mirror of
https://github.com/stoatchat/stoatchat.git
synced 2026-07-06 11:16:00 +00:00
Compare commits
22 Commits
fix/adjust
...
feat/audit
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
3898b5636c | ||
|
|
1de91875c3 | ||
|
|
f86709837e | ||
|
|
91db4e8b5f | ||
|
|
c0cf3a9f60 | ||
|
|
01c7d925b0 | ||
|
|
094384824b | ||
|
|
a15a542f43 | ||
|
|
34dffa9425 | ||
|
|
a386e84c7d | ||
|
|
abdba5ce93 | ||
|
|
ffab2369ab | ||
|
|
d27917b824 | ||
|
|
a7af24b38d | ||
|
|
0af376c26b | ||
|
|
aa907e28c3 | ||
|
|
c70459b10c | ||
|
|
bebfe34922 | ||
|
|
5b769b60de | ||
|
|
0896e68882 | ||
|
|
65acc64034 | ||
|
|
ada0bc0f8e |
30
.github/workflows/renovate.yml
vendored
Normal file
30
.github/workflows/renovate.yml
vendored
Normal file
@@ -0,0 +1,30 @@
|
||||
# DO NOT EDIT DIRECTLY IN REPOSITORY
|
||||
# Managed in Terraform templates
|
||||
|
||||
name: Renovate
|
||||
on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: '0/15 * * * *'
|
||||
jobs:
|
||||
renovate:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- id: app-token
|
||||
uses: actions/create-github-app-token@v2
|
||||
with:
|
||||
app-id: ${{ secrets.GH_STOAT_RELEASE_APP_ID }}
|
||||
private-key: ${{ secrets.GH_STOAT_RELEASE_APP_PRIVATE_KEY }}
|
||||
|
||||
- name: Setup Mise
|
||||
uses: immich-app/devtools/actions/use-mise@7b8610a904d57da241e4ddba17fa62b62b15aed4 # use-mise-action-v2.0.2
|
||||
with:
|
||||
github_token: ${{ steps.app-token.outputs.token }}
|
||||
|
||||
- name: Self-hosted Renovate
|
||||
uses: renovatebot/github-action@v46.1.14
|
||||
with:
|
||||
token: '${{ steps.app-token.outputs.token }}'
|
||||
env:
|
||||
RENOVATE_PLATFORM_COMMIT: 'enabled'
|
||||
RENOVATE_REPOSITORIES: '${{ github.repository }}'
|
||||
2665
Cargo.lock
generated
2665
Cargo.lock
generated
File diff suppressed because it is too large
Load Diff
16
Cargo.toml
16
Cargo.toml
@@ -23,11 +23,11 @@ async-trait = "0.1.89"
|
||||
tokio = "1.49.0"
|
||||
async-channel = "2.3.1"
|
||||
futures = "0.3.32"
|
||||
async-std = "1.8.0"
|
||||
async-tungstenite = "0.17.0"
|
||||
futures-locks = "0.7.1"
|
||||
async-lock = "2.8.0"
|
||||
async-recursion = "1.0.4"
|
||||
tokio-util = { version = "0.7.18" }
|
||||
|
||||
# Error Handling
|
||||
anyhow = "1.0.100"
|
||||
@@ -65,6 +65,7 @@ encoding_rs = "0.8.34"
|
||||
|
||||
# Mail
|
||||
lettre = "0.10.0-alpha.4"
|
||||
handlebars = "4.3.0"
|
||||
|
||||
# HTTP Requests
|
||||
reqwest = "0.13.2"
|
||||
@@ -88,7 +89,7 @@ log = "0.4.29"
|
||||
pretty_env_logger = "0.4.0"
|
||||
|
||||
# Redis
|
||||
redis-kiss = "0.1.4"
|
||||
redis-kiss = { version = "0.1.4", default-features = false }
|
||||
fred = "8.0.1"
|
||||
|
||||
# Serialisation
|
||||
@@ -155,15 +156,12 @@ opentelemetry_sdk = { version = "0.31.0", features = ["logs"] }
|
||||
opentelemetry-otlp = { version = "0.31.0", features = ["logs"] }
|
||||
opentelemetry-appender-tracing = "0.31.1"
|
||||
|
||||
# Authifier
|
||||
authifier = "1.0.16"
|
||||
|
||||
# RabbitMQ
|
||||
lapin = "4.7.1"
|
||||
|
||||
# Voice
|
||||
livekit-api = "0.4.4"
|
||||
livekit-protocol = "0.7.4"
|
||||
livekit-api = "=0.4.23"
|
||||
livekit-protocol = "=0.7.7"
|
||||
livekit-runtime = "0.4.0"
|
||||
|
||||
# Other Utilities
|
||||
@@ -185,6 +183,10 @@ url = "2.2.2"
|
||||
impl_ops = "0.1.1"
|
||||
lazy_static = "1.5.0"
|
||||
mime = "0.3.17"
|
||||
totp-lite = "2.0.0"
|
||||
rust-argon2 = "1.0.0"
|
||||
base32 = "0.4.0"
|
||||
sha1 = "0.10.6"
|
||||
futures-lite = "2.6.1"
|
||||
|
||||
# Build Dependencies
|
||||
|
||||
@@ -14,7 +14,7 @@ sentry = { workspace = true }
|
||||
lru = { workspace = true }
|
||||
ulid = { workspace = true }
|
||||
once_cell = { workspace = true }
|
||||
redis-kiss = { workspace = true }
|
||||
redis-kiss = { workspace = true, default-features = false, features = ["tokio-runtime"] }
|
||||
lru_time_cache = { workspace = true }
|
||||
async-channel = { workspace = true }
|
||||
|
||||
@@ -30,11 +30,11 @@ serde = { workspace = true }
|
||||
|
||||
# async
|
||||
futures = { workspace = true }
|
||||
async-tungstenite = { workspace = true, features = ["async-std-runtime"] }
|
||||
async-std = { workspace = true }
|
||||
async-tungstenite = { workspace = true, features = ["tokio-runtime"] }
|
||||
tokio = { workspace = true }
|
||||
tokio-util = { workspace = true, features = ["compat"] }
|
||||
|
||||
# core
|
||||
authifier = { workspace = true }
|
||||
revolt-result = { workspace = true }
|
||||
revolt-models = { workspace = true }
|
||||
revolt-config = { workspace = true }
|
||||
|
||||
@@ -2,7 +2,7 @@ use std::{
|
||||
collections::{HashMap, HashSet}, num::NonZeroUsize, sync::Arc, time::Duration
|
||||
};
|
||||
|
||||
use async_std::sync::{Mutex, RwLock};
|
||||
use tokio::sync::{Mutex, RwLock};
|
||||
use lru::LruCache;
|
||||
use lru_time_cache::{LruCache as LruTimeCache, TimedEntry};
|
||||
use revolt_database::{Channel, Member, Server, User};
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
use std::env;
|
||||
|
||||
use async_std::net::TcpListener;
|
||||
use tokio::net::TcpListener;
|
||||
use revolt_presence::clear_region;
|
||||
|
||||
#[macro_use]
|
||||
@@ -12,7 +12,7 @@ pub mod events;
|
||||
mod database;
|
||||
mod websocket;
|
||||
|
||||
#[async_std::main]
|
||||
#[tokio::main]
|
||||
async fn main() {
|
||||
// Configure requirements for Bonfire.
|
||||
revolt_config::configure!(events);
|
||||
@@ -33,7 +33,7 @@ async fn main() {
|
||||
|
||||
// Start accepting new connections and spawn a client for each connection.
|
||||
while let Ok((stream, addr)) = listener.accept().await {
|
||||
async_std::task::spawn(async move {
|
||||
tokio::task::spawn(async move {
|
||||
info!("User connected from {addr:?}");
|
||||
websocket::client(database::get_db(), stream, addr).await;
|
||||
info!("User disconnected from {addr:?}");
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
use std::{collections::HashSet, net::SocketAddr, sync::Arc};
|
||||
|
||||
use async_tungstenite::WebSocketStream;
|
||||
use authifier::AuthifierEvent;
|
||||
use fred::{
|
||||
error::RedisErrorKind,
|
||||
interfaces::{ClientLike, EventInterface, PubsubInterface},
|
||||
@@ -22,11 +21,12 @@ use revolt_database::{
|
||||
};
|
||||
use revolt_presence::{create_session, delete_session};
|
||||
|
||||
use async_std::{
|
||||
use tokio::{
|
||||
net::TcpStream,
|
||||
sync::{Mutex, RwLock},
|
||||
task::spawn,
|
||||
};
|
||||
use tokio_util::compat::{TokioAsyncReadCompatExt, Compat};
|
||||
use revolt_result::create_error;
|
||||
use sentry::Level;
|
||||
|
||||
@@ -34,8 +34,8 @@ use crate::config::{ProtocolConfiguration, WebsocketHandshakeCallback};
|
||||
use crate::events::state::{State, SubscriptionStateChange};
|
||||
use revolt_models::v0;
|
||||
|
||||
type WsReader = SplitStream<WebSocketStream<TcpStream>>;
|
||||
type WsWriter = SplitSink<WebSocketStream<TcpStream>, async_tungstenite::tungstenite::Message>;
|
||||
type WsReader = SplitStream<WebSocketStream<Compat<TcpStream>>>;
|
||||
type WsWriter = SplitSink<WebSocketStream<Compat<TcpStream>>, async_tungstenite::tungstenite::Message>;
|
||||
|
||||
/// Start a new WebSocket client worker given access to the database,
|
||||
/// the relevant TCP stream and the remote address of the client.
