!("update_one", "channels"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Remove a user from all specified groups
|
||||||
|
async fn remove_user_from_groups(&self, channel_ids: Vec<String>, user_id: &str) -> Result<()> {
|
||||||
|
self.col::<Document>(COL)
|
||||||
|
.update_many(
|
||||||
|
doc! {
|
||||||
|
"_id": { "$in": channel_ids },
|
||||||
|
},
|
||||||
|
doc! {
|
||||||
|
"$pull": {
|
||||||
|
"recipients": user_id
|
||||||
|
}
|
||||||
|
},
|
||||||
|
)
|
||||||
|
.await
|
||||||
|
.map(|_| ())
|
||||||
|
.map_err(|_| create_database_error!("update_many", COL))
|
||||||
|
}
|
||||||
|
|
||||||
// Delete a channel
|
// Delete a channel
|
||||||
async fn delete_channel(&self, channel: &Channel) -> Result<()> {
|
async fn delete_channel(&self, channel: &Channel) -> Result<()> {
|
||||||
let id = channel.id().to_string();
|
let id = channel.id().to_string();
|
||||||
let server_id = match channel {
|
let server_id = match channel {
|
||||||
Channel::TextChannel { server, .. } => {
|
Channel::TextChannel { server, .. } => Some(server),
|
||||||
Some(server)
|
|
||||||
}
|
|
||||||
_ => None,
|
_ => None,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ use std::collections::hash_map::Entry;
|
|||||||
|
|
||||||
use super::AbstractChannels;
|
use super::AbstractChannels;
|
||||||
use crate::ReferenceDb;
|
use crate::ReferenceDb;
|
||||||
|
use crate::util::ChunkedDatabaseGenerator;
|
||||||
use crate::{Channel, FieldsChannel, PartialChannel};
|
use crate::{Channel, FieldsChannel, PartialChannel};
|
||||||
use revolt_permissions::OverrideField;
|
use revolt_permissions::OverrideField;
|
||||||
use revolt_result::Result;
|
use revolt_result::Result;
|
||||||
@@ -51,6 +52,23 @@ impl AbstractChannels for ReferenceDb {
|
|||||||
.collect())
|
.collect())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Fetch all group dms for a user
|
||||||
|
async fn find_group_message_channels(&self, user_id: &str) -> Result<ChunkedDatabaseGenerator<Channel>> {
|
||||||
|
let channels = self.channels.lock().await;
|
||||||
|
let groups = channels
|
||||||
|
.values()
|
||||||
|
.filter(|channel| match channel {
|
||||||
|
Channel::Group { recipients, .. } => {
|
||||||
|
recipients.iter().any(|recipient| recipient == user_id)
|
||||||
|
}
|
||||||
|
_ => false,
|
||||||
|
})
|
||||||
|
.cloned()
|
||||||
|
.collect();
|
||||||
|
|
||||||
|
Ok(ChunkedDatabaseGenerator::new_reference(groups))
|
||||||
|
}
|
||||||
|
|
||||||
// Fetch saved messages channel
|
// Fetch saved messages channel
|
||||||
async fn find_saved_messages_channel(&self, user_id: &str) -> Result<Channel> {
|
async fn find_saved_messages_channel(&self, user_id: &str) -> Result<Channel> {
|
||||||
let channels = self.channels.lock().await;
|
let channels = self.channels.lock().await;
|
||||||
@@ -131,9 +149,9 @@ impl AbstractChannels for ReferenceDb {
|
|||||||
// Remove a user from a group
|
// Remove a user from a group
|
||||||
async fn remove_user_from_group(&self, channel: &str, user: &str) -> Result<()> {
|
async fn remove_user_from_group(&self, channel: &str, user: &str) -> Result<()> {
|
||||||
let mut channels = self.channels.lock().await;
|
let mut channels = self.channels.lock().await;
|
||||||
if let Some(channel_data) = channels.get_mut(channel) {
|
if let Some(Channel::Group { recipients, .. }) = channels.get_mut(channel) {
|
||||||
if channel_data.users()?.contains(&String::from(user)) {
|
if let Some(index) = recipients.iter().position(|recipient| recipient == user) {
|
||||||
channel_data.users()?.retain(|x| x != user);
|
recipients.remove(index);
|
||||||
return Ok(());
|
return Ok(());
|
||||||
} else {
|
} else {
|
||||||
return Err(create_error!(NotFound));
|
return Err(create_error!(NotFound));
|
||||||
@@ -142,6 +160,19 @@ impl AbstractChannels for ReferenceDb {
|
|||||||
Err(create_error!(NotFound))
|
Err(create_error!(NotFound))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Remove a user from all specified groups
|
||||||
|
async fn remove_user_from_groups(&self, channel_ids: Vec<String>, user_id: &str) -> Result<()> {
|
||||||
|
let mut channels = self.channels.lock().await;
|
||||||
|
|
||||||
|
for channel_id in channel_ids {
|
||||||
|
if let Some(Channel::Group { recipients, .. }) = channels.get_mut(&channel_id) {
|
||||||
|
recipients.retain(|recipient| recipient != user_id);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
// Delete a channel
|
// Delete a channel
|
||||||
async fn delete_channel(&self, channel: &Channel) -> Result<()> {
|
async fn delete_channel(&self, channel: &Channel) -> Result<()> {
|
||||||
let mut channels = self.channels.lock().await;
|
let mut channels = self.channels.lock().await;
|
||||||
|
|||||||
@@ -50,4 +50,6 @@ pub trait AbstractMessages: Sync + Send {
|
|||||||
author: &str,
|
author: &str,
|
||||||
since: SystemTime
|
since: SystemTime
|
||||||
) -> Result<HashMap<String, Vec<String>>>;
|
) -> Result<HashMap<String, Vec<String>>>;
|
||||||
|
|
||||||
|
async fn delete_messages_by_user(&self, user_id: &str) -> Result<()>;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -416,6 +416,12 @@ impl AbstractMessages for MongoDb {
|
|||||||
|
|
||||||
Ok(deleted_messages)
|
Ok(deleted_messages)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async fn delete_messages_by_user(&self, user_id: &str) -> Result<()> {
|
||||||
|
self.delete_bulk_messages(doc! {
|
||||||
|
"author": user_id,
|
||||||
|
}).await
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl IntoDocumentPath for FieldsMessage {
|
impl IntoDocumentPath for FieldsMessage {
|
||||||
|
|||||||
@@ -1,10 +1,13 @@
|
|||||||
use std::collections::HashMap;
|
use crate::{
|
||||||
|
AppendMessage, FieldsMessage, Message, MessageQuery,
|
||||||
|
PartialMessage, ReferenceDb,
|
||||||
|
};
|
||||||
use futures::future::try_join_all;
|
use futures::future::try_join_all;
|
||||||
use indexmap::IndexSet;
|
use indexmap::IndexSet;
|
||||||
use revolt_result::Result;
|
use revolt_result::Result;
|
||||||
|
use std::collections::HashMap;
|
||||||
use std::time::SystemTime;
|
use std::time::SystemTime;
|
||||||
use ulid::Ulid;
|
use ulid::Ulid;
|
||||||
use crate::{AppendMessage, FieldsMessage, Message, MessageQuery, PartialMessage, ReferenceDb};
|
|
||||||
|
|
||||||
use super::AbstractMessages;
|
use super::AbstractMessages;
|
||||||
|
|
||||||
@@ -60,7 +63,7 @@ impl AbstractMessages for ReferenceDb {
|
|||||||
|
|
||||||
if let Some(pinned) = query.filter.pinned {
|
if let Some(pinned) = query.filter.pinned {
|
||||||
if message.pinned.unwrap_or_default() == pinned {
|
if message.pinned.unwrap_or_default() == pinned {
|
||||||
return false
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -191,7 +194,12 @@ impl AbstractMessages for ReferenceDb {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Update a given message with new information
|
/// Update a given message with new information
|
||||||
async fn update_message(&self, id: &str, message: &PartialMessage, remove: Vec<FieldsMessage>) -> Result<()> {
|
async fn update_message(
|
||||||
|
&self,
|
||||||
|
id: &str,
|
||||||
|
message: &PartialMessage,
|
||||||
|
remove: Vec<FieldsMessage>,
|
||||||
|
) -> Result<()> {
|
||||||
let mut messages = self.messages.lock().await;
|
let mut messages = self.messages.lock().await;
|
||||||
if let Some(message_data) = messages.get_mut(id) {
|
if let Some(message_data) = messages.get_mut(id) {
|
||||||
message_data.apply_options(message.to_owned());
|
message_data.apply_options(message.to_owned());
|
||||||
@@ -294,7 +302,7 @@ impl AbstractMessages for ReferenceDb {
|
|||||||
&self,
|
&self,
|
||||||
channels: &[String],
|
channels: &[String],
|
||||||
author: &str,
|
author: &str,
|
||||||
since: SystemTime
|
since: SystemTime,
|
||||||
) -> Result<HashMap<String, Vec<String>>> {
|
) -> Result<HashMap<String, Vec<String>>> {
|
||||||
let threshold_ulid = Ulid::from_datetime(since).to_string();
|
let threshold_ulid = Ulid::from_datetime(since).to_string();
|
||||||
let mut deleted_messages: HashMap<String, Vec<String>> = HashMap::new();
|
let mut deleted_messages: HashMap<String, Vec<String>> = HashMap::new();
|
||||||
@@ -335,16 +343,23 @@ impl AbstractMessages for ReferenceDb {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Delete the messages
|
// Delete the messages
|
||||||
self.messages
|
self.messages.lock().await.retain(|id, message| {
|
||||||
.lock()
|
let should_keep = !(message.author == author
|
||||||
.await
|
&& channels.contains(&message.channel)
|
||||||
.retain(|id, message| {
|
&& id.as_str() >= threshold_ulid.as_str());
|
||||||
let should_keep = !(message.author == author
|
should_keep
|
||||||
&& channels.contains(&message.channel)
|
});
|
||||||
&& id.as_str() >= threshold_ulid.as_str());
|
|
||||||
should_keep
|
|
||||||
});
|
|
||||||
|
|
||||||
Ok(deleted_messages)
|
Ok(deleted_messages)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async fn delete_messages_by_user(&self, user_id: &str) -> Result<()> {
|
||||||
|
let mut messages = self.messages.lock().await;
|
||||||
|
|
||||||
|
messages.retain(|_, message| message.author != user_id);
|
||||||
|
|
||||||
|
// TODO: remove attachments as well
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
67
crates/core/database/src/models/mfa_tickets/axum.rs
Normal file
67
crates/core/database/src/models/mfa_tickets/axum.rs
Normal file
@@ -0,0 +1,67 @@
|
|||||||
|
use axum::{
|
||||||
|
extract::{FromRef, FromRequestParts},
|
||||||
|
http::request::Parts,
|
||||||
|
};
|
||||||
|
|
||||||
|
use revolt_result::{Error, Result};
|
||||||
|
|
||||||
|
use crate::{Database, MFATicket, UnvalidatedTicket, ValidatedTicket};
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
impl<S> FromRequestParts<S> for MFATicket
|
||||||
|
where
|
||||||
|
Database: FromRef<S>,
|
||||||
|
S: Send + Sync,
|
||||||
|
{
|
||||||
|
type Rejection = Error;
|
||||||
|
|
||||||
|
async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self> {
|
||||||
|
let db = Database::from_ref(state);
|
||||||
|
|
||||||
|
if let Some(Ok(token)) = parts.headers.get("x-mfa-ticket").map(|v| v.to_str()) {
|
||||||
|
db.fetch_ticket_by_token(token).await
|
||||||
|
} else {
|
||||||
|
Err(create_error!(MissingHeaders))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
impl<S> FromRequestParts<S> for ValidatedTicket
|
||||||
|
where
|
||||||
|
Database: FromRef<S>,
|
||||||
|
S: Send + Sync,
|
||||||
|
{
|
||||||
|
type Rejection = Error;
|
||||||
|
|
||||||
|
async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self> {
|
||||||
|
let db = Database::from_ref(state);
|
||||||
|
|
||||||
|
let ticket = MFATicket::from_request_parts(parts, state).await?;
|
||||||
|
|
||||||
|
if ticket.validated && ticket.claim(&db).await.is_ok() {
|
||||||
|
Ok(ValidatedTicket(ticket))
|
||||||
|
} else {
|
||||||
|
Err(create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
impl<S> FromRequestParts<S> for UnvalidatedTicket
|
||||||
|
where
|
||||||
|
Database: FromRef<S>,
|
||||||
|
S: Send + Sync,
|
||||||
|
{
|
||||||
|
type Rejection = Error;
|
||||||
|
|
||||||
|
async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self> {
|
||||||
|
let ticket = MFATicket::from_request_parts(parts, state).await?;
|
||||||
|
|
||||||
|
if !ticket.validated {
|
||||||
|
Ok(UnvalidatedTicket(ticket))
|
||||||
|
} else {
|
||||||
|
Err(create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
11
crates/core/database/src/models/mfa_tickets/mod.rs
Normal file
11
crates/core/database/src/models/mfa_tickets/mod.rs
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
#[cfg(feature = "axum-impl")]
|
||||||
|
mod axum;
|
||||||
|
mod model;
|
||||||
|
mod ops;
|
||||||
|
#[cfg(feature = "rocket-impl")]
|
||||||
|
mod rocket;
|
||||||
|
#[cfg(feature = "rocket-impl")]
|
||||||
|
mod schema;
|
||||||
|
|
||||||
|
pub use model::*;
|
||||||
|
pub use ops::*;
|
||||||
105
crates/core/database/src/models/mfa_tickets/model.rs
Normal file
105
crates/core/database/src/models/mfa_tickets/model.rs
Normal file
@@ -0,0 +1,105 @@
|
|||||||
|
use iso8601_timestamp::{Duration, Timestamp};
|
||||||
|
use std::ops::Deref;
|
||||||
|
|
||||||
|
use nanoid::nanoid;
|
||||||
|
use revolt_result::Result;
|
||||||
|
|
||||||
|
use crate::{Database, MultiFactorAuthentication};
|
||||||
|
|
||||||
|
auto_derived_partial!(
|
||||||
|
/// Multi-factor auth ticket
|
||||||
|
pub struct MFATicket {
|
||||||
|
/// Unique Id
|
||||||
|
#[serde(rename = "_id")]
|
||||||
|
pub id: String,
|
||||||
|
|
||||||
|
/// Account Id
|
||||||
|
pub account_id: String,
|
||||||
|
|
||||||
|
/// Unique Token
|
||||||
|
pub token: String,
|
||||||
|
|
||||||
|
/// Whether this ticket has been validated
|
||||||
|
/// (can be used for account actions)
|
||||||
|
pub validated: bool,
|
||||||
|
|
||||||
|
/// Whether this ticket is authorised
|
||||||
|
/// (can be used to log a user in)
|
||||||
|
pub authorised: bool,
|
||||||
|
|
||||||
|
/// TOTP code at time of ticket creation
|
||||||
|
pub last_totp_code: Option<String>,
|
||||||
|
},
|
||||||
|
"PartialMFATicket"
|
||||||
|
);
|
||||||
|
|
||||||
|
/// Ticket which is guaranteed to be valid for use
|
||||||
|
///
|
||||||
|
/// If used in a Rocket guard, it will be consumed on match
|
||||||
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
|
pub struct ValidatedTicket(pub MFATicket);
|
||||||
|
|
||||||
|
/// Ticket which is guaranteed to not be valid for use
|
||||||
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
|
pub struct UnvalidatedTicket(pub MFATicket);
|
||||||
|
|
||||||
|
impl MFATicket {
|
||||||
|
/// Create a new MFA ticket
|
||||||
|
pub fn new(account_id: String, validated: bool) -> MFATicket {
|
||||||
|
MFATicket {
|
||||||
|
id: ulid::Ulid::new().to_string(),
|
||||||
|
account_id,
|
||||||
|
token: nanoid!(64),
|
||||||
|
validated,
|
||||||
|
authorised: false,
|
||||||
|
last_totp_code: None,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Populate an MFA ticket with valid MFA codes
|
||||||
|
pub async fn populate(&mut self, mfa: &MultiFactorAuthentication) {
|
||||||
|
self.last_totp_code = mfa.totp_token.generate_code().ok();
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Save model
|
||||||
|
pub async fn save(&self, db: &Database) -> Result<()> {
|
||||||
|
db.save_ticket(self).await
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Check if this MFA ticket has expired
|
||||||
|
pub fn is_expired(&self) -> bool {
|
||||||
|
let now = Timestamp::now_utc();
|
||||||
|
|
||||||
|
let datetime: Timestamp = ulid::Ulid::from_string(&self.id)
|
||||||
|
.expect("Valid `ulid`")
|
||||||
|
.datetime()
|
||||||
|
.into();
|
||||||
|
|
||||||
|
now > (datetime.checked_add(Duration::minutes(5)).unwrap())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Claim and remove this MFA ticket
|
||||||
|
pub async fn claim(&self, db: &Database) -> Result<()> {
|
||||||
|
if self.is_expired() {
|
||||||
|
return Err(create_error!(InvalidToken));
|
||||||
|
}
|
||||||
|
|
||||||
|
db.delete_ticket(&self.id).await
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Deref for ValidatedTicket {
|
||||||
|
type Target = MFATicket;
|
||||||
|
|
||||||
|
fn deref(&self) -> &Self::Target {
|
||||||
|
&self.0
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Deref for UnvalidatedTicket {
|
||||||
|
type Target = MFATicket;
|
||||||
|
|
||||||
|
fn deref(&self) -> &Self::Target {
|
||||||
|
&self.0
|
||||||
|
}
|
||||||
|
}
|
||||||
22
crates/core/database/src/models/mfa_tickets/ops.rs
Normal file
22
crates/core/database/src/models/mfa_tickets/ops.rs
Normal file
@@ -0,0 +1,22 @@
|
|||||||
|
use revolt_result::Result;
|
||||||
|
|
||||||
|
use crate::MFATicket;
|
||||||
|
|
||||||
|
#[cfg(feature = "mongodb")]
|
||||||
|
mod mongodb;
|
||||||
|
mod reference;
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
pub trait AbstractMFATickets: Sync + Send {
|
||||||
|
/// Find ticket by token
|
||||||
|
async fn fetch_ticket_by_token(&self, token: &str) -> Result<MFATicket>;
|
||||||
|
|
||||||
|
/// Save ticket
|
||||||
|
async fn save_ticket(&self, ticket: &MFATicket) -> Result<()>;
|
||||||
|
|
||||||
|
/// Delete ticket
|
||||||
|
async fn delete_ticket(&self, id: &str) -> Result<()>;
|
||||||
|
|
||||||
|
/// Delete all expired tickets
|
||||||
|
async fn delete_expired_tickets(&self) -> Result<usize>;
|
||||||
|
}
|
||||||
67
crates/core/database/src/models/mfa_tickets/ops/mongodb.rs
Normal file
67
crates/core/database/src/models/mfa_tickets/ops/mongodb.rs
Normal file
@@ -0,0 +1,67 @@
|
|||||||
|
use std::time::{Duration, SystemTime};
|
||||||
|
|
||||||
|
use crate::{AbstractMFATickets, MFATicket, MongoDb};
|
||||||
|
use bson::{to_document, Document};
|
||||||
|
use iso8601_timestamp::Timestamp;
|
||||||
|
use mongodb::options::UpdateOptions;
|
||||||
|
use revolt_result::Result;
|
||||||
|
use ulid::Ulid;
|
||||||
|
|
||||||
|
const COL: &str = "mfa_tickets";
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
impl AbstractMFATickets for MongoDb {
|
||||||
|
/// Find ticket by token
|
||||||
|
///
|
||||||
|
/// Ticket is only valid for 5 minute
|
||||||
|
async fn fetch_ticket_by_token(&self, token: &str) -> Result<MFATicket> {
|
||||||
|
let ticket: MFATicket = query!(self, find_one, COL, doc! { "token": token })?