|
||||
@@ -45,7 +45,7 @@ pub async fn client(db: &'static Database, stream: TcpStream, addr: SocketAddr)
|
||||
// e.g. wss://example.com?format=json&version=1
|
||||
let (sender, receiver) = oneshot::channel();
|
||||
let Ok(ws) = async_tungstenite::accept_hdr_async_with_config(
|
||||
stream,
|
||||
stream.compat(),
|
||||
WebsocketHandshakeCallback::from(sender),
|
||||
None,
|
||||
)
|
||||
@@ -355,22 +355,20 @@ async fn listener(
|
||||
break 'out;
|
||||
};
|
||||
|
||||
if let EventV1::Auth(auth) = &event {
|
||||
if let AuthifierEvent::DeleteSession { session_id, .. } = auth {
|
||||
if &state.session_id == session_id {
|
||||
event = EventV1::Logout;
|
||||
}
|
||||
} else if let AuthifierEvent::DeleteAllSessions {
|
||||
exclude_session_id, ..
|
||||
} = auth
|
||||
{
|
||||
if let Some(excluded) = exclude_session_id {
|
||||
if &state.session_id != excluded {
|
||||
event = EventV1::Logout;
|
||||
}
|
||||
} else {
|
||||
if let EventV1::DeleteSession { session_id, .. } = &event {
|
||||
if &state.session_id == session_id {
|
||||
event = EventV1::Logout;
|
||||
}
|
||||
} else if let EventV1::DeleteAllSessions {
|
||||
exclude_session_id, ..
|
||||
} = &event
|
||||
{
|
||||
if let Some(excluded) = exclude_session_id {
|
||||
if &state.session_id != excluded {
|
||||
event = EventV1::Logout;
|
||||
}
|
||||
} else {
|
||||
event = EventV1::Logout;
|
||||
}
|
||||
} else {
|
||||
let should_send = state.handle_incoming_event_v1(db, &mut event).await;
|
||||
|
||||
@@ -13,21 +13,20 @@ repository = "https://github.com/stoatchat/stoatchat"
|
||||
anyhow = ["dep:sentry-anyhow"]
|
||||
report-macros = ["revolt-result"]
|
||||
sentry = ["dep:sentry"]
|
||||
test = ["async-std"]
|
||||
default = ["test", "sentry"]
|
||||
test = ["tokio"]
|
||||
default = ["sentry"]
|
||||
|
||||
[dependencies]
|
||||
# Utility
|
||||
config = { workspace = true }
|
||||
cached = { workspace = true }
|
||||
once_cell = { workspace = true }
|
||||
|
||||
# Serde
|
||||
serde = { workspace = true }
|
||||
|
||||
# Async
|
||||
futures-locks = { workspace = true }
|
||||
async-std = { workspace = true, features = ["attributes"], optional = true }
|
||||
tokio = { workspace = true, optional = true }
|
||||
|
||||
# Logging
|
||||
log = { workspace = true }
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
environment = "test"
|
||||
|
||||
[database]
|
||||
mongodb = "mongodb://localhost"
|
||||
redis = "redis://localhost/"
|
||||
@@ -10,3 +12,12 @@ password = "rabbitpass"
|
||||
|
||||
[features]
|
||||
webhooks_enabled = true
|
||||
|
||||
[api.smtp]
|
||||
host = "localhost"
|
||||
username = "smtp"
|
||||
password = "smtp"
|
||||
from_address = "development@stoat.chat"
|
||||
reply_to = "support@stoat.chat"
|
||||
port = 14025
|
||||
use_tls = false
|
||||
@@ -1,5 +1,6 @@
|
||||
production = false
|
||||
disable_events_dont_use = false
|
||||
environment = "dev"
|
||||
|
||||
[database]
|
||||
# MongoDB connection URL
|
||||
@@ -53,6 +54,10 @@ from_address = "noreply@example.com"
|
||||
# port = 587
|
||||
# use_tls = true
|
||||
|
||||
[api.smtp.expiry]
|
||||
expire_verification = 604800 # 3600 * 24 * 7
|
||||
expire_password_reset = 86400 # 3600 * 24
|
||||
expire_account_deletion = 86400 # 3600 * 24
|
||||
|
||||
[api.security]
|
||||
# Authifier Shield API key
|
||||
@@ -71,6 +76,10 @@ tenor_key = ""
|
||||
hcaptcha_key = ""
|
||||
hcaptcha_sitekey = ""
|
||||
|
||||
[api.security.shield]
|
||||
host = ""
|
||||
key = ""
|
||||
|
||||
[api.workers]
|
||||
# Maximum concurrent connections (to proxy server)
|
||||
max_concurrent_connections = 50
|
||||
@@ -79,6 +88,10 @@ max_concurrent_connections = 50
|
||||
# How long to ring devices for when calling in dms/groups, in seconds
|
||||
call_ring_duration = 30
|
||||
|
||||
[api.audit_logs]
|
||||
# How long audit log entries last before being removed, in seconds
|
||||
expires_after = 2592000 # 30d
|
||||
|
||||
[api.livekit.nodes]
|
||||
|
||||
[api.users]
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
use std::{collections::HashMap, path::Path};
|
||||
#[cfg(feature = "test")]
|
||||
use std::sync::OnceLock;
|
||||
use std::{collections::HashMap, path::Path, sync::LazyLock};
|
||||
|
||||
use cached::proc_macro::cached;
|
||||
use config::{Config, Environment, File, FileFormat};
|
||||
use futures_locks::RwLock;
|
||||
use once_cell::sync::Lazy;
|
||||
use serde::Deserialize;
|
||||
|
||||
#[cfg(feature = "sentry")]
|
||||
@@ -66,13 +67,28 @@ static CONFIG_SEARCH_PATHS: [&str; 3] = [
|
||||
static TEST_OVERRIDE_PATH: &str = "Revolt.test-overrides.toml";
|
||||
|
||||
/// Configuration builder
|
||||
static CONFIG_BUILDER: Lazy<RwLock<Config>> = Lazy::new(|| {
|
||||
static CONFIG_BUILDER: LazyLock<RwLock<Config>> = LazyLock::new(|| {
|
||||
RwLock::new({
|
||||
let mut builder = Config::builder().add_source(File::from_str(
|
||||
include_str!("../Revolt.toml"),
|
||||
FileFormat::Toml,
|
||||
));
|
||||
|
||||
let cwd = std::env::current_dir().unwrap();
|
||||
let mut cwd: Option<&Path> = Some(&cwd);
|
||||
|
||||
while let Some(path) = cwd {
|
||||
for config_path in CONFIG_SEARCH_PATHS {
|
||||
let config_path = path.join(config_path);
|
||||
if config_path.exists() {
|
||||
builder = builder
|
||||
.add_source(File::new(config_path.to_str().unwrap(), FileFormat::Toml));
|
||||
}
|
||||
}
|
||||
|
||||
cwd = path.parent();
|
||||
}
|
||||
|
||||
if std::env::var("TEST_DB").is_ok() {
|
||||
builder = builder.add_source(File::from_str(
|
||||
include_str!("../Revolt.test.toml"),
|
||||
@@ -94,21 +110,6 @@ static CONFIG_BUILDER: Lazy<RwLock<Config>> = Lazy::new(|| {
|
||||
}
|
||||
}
|
||||
|
||||
let cwd = std::env::current_dir().unwrap();
|
||||
let mut cwd: Option<&Path> = Some(&cwd);
|
||||
|
||||
while let Some(path) = cwd {
|
||||
for config_path in CONFIG_SEARCH_PATHS {
|
||||
let config_path = path.join(config_path);
|
||||
if config_path.exists() {
|
||||
builder = builder
|
||||
.add_source(File::new(config_path.to_str().unwrap(), FileFormat::Toml));
|
||||
}
|
||||
}
|
||||
|
||||
cwd = path.parent();
|
||||
}
|
||||
|
||||
builder = builder.add_source(Environment::with_prefix("REVOLT").separator("__"));
|
||||
|
||||
builder.build().unwrap()
|
||||
@@ -162,6 +163,18 @@ pub struct ApiSmtp {
|
||||
pub port: Option<i32>,
|
||||
pub use_tls: Option<bool>,
|
||||
pub use_starttls: Option<bool>,
|
||||
pub expiry: EmailExpiry,
|
||||
}
|
||||
|
||||
/// Email expiration config
|
||||
#[derive(Deserialize, Debug, Clone)]
|
||||
pub struct EmailExpiry {
|
||||
/// How long email verification codes should last for (in seconds)
|
||||
pub expire_verification: i64,
|
||||
/// How long password reset codes should last for (in seconds)
|
||||
pub expire_password_reset: i64,
|
||||
/// How long account deletion codes should last for (in seconds)