|
||||||
|
.ok_or_else(|| create_error!(InvalidToken))?;
|
||||||
|
|
||||||
|
if let Ok(ulid) = Ulid::from_string(&ticket.id) {
|
||||||
|
if Timestamp::from(ulid.datetime() + Duration::from_mins(5)) > Timestamp::now_utc() {
|
||||||
|
Ok(ticket)
|
||||||
|
} else {
|
||||||
|
Err(create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Err(create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Save ticket
|
||||||
|
async fn save_ticket(&self, ticket: &MFATicket) -> Result<()> {
|
||||||
|
self.col::<MFATicket>(COL)
|
||||||
|
.update_one(
|
||||||
|
doc! {
|
||||||
|
"_id": &ticket.id
|
||||||
|
},
|
||||||
|
doc! {
|
||||||
|
"$set": to_document(ticket).map_err(|_| create_database_error!("to_document", COL))?,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
.with_options(UpdateOptions::builder().upsert(true).build())
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_database_error!("upsert_one", COL))
|
||||||
|
.map(|_| ())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Delete ticket
|
||||||
|
async fn delete_ticket(&self, id: &str) -> Result<()> {
|
||||||
|
query!(self, delete_one_by_id, COL, id).map(|_| ())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Delete all expired tickets
|
||||||
|
async fn delete_expired_tickets(&self) -> Result<usize> {
|
||||||
|
let threshhold =
|
||||||
|
Ulid::from_datetime(SystemTime::now() - Duration::from_mins(5)).to_string();
|
||||||
|
|
||||||
|
self.col::<Document>(COL)
|
||||||
|
.delete_many(doc! {
|
||||||
|
"_id": { "$lt": threshhold }
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_database_error!("delete_many", COL))
|
||||||
|
.map(|result| result.deleted_count as usize)
|
||||||
|
}
|
||||||
|
}
|
||||||
57
crates/core/database/src/models/mfa_tickets/ops/reference.rs
Normal file
57
crates/core/database/src/models/mfa_tickets/ops/reference.rs
Normal file
@@ -0,0 +1,57 @@
|
|||||||
|
use std::time::{Duration, SystemTime};
|
||||||
|
|
||||||
|
use crate::{AbstractMFATickets, MFATicket, ReferenceDb};
|
||||||
|
use iso8601_timestamp::Timestamp;
|
||||||
|
use revolt_result::Result;
|
||||||
|
use ulid::Ulid;
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
impl AbstractMFATickets for ReferenceDb {
|
||||||
|
/// Find ticket by token
|
||||||
|
async fn fetch_ticket_by_token(&self, token: &str) -> Result<MFATicket> {
|
||||||
|
let tickets = self.tickets.lock().await;
|
||||||
|
let ticket = tickets
|
||||||
|
.values()
|
||||||
|
.find(|ticket| ticket.token == token)
|
||||||
|
.ok_or_else(|| create_error!(InvalidToken))?;
|
||||||
|
|
||||||
|
if let Ok(ulid) = Ulid::from_string(&ticket.id) {
|
||||||
|
if Timestamp::from(ulid.datetime() + Duration::from_mins(5)) > Timestamp::now_utc() {
|
||||||
|
Ok(ticket.clone())
|
||||||
|
} else {
|
||||||
|
Err(create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Err(create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Save ticket
|
||||||
|
async fn save_ticket(&self, ticket: &MFATicket) -> Result<()> {
|
||||||
|
let mut tickets = self.tickets.lock().await;
|
||||||
|
tickets.insert(ticket.id.to_string(), ticket.clone());
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Delete ticket
|
||||||
|
async fn delete_ticket(&self, id: &str) -> Result<()> {
|
||||||
|
let mut tickets = self.tickets.lock().await;
|
||||||
|
if tickets.remove(id).is_some() {
|
||||||
|
Ok(())
|
||||||
|
} else {
|
||||||
|
Err(create_error!(InvalidToken))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Delete all expired tickets
|
||||||
|
async fn delete_expired_tickets(&self) -> Result<usize> {
|
||||||
|
let threshhold =
|
||||||
|
Ulid::from_datetime(SystemTime::now() - Duration::from_mins(5)).to_string();
|
||||||
|
let mut tickets = self.tickets.lock().await;
|
||||||
|
|
||||||
|
let before = tickets.len();
|
||||||
|
tickets.retain(|_, ticket| ticket.id >= threshhold);
|
||||||
|
|
||||||
|
Ok(before - tickets.len())
|
||||||
|
}
|
||||||
|
}
|
||||||
81
crates/core/database/src/models/mfa_tickets/rocket.rs
Normal file
81
crates/core/database/src/models/mfa_tickets/rocket.rs
Normal file
@@ -0,0 +1,81 @@
|
|||||||
|
use crate::{Database, MFATicket, UnvalidatedTicket, ValidatedTicket};
|
||||||
|
use revolt_result::Error;
|
||||||
|
use rocket::{
|
||||||
|
http::Status,
|
||||||
|
outcome::Outcome,
|
||||||
|
request::{self, FromRequest},
|
||||||
|
Request,
|
||||||
|
};
|
||||||
|
|
||||||
|
#[rocket::async_trait]
|
||||||
|
impl<'r> FromRequest<'r> for MFATicket {
|
||||||
|
type Error = Error;
|
||||||
|
|
||||||
|
#[allow(clippy::collapsible_match)]
|
||||||
|
async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
|
||||||
|
if let Some(header_mfa_ticket) = request.headers().get("x-mfa-ticket").next() {
|
||||||
|
if let Ok(ticket) = request
|
||||||
|
.rocket()
|
||||||
|
.state::<Database>()
|
||||||
|
.expect("`Database`")
|
||||||
|
.fetch_ticket_by_token(header_mfa_ticket)
|
||||||
|
.await
|
||||||
|
{
|
||||||
|
Outcome::Success(ticket)
|
||||||
|
} else {
|
||||||
|
Outcome::Error((Status::Unauthorized, create_error!(InvalidToken)))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Outcome::Error((Status::Unauthorized, create_error!(MissingHeaders)))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[rocket::async_trait]
|
||||||
|
impl<'r> FromRequest<'r> for ValidatedTicket {
|
||||||
|
type Error = Error;
|
||||||
|
|
||||||
|
#[allow(clippy::collapsible_match)]
|
||||||
|
async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
|
||||||
|
match request.guard::<MFATicket>().await {
|
||||||
|
Outcome::Success(ticket) => {
|
||||||
|
if ticket.validated {
|
||||||
|
let db = request
|
||||||
|
.rocket()
|
||||||
|
.state::<Database>()
|
||||||
|
.expect("`Database`");
|
||||||
|
|
||||||
|
if ticket.claim(db).await.is_ok() {
|
||||||
|
Outcome::Success(ValidatedTicket(ticket))
|
||||||
|
} else {
|
||||||
|
Outcome::Error((Status::Forbidden, create_error!(InvalidToken)))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Outcome::Error((Status::Forbidden, create_error!(InvalidToken)))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Outcome::Forward(f) => Outcome::Forward(f),
|
||||||
|
Outcome::Error(err) => Outcome::Error(err),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[rocket::async_trait]
|
||||||
|
impl<'r> FromRequest<'r> for UnvalidatedTicket {
|
||||||
|
type Error = Error;
|
||||||
|
|
||||||
|
#[allow(clippy::collapsible_match)]
|
||||||
|
async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
|
||||||
|
match request.guard::<MFATicket>().await {
|
||||||
|
Outcome::Success(ticket) => {
|
||||||
|
if !ticket.validated {
|
||||||
|
Outcome::Success(UnvalidatedTicket(ticket))
|
||||||
|
} else {
|
||||||
|
Outcome::Error((Status::Forbidden, create_error!(InvalidToken)))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Outcome::Forward(f) => Outcome::Forward(f),
|
||||||
|
Outcome::Error(err) => Outcome::Error(err),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
80
crates/core/database/src/models/mfa_tickets/schema.rs
Normal file
80
crates/core/database/src/models/mfa_tickets/schema.rs
Normal file
@@ -0,0 +1,80 @@
|
|||||||
|
use revolt_okapi::openapi3::{SecurityScheme, SecuritySchemeData};
|
||||||
|
use revolt_rocket_okapi::{
|
||||||
|
gen::OpenApiGenerator,
|
||||||
|
request::{OpenApiFromRequest, RequestHeaderInput},
|
||||||
|
};
|
||||||
|
|
||||||
|
use crate::{MFATicket, ValidatedTicket, UnvalidatedTicket};
|
||||||
|
|
||||||
|
|
||||||
|
impl<'r> OpenApiFromRequest<'r> for MFATicket {
|
||||||
|
fn from_request_input(
|
||||||
|
_gen: &mut OpenApiGenerator,
|
||||||
|
_name: String,
|
||||||
|
_required: bool,
|
||||||
|
) -> revolt_rocket_okapi::Result<RequestHeaderInput> {
|
||||||
|
let mut requirements = schemars::Map::new();
|
||||||
|
requirements.insert("MFA Ticket".to_owned(), vec![]);
|
||||||
|
|
||||||
|
Ok(RequestHeaderInput::Security(
|
||||||
|
"MFA Ticket".to_owned(),
|
||||||
|
SecurityScheme {
|
||||||
|
data: SecuritySchemeData::ApiKey {
|
||||||
|
name: "x-mfa-ticket".to_owned(),
|
||||||
|
location: "header".to_owned(),
|
||||||
|
},
|
||||||
|
description: Some("Used to authorise a request.".to_owned()),
|
||||||
|
extensions: schemars::Map::new(),
|
||||||
|
},
|
||||||
|
requirements,
|
||||||
|
))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<'r> OpenApiFromRequest<'r> for ValidatedTicket {
|
||||||
|
fn from_request_input(
|
||||||
|
_gen: &mut OpenApiGenerator,
|
||||||
|
_name: String,
|
||||||
|
_required: bool,
|
||||||
|
) -> revolt_rocket_okapi::Result<RequestHeaderInput> {
|
||||||
|
let mut requirements = schemars::Map::new();
|
||||||
|
requirements.insert("Valid MFA Ticket".to_owned(), vec![]);
|
||||||
|
|
||||||
|
Ok(RequestHeaderInput::Security(
|
||||||
|
"Valid MFA Ticket".to_owned(),
|
||||||
|
SecurityScheme {
|
||||||
|
data: SecuritySchemeData::ApiKey {
|
||||||
|
name: "x-mfa-ticket".to_owned(),
|
||||||
|
location: "header".to_owned(),
|
||||||
|
},
|
||||||
|
description: Some("Used to authorise a request.".to_owned()),
|
||||||
|
extensions: schemars::Map::new(),
|
||||||
|
},
|
||||||
|
requirements,
|
||||||
|
))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<'r> OpenApiFromRequest<'r> for UnvalidatedTicket {
|
||||||
|
fn from_request_input(
|
||||||
|
_gen: &mut OpenApiGenerator,
|
||||||
|
_name: String,
|
||||||
|
_required: bool,
|
||||||
|
) -> revolt_rocket_okapi::Result<RequestHeaderInput> {
|
||||||
|
let mut requirements = schemars::Map::new();
|
||||||
|
requirements.insert("Unvalidated MFA Ticket".to_owned(), vec![]);
|
||||||
|
|
||||||
|
Ok(RequestHeaderInput::Security(
|
||||||
|
"Unvalidated MFA Ticket".to_owned(),
|
||||||
|
SecurityScheme {
|
||||||
|
data: SecuritySchemeData::ApiKey {
|
||||||
|
name: "x-mfa-ticket".to_owned(),
|
||||||
|
location: "header".to_owned(),
|
||||||
|
},
|
||||||
|
description: Some("Used to authorise a request.".to_owned()),
|
||||||
|
extensions: schemars::Map::new(),
|
||||||
|
},
|
||||||
|
requirements,
|
||||||
|
))
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -17,6 +17,10 @@ mod server_members;
|
|||||||
mod servers;
|
mod servers;
|
||||||
mod user_settings;
|
mod user_settings;
|
||||||
mod users;
|
mod users;
|
||||||
|
mod accounts;
|
||||||
|
mod account_invites;
|
||||||
|
mod sessions;
|
||||||
|
mod mfa_tickets;
|
||||||
|
|
||||||
pub use admin_migrations::*;
|
pub use admin_migrations::*;
|
||||||
pub use bots::*;
|
pub use bots::*;
|
||||||
@@ -37,6 +41,10 @@ pub use server_members::*;
|
|||||||
pub use servers::*;
|
pub use servers::*;
|
||||||
pub use user_settings::*;
|
pub use user_settings::*;
|
||||||
pub use users::*;
|
pub use users::*;
|
||||||
|
pub use accounts::*;
|
||||||
|
pub use account_invites::*;
|
||||||
|
pub use sessions::*;
|
||||||
|
pub use mfa_tickets::*;
|
||||||
|
|
||||||
use crate::{Database, ReferenceDb};
|
use crate::{Database, ReferenceDb};
|
||||||
|
|
||||||
@@ -65,6 +73,10 @@ pub trait AbstractDatabase:
|
|||||||
+ servers::AbstractServers
|
+ servers::AbstractServers
|
||||||
+ user_settings::AbstractUserSettings
|
+ user_settings::AbstractUserSettings
|
||||||
+ users::AbstractUsers
|
+ users::AbstractUsers
|
||||||
|
+ accounts::AbstractAccounts
|
||||||
|
+ account_invites::AbstractAccountInvites
|
||||||
|
+ sessions::AbstractSessions
|
||||||
|
+ mfa_tickets::AbstractMFATickets
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -129,4 +129,7 @@ pub trait AbstractServerMembers: Sync + Send {
|
|||||||
|
|
||||||
/// Fetch all members who have been marked for deletion.
|
/// Fetch all members who have been marked for deletion.