|
||||
pub expire_account_deletion: i64,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Debug, Clone)]
|
||||
@@ -201,9 +214,15 @@ pub struct ApiSecurityCaptcha {
|
||||
pub hcaptcha_sitekey: String,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Debug, Clone)]
|
||||
pub struct ApiSecurityShield {
|
||||
pub host: String,
|
||||
pub key: String,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Debug, Clone)]
|
||||
pub struct ApiSecurity {
|
||||
pub authifier_shield_key: String,
|
||||
pub shield: ApiSecurityShield,
|
||||
pub voso_legacy_token: String,
|
||||
pub captcha: ApiSecurityCaptcha,
|
||||
pub trust_cloudflare: bool,
|
||||
@@ -241,6 +260,12 @@ pub struct ApiUsers {
|
||||
pub min_username_length: usize,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Debug, Clone)]
|
||||
pub struct ApiAuditLogs {
|
||||
/// How long audit log entries last before being removed, in seconds
|
||||
pub expires_after: u64,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Debug, Clone)]
|
||||
pub struct Api {
|
||||
pub registration: ApiRegistration,
|
||||
@@ -249,6 +274,7 @@ pub struct Api {
|
||||
pub workers: ApiWorkers,
|
||||
pub livekit: ApiLiveKit,
|
||||
pub users: ApiUsers,
|
||||
pub audit_logs: ApiAuditLogs,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Debug, Clone)]
|
||||
@@ -449,6 +475,7 @@ pub struct Settings {
|
||||
pub features: Features,
|
||||
pub sentry: Sentry,
|
||||
pub production: bool,
|
||||
pub environment: String,
|
||||
pub disable_events_dont_use: bool,
|
||||
}
|
||||
|
||||
@@ -475,8 +502,7 @@ pub async fn read() -> Config {
|
||||
CONFIG_BUILDER.read().await.clone()
|
||||
}
|
||||
|
||||
#[cached(time = 30)]
|
||||
pub async fn config() -> Settings {
|
||||
pub async fn config_no_cache() -> Settings {
|
||||
let mut config = read().await.try_deserialize::<Settings>().unwrap();
|
||||
|
||||
// inject REDIS_URI for redis-kiss library
|
||||
@@ -494,6 +520,34 @@ pub async fn config() -> Settings {
|
||||
config
|
||||
}
|
||||
|
||||
#[cached(time = 30)]
|
||||
pub async fn config() -> Settings {
|
||||
#[cfg(feature = "test")]
|
||||
if let Some(overwrites) = CONFIG_OVERWRITES.get() {
|
||||
return overwrites.clone();
|
||||
}
|
||||
|
||||
config_no_cache().await
|
||||
}
|
||||
|
||||
#[cfg(feature = "test")]
|
||||
static CONFIG_OVERWRITES: OnceLock<Settings> = OnceLock::new();
|
||||
|
||||
/// Modify the config values for a test, this can only be called once
|
||||
///
|
||||
/// This will also fail if two or more tests are running in the same process and both try to modify the config,
|
||||
/// This could happen if tests where run under `cargo test` instead of `nextest`.
|
||||
#[cfg(feature = "test")]
|
||||
pub async fn overwrite_config(f: impl FnOnce(&mut Settings)) {
|
||||
let mut config = config_no_cache().await;
|
||||
|
||||
f(&mut config);
|
||||
|
||||
CONFIG_OVERWRITES.set(config).expect(
|
||||
"Cannot overwrite config multiple times, make sure you are running tests through nextest.",
|
||||
);
|
||||
}
|
||||
|
||||
/// Configure logging and common Rust variables
|
||||
#[cfg(feature = "sentry")]
|
||||
pub async fn setup_logging(release: &'static str, dsn: String) -> Option<sentry::ClientInitGuard> {
|
||||
@@ -539,7 +593,7 @@ macro_rules! configure {
|
||||
mod tests {
|
||||
use crate::init;
|
||||
|
||||
#[async_std::test]
|
||||
#[tokio::test]
|
||||
async fn it_works() {
|
||||
init().await;
|
||||
}
|
||||
|
||||
@@ -11,24 +11,23 @@ repository = "https://github.com/stoatchat/stoatchat"
|
||||
|
||||
[features]
|
||||
# Databases
|
||||
mongodb = ["dep:mongodb", "bson", "authifier/database-mongodb"]
|
||||
mongodb = ["dep:mongodb", "bson"]
|
||||
|
||||
# ... Other
|
||||
tasks = ["isahc", "linkify", "url-escape"]
|
||||
async-std-runtime = ["async-std", "authifier/async-std-runtime"]
|
||||
tokio-runtime = ["tokio"]
|
||||
rocket-impl = [
|
||||
"rocket",
|
||||
"schemars",
|
||||
"revolt_okapi",
|
||||
"revolt_rocket_okapi",
|
||||
"authifier/rocket_impl",
|
||||
]
|
||||
axum-impl = ["axum", "revolt-result/axum"]
|
||||
axum-impl = ["axum", "revolt-result/axum", "utoipa"]
|
||||
redis-is-patched = ["revolt-presence/redis-is-patched"]
|
||||
voice = ["livekit-api", "livekit-protocol", "livekit-runtime"]
|
||||
|
||||
# Default Features
|
||||
default = ["mongodb", "async-std-runtime", "tasks"]
|
||||
default = ["mongodb", "tokio-runtime", "tasks"]
|
||||
|
||||
[dependencies]
|
||||
# Core
|
||||
@@ -55,6 +54,8 @@ linkify = { workspace = true, optional = true }
|
||||
url-escape = { workspace = true, optional = true }
|
||||
validator = { workspace = true, features = ["derive"] }
|
||||
isahc = { workspace = true, features = ["json"], optional = true }
|
||||
base32 = { workspace = true }
|
||||
sha1 = { workspace = true }
|
||||
|
||||
# Serialisation
|
||||
serde_json = { workspace = true }
|
||||
@@ -63,7 +64,7 @@ serde = { workspace = true }
|
||||
iso8601-timestamp = { workspace = true, features = ["serde", "bson"] }
|
||||
|
||||
# Events
|
||||
redis-kiss = { workspace = true }
|
||||
redis-kiss = { workspace = true, default-features = false, features = ["tokio-runtime"] }
|
||||
|
||||
# Database
|
||||
bson = { workspace = true, optional = true }
|
||||
@@ -80,10 +81,11 @@ async-trait = { workspace = true }
|
||||
async-recursion = { workspace = true }
|
||||
|
||||
# Async
|
||||
async-std = { workspace = true, features = ["attributes"], optional = true }
|
||||
tokio = { workspace = true, optional = true }
|
||||
|
||||
# Axum Impl
|
||||
axum = { workspace = true, optional = true }
|
||||
utoipa = { workspace = true, features = ["axum_extras"], optional = true }
|
||||
|
||||
# Rocket Impl
|
||||
schemars = { workspace = true, optional = true }
|
||||
@@ -91,9 +93,6 @@ rocket = { workspace = true, features = ["json"], optional = true }
|
||||
revolt_okapi = { workspace = true, optional = true }
|
||||
revolt_rocket_okapi = { workspace = true, optional = true }
|
||||
|
||||
# Authifier
|
||||
authifier = { workspace = true }
|
||||
|
||||
# RabbitMQ
|
||||
lapin = { workspace = true, features = ["tokio"] }
|
||||
|
||||
@@ -101,3 +100,14 @@ lapin = { workspace = true, features = ["tokio"] }
|
||||
livekit-api = { workspace = true, features = ["rustls-tls-native-roots"], optional = true }
|
||||
livekit-protocol = { workspace = true, optional = true }
|
||||
livekit-runtime = { workspace = true, features = ["tokio"], optional = true }
|
||||
|
||||
# Security
|
||||
totp-lite = { workspace = true }
|
||||
rust-argon2 = { workspace = true }
|
||||
|
||||
# Email
|
||||
lettre = { workspace = true }
|
||||
handlebars = { workspace = true }
|
||||
|
||||
# Web Requests
|
||||
reqwest = { workspace = true, features = ["json", "form"] }
|
||||
|
||||
100005
crates/core/database/assets/pwned100k.txt