|
||||||
async fn remove_dangling_members(&self) -> Result<()>;
|
async fn remove_dangling_members(&self) -> Result<()>;
|
||||||
|
|
||||||
|
/// Removes a user from every server they are in
|
||||||
|
async fn clear_memberships(&self, user_id: &str) -> Result<()>;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -326,6 +326,17 @@ impl AbstractServerMembers for MongoDb {
|
|||||||
.map(|_| ())
|
.map(|_| ())
|
||||||
.map_err(|_| create_database_error!("count_documents", COL))
|
.map_err(|_| create_database_error!("count_documents", COL))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Removes a user from every server they are in
|
||||||
|
///
|
||||||
|
/// **This should only be used for account deletion.**
|
||||||
|
async fn clear_memberships(&self, user_id: &str) -> Result<()> {
|
||||||
|
self.col::<Member>(COL)
|
||||||
|
.delete_many(doc! { "_id.user": user_id })
|
||||||
|
.await
|
||||||
|
.map(|_| ())
|
||||||
|
.map_err(|_| create_database_error!("delete_many", COL))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl IntoDocumentPath for FieldsMember {
|
impl IntoDocumentPath for FieldsMember {
|
||||||
|
|||||||
@@ -200,4 +200,13 @@ impl AbstractServerMembers for ReferenceDb {
|
|||||||
async fn remove_dangling_members(&self) -> Result<()> {
|
async fn remove_dangling_members(&self) -> Result<()> {
|
||||||
todo!()
|
todo!()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Removes a user from every server they are in
|
||||||
|
async fn clear_memberships(&self, user_id: &str) -> Result<()> {
|
||||||
|
let mut server_members = self.server_members.lock().await;
|
||||||
|
|
||||||
|
server_members.retain(|_, v| v.id.user != user_id);
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -17,6 +17,8 @@ pub trait AbstractServers: Sync + Send {
|
|||||||
/// Fetch a servers by their ids
|
/// Fetch a servers by their ids
|
||||||
async fn fetch_servers<'a>(&self, ids: &'a [String]) -> Result<Vec<Server>>;
|
async fn fetch_servers<'a>(&self, ids: &'a [String]) -> Result<Vec<Server>>;
|
||||||
|
|
||||||
|
async fn fetch_owned_servers(&self, user_id: &str) -> Result<Vec<Server>>;
|
||||||
|
|
||||||
/// Update a server with new information
|
/// Update a server with new information
|
||||||
async fn update_server(
|
async fn update_server(
|
||||||
&self,
|
&self,
|
||||||
|
|||||||
@@ -43,6 +43,17 @@ impl AbstractServers for MongoDb {
|
|||||||
.await)
|
.await)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async fn fetch_owned_servers(&self, user_id: &str) -> Result<Vec<Server>> {
|
||||||
|
query!(
|
||||||
|
self,
|
||||||
|
find,
|
||||||
|
COL,
|
||||||
|
doc! {
|
||||||
|
"owner": user_id
|
||||||
|
}
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
/// Update a server with new information
|
/// Update a server with new information
|
||||||
async fn update_server(
|
async fn update_server(
|
||||||
&self,
|
&self,
|
||||||
|
|||||||
@@ -40,6 +40,16 @@ impl AbstractServers for ReferenceDb {
|
|||||||
.collect()
|
.collect()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async fn fetch_owned_servers(&self, user_id: &str) -> Result<Vec<Server>> {
|
||||||
|
let servers = self.servers.lock().await;
|
||||||
|
|
||||||
|
Ok(servers
|
||||||
|
.values()
|
||||||
|
.filter(|server| server.owner == user_id)
|
||||||
|
.cloned()
|
||||||
|
.collect())
|
||||||
|
}
|
||||||
|
|
||||||
/// Update a server with new information
|
/// Update a server with new information
|
||||||
async fn update_server(
|
async fn update_server(
|
||||||
&self,
|
&self,
|
||||||
|
|||||||
24
crates/core/database/src/models/sessions/axum.rs
Normal file
24
crates/core/database/src/models/sessions/axum.rs
Normal file
@@ -0,0 +1,24 @@
|
|||||||
|
use axum::{extract::{FromRef, FromRequestParts}, http::request::Parts};
|
||||||
|
|
||||||
|
use revolt_result::{create_error, Error, Result};
|
||||||
|
|
||||||
|
use crate::{Database, Session};
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
impl<S> FromRequestParts<S> for Session
|
||||||
|
where
|
||||||
|
Database: FromRef<S>,
|
||||||
|
S: Send + Sync
|
||||||
|
{
|
||||||
|
type Rejection = Error;
|
||||||
|
|
||||||
|
async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self> {
|
||||||
|
let db = Database::from_ref(state);
|
||||||
|
|
||||||
|
if let Some(Ok(token)) = parts.headers.get("x-session-token").map(|v| v.to_str()) {
|
||||||
|
db.fetch_session_by_token(token).await
|
||||||
|
} else {
|
||||||
|
Err(create_error!(MissingHeaders))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
11
crates/core/database/src/models/sessions/mod.rs
Normal file
11
crates/core/database/src/models/sessions/mod.rs
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
#[cfg(feature = "axum-impl")]
|
||||||
|
mod axum;
|
||||||
|
mod model;
|
||||||
|
mod ops;
|
||||||
|
#[cfg(feature = "rocket-impl")]
|
||||||
|
mod rocket;
|
||||||
|
#[cfg(feature = "rocket-impl")]
|
||||||
|
mod schema;
|
||||||
|
|
||||||
|
pub use model::*;
|
||||||
|
pub use ops::*;
|
||||||
68
crates/core/database/src/models/sessions/model.rs
Normal file
68
crates/core/database/src/models/sessions/model.rs
Normal file
@@ -0,0 +1,68 @@
|
|||||||
|
use iso8601_timestamp::Timestamp;
|
||||||
|
|
||||||
|
use crate::{events::client::EventV1, Database};
|
||||||
|
use revolt_result::Result;
|
||||||
|
|
||||||
|
auto_derived_partial!(
|
||||||
|
/// Session information
|
||||||
|
pub struct Session {
|
||||||
|
/// Unique Id
|
||||||
|
#[serde(rename = "_id")]
|
||||||
|
pub id: String,
|
||||||
|
|
||||||
|
/// User Id
|
||||||
|
pub user_id: String,
|
||||||
|
|
||||||
|
/// Session token
|
||||||
|
pub token: String,
|
||||||
|
|
||||||
|
/// Display name
|
||||||
|
pub name: String,
|
||||||
|
|
||||||
|
/// When the session was last logged in
|
||||||
|
pub last_seen: Timestamp,
|
||||||
|
|
||||||
|
/// Where the session originated from
|
||||||
|
///
|
||||||
|
/// This could be used to differentiate sessions that come from staging/test vs prod, etc.
|
||||||
|
#[serde(skip_serializing_if = "Option::is_none")]
|
||||||
|
pub origin: Option<String>,
|
||||||
|
|
||||||
|
/// Web Push subscription
|
||||||
|
#[serde(skip_serializing_if = "Option::is_none")]
|
||||||
|
pub subscription: Option<WebPushSubscription>,
|
||||||
|
},
|
||||||
|
"PartialSession"
|
||||||
|
);
|
||||||
|
|
||||||
|
auto_derived!(
|
||||||
|
/// Web Push subscription
|
||||||
|
pub struct WebPushSubscription {
|
||||||
|
pub endpoint: String,
|
||||||
|
pub p256dh: String,
|
||||||
|
pub auth: String,
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
impl Session {
|
||||||
|
/// Save model
|
||||||
|
pub async fn save(&self, db: &Database) -> Result<()> {
|
||||||
|
db.save_session(self).await
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Delete session
|
||||||
|
pub async fn delete(self, db: &Database) -> Result<()> {
|
||||||
|
// Delete from database
|
||||||
|
db.delete_session(&self.id).await?;
|
||||||
|
|
||||||
|
// Create and push event
|
||||||
|
EventV1::DeleteSession {
|
||||||
|
user_id: self.user_id.clone(),
|
||||||
|
session_id: self.id,
|
||||||
|
}
|
||||||
|
.private(self.user_id)
|
||||||
|
.await;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
||||||
37
crates/core/database/src/models/sessions/ops.rs
Normal file
37
crates/core/database/src/models/sessions/ops.rs
Normal file
@@ -0,0 +1,37 @@
|
|||||||
|
use iso8601_timestamp::Timestamp;
|
||||||
|
use revolt_result::Result;
|
||||||
|
|
||||||
|
use crate::Session;
|
||||||
|
|
||||||
|
#[cfg(feature = "mongodb")]
|
||||||
|
mod mongodb;
|
||||||
|
mod reference;
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
pub trait AbstractSessions: Sync + Send {
|
||||||
|
/// Find session by id
|
||||||
|
async fn fetch_session(&self, id: &str) -> Result<Session>;
|
||||||
|
|
||||||
|
/// Find sessions by user id
|
||||||
|
async fn fetch_sessions(&self, user_id: &str) -> Result<Vec<Session>>;
|
||||||
|
|
||||||
|
/// Find sessions by user ids
|
||||||
|
async fn fetch_sessions_with_subscription(&self, user_ids: &[String]) -> Result<Vec<Session>>;
|
||||||
|
|
||||||
|
/// Find session by token
|
||||||
|
async fn fetch_session_by_token(&self, token: &str) -> Result<Session>;
|
||||||
|
|
||||||
|
/// Save session
|
||||||
|
async fn save_session(&self, session: &Session) -> Result<()>;
|
||||||
|
|
||||||
|
/// Delete session
|
||||||
|
async fn delete_session(&self, id: &str) -> Result<()>;
|
||||||
|
|
||||||
|
/// Delete session
|
||||||
|
async fn delete_all_sessions(&self, user_id: &str, ignore: Option<String>) -> Result<()>;
|
||||||
|
|
||||||
|
/// Remove push subscription for a session by session id
|
||||||
|
async fn remove_push_subscription_by_session_id(&self, session_id: &str) -> Result<()>;
|
||||||
|
|
||||||
|
async fn update_session_last_seen(&self, session_id: &str, when: Timestamp) -> Result<()>;
|
||||||
|
}
|
||||||
142
crates/core/database/src/models/sessions/ops/mongodb.rs
Normal file
142
crates/core/database/src/models/sessions/ops/mongodb.rs
Normal file
@@ -0,0 +1,142 @@
|
|||||||
|
use crate::{AbstractSessions, MongoDb, Session};
|
||||||
|
use bson::{to_bson, to_document};
|
||||||
|
use iso8601_timestamp::Timestamp;
|
||||||
|
use mongodb::options::UpdateOptions;
|
||||||
|
use revolt_result::Result;
|
||||||
|
|
||||||
|
const COL: &str = "sessions";
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
impl AbstractSessions for MongoDb {
|
||||||
|
/// Find session by id
|
||||||
|
async fn fetch_session(&self, id: &str) -> Result<Session> {
|
||||||
|
query!(self, find_one_by_id, COL, id)?.ok_or_else(|| create_error!(UnknownUser))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find sessions by user id
|
||||||
|
async fn fetch_sessions(&self, user_id: &str) -> Result<Vec<Session>> {
|
||||||
|
query!(
|
||||||
|
self,
|
||||||
|
find,
|
||||||
|
COL,
|
||||||
|
doc! {
|
||||||
|
"user_id": user_id
|
||||||
|
}
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find sessions by user ids
|
||||||
|
async fn fetch_sessions_with_subscription(&self, user_ids: &[String]) -> Result<Vec<Session>> {
|
||||||
|
query!(
|
||||||
|
self,
|
||||||
|
find,
|
||||||
|
COL,
|
||||||
|
doc! {
|
||||||
|
"user_id": {
|
||||||
|
"$in": user_ids
|
||||||
|
},
|
||||||
|
"subscription": {
|
||||||
|
"$exists": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Fetch a session from the database by token
|
||||||
|
async fn fetch_session_by_token(&self, token: &str) -> Result<Session> {
|
||||||
|
query!(
|
||||||
|
self,
|
||||||
|
find_one,
|
||||||
|
COL,
|
||||||
|
doc! {
|
||||||
|
"token": token
|
||||||
|
}
|
||||||
|
)?
|
||||||
|
.ok_or_else(|| create_error!(InvalidSession))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Save session
|
||||||
|
async fn save_session(&self, session: &Session) -> Result<()> {
|
||||||
|
self.col::<Session>(COL)
|
||||||
|
.update_one(
|
||||||
|
doc! {
|
||||||
|
"_id": &session.id
|
||||||
|
},
|
||||||
|
doc! {
|
||||||
|
"$set": to_document(session).map_err(|_| create_database_error!("to_document", COL))?,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
.with_options(UpdateOptions::builder().upsert(true).build())
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_database_error!("upsert_one", COL))
|
||||||
|
.map(|_| ())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Delete session
|
||||||
|
async fn delete_session(&self, id: &str) -> Result<()> {
|
||||||
|
self.col::<Session>(COL)
|
||||||
|
.delete_one(doc! {
|
||||||
|
"_id": id
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_database_error!("delete_one", COL))
|
||||||
|
.map(|_| ())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Delete session
|
||||||
|
async fn delete_all_sessions(&self, user_id: &str, ignore: Option<String>) -> Result<()> {
|
||||||
|
let mut query = doc! {
|
||||||
|
"user_id": user_id
|
||||||
|
};
|
||||||
|
|
||||||
|
if let Some(id) = ignore {
|
||||||
|
query.insert(
|
||||||
|
"_id",
|
||||||
|
doc! {
|
||||||
|
"$ne": id
|
||||||
|
},
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
self.col::<Session>(COL)
|
||||||
|
.delete_many(query)
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_database_error!("delete_one", COL))
|
||||||
|
.map(|_| ())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Remove push subscription for a session by session id
|
||||||
|
async fn remove_push_subscription_by_session_id(&self, session_id: &str) -> Result<()> {
|
||||||
|
self.col::<Session>(COL)
|
||||||
|
.update_one(
|
||||||
|
doc! {
|
||||||
|
"_id": session_id
|
||||||
|
},
|
||||||
|
doc! {
|
||||||
|
"$unset": {
|
||||||
|
"subscription": 1
|
||||||
|
}
|
||||||
|
},
|
||||||
|
)
|
||||||
|
.await
|
||||||
|
.map(|_| ())
|
||||||
|
.map_err(|_| create_database_error!("update_one", COL))
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn update_session_last_seen(&self, session_id: &str, when: Timestamp) -> Result<()> {
|
||||||
|
self.col::<Session>(COL)
|
||||||
|
.update_one(
|
||||||
|
doc! {
|
||||||
|
"_id": session_id
|
||||||
|
},
|
||||||
|
doc! {
|
||||||
|
"$set": {
|
||||||
|
"last_seen": to_bson(&when).unwrap()
|
||||||
|
}
|
||||||
|
},
|
||||||
|
)
|
||||||
|
.await
|
||||||
|
.map(|_| ())
|
||||||
|
.map_err(|_| create_database_error!("update_one", COL))
|
||||||
|
}
|
||||||
|
}
|
||||||
101
crates/core/database/src/models/sessions/ops/reference.rs
Normal file
101
crates/core/database/src/models/sessions/ops/reference.rs
Normal file
@@ -0,0 +1,101 @@
|
|||||||
|
use crate::{AbstractSessions, ReferenceDb, Session};
|
||||||
|
use iso8601_timestamp::Timestamp;
|
||||||
|
use revolt_result::Result;
|
||||||
|
|
||||||
|
#[async_trait]
|
||||||
|
impl AbstractSessions for ReferenceDb {
|
||||||
|
/// Find session by id
|
||||||
|
async fn fetch_session(&self, id: &str) -> Result<Session> {
|
||||||
|
let sessions = self.sessions.lock().await;
|
||||||
|
sessions
|
||||||
|
.get(id)
|
||||||
|
.cloned()
|
||||||
|
.ok_or_else(|| create_error!(UnknownUser))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find sessions by user id
|
||||||
|
async fn fetch_sessions(&self, user_id: &str) -> Result<Vec<Session>> {
|
||||||
|
let sessions = self.sessions.lock().await;
|
||||||
|
Ok(sessions
|
||||||
|
.values()
|
||||||
|
.filter(|session| session.user_id == user_id)
|
||||||
|
.cloned()
|
||||||
|
.collect())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find sessions by user ids
|
||||||
|
async fn fetch_sessions_with_subscription(&self, user_ids: &[String]) -> Result<Vec<Session>> {
|
||||||
|
let sessions = self.sessions.lock().await;
|
||||||
|
Ok(sessions
|
||||||
|
.values()
|
||||||
|
.filter(|session| session.subscription.is_some() && user_ids.contains(&session.user_id))
|
||||||
|
.cloned()
|
||||||
|
.collect())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find session by token
|
||||||
|
async fn fetch_session_by_token(&self, token: &str) -> Result<Session> {
|
||||||
|
let sessions = self.sessions.lock().await;
|
||||||
|
sessions
|
||||||
|
.values()
|
||||||
|
.find(|session| session.token == token)
|
||||||
|
.cloned()
|
||||||
|
.ok_or_else(|| create_error!(InvalidSession))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Save session
|
||||||
|
async fn save_session(&self, session: &Session) -> Result<()> {
|
||||||
|
let mut sessions = self.sessions.lock().await;
|
||||||
|
sessions.insert(session.id.to_string(), session.clone());
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Delete session
|
||||||
|
async fn delete_session(&self, id: &str) -> Result<()> {
|
||||||
|
let mut sessions = self.sessions.lock().await;
|
||||||
|
if sessions.remove(id).is_some() {
|
||||||
|
Ok(())
|
||||||
|
} else {
|
||||||
|
Err(create_error!(InvalidSession))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Delete session
|
||||||
|
async fn delete_all_sessions(&self, user_id: &str, ignore: Option<String>) -> Result<()> {
|
||||||
|
let mut sessions = self.sessions.lock().await;
|
||||||
|
sessions.retain(|_, session| {
|
||||||
|
if session.user_id == user_id {
|
||||||
|
if let Some(ignore) = &ignore {
|
||||||
|
ignore == &session.id
|
||||||
|
} else {
|
||||||
|
false
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
true
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Remove push subscription for a session by session id
|
||||||
|
async fn remove_push_subscription_by_session_id(&self, session_id: &str) -> Result<()> {
|
||||||
|
let mut sessions = self.sessions.lock().await;
|
||||||
|
|
||||||
|
if let Some(session) = sessions.get_mut(session_id) {
|
||||||
|
session.subscription = None;
|
||||||
|
};
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn update_session_last_seen(&self, session_id: &str, when: Timestamp) -> Result<()> {
|
||||||
|
let mut sessions = self.sessions.lock().await;
|
||||||
|
|
||||||
|
if let Some(session) = sessions.get_mut(session_id) {
|
||||||
|
session.last_seen = when;
|
||||||
|
};
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
||||||
30
crates/core/database/src/models/sessions/rocket.rs
Normal file
30
crates/core/database/src/models/sessions/rocket.rs
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
use crate::{Database, Session};
|
||||||
|
use revolt_result::Error;
|
||||||
|
use rocket::{
|
||||||
|
http::Status,
|
||||||
|
request::{FromRequest, Outcome},
|
||||||
|
Request,
|
||||||
|
};
|
||||||
|
|
||||||
|
#[rocket::async_trait]
|
||||||
|
impl<'r> FromRequest<'r> for Session {
|
||||||
|
type Error = Error;
|
||||||
|
|
||||||
|
async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
|
||||||
|
if let Some(token) = request.headers().get("x-session-token").next() {
|
||||||
|
if let Ok(session) = request
|
||||||
|
.rocket()
|
||||||
|
.state::<Database>()
|
||||||
|
.expect("`Database`")
|
||||||
|
.fetch_session_by_token(token)
|
||||||
|
.await
|
||||||
|
{
|
||||||
|
Outcome::Success(session)
|
||||||
|
} else {
|
||||||
|
Outcome::Error((Status::Unauthorized, create_error!(InvalidSession)))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Outcome::Error((Status::Unauthorized, create_error!(MissingHeaders)))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
32
crates/core/database/src/models/sessions/schema.rs
Normal file
32
crates/core/database/src/models/sessions/schema.rs
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
use revolt_okapi::openapi3::{SecurityScheme, SecuritySchemeData};
|
||||||
|
use revolt_rocket_okapi::{
|
||||||
|
gen::OpenApiGenerator,
|
||||||
|
request::{OpenApiFromRequest, RequestHeaderInput},
|
||||||
|
};
|
||||||
|
|
||||||
|
use crate::Session;
|
||||||
|
|
||||||
|
|
||||||
|
impl<'r> OpenApiFromRequest<'r> for Session {
|
||||||
|
fn from_request_input(
|
||||||
|
_gen: &mut OpenApiGenerator,
|
||||||
|
_name: String,
|
||||||
|
_required: bool,
|
||||||
|
) -> revolt_rocket_okapi::Result<RequestHeaderInput> {
|
||||||
|
let mut requirements = schemars::Map::new();
|
||||||
|
requirements.insert("Session Token".to_owned(), vec![]);
|
||||||
|
|
||||||
|
Ok(RequestHeaderInput::Security(
|
||||||
|
"Session Token".to_owned(),
|
||||||
|
SecurityScheme {
|
||||||
|
data: SecuritySchemeData::ApiKey {
|
||||||
|
name: "x-session-token".to_owned(),
|
||||||
|
location: "header".to_owned(),
|
||||||
|
},
|
||||||
|
description: Some("Used to authenticate as a user.".to_owned()),
|
||||||
|
extensions: schemars::Map::new(),
|
||||||
|
},
|
||||||
|
requirements,
|
||||||
|
))
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1,8 +1,11 @@
|
|||||||
use std::{collections::HashSet, str::FromStr, time::Duration};
|
use std::{collections::HashSet, str::FromStr, time::Duration};
|
||||||
|
|
||||||
use crate::{events::client::EventV1, Database, File, RatelimitEvent, AMQP};
|
use crate::{
|
||||||
|
events::client::EventV1,
|
||||||
|
util::email::{email_templates, send_email},
|
||||||
|
Database, File, RatelimitEvent, AMQP,
|
||||||
|
};
|
||||||
|
|
||||||
use authifier::config::{EmailVerificationConfig, Template};
|
|
||||||
use futures::future::join_all;
|
use futures::future::join_all;
|
||||||
use iso8601_timestamp::Timestamp;
|
use iso8601_timestamp::Timestamp;
|
||||||
use once_cell::sync::Lazy;
|
use once_cell::sync::Lazy;
|
||||||
@@ -718,22 +721,11 @@ impl User {
|
|||||||
duration_days: Option<usize>,
|
duration_days: Option<usize>,
|
||||||
reason: Option<Vec<String>>,
|
reason: Option<Vec<String>>,
|
||||||
) -> Result<()> {
|
) -> Result<()> {
|
||||||
let authifier = db.clone().to_authifier().await;
|
let mut account = db.fetch_account(&self.id).await?;
|
||||||
let mut account = authifier
|
|
||||||
.database
|
|
||||||
.find_account(&self.id)
|
|
||||||
.await
|
|
||||||
.map_err(|_| create_error!(InternalError))?;
|
|
||||||
|
|
||||||
account
|
account.disable(db).await?;
|
||||||
.disable(&authifier)
|
|
||||||
.await
|
|
||||||
.map_err(|_| create_error!(InternalError))?;
|
|
||||||
|
|
||||||
account
|
account.delete_all_sessions(db, None).await?;
|
||||||
.delete_all_sessions(&authifier, None)
|
|
||||||
.await
|
|
||||||
.map_err(|_| create_error!(InternalError))?;
|
|
||||||
|
|
||||||
self.update(
|
self.update(
|
||||||
db,
|
db,
|
||||||
@@ -749,18 +741,15 @@ impl User {
|
|||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
if let Some(reason) = reason {
|
if let Some(reason) = reason {
|
||||||
if let EmailVerificationConfig::Enabled { smtp, .. } =
|
let config = config().await;
|
||||||
authifier.config.email_verification
|
|
||||||
{
|
if !config.api.smtp.host.is_empty() {
|
||||||
smtp.send_email(
|
let templates = email_templates().await;
|
||||||
|
|
||||||
|
send_email(
|
||||||
|
&config.api.smtp,
|
||||||
account.email.clone(),
|
account.email.clone(),
|
||||||
// maybe move this to common area?