Normal file
100005
crates/core/database/assets/pwned100k.txt
Normal file
File diff suppressed because it is too large
Load Diff
555
crates/core/database/assets/revolt_source_list.txt
Normal file
555
crates/core/database/assets/revolt_source_list.txt
Normal file
@@ -0,0 +1,555 @@
|
||||
this is an assorted list of known disposable email providers
|
||||
|
||||
#region nobody will ever have an email @example.com so we can safely block it
|
||||
----
|
||||
example.com
|
||||
|
||||
#region list provided by michenriksen at https://gist.github.com/michenriksen/8710649
|
||||
----
|
||||
0815.ru
|
||||
0wnd.net
|
||||
0wnd.org
|
||||
10minutemail.co.za
|
||||
10minutemail.com
|
||||
123-m.com
|
||||
1fsdfdsfsdf.tk
|
||||
1pad.de
|
||||
20minutemail.com
|
||||
21cn.com
|
||||
2fdgdfgdfgdf.tk
|
||||
2prong.com
|
||||
30minutemail.com
|
||||
33mail.com
|
||||
3trtretgfrfe.tk
|
||||
4gfdsgfdgfd.tk
|
||||
4warding.com
|
||||
5ghgfhfghfgh.tk
|
||||
6hjgjhgkilkj.tk
|
||||
6paq.com
|
||||
7tags.com
|
||||
9ox.net
|
||||
a-bc.net
|
||||
agedmail.com
|
||||
ama-trade.de
|
||||
amilegit.com
|
||||
amiri.net
|
||||
amiriindustries.com
|
||||
anonmails.de
|
||||
anonymbox.com
|
||||
antichef.com
|
||||
antichef.net
|
||||
antireg.ru
|
||||
antispam.de
|
||||
antispammail.de
|
||||
armyspy.com
|
||||
artman-conception.com
|
||||
azmeil.tk
|
||||
baxomale.ht.cx
|
||||
beefmilk.com
|
||||
bigstring.com
|
||||
binkmail.com
|
||||
bio-muesli.net
|
||||
bobmail.info
|
||||
bodhi.lawlita.com
|
||||
bofthew.com
|
||||
bootybay.de
|
||||
boun.cr
|
||||
bouncr.com
|
||||
breakthru.com
|
||||
brefmail.com
|
||||
bsnow.net
|
||||
bspamfree.org
|
||||
bugmenot.com
|
||||
bund.us
|
||||
burstmail.info
|
||||
buymoreplays.com
|
||||
byom.de
|
||||
c2.hu
|
||||
casualdx.com
|
||||
cek.pm
|
||||
centermail.com
|
||||
centermail.net
|
||||
chammy.info
|
||||
childsavetrust.org
|
||||
chogmail.com
|
||||
choicemail1.com
|
||||
clixser.com
|
||||
cmail.net
|
||||
cmail.org
|
||||
coldemail.info
|
||||
cool.fr.nf
|
||||
courriel.fr.nf
|
||||
courrieltemporaire.com
|
||||
crapmail.org
|
||||
cust.in
|
||||
cuvox.de
|
||||
d3p.dk
|
||||
dacoolest.com
|
||||
dandikmail.com
|
||||
dayrep.com
|
||||
dcemail.com
|
||||
deadaddress.com
|
||||
deadspam.com
|
||||
delikkt.de
|
||||
despam.it
|
||||
despammed.com
|
||||
devnullmail.com
|
||||
dfgh.net
|
||||
digitalsanctuary.com
|
||||
dingbone.com
|
||||
disposableaddress.com
|
||||
disposableemailaddresses.com
|
||||
disposableinbox.com
|
||||
dispose.it
|
||||
dispostable.com
|
||||
dodgeit.com
|
||||
dodgit.com
|
||||
donemail.ru
|
||||
dontreg.com
|
||||
dontsendmespam.de
|
||||
drdrb.net
|
||||
dump-email.info
|
||||
dumpandjunk.com
|
||||
dumpyemail.com
|
||||
e-mail.com
|
||||
e-mail.org
|
||||
e4ward.com
|
||||
easytrashmail.com
|
||||
einmalmail.de
|
||||
einrot.com
|
||||
eintagsmail.de
|
||||
emailgo.de
|
||||
emailias.com
|
||||
emaillime.com
|
||||
emailsensei.com
|
||||
emailtemporanea.com
|
||||
emailtemporanea.net
|
||||
emailtemporar.ro
|
||||
emailtemporario.com.br
|
||||
emailthe.net
|
||||
emailtmp.com
|
||||
emailwarden.com
|
||||
emailx.at.hm
|
||||
emailxfer.com
|
||||
emeil.in
|
||||
emeil.ir
|
||||
emz.net
|
||||
ero-tube.org
|
||||
evopo.com
|
||||
explodemail.com
|
||||
eyepaste.com
|
||||
fakeinbox.com
|
||||
fakeinformation.com
|
||||
fansworldwide.de
|
||||
fantasymail.de
|
||||
fightallspam.com
|
||||
filzmail.com
|
||||
fivemail.de
|
||||
fleckens.hu
|
||||
frapmail.com
|
||||
friendlymail.co.uk
|
||||
fuckingduh.com
|
||||
fudgerub.com
|
||||
fyii.de
|
||||
garliclife.com
|
||||
gehensiemirnichtaufdensack.de
|
||||
get2mail.fr
|
||||
getairmail.com
|
||||
getmails.eu
|
||||
getonemail.com
|
||||
giantmail.de
|
||||
girlsundertheinfluence.com
|
||||
gishpuppy.com
|
||||
gmial.com
|
||||
goemailgo.com
|
||||
gotmail.net
|
||||
gotmail.org
|
||||
gotti.otherinbox.com
|
||||
great-host.in
|
||||
greensloth.com
|
||||
grr.la
|
||||
gsrv.co.uk
|
||||
guerillamail.biz
|
||||
guerillamail.com
|
||||
guerrillamail.biz
|
||||
guerrillamail.com
|
||||
guerrillamail.de
|
||||
guerrillamail.info
|
||||
guerrillamail.net
|
||||
guerrillamail.org
|
||||
guerrillamailblock.com
|
||||
gustr.com
|
||||
harakirimail.com
|
||||
hat-geld.de
|
||||
hatespam.org
|
||||
herp.in
|
||||
hidemail.de
|
||||
hidzz.com
|
||||
hmamail.com
|
||||
hopemail.biz
|
||||
ieh-mail.de
|
||||
ikbenspamvrij.nl
|
||||
imails.info
|
||||
inbax.tk
|
||||
inbox.si
|
||||
inboxalias.com
|
||||
inboxclean.com
|
||||
inboxclean.org
|
||||
instant-mail.de
|
||||
ip6.li
|
||||
irish2me.com
|
||||
iwi.net
|
||||
jetable.com
|
||||
jetable.fr.nf
|
||||
jetable.net
|
||||
jetable.org
|
||||
jnxjn.com
|
||||
jourrapide.com
|
||||
jsrsolutions.com
|
||||
kasmail.com
|
||||
kaspop.com
|
||||
killmail.com
|
||||
killmail.net
|
||||
klassmaster.com
|
||||
klzlk.com
|
||||
koszmail.pl
|
||||
kurzepost.de
|
||||
lawlita.com
|
||||
letthemeatspam.com
|
||||
lhsdv.com
|
||||
lifebyfood.com
|
||||
link2mail.net
|
||||
litedrop.com
|
||||
lol.ovpn.to
|
||||
lolfreak.net
|
||||
lookugly.com
|
||||
lortemail.dk
|
||||
lr78.com
|
||||
lroid.com
|
||||
lukop.dk
|
||||
m21.cc
|
||||
mail-filter.com
|
||||
mail-temporaire.fr
|
||||
mail.mezimages.net
|
||||
mail1a.de
|
||||
mail21.cc
|
||||
mail2rss.org
|
||||
mail333.com
|
||||
mailbidon.com
|
||||
mailbiz.biz
|
||||
mailblocks.com
|
||||
mailbucket.org
|
||||
mailcat.biz
|
||||
mailcatch.com
|
||||
mailde.de
|
||||
mailde.info
|
||||
maildrop.cc
|
||||
maileimer.de
|
||||
mailexpire.com
|
||||
mailfa.tk
|
||||
mailforspam.com
|
||||
mailfreeonline.com
|
||||
mailguard.me
|
||||
mailin8r.com
|
||||
mailinater.com
|
||||
mailinator.com
|
||||
mailinator.net
|
||||
mailinator.org
|
||||
mailinator2.com
|
||||
mailincubator.com
|
||||
mailismagic.com
|
||||
mailme.lv
|
||||
mailme24.com
|
||||
mailmetrash.com
|
||||
mailmoat.com
|
||||
mailms.com
|
||||
mailnesia.com
|
||||
mailnull.com
|
||||
mailorg.org
|
||||
mailpick.biz
|
||||
mailrock.biz
|
||||
mailscrap.com
|
||||
mailshell.com
|
||||
mailsiphon.com
|
||||
mailtemp.info
|
||||
mailtome.de
|
||||
mailtothis.com
|
||||
mailtrash.net
|
||||
mailtv.net
|
||||
mailtv.tv
|
||||
mailzilla.com
|
||||
makemetheking.com
|
||||
manybrain.com
|
||||
mbx.cc
|
||||
mega.zik.dj
|
||||
meinspamschutz.de
|
||||
meltmail.com
|
||||
messagebeamer.de
|
||||
mezimages.net
|
||||
ministry-of-silly-walks.de
|
||||
mintemail.com
|
||||
misterpinball.de
|
||||
moncourrier.fr.nf
|
||||
monemail.fr.nf
|
||||
monmail.fr.nf
|
||||
monumentmail.com
|
||||
mt2009.com
|
||||
mt2014.com
|
||||
mycleaninbox.net
|
||||
mymail-in.net
|
||||
mypacks.net
|
||||
mypartyclip.de
|
||||
myphantomemail.com
|
||||
mysamp.de
|
||||
mytempemail.com
|
||||
mytempmail.com
|
||||
mytrashmail.com
|
||||
nabuma.com
|
||||
neomailbox.com
|
||||
nepwk.com
|
||||
nervmich.net
|
||||
nervtmich.net
|
||||
netmails.com
|
||||
netmails.net
|
||||
neverbox.com
|
||||
nice-4u.com
|
||||
nincsmail.hu
|
||||
nnh.com
|
||||
no-spam.ws
|
||||
noblepioneer.com
|
||||
nomail.pw
|
||||
nomail.xl.cx
|
||||
nomail2me.com
|
||||
nomorespamemails.com
|
||||
nospam.ze.tc
|
||||
nospam4.us
|
||||
nospamfor.us
|
||||
nospammail.net
|
||||
notmailinator.com
|
||||
nowhere.org
|
||||
nowmymail.com
|
||||
nurfuerspam.de
|
||||
nus.edu.sg
|
||||
objectmail.com
|
||||
obobbo.com
|
||||
odnorazovoe.ru
|
||||
oneoffemail.com
|
||||
onewaymail.com
|
||||
onlatedotcom.info
|
||||
online.ms
|
||||
ordinaryamerican.net
|
||||
otherinbox.com
|
||||
ovpn.to
|
||||
owlpic.com
|
||||
pancakemail.com
|
||||
pcusers.otherinbox.com
|
||||
pjjkp.com
|
||||
plexolan.de
|
||||
poczta.onet.pl
|
||||
politikerclub.de
|
||||
poofy.org
|
||||
pookmail.com
|
||||
privacy.net
|
||||
privatdemail.net
|
||||
proxymail.eu
|
||||
prtnx.com
|
||||
putthisinyourspamdatabase.com
|
||||
putthisinyourspamdatabase.com
|
||||
quickinbox.com
|
||||
rcpt.at
|
||||
reallymymail.com
|
||||
realtyalerts.ca
|
||||
recode.me
|
||||
recursor.net
|
||||
reliable-mail.com
|
||||
rhyta.com
|
||||
rmqkr.net
|
||||
royal.net
|
||||
rtrtr.com
|
||||
s0ny.net
|
||||
safersignup.de
|
||||
safetymail.info
|
||||
safetypost.de
|
||||
saynotospams.com
|
||||
schafmail.de
|
||||
schrott-email.de
|
||||
secretemail.de
|
||||
secure-mail.biz
|
||||
senseless-entertainment.com
|
||||
services391.com
|
||||
sharklasers.com
|
||||
shieldemail.com
|
||||
shiftmail.com
|
||||
shitmail.me
|
||||
shitware.nl
|
||||
shmeriously.com
|
||||
shortmail.net
|
||||
sinnlos-mail.de
|
||||
slapsfromlastnight.com
|
||||
slaskpost.se
|
||||
smashmail.de
|
||||
smellfear.com
|
||||
snakemail.com
|
||||
sneakemail.com
|
||||
sneakmail.de
|
||||
snkmail.com
|
||||
sofimail.com
|
||||
solvemail.info
|
||||
sogetthis.com
|
||||
soodonims.com
|
||||
spam4.me
|
||||
spamail.de
|
||||
spamarrest.com
|
||||
spambob.net
|
||||
spambog.ru
|
||||
spambox.us
|
||||
spamcannon.com
|
||||
spamcannon.net
|
||||
spamcon.org
|
||||
spamcorptastic.com
|
||||
spamcowboy.com
|
||||
spamcowboy.net
|
||||
spamcowboy.org
|
||||
spamday.com
|
||||
spamex.com
|
||||
spamfree.eu
|
||||
spamfree24.com
|
||||
spamfree24.de
|
||||
spamfree24.org
|
||||
spamgoes.in
|
||||
spamgourmet.com
|
||||
spamgourmet.net
|
||||
spamgourmet.org
|
||||
spamherelots.com
|
||||
spamherelots.com
|
||||
spamhereplease.com
|
||||
spamhereplease.com
|
||||
spamhole.com
|
||||
spamify.com
|
||||
spaml.de
|
||||
spammotel.com
|
||||
spamobox.com
|
||||
spamslicer.com
|
||||
spamspot.com
|
||||
spamthis.co.uk
|
||||
spamtroll.net
|
||||
speed.1s.fr
|
||||
spoofmail.de
|
||||
stuffmail.de
|
||||
super-auswahl.de
|
||||
supergreatmail.com
|
||||
supermailer.jp
|
||||
superrito.com
|
||||
superstachel.de
|
||||
suremail.info
|
||||
talkinator.com
|
||||
teewars.org
|
||||
teleworm.com
|
||||
teleworm.us
|
||||
temp-mail.org
|
||||
temp-mail.ru
|
||||
tempe-mail.com
|
||||
tempemail.co.za
|
||||
tempemail.com
|
||||
tempemail.net
|
||||
tempemail.net
|
||||
tempinbox.co.uk
|
||||
tempinbox.com
|
||||
tempmail.eu
|
||||
tempmaildemo.com
|
||||
tempmailer.com
|
||||
tempmailer.de
|
||||
tempomail.fr
|
||||
temporaryemail.net
|
||||
temporaryforwarding.com
|
||||
temporaryinbox.com
|
||||
temporarymailaddress.com
|
||||
tempthe.net
|
||||
thankyou2010.com
|
||||
thc.st
|
||||
thelimestones.com
|
||||
thisisnotmyrealemail.com
|
||||
thismail.net
|
||||
throwawayemailaddress.com
|
||||
tilien.com
|
||||
tittbit.in
|
||||
tizi.com
|
||||
tmailinator.com
|
||||
toomail.biz
|
||||
topranklist.de
|
||||
tradermail.info
|
||||
trash-mail.at
|
||||
trash-mail.com
|
||||
trash-mail.de
|
||||
trash2009.com
|
||||
trashdevil.com
|
||||
trashemail.de
|
||||
trashmail.at
|
||||
trashmail.com
|
||||
trashmail.de
|
||||
trashmail.me
|
||||
trashmail.net
|
||||
trashmail.org
|
||||
trashymail.com
|
||||
trialmail.de
|
||||
trillianpro.com
|
||||
twinmail.de
|
||||
tyldd.com
|
||||
uggsrock.com
|
||||
umail.net
|
||||
uroid.com
|
||||
us.af
|
||||
venompen.com
|
||||
veryrealemail.com
|
||||
viditag.com
|
||||
viralplays.com
|
||||
vpn.st
|
||||
vsimcard.com
|
||||
vubby.com
|
||||
wasteland.rfc822.org
|
||||
webemail.me
|
||||
weg-werf-email.de
|
||||
wegwerf-emails.de
|
||||
wegwerfadresse.de
|
||||
wegwerfemail.com
|
||||
wegwerfemail.de
|
||||
wegwerfmail.de
|
||||
wegwerfmail.info
|
||||
wegwerfmail.net
|
||||
wegwerfmail.org
|
||||
wh4f.org
|
||||
whyspam.me
|
||||
willhackforfood.biz
|
||||
willselfdestruct.com
|
||||
winemaven.info
|
||||
wronghead.com
|
||||
www.e4ward.com
|
||||
www.mailinator.com
|
||||
wwwnew.eu
|
||||
x.ip6.li
|
||||
xagloo.com
|
||||
xemaps.com
|
||||
xents.com
|
||||
xmaily.com
|
||||
xoxy.net
|
||||
yep.it
|
||||
yogamaven.com
|
||||
yopmail.com
|
||||
yopmail.fr
|
||||
yopmail.net
|
||||
yourdomain.com
|
||||
yuurok.com
|
||||
z1p.biz
|
||||
za.com
|
||||
zehnminuten.de
|
||||
zehnminutenmail.de
|
||||
zippymail.info
|
||||
zoemail.net
|
||||
zomg.info
|
||||
|
||||
#region public emails provided by mail.tm
|
||||
----
|
||||
trythe.net
|
||||
leadwizzer.com
|
||||
metalunits.com
|
||||
scpulse.com
|
||||
@@ -2,16 +2,7 @@
|
||||
mod mongodb;
|
||||
mod reference;
|
||||
|
||||
use authifier::config::Captcha;
|
||||
use authifier::config::EmailVerificationConfig;
|
||||
use authifier::config::PasswordScanning;
|
||||
use authifier::config::ResolveIp;
|
||||
use authifier::config::SMTPSettings;
|
||||
use authifier::config::Shield;
|
||||
use authifier::config::Template;
|
||||
use authifier::config::Templates;
|
||||
use authifier::config::EmailExpiryConfig;
|
||||
use authifier::Authifier;
|
||||
|
||||
use rand::Rng;
|
||||
use revolt_config::config;
|
||||
|
||||
@@ -112,143 +103,3 @@ impl DatabaseInfo {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Database {
|
||||
/// Create an Authifier reference
|
||||
pub async fn to_authifier(self) -> Authifier {
|
||||
let config = config().await;
|
||||
|
||||
let mut auth_config = authifier::Config {
|
||||
password_scanning: if config.api.security.easypwned.is_empty() {
|
||||
Default::default()
|
||||
} else {
|
||||
PasswordScanning::EasyPwned {
|
||||
endpoint: config.api.security.easypwned,
|
||||
}
|
||||
},
|
||||
email_verification: if !config.api.smtp.host.is_empty() {
|
||||
EmailVerificationConfig::Enabled {
|
||||
smtp: SMTPSettings {
|
||||
from: config.api.smtp.from_address,
|
||||
host: config.api.smtp.host,
|
||||
username: config.api.smtp.username,
|
||||
password: config.api.smtp.password,
|
||||
reply_to: Some(
|
||||
config
|
||||
.api
|
||||
.smtp
|
||||
.reply_to
|
||||
.unwrap_or("support@stoat.chat".into()),
|
||||
),
|
||||
port: config.api.smtp.port,
|
||||
use_tls: config.api.smtp.use_tls,
|
||||