|
&templates.suspension,
|
||||||
&Template {
|
|
||||||
title: "Account Suspension".to_string(),
|
|
||||||
html: Some(include_str!("../../../templates/suspension.html").to_owned()),
|
|
||||||
text: include_str!("../../../templates/suspension.txt").to_owned(),
|
|
||||||
url: Default::default(),
|
|
||||||
},
|
|
||||||
json!({
|
json!({
|
||||||
"email": account.email,
|
"email": account.email,
|
||||||
"list": reason.join(", "),
|
"list": reason.join(", "),
|
||||||
@@ -809,7 +798,9 @@ impl User {
|
|||||||
db,
|
db,
|
||||||
PartialUser {
|
PartialUser {
|
||||||
username: Some(format!("Deleted User {}", self.id)),
|
username: Some(format!("Deleted User {}", self.id)),
|
||||||
|
discriminator: Some("0000".to_string()),
|
||||||
flags: Some(2),
|
flags: Some(2),
|
||||||
|
relations: Some(Vec::new()),
|
||||||
..Default::default()
|
..Default::default()
|
||||||
},
|
},
|
||||||
vec![
|
vec![
|
||||||
@@ -837,6 +828,56 @@ impl User {
|
|||||||
|
|
||||||
badges
|
badges
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Removes all relationships which include the user
|
||||||
|
pub async fn clear_relationships(&self, db: &Database) -> Result<()> {
|
||||||
|
let user_ids = self
|
||||||
|
.relations
|
||||||
|
.iter()
|
||||||
|
.flatten()
|
||||||
|
.map(|relation| relation.id.clone())
|
||||||
|
.collect();
|
||||||
|
|
||||||
|
db.clear_user_relationships(&self.id, user_ids).await
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Removes user from all joined groups
|
||||||
|
pub async fn remove_from_all_groups(&self, db: &Database) -> Result<()> {
|
||||||
|
let mut generator = db.find_group_message_channels(&self.id).await?;
|
||||||
|
|
||||||
|
while let Some(groups) = generator.next_n(100).await? {
|
||||||
|
let ids = groups
|
||||||
|
.into_iter()
|
||||||
|
.map(|channel| channel.id().to_string())
|
||||||
|
.collect();
|
||||||
|
|
||||||
|
db.remove_user_from_groups(ids, &self.id).await?;
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Deletes the user along with:
|
||||||
|
/// - deletes owned bots, servers and messages
|
||||||
|
/// - removes user from all groups
|
||||||
|
/// - clears relationships
|
||||||
|
pub async fn delete(&mut self, db: &Database) -> Result<()> {
|
||||||
|
for bot in db.fetch_bots_by_user(&self.id).await? {
|
||||||
|
bot.delete(db).await?;
|
||||||
|
}
|
||||||
|
|
||||||
|
for server in db.fetch_owned_servers(&self.id).await? {
|
||||||
|
server.delete(db).await?;
|
||||||
|
}
|
||||||
|
|
||||||
|
self.remove_from_all_groups(db).await?;
|
||||||
|
db.clear_memberships(&self.id).await?;
|
||||||
|
self.clear_relationships(db).await?;
|
||||||
|
db.delete_messages_by_user(&self.id).await?;
|
||||||
|
self.mark_deleted(db).await?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
|
|||||||
@@ -1,5 +1,3 @@
|
|||||||
use authifier::models::Session;
|
|
||||||
use iso8601_timestamp::Timestamp;
|
|
||||||
use revolt_result::Result;
|
use revolt_result::Result;
|
||||||
|
|
||||||
use crate::{FieldsUser, PartialUser, RelationshipStatus, User};
|
use crate::{FieldsUser, PartialUser, RelationshipStatus, User};
|
||||||
@@ -19,9 +17,6 @@ pub trait AbstractUsers: Sync + Send {
|
|||||||
/// Fetch a user from the database by their username
|
/// Fetch a user from the database by their username
|
||||||
async fn fetch_user_by_username(&self, username: &str, discriminator: &str) -> Result<User>;
|
async fn fetch_user_by_username(&self, username: &str, discriminator: &str) -> Result<User>;
|
||||||
|
|
||||||
/// Fetch a session from the database by token
|
|
||||||
async fn fetch_session_by_token(&self, token: &str) -> Result<Session>;
|
|
||||||
|
|
||||||
/// Fetch multiple users by their ids
|
/// Fetch multiple users by their ids
|
||||||
async fn fetch_users<'a>(&self, ids: &'a [String]) -> Result<Vec<User>>;
|
async fn fetch_users<'a>(&self, ids: &'a [String]) -> Result<Vec<User>>;
|
||||||
|
|
||||||
@@ -61,8 +56,6 @@ pub trait AbstractUsers: Sync + Send {
|
|||||||
/// Delete a user by their id
|
/// Delete a user by their id
|
||||||
async fn delete_user(&self, id: &str) -> Result<()>;
|
async fn delete_user(&self, id: &str) -> Result<()>;
|
||||||
|
|
||||||
/// Remove push subscription for a session by session id (TODO: remove)
|
/// Removes all relationships with the user from the list of users
|
||||||
async fn remove_push_subscription_by_session_id(&self, session_id: &str) -> Result<()>;
|
async fn clear_user_relationships(&self, target_id: &str, user_ids: Vec<String>) -> Result<()>;
|
||||||
|
|
||||||
async fn update_session_last_seen(&self, session_id: &str, when: Timestamp) -> Result<()>;
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,7 +1,5 @@
|
|||||||
use ::mongodb::options::{Collation, CollationStrength, FindOneOptions, FindOptions};
|
use ::mongodb::options::{Collation, CollationStrength, FindOneOptions, FindOptions};
|
||||||
use authifier::models::Session;
|
|
||||||
use futures::StreamExt;
|
use futures::StreamExt;
|
||||||
use iso8601_timestamp::Timestamp;
|
|
||||||
use revolt_result::Result;
|
use revolt_result::Result;
|
||||||
|
|
||||||
use crate::DocumentId;
|
use crate::DocumentId;
|
||||||
@@ -47,17 +45,6 @@ impl AbstractUsers for MongoDb {
|
|||||||
.ok_or_else(|| create_error!(NotFound))
|
.ok_or_else(|| create_error!(NotFound))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Fetch a session from the database by token
|
|
||||||
async fn fetch_session_by_token(&self, token: &str) -> Result<Session> {
|
|
||||||
self.col::<Session>("sessions")
|
|
||||||
.find_one(doc! {
|
|
||||||
"token": token
|
|
||||||
})
|
|
||||||
.await
|
|
||||||
.map_err(|_| create_database_error!("find_one", "sessions"))?
|
|
||||||
.ok_or_else(|| create_error!(InvalidSession))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Fetch multiple users by their ids
|
/// Fetch multiple users by their ids
|
||||||
async fn fetch_users<'a>(&self, ids: &'a [String]) -> Result<Vec<User>> {
|
async fn fetch_users<'a>(&self, ids: &'a [String]) -> Result<Vec<User>> {
|
||||||
Ok(self
|
Ok(self
|
||||||
@@ -321,41 +308,22 @@ impl AbstractUsers for MongoDb {
|
|||||||
query!(self, delete_one_by_id, COL, id).map(|_| ())
|
query!(self, delete_one_by_id, COL, id).map(|_| ())
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Remove push subscription for a session by session id (TODO: remove)
|
/// Removes all relationships with the user from the list of users
|
||||||
async fn remove_push_subscription_by_session_id(&self, session_id: &str) -> Result<()> {
|
async fn clear_user_relationships(&self, target_id: &str, user_ids: Vec<String>) -> Result<()> {
|
||||||
self.col::<User>("sessions")
|
self.col::<User>(COL)
|
||||||
.update_one(
|
.update_many(
|
||||||
|
doc! { "_id": { "$in": user_ids } },
|
||||||
doc! {
|
doc! {
|
||||||
"_id": session_id
|
"$pull": {
|
||||||
},
|
"relations": {
|
||||||
doc! {
|
"_id": target_id.to_string()
|
||||||
"$unset": {
|
}
|
||||||
"subscription": 1
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
.await
|
.await
|
||||||
.map(|_| ())
|
.map(|_| ())
|
||||||
.map_err(|_| create_database_error!("update_one", "sessions"))
|
.map_err(|_| create_database_error!("bulk_write", COL))
|
||||||
}
|
|
||||||
|
|
||||||
async fn update_session_last_seen(&self, session_id: &str, when: Timestamp) -> Result<()> {
|
|
||||||
let formatted: &str = &when.format();
|
|
||||||
|
|
||||||
self.col::<Session>("sessions")
|
|
||||||
.update_one(
|
|
||||||
doc! {
|
|
||||||
"_id": session_id
|
|
||||||
},
|
|
||||||
doc! {
|
|
||||||
"$set": {
|
|
||||||
"last_seen": formatted
|
|
||||||
}
|
|
||||||
},
|
|
||||||
)
|
|
||||||
.await
|
|
||||||
.map(|_| ())
|
|
||||||
.map_err(|_| create_database_error!("update_one", "sessions"))
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,3 @@
|
|||||||
use authifier::models::Session;
|
|
||||||
use iso8601_timestamp::Timestamp;
|
|
||||||
use revolt_result::Result;
|
use revolt_result::Result;
|
||||||
|
|
||||||
use crate::{FieldsUser, PartialUser, RelationshipStatus, User};
|
use crate::{FieldsUser, PartialUser, RelationshipStatus, User};
|
||||||
@@ -42,11 +40,6 @@ impl AbstractUsers for ReferenceDb {
|
|||||||
.ok_or_else(|| create_error!(NotFound))
|
.ok_or_else(|| create_error!(NotFound))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Fetch a session from the database by token
|
|
||||||
async fn fetch_session_by_token(&self, _token: &str) -> Result<Session> {
|
|
||||||
todo!()
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Fetch multiple users by their ids
|
/// Fetch multiple users by their ids
|
||||||
async fn fetch_users<'a>(&self, ids: &'a [String]) -> Result<Vec<User>> {
|
async fn fetch_users<'a>(&self, ids: &'a [String]) -> Result<Vec<User>> {
|
||||||
let users = self.users.lock().await;
|
let users = self.users.lock().await;
|
||||||
@@ -165,12 +158,22 @@ impl AbstractUsers for ReferenceDb {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Remove push subscription for a session by session id (TODO: remove)
|
/// Removes all relationships with the user from the list of users
|
||||||
async fn remove_push_subscription_by_session_id(&self, _session_id: &str) -> Result<()> {
|
async fn clear_user_relationships(
|
||||||
todo!()
|
&self,
|
||||||
}
|
target_id: &str,
|
||||||
|
user_ids: Vec<String>,
|
||||||
|
) -> Result<()> {
|
||||||
|
let mut users = self.users.lock().await;
|
||||||
|
|
||||||
async fn update_session_last_seen(&self, _session_id: &str, _when: Timestamp) -> Result<()> {
|
for user_id in user_ids {
|
||||||
todo!()
|
if let Some(user) = users.get_mut(&user_id) {
|
||||||
|
if let Some(relations) = &mut user.relations {
|
||||||
|
relations.retain(|relation| relation.id != target_id);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,12 +1,12 @@
|
|||||||
use authifier::models::Session;
|
|
||||||
use rocket::http::Status;
|
use rocket::http::Status;
|
||||||
use rocket::request::{self, FromRequest, Outcome, Request};
|
use rocket::request::{self, FromRequest, Outcome, Request};
|
||||||
|
use revolt_result::Error;
|
||||||
|
|
||||||
use crate::{Database, User};
|
use crate::{Database, Session, User};
|
||||||
|
|
||||||
#[rocket::async_trait]
|
#[rocket::async_trait]
|
||||||
impl<'r> FromRequest<'r> for User {
|
impl<'r> FromRequest<'r> for User {
|
||||||
type Error = authifier::Error;
|
type Error = Error;
|
||||||
|
|
||||||
async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
|
async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
|
||||||
let user: &Option<User> = request
|
let user: &Option<User> = request
|
||||||
@@ -38,7 +38,7 @@ impl<'r> FromRequest<'r> for User {
|
|||||||
if let Some(user) = user {
|
if let Some(user) = user {
|
||||||
Outcome::Success(user.clone())
|
Outcome::Success(user.clone())
|
||||||
} else {
|
} else {
|
||||||
Outcome::Error((Status::Unauthorized, authifier::Error::InvalidSession))
|
Outcome::Error((Status::Unauthorized, create_error!(InvalidSession)))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,29 +0,0 @@
|
|||||||
use async_std::channel::{unbounded, Receiver, Sender};
|
|
||||||
use authifier::AuthifierEvent;
|
|
||||||
use once_cell::sync::Lazy;
|
|
||||||
|
|
||||||
use crate::events::client::EventV1;
|
|
||||||
|
|
||||||
static Q: Lazy<(Sender<AuthifierEvent>, Receiver<AuthifierEvent>)> = Lazy::new(unbounded);
|
|
||||||
|
|
||||||
/// Get sender
|
|
||||||
pub fn sender() -> Sender<AuthifierEvent> {
|
|
||||||
Q.0.clone()
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Start a new worker
|
|
||||||
pub async fn worker() {
|
|
||||||
loop {
|
|
||||||
let event = Q.1.recv().await.unwrap();
|
|
||||||
match &event {
|
|
||||||
AuthifierEvent::CreateSession { .. } | AuthifierEvent::CreateAccount { .. } => {
|
|
||||||
EventV1::Auth(event).global().await
|
|
||||||
}
|
|
||||||
AuthifierEvent::DeleteSession { user_id, .. }
|
|
||||||
| AuthifierEvent::DeleteAllSessions { user_id, .. } => {
|
|
||||||
let id = user_id.to_string();
|
|
||||||
EventV1::Auth(event).private(id).await
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -8,14 +8,11 @@ use std::time::Instant;
|
|||||||
const WORKER_COUNT: usize = 5;
|
const WORKER_COUNT: usize = 5;
|
||||||
|
|
||||||
pub mod ack;
|
pub mod ack;
|
||||||
pub mod authifier_relay;
|
|
||||||
pub mod last_message_id;
|
pub mod last_message_id;
|
||||||
pub mod process_embeds;
|
pub mod process_embeds;
|
||||||
|
|
||||||
/// Spawn background workers
|
/// Spawn background workers
|
||||||
pub fn start_workers(db: Database, amqp: AMQP) {
|
pub fn start_workers(db: Database, amqp: AMQP) {
|
||||||
task::spawn(authifier_relay::worker());
|
|
||||||
|
|
||||||
for _ in 0..WORKER_COUNT {
|
for _ in 0..WORKER_COUNT {
|
||||||
task::spawn(ack::worker(db.clone(), amqp.clone()));
|
task::spawn(ack::worker(db.clone(), amqp.clone()));
|
||||||
task::spawn(last_message_id::worker(db.clone()));
|
task::spawn(last_message_id::worker(db.clone()));
|
||||||
|
|||||||
@@ -1422,3 +1422,92 @@ impl From<crate::VoiceInformation> for VoiceInformation {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl From<crate::Account> for AccountInfo {
|
||||||
|
fn from(item: crate::Account) -> Self {
|
||||||
|
AccountInfo {
|
||||||
|
id: item.id,
|
||||||
|
email: item.email,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<crate::MFATicket> for MFATicket {
|
||||||
|
fn from(value: crate::MFATicket) -> Self {
|
||||||
|
MFATicket {
|
||||||
|
id: value.id,
|
||||||
|
account_id: value.account_id,
|
||||||
|
token: value.token,
|
||||||
|
validated: value.validated,
|
||||||
|
authorised: value.authorised,
|
||||||
|
last_totp_code: value.last_totp_code,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<crate::MultiFactorAuthentication> for MultiFactorStatus {
|
||||||
|
fn from(item: crate::MultiFactorAuthentication) -> Self {
|
||||||
|
MultiFactorStatus {
|
||||||
|
// email_otp: item.enable_email_otp,
|
||||||
|
// trusted_handover: item.enable_trusted_handover,
|
||||||
|
// email_mfa: item.enable_email_mfa,
|
||||||
|
totp_mfa: !item.totp_token.is_disabled(),
|
||||||
|
// security_key_mfa: item.security_key_token.is_some(),
|
||||||
|
recovery_active: !item.recovery_codes.is_empty(),
|
||||||
|
..Default::default()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<crate::MFAMethod> for MFAMethod {
|
||||||
|
fn from(value: crate::MFAMethod) -> Self {
|
||||||
|
match value {
|
||||||
|
crate::MFAMethod::Password => MFAMethod::Password,
|
||||||
|
crate::MFAMethod::Recovery => MFAMethod::Recovery,
|
||||||
|
crate::MFAMethod::Totp => MFAMethod::Totp,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<crate::Session> for SessionInfo {
|
||||||
|
fn from(item: crate::Session) -> Self {
|
||||||
|
SessionInfo {
|
||||||
|
id: item.id,
|
||||||
|
name: item.name,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<crate::Session> for Session {
|
||||||
|
fn from(value: crate::Session) -> Self {
|
||||||
|
Session {
|
||||||
|
id: value.id,
|
||||||
|
user_id: value.user_id,
|
||||||
|
token: value.token,
|
||||||
|
name: value.name,
|
||||||
|
last_seen: value.last_seen,
|
||||||
|
origin: value.origin,
|
||||||
|
subscription: value.subscription.map(Into::into),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<crate::WebPushSubscription> for WebPushSubscription {
|
||||||
|
fn from(value: crate::WebPushSubscription) -> Self {
|
||||||
|
WebPushSubscription {
|
||||||
|
endpoint: value.endpoint,
|
||||||
|
p256dh: value.p256dh,
|
||||||
|
auth: value.auth,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<WebPushSubscription> for crate::WebPushSubscription {
|
||||||
|
fn from(value: WebPushSubscription) -> Self {
|
||||||
|
crate::WebPushSubscription {
|
||||||
|
endpoint: value.endpoint,
|
||||||
|
p256dh: value.p256dh,
|
||||||
|
auth: value.auth,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
42
crates/core/database/src/util/captcha.rs
Normal file
42
crates/core/database/src/util/captcha.rs
Normal file
@@ -0,0 +1,42 @@
|
|||||||
|
use reqwest::Client;
|
||||||
|
use revolt_config::config;
|
||||||
|
use revolt_result::Result;
|
||||||
|
use std::sync::LazyLock;
|
||||||
|
|
||||||
|
static CLIENT: LazyLock<Client> = LazyLock::new(Client::new);
|
||||||
|
|
||||||
|
#[derive(Serialize, Deserialize)]
|
||||||
|
struct CaptchaResponse {
|
||||||
|
success: bool,
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn check_captcha(token: Option<&str>) -> Result<()> {
|
||||||
|
let config = config().await;
|
||||||
|
|
||||||
|
if !config.api.security.captcha.hcaptcha_key.is_empty() {
|
||||||
|
let Some(token) = token else {
|
||||||
|
return Err(create_error!(CaptchaFailed));
|
||||||
|
};
|
||||||
|
|
||||||
|
let response = CLIENT
|
||||||
|
.post("https://hcaptcha.com/siteverify")
|
||||||
|
.form(&[
|
||||||
|
("secret", config.api.security.captcha.hcaptcha_key.as_str()),
|
||||||
|
("response", token),
|
||||||
|
])
|
||||||
|
.send()
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_error!(CaptchaFailed))?