use_starttls: config.api.smtp.use_starttls,
|
||||
},
|
||||
expiry: EmailExpiryConfig {
|
||||
expire_verification: 3600 * 24 * 7,
|
||||
expire_password_reset: 3600 * 24,
|
||||
expire_account_deletion: 3600 * 24,
|
||||
},
|
||||
templates: if config.production {
|
||||
Templates {
|
||||
verify: Template {
|
||||
title: "Verify your Stoat account.".into(),
|
||||
text: include_str!("../../templates/verify.txt").into(),
|
||||
url: format!("{}/login/verify/", config.hosts.app),
|
||||
html: Some(include_str!("../../templates/verify.html").into()),
|
||||
},
|
||||
reset: Template {
|
||||
title: "Reset your Stoat password.".into(),
|
||||
text: include_str!("../../templates/reset.txt").into(),
|
||||
url: format!("{}/login/reset/", config.hosts.app),
|
||||
html: Some(include_str!("../../templates/reset.html").into()),
|
||||
},
|
||||
reset_existing: Template {
|
||||
title: "You already have a Stoat account, reset your password."
|
||||
.into(),
|
||||
text: include_str!("../../templates/reset-existing.txt").into(),
|
||||
url: format!("{}/login/reset/", config.hosts.app),
|
||||
html: Some(
|
||||
include_str!("../../templates/reset-existing.html").into(),
|
||||
),
|
||||
},
|
||||
deletion: Template {
|
||||
title: "Confirm account deletion.".into(),
|
||||
text: include_str!("../../templates/deletion.txt").into(),
|
||||
url: format!("{}/delete/", config.hosts.app),
|
||||
html: Some(include_str!("../../templates/deletion.html").into()),
|
||||
},
|
||||
welcome: None,
|
||||
}
|
||||
} else {
|
||||
Templates {
|
||||
verify: Template {
|
||||
title: "Verify your account.".into(),
|
||||
text: include_str!("../../templates/verify.whitelabel.txt").into(),
|
||||
url: format!("{}/login/verify/", config.hosts.app),
|
||||
html: None,
|
||||
},
|
||||
reset: Template {
|
||||
title: "Reset your password.".into(),
|
||||
text: include_str!("../../templates/reset.whitelabel.txt").into(),
|
||||
url: format!("{}/login/reset/", config.hosts.app),
|
||||
html: None,
|
||||
},
|
||||
reset_existing: Template {
|
||||
title: "Reset your password.".into(),
|
||||
text: include_str!("../../templates/reset.whitelabel.txt").into(),
|
||||
url: format!("{}/login/reset/", config.hosts.app),
|
||||
html: None,
|
||||
},
|
||||
deletion: Template {
|
||||
title: "Confirm account deletion.".into(),
|
||||
text: include_str!("../../templates/deletion.whitelabel.txt")
|
||||
.into(),
|
||||
url: format!("{}/delete/", config.hosts.app),
|
||||
html: None,
|
||||
},
|
||||
welcome: None,
|
||||
}
|
||||
},
|
||||
}
|
||||
} else {
|
||||
EmailVerificationConfig::Disabled
|
||||
},
|
||||
..Default::default()
|
||||
};
|
||||
|
||||
auth_config.invite_only = config.api.registration.invite_only;
|
||||
|
||||
if !config.api.security.captcha.hcaptcha_key.is_empty() {
|
||||
auth_config.captcha = Captcha::HCaptcha {
|
||||
secret: config.api.security.captcha.hcaptcha_key,
|
||||
};
|
||||
}
|
||||
|
||||
if !config.api.security.authifier_shield_key.is_empty() {
|
||||
auth_config.shield = Shield::Enabled {
|
||||
api_key: config.api.security.authifier_shield_key,
|
||||
strict: false,
|
||||
};
|
||||
}
|
||||
|
||||
if config.api.security.trust_cloudflare {
|
||||
auth_config.resolve_ip = ResolveIp::Cloudflare;
|
||||
}
|
||||
|
||||
Authifier {
|
||||
database: match self {
|
||||
Database::Reference(_) => Default::default(),
|
||||
#[cfg(feature = "mongodb")]
|
||||
Database::MongoDb(MongoDb(client, _)) => authifier::Database::MongoDb(
|
||||
authifier::database::MongoDb(client.database("revolt")),
|
||||
),
|
||||
},
|
||||
config: auth_config,
|
||||
#[cfg(feature = "tasks")]
|
||||
event_channel: Some(crate::tasks::authifier_relay::sender()),
|
||||
#[cfg(not(feature = "tasks"))]
|
||||
event_channel: None,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,15 +3,16 @@ use std::{collections::HashMap, sync::Arc};
|
||||
use futures::lock::Mutex;
|
||||
|
||||
use crate::{
|
||||
Bot, Channel, ChannelCompositeKey, ChannelUnread, Emoji, File, FileHash, Invite, Member,
|
||||
MemberCompositeKey, Message, PolicyChange, RatelimitEvent, Report, Server, ServerBan, Snapshot,
|
||||
User, UserSettings, Webhook,
|
||||
Account, AccountInvite, AuditLogEntry, Bot, Channel, ChannelCompositeKey, ChannelUnread, Emoji,
|
||||
File, FileHash, Invite, MFATicket, Member, MemberCompositeKey, Message, PolicyChange,
|
||||
RatelimitEvent, Report, Server, ServerBan, Session, Snapshot, User, UserSettings, Webhook,
|
||||
};
|
||||
|
||||
database_derived!(
|
||||
/// Reference implementation
|
||||
#[derive(Default, Debug)]
|
||||
pub struct ReferenceDb {
|
||||
pub audit_logs: Arc<Mutex<HashMap<String, AuditLogEntry>>>,
|
||||
pub bots: Arc<Mutex<HashMap<String, Bot>>>,
|
||||
pub channels: Arc<Mutex<HashMap<String, Channel>>>,
|
||||
pub channel_invites: Arc<Mutex<HashMap<String, Invite>>>,
|
||||
@@ -30,5 +31,9 @@ database_derived!(
|
||||
pub servers: Arc<Mutex<HashMap<String, Server>>>,
|
||||
pub safety_reports: Arc<Mutex<HashMap<String, Report>>>,
|
||||
pub safety_snapshots: Arc<Mutex<HashMap<String, Snapshot>>>,
|
||||
pub accounts: Arc<Mutex<HashMap<String, Account>>>,
|
||||
pub account_invites: Arc<Mutex<HashMap<String, AccountInvite>>>,
|
||||
pub sessions: Arc<Mutex<HashMap<String, Session>>>,
|
||||
pub tickets: Arc<Mutex<HashMap<String, MFATicket>>>,
|
||||
}
|
||||
);
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
use authifier::AuthifierEvent;
|
||||
use revolt_result::Error;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
@@ -11,7 +10,7 @@ use revolt_models::v0::{
|
||||
UserVoiceState, Webhook,
|
||||
};
|
||||
|
||||
use crate::Database;
|
||||
use crate::{Account, Database, Session};
|
||||
|
||||
/// Ping Packet
|
||||
#[derive(Serialize, Deserialize, Debug, Clone)]
|
||||
@@ -329,7 +328,20 @@ pub enum EventV1 {
|
||||
},
|
||||
|
||||
/// Auth events
|
||||
Auth(AuthifierEvent),
|
||||
CreateAccount {
|
||||
account: Account,
|
||||
},
|
||||
CreateSession {
|
||||
session: Session,
|
||||
},
|
||||
DeleteSession {
|
||||
user_id: String,
|
||||
session_id: String,
|
||||
},
|
||||
DeleteAllSessions {
|
||||
user_id: String,
|
||||
exclude_session_id: Option<String>,
|
||||
},
|
||||
|
||||
/// Voice events
|
||||
VoiceChannelJoin {
|
||||
|
||||
@@ -25,8 +25,8 @@ pub use mongodb;
|
||||
#[macro_use]
|
||||
extern crate bson;
|
||||
|
||||
#[cfg(not(feature = "async-std-runtime"))]
|
||||
compile_error!("async-std-runtime feature must be enabled.");
|
||||
#[cfg(not(feature = "tokio-runtime"))]
|
||||
compile_error!("tokio-runtime feature must be enabled.");
|
||||
|
||||
#[macro_export]
|
||||
#[cfg(debug_assertions)]
|
||||
@@ -77,6 +77,78 @@ macro_rules! auto_derived_partial {
|
||||
};
|
||||
}
|
||||
|
||||
/// Internal macro for `generate_diff!`, you should not need to use this yourself.
|
||||
macro_rules! generate_field_diff {
|
||||
(optional, $remove:ident, $fieldsmember:path, $self:ident, $before:ident, $partial:ident, $field:ident) => {
|
||||
if $partial.$field.is_some() || $remove.contains(&$fieldsmember) {
|
||||
$before.$field = $self.$field.clone();
|
||||
};
|
||||
};
|
||||
|
||||
(optional, default, $remove:ident, $fieldsmember:path, $self:ident, $before:ident, $partial:ident, $field:ident) => {
|
||||
if $partial.$field.is_some() || $remove.contains(&$fieldsmember) {
|
||||
$before.$field = Some($self.$field.clone());
|
||||
};
|
||||
};
|
||||
|
||||
($self:ident, $before:ident, $partial:ident, $field:ident) => {
|
||||
if $partial.$field.is_some() {
|
||||
$before.$field = Some($self.$field.clone());
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
/// Generates a partial model containing the data which has changed in an update
|
||||
///
|
||||
/// ## Usage:
|
||||
/// `before` is the "output" containing what the model had before being updated,
|
||||
/// this will corraspond to `partial` which is what the data is being changed too.
|
||||
///
|
||||
/// ```rs
|
||||
/// let mut before = PartialModel::default();
|
||||
///
|
||||
/// generate_diff!(
|
||||
/// self, // database model
|
||||
/// before, // mutable empty partial corrasponding to the current model
|
||||
/// partial, // partial containing what is being updated
|
||||
/// remove, // slice of fields being removed
|
||||
/// (
|
||||
/// name, // regular non-nullable non-removable field
|
||||
/// (FieldsEnum::Nickname) nickname, // optional removable field
|
||||
/// ((default) FieldsEnum::Roles) roles, // optional removable field with custom default
|
||||
/// )
|
||||
/// );
|
||||
/// ```
|
||||
///
|
||||
/// See `Member::generate_diff` `Server::generate_diff` `Role::generate_diff` for full examples
|
||||
macro_rules! generate_diff {
|
||||
(
|
||||
$self:ident,
|
||||
$before:ident,
|
||||
$partial:ident,
|
||||
$remove:ident,
|
||||
(
|
||||
$(
|
||||
$(
|
||||
$(@$optional:tt)? (
|
||||
$($(@$default:tt)? (default))?
|
||||
$fieldsmember:path
|
||||
)
|
||||
)?
|
||||
$field: ident
|
||||
),*
|
||||
$(,)?
|
||||
)
|
||||
) => {
|
||||
$(
|
||||
generate_field_diff!(
|
||||
$( $($optional)? optional, $($($default)? default,)? $remove, $fieldsmember,)?
|
||||
$self, $before, $partial, $field
|
||||
);
|
||||
)*
|
||||
}
|
||||
}
|
||||
|
||||
mod drivers;
|
||||
pub use drivers::*;
|
||||
|
||||
@@ -115,7 +187,6 @@ pub use amqp::amqp::AMQP;
|
||||
#[cfg(feature = "voice")]
|
||||
pub mod voice;
|
||||
|
||||
|
||||
/// Utility function to check if a boolean value is false
|
||||
pub fn if_false(t: &bool) -> bool {
|
||||
!t
|
||||
|
||||
5
crates/core/database/src/models/account_invites/mod.rs
Normal file
5
crates/core/database/src/models/account_invites/mod.rs
Normal file
@@ -0,0 +1,5 @@
|
||||
mod model;
|
||||
mod ops;
|
||||
|
||||
pub use model::*;
|
||||
pub use ops::*;
|
||||
25
crates/core/database/src/models/account_invites/model.rs
Normal file
25
crates/core/database/src/models/account_invites/model.rs
Normal file
@@ -0,0 +1,25 @@
|
||||
use crate::{if_false, Database};
|
||||
use revolt_result::Result;
|
||||
|
||||
auto_derived_partial!(
|
||||
/// Account invite ticket
|
||||
pub struct AccountInvite {
|
||||
/// Invite code
|
||||
#[serde(rename = "_id")]
|
||||
pub id: String,
|
||||
/// Whether this invite ticket has been used
|
||||
#[serde(skip_serializing_if = "if_false", default)]
|
||||
pub used: bool,
|
||||
/// User ID that this invite was claimed by
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub claimed_by: Option<String>,
|
||||
},
|
||||
"PartialAccountInvite"
|
||||
);
|
||||
|
||||
impl AccountInvite {
|
||||
/// Save model
|
||||
pub async fn save(&self, db: &Database) -> Result<()> {
|
||||
db.save_account_invite(self).await
|
||||
}
|
||||
}
|
||||
16
crates/core/database/src/models/account_invites/ops.rs
Normal file
16
crates/core/database/src/models/account_invites/ops.rs
Normal file
@@ -0,0 +1,16 @@
|
||||
use revolt_result::Result;
|
||||
|
||||
use crate::AccountInvite;
|
||||
|
||||
#[cfg(feature = "mongodb")]
|
||||
mod mongodb;
|
||||
mod reference;
|
||||
|
||||
#[async_trait]
|
||||
pub trait AbstractAccountInvites: Sync + Send {
|
||||
/// Find invite by id
|
||||
async fn fetch_account_invite(&self, id: &str) -> Result<AccountInvite>;
|
||||
|
||||
/// Save invite
|
||||
async fn save_account_invite(&self, invite: &AccountInvite) -> Result<()>;
|
||||
}
|
||||
@@ -0,0 +1,31 @@
|
||||
use crate::{AbstractAccountInvites, AccountInvite, MongoDb};
|
||||
use bson::to_document;
|
||||
use mongodb::options::UpdateOptions;
|
||||
use revolt_result::Result;
|
||||
|
||||
const COL: &str = "account_invites";
|
||||
|
||||
#[async_trait]
|
||||
impl AbstractAccountInvites for MongoDb {
|
||||
/// Find invite by id
|
||||
async fn fetch_account_invite(&self, id: &str) -> Result<AccountInvite> {
|
||||
query!(self, find_one_by_id, COL, id)?.ok_or_else(|| create_error!(InvalidInvite))
|
||||
}
|
||||
|
||||
/// Save invite
|
||||
async fn save_account_invite(&self, invite: &AccountInvite) -> Result<()> {
|
||||
self.col::<AccountInvite>(COL)
|
||||
.update_one(
|
||||
doc! {
|
||||
"_id": &invite.id
|
||||
},
|
||||
doc! {
|
||||
"$set": to_document(invite).map_err(|_| create_database_error!("to_document", COL))?,
|
||||
},
|
||||
)
|
||||
.with_options(UpdateOptions::builder().upsert(true).build())
|
||||
.await
|
||||
.map_err(|_| create_database_error!("upsert_one", COL))
|
||||
.map(|_| ())
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
use crate::{AbstractAccountInvites, AccountInvite, ReferenceDb};
|
||||
use revolt_result::Result;
|
||||
|
||||
#[async_trait]
|
||||
impl AbstractAccountInvites for ReferenceDb {
|
||||
/// Find invite by id
|
||||
async fn fetch_account_invite(&self, id: &str) -> Result<AccountInvite> {
|
||||
let invites = self.account_invites.lock().await;
|
||||
invites
|
||||
.get(id)
|
||||
.cloned()
|
||||
.ok_or_else(|| create_error!(InvalidInvite))
|
||||
}
|
||||
|
||||
/// Save invite
|
||||
async fn save_account_invite(&self, invite: &AccountInvite) -> Result<()> {
|
||||
let mut invites = self.account_invites.lock().await;
|
||||
invites.insert(invite.id.to_string(), invite.clone());
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
22
crates/core/database/src/models/accounts/axum.rs
Normal file
22
crates/core/database/src/models/accounts/axum.rs
Normal file
@@ -0,0 +1,22 @@
|
||||
use axum::{extract::{FromRef, FromRequestParts}, http::request::Parts};
|
||||
|
||||
use revolt_result::{Error, Result};
|
||||
|
||||
use crate::{Account, Database, Session};
|