|
||||||
|
.json::<CaptchaResponse>()
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_error!(CaptchaFailed))?;
|
||||||
|
|
||||||
|
if response.success {
|
||||||
|
Ok(())
|
||||||
|
} else {
|
||||||
|
Err(create_error!(CaptchaFailed))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
||||||
63
crates/core/database/src/util/chunked.rs
Normal file
63
crates/core/database/src/util/chunked.rs
Normal file
@@ -0,0 +1,63 @@
|
|||||||
|
#[cfg(feature = "mongodb")]
|
||||||
|
use ::mongodb::{ClientSession, SessionCursor};
|
||||||
|
use revolt_result::{Result, ToRevoltError};
|
||||||
|
use serde::Deserialize;
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
|
#[allow(clippy::large_enum_variant)]
|
||||||
|
pub enum ChunkedDatabaseGenerator<T> {
|
||||||
|
#[cfg(feature = "mongodb")]
|
||||||
|
MongoDb {
|
||||||
|
session: ClientSession,
|
||||||
|
cursor: SessionCursor<T>,
|
||||||
|
},
|
||||||
|
|
||||||
|
Reference {
|
||||||
|
offset: usize,
|
||||||
|
data: Vec<T>,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<T: for<'d> Deserialize<'d> + Clone> ChunkedDatabaseGenerator<T> {
|
||||||
|
#[cfg(feature = "mongodb")]
|
||||||
|
pub fn new_mongo(session: ClientSession, cursor: SessionCursor<T>) -> Self {
|
||||||
|
Self::MongoDb { session, cursor }
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn new_reference(data: Vec<T>) -> Self {
|
||||||
|
Self::Reference { offset: 0, data }
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn next(&mut self) -> Result<Option<T>> {
|
||||||
|
match self {
|
||||||
|
#[cfg(feature = "mongodb")]
|
||||||
|
Self::MongoDb { session, cursor } => {
|
||||||
|
cursor.next(session).await.transpose().to_internal_error()
|
||||||
|
}
|
||||||
|
Self::Reference { offset, data } => {
|
||||||
|
if let Some(value) = data.get(*offset) {
|
||||||
|
*offset += 1;
|
||||||
|
Ok(Some(value.clone()))
|
||||||
|
} else {
|
||||||
|
Ok(None)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn next_n(&mut self, n: usize) -> Result<Option<Vec<T>>> {
|
||||||
|
let mut docs = Vec::new();
|
||||||
|
|
||||||
|
while docs.len() < n {
|
||||||
|
if let Some(doc) = self.next().await? {
|
||||||
|
docs.push(doc);
|
||||||
|
} else if docs.is_empty() {
|
||||||
|
return Ok(None);
|
||||||
|
} else {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(Some(docs))
|
||||||
|
}
|
||||||
|
}
|
||||||
271
crates/core/database/src/util/email.rs
Normal file
271
crates/core/database/src/util/email.rs
Normal file
@@ -0,0 +1,271 @@
|
|||||||
|
use std::{collections::HashSet, sync::LazyLock};
|
||||||
|
|
||||||
|
use lettre::{
|
||||||
|
transport::smtp::{authentication::Credentials, client::Tls},
|
||||||
|
SmtpTransport,
|
||||||
|
};
|
||||||
|
use regex::Regex;
|
||||||
|
use revolt_config::{config, ApiSmtp};
|
||||||
|
use revolt_result::Result;
|
||||||
|
|
||||||
|
static SPLIT: LazyLock<Regex> = LazyLock::new(|| Regex::new("([^@]+)(@.+)").unwrap());
|
||||||
|
static SYMBOL_RE: LazyLock<Regex> = LazyLock::new(|| Regex::new("\\+.+|\\.").unwrap());
|
||||||
|
static HANDLEBARS: LazyLock<handlebars::Handlebars<'static>> =
|
||||||
|
LazyLock::new(handlebars::Handlebars::new);
|
||||||
|
static REVOLT_SOURCE_LIST: LazyLock<HashSet<String>> = LazyLock::new(|| {
|
||||||
|
include_str!("../../assets/revolt_source_list.txt")
|
||||||
|
.split('\n')
|
||||||
|
.map(|x| x.into())
|
||||||
|
.collect()
|
||||||
|
});
|
||||||
|
|
||||||
|
/// Strip special characters and aliases from emails
|
||||||
|
pub fn normalise_email(original: String) -> String {
|
||||||
|
let split = SPLIT.captures(&original).unwrap();
|
||||||
|
let mut clean = SYMBOL_RE
|
||||||
|
.replace_all(split.get(1).unwrap().as_str(), "")
|
||||||
|
.to_string();
|
||||||
|
|
||||||
|
clean.push_str(split.get(2).unwrap().as_str());
|
||||||
|
clean.to_lowercase()
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Email template
|
||||||
|
#[derive(Clone)]
|
||||||
|
pub struct Template {
|
||||||
|
/// Title of the email
|
||||||
|
pub title: String,
|
||||||
|
/// Plain text version of this email
|
||||||
|
pub text: String,
|
||||||
|
/// HTML version of this email
|
||||||
|
pub html: Option<String>,
|
||||||
|
/// URL to redirect people to from the email
|
||||||
|
///
|
||||||
|
/// Use `{{url}}` to fill this field.
|
||||||
|
///
|
||||||
|
/// Any given URL will be suffixed with a unique token if applicable.
|
||||||
|
///
|
||||||
|
/// e.g. `https://example.com?t=` becomes `https://example.com?t=UNIQUE_CODE`
|
||||||
|
pub url: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Email templates
|
||||||
|
#[derive(Clone)]
|
||||||
|
pub struct Templates {
|
||||||
|
/// Template for email verification
|
||||||
|
pub verify: Template,
|
||||||
|
/// Template for password reset
|
||||||
|
pub reset: Template,
|
||||||
|
/// Template for password reset when the account already exists on creation
|
||||||
|
pub reset_existing: Template,
|
||||||
|
/// Template for account deletion
|
||||||
|
pub deletion: Template,
|
||||||
|
/// Template for suspention
|
||||||
|
pub suspension: Template,
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn email_templates() -> Templates {
|
||||||
|
let config = config().await;
|
||||||
|
|
||||||
|
if std::env::var("TEST_DB").is_ok() {
|
||||||
|
Templates {
|
||||||
|
verify: Template {
|
||||||
|
title: "verify".into(),
|
||||||
|
text: "[[{{url}}]]".into(),
|
||||||
|
url: "".into(),
|
||||||
|
html: None,
|
||||||
|
},
|
||||||
|
reset: Template {
|
||||||
|
title: "reset".into(),
|
||||||
|
text: "[[{{url}}]]".into(),
|
||||||
|
url: "".into(),
|
||||||
|
html: None,
|
||||||
|
},
|
||||||
|
reset_existing: Template {
|
||||||
|
title: "reset_existing".into(),
|
||||||
|
text: "[[{{url}}]]".into(),
|
||||||
|
url: "".into(),
|
||||||
|
html: None,
|
||||||
|
},
|
||||||
|
deletion: Template {
|
||||||
|
title: "deletion".into(),
|
||||||
|
text: "[[{{url}}]]".into(),
|
||||||
|
url: "".into(),
|
||||||
|
html: None,
|
||||||
|
},
|
||||||
|
suspension: Template {
|
||||||
|
title: "suspension".into(),
|
||||||
|
text: "[[dummy]]".into(),
|
||||||
|
url: "".into(),
|
||||||
|
html: None,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
} else if config.production {
|
||||||
|
Templates {
|
||||||
|
verify: Template {
|
||||||
|
title: "Verify your Stoat account.".into(),
|
||||||
|
text: include_str!("../../templates/verify.txt").into(),
|
||||||
|
url: format!("{}/login/verify/", config.hosts.app),
|
||||||
|
html: Some(include_str!("../../templates/verify.html").into()),
|
||||||
|
},
|
||||||
|
reset: Template {
|
||||||
|
title: "Reset your Stoat password.".into(),
|
||||||
|
text: include_str!("../../templates/reset.txt").into(),
|
||||||
|
url: format!("{}/login/reset/", config.hosts.app),
|
||||||
|
html: Some(include_str!("../../templates/reset.html").into()),
|
||||||
|
},
|
||||||
|
reset_existing: Template {
|
||||||
|
title: "You already have a Stoat account, reset your password.".into(),
|
||||||
|
text: include_str!("../../templates/reset-existing.txt").into(),
|
||||||
|
url: format!("{}/login/reset/", config.hosts.app),
|
||||||
|
html: Some(include_str!("../../templates/reset-existing.html").into()),
|
||||||
|
},
|
||||||
|
deletion: Template {
|
||||||
|
title: "Confirm account deletion.".into(),
|
||||||
|
text: include_str!("../../templates/deletion.txt").into(),
|
||||||
|
url: format!("{}/delete/", config.hosts.app),
|
||||||
|
html: Some(include_str!("../../templates/deletion.html").into()),
|
||||||
|
},
|
||||||
|
suspension: Template {
|
||||||
|
title: "Account Suspension".to_string(),
|
||||||
|
html: Some(include_str!("../../templates/suspension.html").to_owned()),
|
||||||
|
text: include_str!("../../templates/suspension.txt").to_owned(),
|
||||||
|
url: Default::default(),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Templates {
|
||||||
|
verify: Template {
|
||||||
|
title: "Verify your account.".into(),
|
||||||
|
text: include_str!("../../templates/verify.whitelabel.txt").into(),
|
||||||
|
url: format!("{}/login/verify/", config.hosts.app),
|
||||||
|
html: None,
|
||||||
|
},
|
||||||
|
reset: Template {
|
||||||
|
title: "Reset your password.".into(),
|
||||||
|
text: include_str!("../../templates/reset.whitelabel.txt").into(),
|
||||||
|
url: format!("{}/login/reset/", config.hosts.app),
|
||||||
|
html: None,
|
||||||
|
},
|
||||||
|
reset_existing: Template {
|
||||||
|
title: "Reset your password.".into(),
|
||||||
|
text: include_str!("../../templates/reset.whitelabel.txt").into(),
|
||||||
|
url: format!("{}/login/reset/", config.hosts.app),
|
||||||
|
html: None,
|
||||||
|
},
|
||||||
|
deletion: Template {
|
||||||
|
title: "Confirm account deletion.".into(),
|
||||||
|
text: include_str!("../../templates/deletion.whitelabel.txt").into(),
|
||||||
|
url: format!("{}/delete/", config.hosts.app),
|
||||||
|
html: None,
|
||||||
|
},
|
||||||
|
suspension: Template {
|
||||||
|
title: "Account Suspension".to_string(),
|
||||||
|
text: include_str!("../../templates/suspension.whitelabel.txt").to_owned(),
|
||||||
|
url: Default::default(),
|
||||||
|
html: None,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Create SMTP transport
|
||||||
|
pub fn create_transport(smtp: &ApiSmtp) -> SmtpTransport {
|
||||||
|
let relay = if smtp.use_starttls == Some(true) {
|
||||||
|
SmtpTransport::starttls_relay(&smtp.host).unwrap()
|
||||||
|
} else {
|
||||||
|
SmtpTransport::relay(&smtp.host).unwrap()
|
||||||
|
};
|
||||||
|
|
||||||
|
let relay = if let Some(port) = smtp.port {
|
||||||
|
relay.port(port.try_into().unwrap())
|
||||||
|
} else {
|
||||||
|
relay
|
||||||
|
};
|
||||||
|
|
||||||
|
let relay = if smtp.use_tls == Some(false) {
|
||||||
|
relay.tls(Tls::None)
|
||||||
|
} else {
|
||||||
|
relay
|
||||||
|
};
|
||||||
|
|
||||||
|
relay
|
||||||
|
.credentials(Credentials::new(
|
||||||
|
smtp.username.clone(),
|
||||||
|
smtp.password.clone(),
|
||||||
|
))
|
||||||
|
.build()
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Render an email template
|
||||||
|
fn render_template(text: &str, variables: &handlebars::JsonValue) -> Result<String> {
|
||||||
|
HANDLEBARS
|
||||||
|
.render_template(text, variables)
|
||||||
|
.map_err(|_| create_error!(RenderFail))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Send an email
|
||||||
|
pub fn send_email(
|
||||||
|
smtp: &ApiSmtp,
|
||||||
|
address: String,
|
||||||
|
template: &Template,
|
||||||
|
variables: handlebars::JsonValue,
|
||||||
|
) -> Result<()> {
|
||||||
|
let m = lettre::Message::builder()
|
||||||
|
.from(smtp.from_address.parse().expect("valid `smtp_from`"))
|
||||||
|
.to(address.parse().expect("valid `smtp_to`"))
|
||||||
|
.subject(template.title.clone());
|
||||||
|
|
||||||
|
let m = if let Some(reply_to) = &smtp.reply_to {
|
||||||
|
m.reply_to(reply_to.parse().expect("valid `smtp_reply_to`"))
|
||||||
|
} else {
|
||||||
|
m
|
||||||
|
};
|
||||||
|
|
||||||
|
let text = render_template(&template.text, &variables).expect("valid `template`");
|
||||||
|
|
||||||
|
let m = if let Some(html) = &template.html {
|
||||||
|
m.multipart(lettre::message::MultiPart::alternative_plain_html(
|
||||||
|
text,
|
||||||
|
render_template(html, &variables).expect("valid `template`"),
|
||||||
|
))
|
||||||
|
} else {
|
||||||
|
m.body(text)
|
||||||
|
}
|
||||||
|
.expect("valid `message`");
|
||||||
|
|
||||||
|
use lettre::Transport;
|
||||||
|
let sender = create_transport(smtp);
|
||||||
|
|
||||||
|
match sender.send(&m) {
|
||||||
|
Ok(_) => Ok(()),
|
||||||
|
Err(error) => {
|
||||||
|
error!(
|
||||||
|
"Failed to send email to {}!\nlettre error: {}",
|
||||||
|
address, error
|
||||||
|
);
|
||||||
|
|
||||||
|
revolt_config::capture_error(&error);
|
||||||
|
|
||||||
|
Err(create_error!(EmailFailed))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn validate_email(email: &str) -> Result<()> {
|
||||||
|
// Make sure this is an actual email
|
||||||
|
if !validator::validate_email(email) {
|
||||||
|
return Err(create_error!(IncorrectData {
|
||||||
|
with: "email".to_string()
|
||||||
|
}));
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check if the email is blacklisted
|
||||||
|
if let Some(domain) = email.split('@').next_back() {
|
||||||
|
if REVOLT_SOURCE_LIST.contains(&domain.to_string()) {
|
||||||
|
return Err(create_error!(Blacklisted));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
56
crates/core/database/src/util/ip.rs
Normal file
56
crates/core/database/src/util/ip.rs
Normal file
@@ -0,0 +1,56 @@
|
|||||||
|
#[cfg(feature = "rocket-impl")]
|
||||||
|
pub mod rocket {
|
||||||
|
use revolt_config::config;
|
||||||
|
use rocket::Request;
|
||||||
|
|
||||||
|
pub fn to_ip(request: &'_ Request<'_>) -> String {
|
||||||
|
request
|
||||||
|
.client_ip()
|
||||||
|
.map(|x| x.to_string())
|
||||||
|
.unwrap_or_default()
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find the actual IP of the client
|
||||||
|
pub async fn to_real_ip(request: &'_ Request<'_>) -> String {
|
||||||
|
if config().await.api.security.trust_cloudflare {
|
||||||
|
request
|
||||||
|
.headers()
|
||||||
|
.get_one("CF-Connecting-IP")
|
||||||
|
.map(|x| x.to_string())
|
||||||
|
.unwrap_or_else(|| to_ip(request))
|
||||||
|
} else {
|
||||||
|
to_ip(request)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(feature = "axum-impl")]
|
||||||
|
pub mod axum {
|
||||||
|
use axum::{
|
||||||
|
extract::ConnectInfo,
|
||||||
|
http::request::Parts,
|
||||||
|
};
|
||||||
|
use revolt_config::config;
|
||||||
|
use std::net::SocketAddr;
|
||||||
|
|
||||||
|
pub fn to_ip(parts: &Parts) -> String {
|
||||||
|
parts
|
||||||
|
.extensions
|
||||||
|
.get::<ConnectInfo<SocketAddr>>()
|
||||||
|
.map(|info| info.ip().to_string())
|
||||||
|
.unwrap_or_default()
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Find the actual IP of the client
|
||||||
|
pub async fn to_real_ip(parts: &Parts) -> String {
|
||||||
|
if config().await.api.security.trust_cloudflare {
|
||||||
|
parts
|
||||||
|
.headers
|
||||||
|
.get("CF-Connecting-IP")
|
||||||
|
.map(|x| x.to_str().unwrap().to_string())
|
||||||
|
.unwrap_or_else(|| to_ip(parts))
|
||||||
|
} else {
|
||||||
|
to_ip(parts)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1,10 +1,17 @@
|
|||||||
pub mod acker;
|
pub mod acker;
|
||||||
pub mod bridge;
|
pub mod bridge;
|
||||||
pub mod bulk_permissions;
|
pub mod bulk_permissions;
|
||||||
|
pub mod captcha;
|
||||||
|
pub mod chunked;
|
||||||
|
pub mod email;
|
||||||
mod funcs;
|
mod funcs;
|
||||||
pub mod idempotency;
|
pub mod idempotency;
|
||||||
|
pub mod ip;
|
||||||
|
pub mod password;
|
||||||
pub mod permissions;
|
pub mod permissions;
|
||||||
pub mod reference;
|
pub mod reference;
|
||||||
|
pub mod shield;
|
||||||
pub mod test_fixtures;
|
pub mod test_fixtures;
|
||||||
|
|
||||||
pub use funcs::*;
|
pub use funcs::*;
|
||||||
|
pub use chunked::ChunkedDatabaseGenerator;
|
||||||
72
crates/core/database/src/util/password.rs
Normal file
72
crates/core/database/src/util/password.rs
Normal file
@@ -0,0 +1,72 @@
|
|||||||
|
use reqwest::Client;
|
||||||
|
use sha1::Digest;
|
||||||
|
use std::{collections::HashSet, sync::LazyLock};
|
||||||
|
|
||||||
|
use revolt_config::config;
|
||||||
|
use revolt_result::{Result, ToRevoltError};
|
||||||
|
|
||||||
|
static CLIENT: LazyLock<Client> = LazyLock::new(Client::new);
|
||||||
|
static ARGON_CONFIG: LazyLock<argon2::Config<'static>> = LazyLock::new(argon2::Config::default);
|
||||||
|
static TOP_100K_COMPROMISED: LazyLock<HashSet<String>> = LazyLock::new(|| {
|
||||||
|
include_str!("../../assets/pwned100k.txt")
|
||||||
|
.split('\n')
|
||||||
|
.map(|x| x.into())
|
||||||
|
.collect()
|
||||||
|
});
|
||||||
|
|
||||||
|
#[derive(Deserialize)]
|
||||||
|
struct EasyPwnedResult {
|
||||||
|
secure: bool,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Hash a password using argon2
|
||||||
|
pub fn hash_password(plaintext_password: String) -> Result<String> {
|
||||||
|
argon2::hash_encoded(
|
||||||
|
plaintext_password.as_bytes(),
|
||||||
|
nanoid::nanoid!(24).as_bytes(),
|
||||||
|
&ARGON_CONFIG,
|
||||||
|
)
|
||||||
|
.to_internal_error()
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn assert_safe(password: &str) -> Result<()> {
|
||||||
|
// Make sure the password is long enough.
|
||||||
|
if password.len() < 8 {
|
||||||
|
return Err(create_error!(ShortPassword));
|
||||||
|
}
|
||||||
|
|
||||||
|
let config = config().await;
|
||||||
|
|
||||||
|
if !config.api.security.easypwned.is_empty() {
|
||||||
|
let mut hasher = sha1::Sha1::new();
|
||||||
|
hasher.update(password);
|
||||||
|
let pwd_hash = hasher.finalize();
|
||||||
|
|
||||||
|
let result = match CLIENT
|
||||||
|
.get(format!(
|
||||||
|
"{}/hash/{pwd_hash:#02x}",
|
||||||
|
&config.api.security.easypwned
|
||||||
|
))
|
||||||
|
.send()
|
||||||
|
.await
|
||||||
|
{
|
||||||
|
Ok(response) => match response.json::<EasyPwnedResult>().await {
|
||||||
|
Ok(result) => Ok(result.secure),
|
||||||
|
Err(e) => Err(e),
|
||||||
|
},
|
||||||
|
Err(e) => Err(e),
|
||||||
|
};
|
||||||
|
|
||||||
|
if let Err(e) = &result {
|
||||||
|
revolt_config::capture_error(e);
|
||||||
|
} else if result.is_ok_and(|b| b) {
|
||||||
|
return Ok(());
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
if TOP_100K_COMPROMISED.contains(password) {
|
||||||
|
return Err(create_error!(CompromisedPassword));
|
||||||
|
};
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
118
crates/core/database/src/util/shield.rs
Normal file
118
crates/core/database/src/util/shield.rs
Normal file
@@ -0,0 +1,118 @@
|
|||||||
|
use reqwest::Client;
|
||||||
|
use revolt_config::config;
|
||||||
|
use revolt_result::Result;
|
||||||
|
use serde::{Deserialize, Serialize};
|
||||||
|
use std::{collections::HashMap, sync::LazyLock};
|
||||||
|
use crate::util::ip;
|
||||||
|
|
||||||
|
static CLIENT: LazyLock<Client> = LazyLock::new(Client::new);
|
||||||
|
|
||||||
|
#[derive(Serialize, Deserialize, Default, Debug)]
|
||||||
|
pub struct ShieldValidationInput {
|
||||||
|
/// Remote user IP
|
||||||
|
pub ip: Option<String>,
|
||||||
|
|
||||||
|
/// User provided email
|
||||||
|
pub email: Option<String>,
|
||||||
|
|
||||||
|
/// Request headers
|
||||||
|
pub headers: Option<HashMap<String, String>>,
|
||||||
|
|
||||||
|
/// Skip alerts and monitoring for this request
|
||||||
|
pub dry_run: bool,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Serialize, Deserialize)]
|
||||||
|
pub struct ValidationResult {
|
||||||
|
/// Whether this request was blocked
|
||||||
|
blocked: bool,
|
||||||
|
|
||||||
|
/// Reasons for the request being blocked
|
||||||
|
reasons: Vec<String>,
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn validate_shield(input: ShieldValidationInput) -> Result<()> {
|
||||||
|
let shield = config().await.api.security.shield;
|
||||||
|
|
||||||
|
if !shield.host.is_empty() {
|
||||||
|
if let Ok(response) = CLIENT
|
||||||
|
.post(format!("{}/validate", &shield.host))
|
||||||
|
.json(&input)
|
||||||
|
.header("Authorization", &shield.key)
|
||||||
|
.send()
|
||||||
|
.await
|
||||||
|
{
|
||||||
|
let result = response
|
||||||
|
.json::<ValidationResult>()
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_error!(InternalError))?;
|
||||||
|
|
||||||
|
if result.blocked {
|
||||||
|
return Err(create_error!(BlockedByShield));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(feature = "rocket-impl")]
|
||||||
|
#[async_trait]
|
||||||
|
impl<'r> rocket::request::FromRequest<'r> for ShieldValidationInput {
|
||||||
|
type Error = revolt_result::Error;
|
||||||
|
|
||||||
|
#[allow(clippy::collapsible_match)]
|
||||||
|
async fn from_request(
|
||||||
|
request: &'r rocket::Request<'_>,
|
||||||
|
) -> rocket::request::Outcome<Self, Self::Error> {
|
||||||
|
rocket::request::Outcome::Success(ShieldValidationInput {
|
||||||
|
ip: Some(ip::rocket::to_real_ip(request).await),
|
||||||
|
headers: Some(
|
||||||
|
request
|
||||||
|
.headers()
|
||||||
|
.iter()
|
||||||
|
.map(|entry| (entry.name.to_string(), entry.value.to_string()))
|
||||||
|
.collect(),
|
||||||
|
),
|
||||||
|
..Default::default()
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(feature = "rocket-impl")]
|
||||||
|
impl<'r> revolt_rocket_okapi::request::OpenApiFromRequest<'r> for ShieldValidationInput {
|
||||||
|
fn from_request_input(
|
||||||
|
_gen: &mut revolt_rocket_okapi::r#gen::OpenApiGenerator,
|
||||||
|
_name: String,
|
||||||
|
_required: bool,
|
||||||
|
) -> revolt_rocket_okapi::Result<revolt_rocket_okapi::request::RequestHeaderInput> {
|
||||||
|
Ok(revolt_rocket_okapi::request::RequestHeaderInput::None)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#[cfg(feature = "axum-impl")]
|
||||||
|
#[async_trait]
|
||||||
|
impl<S> axum::extract::FromRequestParts<S> for ShieldValidationInput {
|
||||||
|
type Rejection = axum::Json<revolt_result::Error> ;
|
||||||
|
|
||||||
|
async fn from_request_parts(
|
||||||
|
parts: &mut axum::http::request::Parts,
|
||||||
|
_state: &S,
|
||||||
|
) -> Result<Self, Self::Rejection> {
|
||||||
|
Ok(ShieldValidationInput {
|
||||||
|
ip: Some(ip::axum::to_real_ip(parts).await),
|
||||||
|
headers: Some(
|
||||||
|
parts
|
||||||
|
.headers
|
||||||
|
.iter()
|
||||||
|
.map(|(name, value)| {
|
||||||
|
(
|
||||||
|
name.to_string(),
|
||||||
|
value.to_str().map(|s| s.to_string()).unwrap_or_default(),
|
||||||
|
)
|
||||||
|
})
|
||||||
|
.collect(),
|
||||||
|
),
|
||||||
|
..Default::default()
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -41,6 +41,7 @@ iso8601-timestamp = { workspace = true, features = ["schema", "bson"] }
|
|||||||
# Spec Generation
|
# Spec Generation
|
||||||
schemars = { workspace = true, features = ["indexmap2"], optional = true }
|
schemars = { workspace = true, features = ["indexmap2"], optional = true }
|
||||||
utoipa = { workspace = true, optional = true }
|
utoipa = { workspace = true, optional = true }
|
||||||
|
serde_json = { workspace = true }
|
||||||
|
|
||||||
# Validation
|
# Validation
|
||||||
validator = { workspace = true, features = ["derive"], optional = true }
|
validator = { workspace = true, features = ["derive"], optional = true }
|
||||||
|
|||||||
70
crates/core/models/src/v0/accounts.rs
Normal file
70
crates/core/models/src/v0/accounts.rs
Normal file
@@ -0,0 +1,70 @@
|
|||||||
|
auto_derived!(
|
||||||
|
/// # Change Email Data
|
||||||
|
pub struct DataChangeEmail {
|
||||||
|
/// Valid email address
|
||||||
|
pub email: String,
|
||||||
|
/// Current password
|
||||||
|
pub current_password: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// # Change Data
|
||||||
|
pub struct DataChangePassword {
|
||||||
|
/// New password
|
||||||
|
pub password: String,
|
||||||
|
/// Current password
|
||||||
|
pub current_password: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// # Account Deletion Token
|
||||||
|
pub struct DataAccountDeletion {
|
||||||
|
/// Deletion token
|
||||||
|
pub token: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// # Account Data
|
||||||
|
pub struct DataCreateAccount {
|
||||||
|
/// Valid email address
|
||||||
|
pub email: String,
|
||||||
|
/// Password
|
||||||
|
pub password: String,
|
||||||
|
/// Invite code
|
||||||
|
pub invite: Option<String>,
|
||||||
|
/// Captcha verification code
|
||||||
|
pub captcha: Option<String>,
|
||||||
|
}
|
||||||
|
|
||||||
|
pub struct AccountInfo {
|
||||||
|
#[serde(rename = "_id")]
|
||||||
|
pub id: String,
|
||||||
|
pub email: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// # Password Reset
|
||||||
|
pub struct DataPasswordReset {
|
||||||
|
/// Reset token
|
||||||
|
pub token: String,
|
||||||
|
|
||||||
|
/// New password
|
||||||
|
pub password: String,
|
||||||
|
|
||||||
|
/// Whether to logout all sessions
|
||||||
|
#[serde(default)]
|
||||||
|
pub remove_sessions: bool,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// # Resend Information
|
||||||
|
pub struct DataResendVerification {
|
||||||
|
/// Email associated with the account
|
||||||
|
pub email: String,
|
||||||
|
/// Captcha verification code
|
||||||
|
pub captcha: Option<String>,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// # Reset Information
|
||||||
|
pub struct DataSendPasswordReset {
|
||||||
|
/// Email associated with the account
|
||||||
|
pub email: String,
|
||||||
|
/// Captcha verification code
|
||||||
|
pub captcha: Option<String>,
|
||||||
|
}
|
||||||
|
);
|
||||||
68
crates/core/models/src/v0/mfa_tickets.rs
Normal file
68
crates/core/models/src/v0/mfa_tickets.rs
Normal file
@@ -0,0 +1,68 @@
|
|||||||
|
auto_derived!(
|
||||||
|
pub struct MFATicket {
|
||||||
|
/// Unique Id
|
||||||
|
#[serde(rename = "_id")]
|
||||||
|
pub id: String,
|
||||||
|
|
||||||
|
/// Account Id
|
||||||
|
pub account_id: String,
|
||||||
|
|
||||||
|
/// Unique Token
|
||||||
|
pub token: String,
|
||||||
|
|
||||||
|
/// Whether this ticket has been validated
|
||||||
|
/// (can be used for account actions)
|
||||||
|
pub validated: bool,
|
||||||
|
|
||||||
|
/// Whether this ticket is authorised
|
||||||
|
/// (can be used to log a user in)
|
||||||
|
pub authorised: bool,
|
||||||
|
|
||||||
|
/// TOTP code at time of ticket creation
|
||||||
|
pub last_totp_code: Option<String>,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[serde(untagged)]
|
||||||
|
pub enum ResponseVerify {
|
||||||
|
NoTicket,
|
||||||
|
WithTicket {
|
||||||
|
/// Authorised MFA ticket, can be used to log in
|
||||||
|
ticket: MFATicket,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
/// MFA response
|
||||||
|
#[serde(untagged)]
|
||||||
|
pub enum MFAResponse {
|
||||||
|
Password { password: String },
|
||||||
|
Recovery { recovery_code: String },
|
||||||
|
Totp { totp_code: String },
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Default)]
|
||||||
|
pub struct MultiFactorStatus {
|
||||||
|
#[serde(skip_serializing_if = "crate::if_false", default)]
|
||||||
|
pub email_otp: bool,
|
||||||
|
#[serde(skip_serializing_if = "crate::if_false", default)]
|
||||||
|
pub trusted_handover: bool,
|
||||||
|
#[serde(skip_serializing_if = "crate::if_false", default)]
|
||||||
|
pub email_mfa: bool,
|
||||||
|
#[serde(skip_serializing_if = "crate::if_false", default)]
|
||||||
|
pub totp_mfa: bool,
|
||||||
|
#[serde(skip_serializing_if = "crate::if_false", default)]
|
||||||
|
pub security_key_mfa: bool,
|
||||||
|
#[serde(skip_serializing_if = "crate::if_false", default)]
|
||||||
|
pub recovery_active: bool,
|
||||||
|
}
|
||||||
|
|
||||||
|
pub enum MFAMethod {
|
||||||
|
Password,
|
||||||
|
Recovery,
|
||||||
|
Totp,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// # Totp Secret
|
||||||
|
pub struct ResponseTotpSecret {
|
||||||
|
pub secret: String,
|
||||||
|
}
|
||||||
|
);
|
||||||
@@ -14,6 +14,9 @@ mod server_members;
|
|||||||
mod servers;
|
mod servers;
|
||||||
mod user_settings;
|
mod user_settings;
|
||||||
mod users;
|
mod users;
|
||||||
|
mod accounts;
|
||||||
|
mod mfa_tickets;
|
||||||
|
mod sessions;
|
||||||
|
|
||||||
pub use bots::*;
|
pub use bots::*;
|
||||||
pub use channel_invites::*;
|
pub use channel_invites::*;
|
||||||
@@ -31,3 +34,6 @@ pub use server_members::*;
|
|||||||
pub use servers::*;
|
pub use servers::*;
|
||||||
pub use user_settings::*;
|
pub use user_settings::*;
|
||||||
pub use users::*;
|
pub use users::*;
|
||||||
|
pub use accounts::*;
|
||||||
|
pub use mfa_tickets::*;
|
||||||
|
pub use sessions::*;
|
||||||
88
crates/core/models/src/v0/sessions.rs
Normal file
88
crates/core/models/src/v0/sessions.rs
Normal file
@@ -0,0 +1,88 @@
|
|||||||
|
use iso8601_timestamp::Timestamp;
|
||||||
|
|
||||||
|
use crate::v0::{MFAMethod, MFAResponse};
|
||||||
|
|
||||||
|
auto_derived!(
|
||||||
|
pub struct Session {
|
||||||
|
/// Unique Id
|
||||||
|
#[serde(rename = "_id")]
|
||||||
|
pub id: String,
|
||||||
|
|
||||||
|
/// User Id
|
||||||
|
pub user_id: String,
|
||||||
|
|
||||||
|
/// Session token
|
||||||
|
pub token: String,
|
||||||
|
|
||||||
|
/// Display name
|
||||||
|
pub name: String,
|
||||||
|
|
||||||
|
/// When the session was last logged in
|
||||||
|
pub last_seen: Timestamp,
|
||||||
|
|
||||||
|
/// Where the session is originating from
|
||||||
|
#[serde(skip_serializing_if = "Option::is_none")]
|
||||||
|
pub origin: Option<String>,
|
||||||
|
|
||||||
|
/// Web Push subscription
|
||||||
|
#[serde(skip_serializing_if = "Option::is_none")]
|
||||||
|
pub subscription: Option<WebPushSubscription>,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Web Push subscription
|
||||||
|
pub struct WebPushSubscription {
|
||||||
|
pub endpoint: String,
|
||||||
|
pub p256dh: String,
|
||||||
|
pub auth: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// # Edit Data
|
||||||
|
pub struct DataEditSession {
|
||||||
|
/// Session friendly name
|
||||||
|
pub friendly_name: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
pub struct SessionInfo {
|
||||||
|
#[serde(rename = "_id")]
|
||||||
|
pub id: String,
|
||||||
|
pub name: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// # Login Data
|
||||||
|
#[serde(untagged)]
|
||||||
|
pub enum DataLogin {
|
||||||
|
Email {
|
||||||
|
/// Email
|
||||||
|
email: String,
|
||||||
|
/// Password
|
||||||
|
password: String,
|
||||||
|
/// Friendly name used for the session
|
||||||
|
friendly_name: Option<String>,
|
||||||
|
},
|
||||||
|
MFA {
|
||||||
|
/// Unvalidated or authorised MFA ticket
|
||||||
|
///
|
||||||
|
/// Used to resolve the correct account
|
||||||
|
mfa_ticket: String,
|
||||||
|
/// Valid MFA response
|
||||||
|
///
|
||||||
|
/// This will take precedence over the `password` field where applicable
|
||||||
|
mfa_response: Option<MFAResponse>,
|
||||||
|
/// Friendly name used for the session
|
||||||
|
friendly_name: Option<String>,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
#[serde(tag = "result")]
|
||||||
|
pub enum ResponseLogin {
|
||||||
|
Success(Session),
|
||||||
|
MFA {
|
||||||
|
ticket: String,
|
||||||
|
allowed_methods: Vec<MFAMethod>,
|
||||||
|
},
|
||||||
|
Disabled {
|
||||||
|
user_id: String,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
);
|
||||||
@@ -28,7 +28,6 @@ revolt_rocket_okapi = { workspace = true, optional = true }
|
|||||||
axum = { workspace = true, optional = true, features = ["macros"] }
|
axum = { workspace = true, optional = true, features = ["macros"] }
|
||||||
|
|
||||||
serde = { workspace = true }
|
serde = { workspace = true }
|
||||||
authifier = { workspace = true }
|
|
||||||
dashmap = { workspace = true }
|
dashmap = { workspace = true }
|
||||||
async-trait = { workspace = true }
|
async-trait = { workspace = true }
|
||||||
log = { workspace = true }
|
log = { workspace = true }
|
||||||
|
|||||||
@@ -1,17 +1,14 @@
|
|||||||
use std::net::SocketAddr;
|
|
||||||
|
|
||||||
use async_trait::async_trait;
|
use async_trait::async_trait;
|
||||||
use axum::{
|
use axum::{
|
||||||
Json, RequestPartsExt, Router,
|
Json, RequestPartsExt, Router,
|
||||||
body::Body,
|
body::Body,
|
||||||
extract::{ConnectInfo, FromRef, FromRequestParts, State},
|
extract::{FromRef, FromRequestParts, State},
|
||||||
http::{HeaderValue, Request, StatusCode, request::Parts},
|
http::{HeaderValue, Request, StatusCode, request::Parts},
|
||||||
middleware::Next,
|
middleware::Next,
|
||||||
response::{IntoResponse, Response},
|
response::{IntoResponse, Response},
|
||||||
routing::get,
|
routing::get,
|
||||||
};
|
};
|
||||||
use revolt_database::{Database, User};
|
use revolt_database::{Database, User, util::ip::axum::to_real_ip};
|
||||||
use revolt_config::config;
|
|
||||||
|
|
||||||
use crate::ratelimiter::{RatelimitInformation, Ratelimiter, RequestKind};
|
use crate::ratelimiter::{RatelimitInformation, Ratelimiter, RequestKind};
|
||||||
|
|
||||||
@@ -24,26 +21,6 @@ impl RequestKind for AxumRequestKind {
|
|||||||
|
|
||||||
pub type RatelimitStorage = crate::ratelimiter::RatelimitStorage<AxumRequestKind>;
|
pub type RatelimitStorage = crate::ratelimiter::RatelimitStorage<AxumRequestKind>;
|
||||||
|
|
||||||
fn to_ip(parts: &Parts) -> String {
|
|
||||||
parts
|
|
||||||
.extensions
|
|
||||||
.get::<ConnectInfo<SocketAddr>>()
|
|
||||||
.map(|info| info.ip().to_string())
|
|
||||||
.unwrap_or_default()
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn to_real_ip(parts: &Parts) -> String {
|
|
||||||
if config().await.api.security.trust_cloudflare {
|
|
||||||
parts
|
|
||||||
.headers
|
|
||||||
.get("CF-Connecting-IP")
|
|
||||||
.map(|x| x.to_str().unwrap().to_string())
|
|
||||||
.unwrap_or_else(|| to_ip(parts))
|
|
||||||
} else {
|
|
||||||
to_ip(parts)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[async_trait]
|
#[async_trait]
|
||||||
impl<S: Send + Sync> FromRequestParts<S> for Ratelimiter
|
impl<S: Send + Sync> FromRequestParts<S> for Ratelimiter
|
||||||
where
|
where
|
||||||
|
|||||||
@@ -1,6 +1,5 @@
|
|||||||
use async_trait::async_trait;
|
use async_trait::async_trait;
|
||||||
use log::info;
|
use log::info;
|
||||||
use revolt_config::config;
|
|
||||||
use rocket::fairing::{Fairing, Info, Kind};
|
use rocket::fairing::{Fairing, Info, Kind};
|
||||||
use rocket::http::uri::Origin;
|
use rocket::http::uri::Origin;
|
||||||
use rocket::http::{Method, Status};
|
use rocket::http::{Method, Status};
|
||||||
@@ -10,8 +9,7 @@ use rocket::{Data, Request, Response, State};
|
|||||||
|
|
||||||
use revolt_rocket_okapi::r#gen::OpenApiGenerator;
|
use revolt_rocket_okapi::r#gen::OpenApiGenerator;
|
||||||
use revolt_rocket_okapi::request::{OpenApiFromRequest, RequestHeaderInput};
|
use revolt_rocket_okapi::request::{OpenApiFromRequest, RequestHeaderInput};
|
||||||
|
use revolt_database::{Session, util::ip::rocket::to_real_ip};
|
||||||
use authifier::models::Session;
|
|
||||||
|
|
||||||
use crate::ratelimiter::RequestKind;
|
use crate::ratelimiter::RequestKind;
|
||||||
use crate::ratelimiter::{RatelimitInformation, Ratelimiter};
|
use crate::ratelimiter::{RatelimitInformation, Ratelimiter};
|
||||||
@@ -25,27 +23,6 @@ impl RequestKind for RocketRequestKind {
|
|||||||
|
|
||||||
pub type RatelimitStorage = crate::ratelimiter::RatelimitStorage<RocketRequestKind>;
|
pub type RatelimitStorage = crate::ratelimiter::RatelimitStorage<RocketRequestKind>;
|
||||||
|
|
||||||
/// Find the remote IP of the client
|
|
||||||
fn to_ip(request: &'_ rocket::Request<'_>) -> String {
|
|
||||||
request
|
|
||||||
.client_ip()
|
|
||||||
.map(|r| r.to_string())
|
|
||||||
.unwrap_or_default()
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Find the actual IP of the client
|
|
||||||
async fn to_real_ip(request: &'_ rocket::Request<'_>) -> String {
|
|
||||||
if config().await.api.security.trust_cloudflare {
|
|
||||||
request
|
|
||||||
.headers()
|
|
||||||
.get_one("CF-Connecting-IP")
|
|
||||||
.map(|x| x.to_string())
|
|
||||||
.unwrap_or_else(|| to_ip(request))
|
|
||||||
} else {
|
|
||||||
to_ip(request)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[async_trait]
|
#[async_trait]
|
||||||
impl<'r> FromRequest<'r> for Ratelimiter {
|
impl<'r> FromRequest<'r> for Ratelimiter {
|
||||||
type Error = Ratelimiter;
|
type Error = Ratelimiter;
|
||||||
|
|||||||
@@ -1,4 +1,8 @@
|
|||||||
use axum::{http::StatusCode, response::IntoResponse, Json};
|
use axum::{
|
||||||
|
http::{header, StatusCode},
|
||||||
|
response::IntoResponse,
|
||||||
|
Json,
|
||||||
|
};
|
||||||
|
|
||||||
use crate::{Error, ErrorType};
|
use crate::{Error, ErrorType};
|
||||||
|
|
||||||
@@ -93,6 +97,29 @@ impl IntoResponse for Error {
|
|||||||
ErrorType::FileTypeNotAllowed => StatusCode::BAD_REQUEST,
|
ErrorType::FileTypeNotAllowed => StatusCode::BAD_REQUEST,
|
||||||
ErrorType::ImageProcessingFailed => StatusCode::INTERNAL_SERVER_ERROR,
|
ErrorType::ImageProcessingFailed => StatusCode::INTERNAL_SERVER_ERROR,
|
||||||
ErrorType::NoEmbedData => StatusCode::BAD_REQUEST,
|
ErrorType::NoEmbedData => StatusCode::BAD_REQUEST,
|
||||||
|
ErrorType::RenderFail => StatusCode::INTERNAL_SERVER_ERROR,
|
||||||
|
ErrorType::MissingHeaders => StatusCode::BAD_REQUEST,
|
||||||
|
ErrorType::CaptchaFailed => StatusCode::BAD_REQUEST,
|
||||||
|
ErrorType::BlockedByShield => StatusCode::BAD_REQUEST,
|
||||||
|
ErrorType::UnverifiedAccount => StatusCode::FORBIDDEN,
|
||||||
|
ErrorType::EmailFailed => StatusCode::INTERNAL_SERVER_ERROR,
|
||||||
|
ErrorType::InvalidToken => StatusCode::UNAUTHORIZED,
|
||||||
|
ErrorType::MissingInvite => StatusCode::BAD_REQUEST,
|
||||||
|
ErrorType::InvalidInvite => StatusCode::BAD_REQUEST,
|
||||||
|
ErrorType::CompromisedPassword => StatusCode::BAD_REQUEST,
|
||||||
|
ErrorType::ShortPassword => StatusCode::BAD_REQUEST,
|
||||||
|
ErrorType::Blacklisted => {
|
||||||
|
return (
|
||||||
|
StatusCode::UNAUTHORIZED,
|
||||||
|
[(header::CONTENT_TYPE, "application/json")],
|
||||||
|
"{\"type\":\"DisallowedContactSupport\", \"note\":\"If you see this messages right here, you're probably doing something you shouldn't be.\"}"
|
||||||
|
).into_response()
|
||||||
|
}
|
||||||
|
ErrorType::LockedOut => StatusCode::FORBIDDEN,
|
||||||
|
ErrorType::TotpAlreadyEnabled => StatusCode::BAD_REQUEST,
|
||||||
|
ErrorType::DisallowedMFAMethod => StatusCode::BAD_REQUEST,
|
||||||
|
ErrorType::OperationFailed => StatusCode::INTERNAL_SERVER_ERROR,
|
||||||
|
ErrorType::IncorrectData { .. } => StatusCode::BAD_REQUEST,
|
||||||
};
|
};
|
||||||
|
|
||||||
(status, Json(&self)).into_response()
|
(status, Json(&self)).into_response()
|
||||||
|
|||||||
@@ -164,6 +164,10 @@ pub enum ErrorType {
|
|||||||
FailedValidation {
|
FailedValidation {
|
||||||
error: String,
|
error: String,
|
||||||
},
|
},
|
||||||
|
OperationFailed,
|
||||||
|
IncorrectData {
|
||||||
|
with: String,
|
||||||
|
},
|
||||||
|
|
||||||
// ? Voice errors
|
// ? Voice errors
|
||||||
LiveKitUnavailable,
|
LiveKitUnavailable,
|
||||||
@@ -188,6 +192,25 @@ pub enum ErrorType {
|
|||||||
FeatureDisabled {
|
FeatureDisabled {
|
||||||
feature: String,
|
feature: String,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
// ? Authentication
|
||||||
|
RenderFail,
|
||||||
|
MissingHeaders,
|
||||||
|
CaptchaFailed,
|
||||||
|
BlockedByShield,
|
||||||
|
UnverifiedAccount,
|
||||||
|
EmailFailed,
|
||||||
|
InvalidToken,
|
||||||
|
MissingInvite,
|
||||||
|
InvalidInvite,
|
||||||
|
|
||||||
|
CompromisedPassword,
|
||||||
|
ShortPassword,
|
||||||
|
Blacklisted,
|
||||||
|
LockedOut,
|
||||||
|
|
||||||
|
TotpAlreadyEnabled,
|
||||||
|
DisallowedMFAMethod,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[macro_export]
|
#[macro_export]
|
||||||
|
|||||||
@@ -99,6 +99,32 @@ impl<'r> Responder<'r, 'static> for Error {
|
|||||||
ErrorType::ImageProcessingFailed => Status::InternalServerError,
|
ErrorType::ImageProcessingFailed => Status::InternalServerError,
|
||||||
ErrorType::NoEmbedData => Status::BadRequest,
|
ErrorType::NoEmbedData => Status::BadRequest,
|
||||||
ErrorType::VosoUnavailable => Status::BadRequest,
|
ErrorType::VosoUnavailable => Status::BadRequest,
|
||||||
|
|
||||||
|
ErrorType::RenderFail => Status::InternalServerError,
|
||||||
|
ErrorType::MissingHeaders => Status::BadRequest,
|
||||||
|
ErrorType::CaptchaFailed => Status::BadRequest,
|
||||||
|
ErrorType::BlockedByShield => Status::BadRequest,
|
||||||
|
ErrorType::UnverifiedAccount => Status::Forbidden,
|
||||||
|
ErrorType::EmailFailed => Status::InternalServerError,
|
||||||
|
ErrorType::InvalidToken => Status::Unauthorized,
|
||||||
|
ErrorType::MissingInvite => Status::BadRequest,
|
||||||
|
ErrorType::InvalidInvite => Status::BadRequest,
|
||||||
|
ErrorType::CompromisedPassword => Status::BadRequest,
|
||||||
|
ErrorType::ShortPassword => Status::BadRequest,
|
||||||
|
ErrorType::Blacklisted => {
|
||||||
|
// Fail blacklisted email addresses.
|
||||||
|
const RESP: &str = "{\"type\":\"DisallowedContactSupport\", \"note\":\"If you see this messages right here, you're probably doing something you shouldn't be.\"}";
|
||||||
|
|
||||||
|
return Response::build()
|
||||||
|
.status(Status::Unauthorized)
|
||||||
|
.sized_body(RESP.len(), std::io::Cursor::new(RESP))
|
||||||
|
.ok();
|
||||||
|
}
|
||||||
|
ErrorType::LockedOut => Status::Forbidden,
|
||||||
|
ErrorType::TotpAlreadyEnabled => Status::BadRequest,
|
||||||
|
ErrorType::DisallowedMFAMethod => Status::BadRequest,
|
||||||
|
ErrorType::OperationFailed => Status::InternalServerError,
|
||||||
|
ErrorType::IncorrectData { .. } => Status::BadRequest,
|
||||||
};
|
};
|
||||||
|
|
||||||
// Serialize the error data structure into JSON.
|
// Serialize the error data structure into JSON.
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ log = { workspace = true }
|
|||||||
|
|
||||||
# Async
|
# Async
|
||||||
tokio = { workspace = true }
|
tokio = { workspace = true }
|
||||||
|
futures = { workspace = true }
|
||||||
|
|
||||||
# Redis
|
# Redis
|
||||||
redis-kiss = { workspace = true }
|
redis-kiss = { workspace = true }
|
||||||
|
|||||||
@@ -1,23 +1,51 @@
|
|||||||
use revolt_config::configure;
|
use std::{future::Future, panic::AssertUnwindSafe, time::Duration};
|
||||||
use revolt_database::{DatabaseInfo, AMQP};
|
|
||||||
|
use futures::FutureExt;
|
||||||
|
use revolt_config::{capture_error, configure};
|
||||||
|
use revolt_database::{Database, DatabaseInfo, AMQP};
|
||||||
use revolt_result::Result;
|
use revolt_result::Result;
|
||||||
use tasks::{acks, file_deletion, prune_dangling_files, prune_members};
|
use tasks::*;
|
||||||
use tokio::try_join;
|
use tokio::{join, time::sleep};
|
||||||
|
|
||||||
pub mod tasks;
|
pub mod tasks;
|
||||||
|
|
||||||
|
pub async fn cron_task_wrapper<Fut: Future<Output = Result<()>>>(
|
||||||
|
func: fn(Database, AMQP) -> Fut,
|
||||||
|
db: Database,
|
||||||
|
amqp: AMQP,
|
||||||
|
) {
|
||||||
|
loop {
|
||||||
|
let wrapper = AssertUnwindSafe(func(db.clone(), amqp.clone()));
|
||||||
|
|
||||||
|
match wrapper.catch_unwind().await {
|
||||||
|
Ok(Ok(())) => {
|
||||||
|
log::error!("cron unexpectedly finshed, Retrying after 60s");
|
||||||
|
}
|
||||||
|
Ok(Err(error)) => {
|
||||||
|
log::error!("cron task failed unexpectedly: {error:?}\nRetrying after 60s");
|
||||||
|
capture_error(&error);
|
||||||
|
}
|
||||||
|
_ => {
|
||||||
|
log::error!("cron task failed unexpectedly\nRetrying after 60s");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
sleep(Duration::from_secs(60)).await;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[tokio::main]
|
#[tokio::main]
|
||||||
async fn main() -> Result<()> {
|
async fn main() {
|
||||||
configure!(crond);
|
configure!(crond);
|
||||||
|
|
||||||
let db = DatabaseInfo::Auto.connect().await.expect("database");
|
let db = DatabaseInfo::Auto.connect().await.expect("database");
|
||||||
let amqp = AMQP::new_auto().await;
|
let amqp = AMQP::new_auto().await;
|
||||||
|
|
||||||
try_join!(
|
join!(
|
||||||
file_deletion::task(db.clone()),
|
cron_task_wrapper(file_deletion::task, db.clone(), amqp.clone()),
|
||||||
prune_dangling_files::task(db.clone()),
|
cron_task_wrapper(prune_dangling_files::task, db.clone(), amqp.clone()),
|
||||||
prune_members::task(db.clone()),
|
cron_task_wrapper(prune_members::task, db.clone(), amqp.clone()),
|
||||||
acks::task(db.clone(), amqp.clone()),
|
cron_task_wrapper(delete_accounts::task, db.clone(), amqp.clone()),
|
||||||
)
|
cron_task_wrapper(acks::task, db.clone(), amqp.clone()),
|
||||||
.map(|_| ())
|
);
|
||||||
}
|
}
|
||||||
|
|||||||
23
crates/daemons/crond/src/tasks/delete_accounts.rs
Normal file
23
crates/daemons/crond/src/tasks/delete_accounts.rs
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
use std::time::Duration;
|
||||||
|
|
||||||
|
use revolt_database::Database;
|
||||||
|
use revolt_result::Result;
|
||||||
|
use tokio::time::sleep;
|
||||||
|
|
||||||
|
pub async fn task(db: Database, _: revolt_database::AMQP) -> Result<()> {
|
||||||
|
loop {
|
||||||
|
let accounts = db.fetch_accounts_due_for_deletion().await?;
|
||||||
|
let count = accounts.len();
|
||||||
|
|
||||||
|
for mut account in accounts {
|
||||||
|
let mut user = db.fetch_user(&account.id).await?;
|
||||||
|
|
||||||
|
user.delete(&db).await?;
|
||||||
|
account.mark_deleted(&db).await?;
|
||||||
|
}
|
||||||
|
|
||||||
|
log::info!("Deleted {count} accounts.");
|
||||||
|
|
||||||
|
sleep(Duration::from_hours(1)).await
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -6,21 +6,17 @@ use revolt_files::delete_from_s3;
|
|||||||
use revolt_result::Result;
|
use revolt_result::Result;
|
||||||
use tokio::time::sleep;
|
use tokio::time::sleep;
|
||||||
|
|
||||||
pub async fn task(db: Database) -> Result<()> {
|
pub async fn task(db: Database, _: revolt_database::AMQP) -> Result<()> {
|
||||||
loop {
|
loop {
|
||||||
let files = db.fetch_deleted_attachments().await?;
|
let files = db.fetch_deleted_attachments().await?;
|
||||||
|
|
||||||
for file in files {
|
for file in files {
|
||||||
if let Some(hash) = &file.hash {
|
if let Some(hash) = &file.hash {
|
||||||
let count = db
|
let count = db.count_file_hash_references(hash).await?;
|
||||||
.count_file_hash_references(hash)
|
|
||||||
.await?;
|
|
||||||
|
|
||||||
// No other files reference this file on disk anymore
|
// No other files reference this file on disk anymore
|
||||||
if count <= 1 {
|
if count <= 1 {
|
||||||
let file_hash = db
|
let file_hash = db.fetch_attachment_hash(hash).await?;
|
||||||
.fetch_attachment_hash(hash)
|
|
||||||
.await?;
|
|
||||||
|
|
||||||
// Delete from S3
|
// Delete from S3
|
||||||
delete_from_s3(&file_hash.bucket_id, &file_hash.path).await?;
|
delete_from_s3(&file_hash.bucket_id, &file_hash.path).await?;
|
||||||
|
|||||||
@@ -1,4 +1,6 @@
|
|||||||
|
pub mod delete_accounts;
|
||||||
pub mod acks;
|
pub mod acks;
|
||||||
pub mod file_deletion;
|
pub mod file_deletion;
|
||||||
pub mod prune_dangling_files;
|
pub mod prune_dangling_files;
|
||||||
pub mod prune_members;
|
pub mod prune_members;
|
||||||
|
pub mod prune_mfa_tickets;
|
||||||
|
|||||||
@@ -6,7 +6,7 @@ use tokio::time::sleep;
|
|||||||
|
|
||||||
use log::info;
|
use log::info;
|
||||||
|
|
||||||
pub async fn task(db: Database) -> Result<()> {
|
pub async fn task(db: Database, _: revolt_database::AMQP) -> Result<()> {
|
||||||
loop {
|
loop {
|
||||||
// This could just be a single database query
|
// This could just be a single database query
|
||||||
// ... but timestamps are inconsistently serialised
|
// ... but timestamps are inconsistently serialised
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ use revolt_database::Database;
|
|||||||
use revolt_result::Result;
|
use revolt_result::Result;
|
||||||
use tokio::time::sleep;
|
use tokio::time::sleep;
|
||||||
|
|
||||||
pub async fn task(db: Database) -> Result<()> {
|
pub async fn task(db: Database, _: revolt_database::AMQP) -> Result<()> {
|
||||||
loop {
|
loop {
|
||||||
let success = db.remove_dangling_members().await;
|
let success = db.remove_dangling_members().await;
|
||||||
if let Err(s) = success {
|
if let Err(s) = success {
|
||||||
|
|||||||
14
crates/daemons/crond/src/tasks/prune_mfa_tickets.rs
Normal file
14
crates/daemons/crond/src/tasks/prune_mfa_tickets.rs
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
use std::time::Duration;
|
||||||
|
|
||||||
|
use revolt_database::Database;
|
||||||
|
use revolt_result::Result;
|
||||||
|
use tokio::time::sleep;
|
||||||
|
|
||||||
|
pub async fn task(db: Database) -> Result<()> {
|
||||||
|
loop {
|
||||||
|
let count = db.delete_expired_tickets().await?;
|
||||||
|
log::info!("Pruned {count} expired MFA tickets");
|
||||||
|
|
||||||
|
sleep(Duration::from_mins(5)).await
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -25,8 +25,6 @@ tokio = { workspace = true }
|
|||||||
async-trait = { workspace = true }
|
async-trait = { workspace = true }
|
||||||
ulid = { workspace = true }
|
ulid = { workspace = true }
|
||||||
|
|
||||||
authifier = { workspace = true }
|
|
||||||
|
|
||||||
log = { workspace = true }
|
log = { workspace = true }
|
||||||
pretty_env_logger = { workspace = true }
|
pretty_env_logger = { workspace = true }
|
||||||
|
|
||||||
|
|||||||
@@ -10,7 +10,6 @@ use revolt_database::{events::rabbit::*, Database};
|
|||||||
#[allow(unused)]
|
#[allow(unused)]
|
||||||
pub struct AckConsumer {
|
pub struct AckConsumer {
|
||||||
db: Database,
|
db: Database,
|
||||||
authifier_db: authifier::Database,
|
|
||||||
connection: Arc<Connection>,
|
connection: Arc<Connection>,
|
||||||
channel: Arc<Channel>,
|
channel: Arc<Channel>,
|
||||||
}
|
}
|
||||||
@@ -19,13 +18,11 @@ pub struct AckConsumer {
|
|||||||
impl Consumer for AckConsumer {
|
impl Consumer for AckConsumer {
|
||||||
async fn create(
|
async fn create(
|
||||||
db: Database,
|
db: Database,
|
||||||
authifier_db: authifier::Database,
|
|
||||||
connection: Arc<Connection>,
|
connection: Arc<Connection>,
|
||||||
channel: Arc<Channel>,
|
channel: Arc<Channel>,
|
||||||
) -> Self {
|
) -> Self {
|
||||||
Self {
|
Self {
|
||||||
db,
|
db,
|
||||||
authifier_db,
|
|
||||||
connection,
|
connection,
|
||||||
channel,
|
channel,
|
||||||
}
|
}
|
||||||
@@ -58,7 +55,7 @@ impl Consumer for AckConsumer {
|
|||||||
return Ok(());
|
return Ok(());
|
||||||
};
|
};
|
||||||
|
|
||||||
if let Ok(sessions) = self.authifier_db.find_sessions(&payload.user_id).await {
|
if let Ok(sessions) = self.db.fetch_sessions(&payload.user_id).await {
|
||||||
let config = revolt_config::config().await;
|
let config = revolt_config::config().await;
|
||||||
// Step 2: find any apple sessions, since we don't need to calculate this for anything else.
|
// Step 2: find any apple sessions, since we don't need to calculate this for anything else.
|
||||||
// If there's no apple sessions, we can return early
|
// If there's no apple sessions, we can return early
|
||||||
|
|||||||
@@ -11,7 +11,6 @@ use revolt_database::{events::rabbit::*, Database};
|
|||||||
#[allow(unused)]
|
#[allow(unused)]
|
||||||
pub struct DmCallConsumer {
|
pub struct DmCallConsumer {
|
||||||
db: Database,
|
db: Database,
|
||||||
authifier_db: authifier::Database,
|
|
||||||
connection: Arc<Connection>,
|
connection: Arc<Connection>,
|
||||||
channel: Arc<Channel>,
|
channel: Arc<Channel>,
|
||||||
}
|
}
|
||||||
@@ -20,13 +19,11 @@ pub struct DmCallConsumer {
|
|||||||
impl Consumer for DmCallConsumer {
|
impl Consumer for DmCallConsumer {
|
||||||
async fn create(
|
async fn create(
|
||||||
db: Database,
|
db: Database,
|
||||||
authifier_db: authifier::Database,
|
|
||||||
connection: Arc<Connection>,
|
connection: Arc<Connection>,
|
||||||
channel: Arc<Channel>,
|
channel: Arc<Channel>,
|
||||||
) -> Self {
|
) -> Self {
|
||||||
Self {
|
Self {
|
||||||
db,
|
db,
|
||||||
authifier_db,
|
|
||||||
connection,
|
connection,
|
||||||
channel,
|
channel,
|
||||||
}
|
}
|
||||||
@@ -70,7 +67,7 @@ impl Consumer for DmCallConsumer {
|
|||||||
let config = revolt_config::config().await;
|
let config = revolt_config::config().await;
|
||||||
|
|
||||||
for user_id in call_recipients {
|
for user_id in call_recipients {
|
||||||
if let Ok(sessions) = self.authifier_db.find_sessions(&user_id).await {
|
if let Ok(sessions) = self.db.fetch_sessions(&user_id).await {
|
||||||
for session in sessions {
|
for session in sessions {
|
||||||
if let Some(sub) = session.subscription {
|
if let Some(sub) = session.subscription {
|
||||||
let mut sendable = PayloadToService {
|
let mut sendable = PayloadToService {
|
||||||
|
|||||||
@@ -11,7 +11,6 @@ use revolt_database::{events::rabbit::*, Database};
|
|||||||
#[allow(unused)]
|
#[allow(unused)]
|
||||||
pub struct FRAcceptedConsumer {
|
pub struct FRAcceptedConsumer {
|
||||||
db: Database,
|
db: Database,
|
||||||
authifier_db: authifier::Database,
|
|
||||||
connection: Arc<Connection>,
|
connection: Arc<Connection>,
|
||||||
channel: Arc<Channel>,
|
channel: Arc<Channel>,
|
||||||
}
|
}
|
||||||
@@ -20,13 +19,11 @@ pub struct FRAcceptedConsumer {
|
|||||||
impl Consumer for FRAcceptedConsumer {
|
impl Consumer for FRAcceptedConsumer {
|
||||||
async fn create(
|
async fn create(
|
||||||
db: Database,
|
db: Database,
|
||||||
authifier_db: authifier::Database,
|
|
||||||
connection: Arc<Connection>,
|
connection: Arc<Connection>,
|
||||||
channel: Arc<Channel>,
|
channel: Arc<Channel>,
|
||||||
) -> Self {
|
) -> Self {
|
||||||
Self {
|
Self {
|
||||||
db,
|
db,
|
||||||
authifier_db,
|
|
||||||
connection,
|
connection,
|
||||||
channel,
|
channel,
|
||||||
}
|
}
|
||||||
@@ -42,7 +39,7 @@ impl Consumer for FRAcceptedConsumer {
|
|||||||
|
|
||||||
debug!("Received FR accept event");
|
debug!("Received FR accept event");
|
||||||
|
|
||||||
if let Ok(sessions) = self.authifier_db.find_sessions(&payload.user).await {
|
if let Ok(sessions) = self.db.fetch_sessions(&payload.user).await {
|
||||||
let config = revolt_config::config().await;
|
let config = revolt_config::config().await;
|
||||||
for session in sessions {
|
for session in sessions {
|
||||||
if let Some(sub) = session.subscription {
|
if let Some(sub) = session.subscription {
|
||||||
|
|||||||
@@ -11,7 +11,6 @@ use revolt_database::{events::rabbit::*, Database};
|
|||||||
#[allow(unused)]
|
#[allow(unused)]
|
||||||
pub struct FRReceivedConsumer {
|
pub struct FRReceivedConsumer {
|
||||||
db: Database,
|
db: Database,
|
||||||
authifier_db: authifier::Database,
|
|
||||||
connection: Arc<Connection>,
|
connection: Arc<Connection>,
|
||||||
channel: Arc<Channel>,
|
channel: Arc<Channel>,
|
||||||
}
|
}
|
||||||
@@ -20,13 +19,11 @@ pub struct FRReceivedConsumer {
|
|||||||
impl Consumer for FRReceivedConsumer {
|
impl Consumer for FRReceivedConsumer {
|
||||||
async fn create(
|
async fn create(
|
||||||
db: Database,
|
db: Database,
|
||||||
authifier_db: authifier::Database,
|
|
||||||
connection: Arc<Connection>,
|
connection: Arc<Connection>,
|
||||||
channel: Arc<Channel>,
|
channel: Arc<Channel>,
|
||||||
) -> Self {
|
) -> Self {
|
||||||
Self {
|
Self {
|
||||||
db,
|
db,
|
||||||
authifier_db,
|
|
||||||
connection,
|
connection,
|
||||||
channel,
|
channel,
|
||||||
}
|
}
|
||||||
@@ -42,7 +39,7 @@ impl Consumer for FRReceivedConsumer {
|
|||||||
|
|
||||||
debug!("Received FR received event");
|
debug!("Received FR received event");
|
||||||
|
|
||||||
if let Ok(sessions) = self.authifier_db.find_sessions(&payload.user).await {
|
if let Ok(sessions) = self.db.fetch_sessions(&payload.user).await {
|
||||||
let config = revolt_config::config().await;
|
let config = revolt_config::config().await;
|
||||||
for session in sessions {
|
for session in sessions {
|
||||||
if let Some(sub) = session.subscription {
|
if let Some(sub) = session.subscription {
|
||||||
|
|||||||
@@ -11,7 +11,6 @@ use revolt_database::{events::rabbit::*, Database};
|
|||||||
#[allow(unused)]
|
#[allow(unused)]
|
||||||
pub struct GenericConsumer {
|
pub struct GenericConsumer {
|
||||||
db: Database,
|
db: Database,
|
||||||
authifier_db: authifier::Database,
|
|
||||||
connection: Arc<Connection>,
|
connection: Arc<Connection>,
|
||||||
channel: Arc<Channel>,
|
channel: Arc<Channel>,
|
||||||
}
|
}
|
||||||
@@ -20,13 +19,11 @@ pub struct GenericConsumer {
|
|||||||
impl Consumer for GenericConsumer {
|
impl Consumer for GenericConsumer {
|
||||||
async fn create(
|
async fn create(
|
||||||
db: Database,
|
db: Database,
|
||||||
authifier_db: authifier::Database,
|
|
||||||
connection: Arc<Connection>,
|
connection: Arc<Connection>,
|
||||||
channel: Arc<Channel>,
|
channel: Arc<Channel>,
|
||||||
) -> Self {
|
) -> Self {
|
||||||
Self {
|
Self {
|
||||||
db,
|
db,
|
||||||
authifier_db,
|
|
||||||
connection,
|
connection,
|
||||||
channel,
|
channel,
|
||||||
}
|
}
|
||||||
@@ -43,8 +40,8 @@ impl Consumer for GenericConsumer {
|
|||||||
debug!("Received message event on origin");
|
debug!("Received message event on origin");
|
||||||
|
|
||||||
if let Ok(sessions) = self
|
if let Ok(sessions) = self
|
||||||
.authifier_db
|
.db
|
||||||
.find_sessions_with_subscription(&payload.users)
|
.fetch_sessions_with_subscription(&payload.users)
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
let config = revolt_config::config().await;
|
let config = revolt_config::config().await;
|
||||||
|
|||||||
@@ -19,7 +19,6 @@ use revolt_result::ToRevoltError;
|
|||||||
#[allow(unused)]
|
#[allow(unused)]
|
||||||
pub struct MassMessageConsumer {
|
pub struct MassMessageConsumer {
|
||||||
db: Database,
|
db: Database,
|
||||||
authifier_db: authifier::Database,
|
|
||||||
connection: Arc<Connection>,
|
connection: Arc<Connection>,
|
||||||
channel: Arc<Channel>,
|
channel: Arc<Channel>,
|
||||||
}
|
}
|
||||||
@@ -31,8 +30,8 @@ impl MassMessageConsumer {
|
|||||||
users: &[String],
|
users: &[String],
|
||||||
) -> Result<()> {
|
) -> Result<()> {
|
||||||
if let Ok(sessions) = self
|
if let Ok(sessions) = self
|
||||||
.authifier_db
|
.db
|
||||||
.find_sessions_with_subscription(users)
|
.fetch_sessions_with_subscription(users)
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
let config = revolt_config::config().await;
|
let config = revolt_config::config().await;
|
||||||
@@ -75,13 +74,11 @@ impl MassMessageConsumer {
|
|||||||
impl Consumer for MassMessageConsumer {
|
impl Consumer for MassMessageConsumer {
|
||||||
async fn create(
|
async fn create(
|
||||||
db: Database,
|
db: Database,
|
||||||
authifier_db: authifier::Database,
|
|
||||||
connection: Arc<Connection>,
|
connection: Arc<Connection>,
|
||||||
channel: Arc<Channel>,
|
channel: Arc<Channel>,
|
||||||
) -> Self {
|
) -> Self {
|
||||||
Self {
|
Self {
|
||||||
db,
|
db,
|
||||||
authifier_db,
|
|
||||||
connection,
|
connection,
|
||||||
channel,
|
channel,
|
||||||
}
|
}
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user