||||
|
||||
#[async_trait]
|
||||
impl<S> FromRequestParts<S> for Account
|
||||
where
|
||||
Database: FromRef<S>,
|
||||
S: Send + Sync
|
||||
{
|
||||
type Rejection = Error;
|
||||
|
||||
async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self> {
|
||||
let db = Database::from_ref(state);
|
||||
|
||||
let session = Session::from_request_parts(parts, state).await?;
|
||||
|
||||
db.fetch_account(&session.user_id).await
|
||||
}
|
||||
}
|
||||
11
crates/core/database/src/models/accounts/mod.rs
Normal file
11
crates/core/database/src/models/accounts/mod.rs
Normal file
@@ -0,0 +1,11 @@
|
||||
#[cfg(feature = "axum-impl")]
|
||||
mod axum;
|
||||
mod model;
|
||||
mod ops;
|
||||
#[cfg(feature = "rocket-impl")]
|
||||
mod rocket;
|
||||
#[cfg(feature = "rocket-impl")]
|
||||
mod schema;
|
||||
|
||||
pub use model::*;
|
||||
pub use ops::*;
|
||||
656
crates/core/database/src/models/accounts/model.rs
Normal file
656
crates/core/database/src/models/accounts/model.rs
Normal file
@@ -0,0 +1,656 @@
|
||||
use iso8601_timestamp::{Duration, Timestamp};
|
||||
|
||||
use nanoid::nanoid;
|
||||
use revolt_config::config;
|
||||
use revolt_result::Result;
|
||||
use serde_json::json;
|
||||
|
||||
use crate::{
|
||||
events::client::EventV1,
|
||||
util::{
|
||||
email::{email_templates, normalise_email, send_email},
|
||||
password::hash_password,
|
||||
},
|
||||
Database, MFATicket, Session,
|
||||
};
|
||||
use revolt_models::v0;
|
||||
|
||||
auto_derived_partial!(
|
||||
/// Account model
|
||||
pub struct Account {
|
||||
/// Unique Id
|
||||
#[serde(rename = "_id")]
|
||||
pub id: String,
|
||||
|
||||
/// User's email
|
||||
pub email: String,
|
||||
|
||||
/// Normalised email
|
||||
///
|
||||
/// (see https://github.com/insertish/authifier/#how-does-authifier-work)
|
||||
pub email_normalised: String,
|
||||
|
||||
/// Argon2 hashed password
|
||||
pub password: String,
|
||||
|
||||
/// Whether the account is disabled
|
||||
#[serde(default)]
|
||||
pub disabled: bool,
|
||||
|
||||
/// Email verification status
|
||||
pub verification: EmailVerification,
|
||||
|
||||
/// Password reset information
|
||||
pub password_reset: Option<PasswordReset>,
|
||||
|
||||
/// Account deletion information
|
||||
pub deletion: Option<DeletionInfo>,
|
||||
|
||||
/// Account lockout
|
||||
pub lockout: Option<Lockout>,
|
||||
|
||||
/// Multi-factor authentication information
|
||||
pub mfa: MultiFactorAuthentication,
|
||||
},
|
||||
"PartialAccount"
|
||||
);
|
||||
|
||||
auto_derived!(
|
||||
/// Email verification status
|
||||
#[serde(tag = "status")]
|
||||
pub enum EmailVerification {
|
||||
/// Account is verified
|
||||
Verified,
|
||||
/// Pending email verification
|
||||
Pending { token: String, expiry: Timestamp },
|
||||
/// Moving to a new email
|
||||
Moving {
|
||||
new_email: String,
|
||||
token: String,
|
||||
expiry: Timestamp,
|
||||
},
|
||||
}
|
||||
|
||||
/// Password reset information
|
||||
pub struct PasswordReset {
|
||||
/// Token required to change password
|
||||
pub token: String,
|
||||
/// Time at which this token expires
|
||||
pub expiry: Timestamp,
|
||||
}
|
||||
|
||||
/// Account deletion information
|
||||
#[serde(tag = "status")]
|
||||
pub enum DeletionInfo {
|
||||
/// The user must confirm deletion by email
|
||||
WaitingForVerification { token: String, expiry: Timestamp },
|
||||
/// The account is scheduled for deletion
|
||||
Scheduled { after: Timestamp },
|
||||
/// This account was deleted
|
||||
Deleted,
|
||||
}
|
||||
|
||||
/// Lockout information
|
||||
pub struct Lockout {
|
||||
/// Attempt counter
|
||||
pub attempts: i32,
|
||||
/// Time at which this lockout expires
|
||||
pub expiry: Option<Timestamp>,
|
||||
}
|
||||
|
||||
/// MFA configuration
|
||||
#[derive(Default)]
|
||||
pub struct MultiFactorAuthentication {
|
||||
/// Allow password-less email OTP login
|
||||
/// (1-Factor)
|
||||
// #[serde(skip_serializing_if = "is_false", default)]
|
||||
// pub enable_email_otp: bool,
|
||||
|
||||
/// Allow trusted handover
|
||||
/// (1-Factor)
|
||||
// #[serde(skip_serializing_if = "is_false", default)]
|
||||
// pub enable_trusted_handover: bool,
|
||||
|
||||
/// Allow email MFA
|
||||
/// (2-Factor)
|
||||
// #[serde(skip_serializing_if = "is_false", default)]
|
||||
// pub enable_email_mfa: bool,
|
||||
|
||||
/// TOTP MFA token, enabled if present
|
||||
/// (2-Factor)
|
||||
#[serde(skip_serializing_if = "Totp::is_empty", default)]
|
||||
pub totp_token: Totp,
|
||||
|
||||
/// Security Key MFA token, enabled if present
|
||||
/// (2-Factor)
|
||||
// #[serde(skip_serializing_if = "Option::is_none")]
|
||||
// pub security_key_token: Option<String>,
|
||||
|
||||
/// Recovery codes
|
||||
#[serde(skip_serializing_if = "Vec::is_empty", default)]
|
||||
pub recovery_codes: Vec<String>,
|
||||
}
|
||||
|
||||
/// MFA method
|
||||
#[derive(Hash)]
|
||||
pub enum MFAMethod {
|
||||
Password,
|
||||
Recovery,
|
||||
Totp,
|
||||
}
|
||||
|
||||
#[derive(Default)]
|
||||
#[serde(tag = "status")]
|
||||
pub enum Totp {
|
||||
/// Disabled
|
||||
#[default]
|
||||
Disabled,
|
||||
/// Waiting for user activation
|
||||
Pending { secret: String },
|
||||
/// Required on account
|
||||
Enabled { secret: String },
|
||||
}
|
||||
);
|
||||
|
||||
impl MultiFactorAuthentication {
|
||||
// Check whether MFA is in-use
|
||||
pub fn is_active(&self) -> bool {
|
||||
matches!(self.totp_token, Totp::Enabled { .. })
|
||||
}
|
||||
|
||||
// Check whether there are still usable recovery codes
|
||||
pub fn has_recovery(&self) -> bool {
|
||||
!self.recovery_codes.is_empty()
|
||||
}
|
||||
|
||||
// Get available MFA methods
|
||||
pub fn get_methods(&self) -> Vec<MFAMethod> {
|
||||
if let Totp::Enabled { .. } = self.totp_token {
|
||||
let mut methods = vec![MFAMethod::Totp];
|
||||
|
||||
if self.has_recovery() {
|
||||
methods.push(MFAMethod::Recovery);
|
||||
}
|
||||
|
||||
methods
|
||||
} else {
|
||||
vec![MFAMethod::Password]
|
||||
}
|
||||
}
|
||||
|
||||
// Generate new recovery codes
|
||||
pub fn generate_recovery_codes(&mut self) {
|
||||
static ALPHABET: [char; 32] = [
|
||||
'1', '2', '3', '4', '5', '6', '7', '8', '9', '0', 'a', 'b', 'c', 'd', 'e', 'f', 'g',
|
||||
'h', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'v', 'w', 'x', 'y', 'z',
|
||||
];
|
||||
|
||||
let mut codes = vec![];
|
||||
for _ in 1..=10 {
|
||||
codes.push(format!(
|
||||
"{}-{}",
|
||||
nanoid!(5, &ALPHABET),
|
||||
nanoid!(5, &ALPHABET)
|
||||
));
|
||||
}
|
||||
|
||||
self.recovery_codes = codes;
|
||||
}
|
||||
|
||||
// Generate new TOTP secret
|
||||
pub fn generate_new_totp_secret(&mut self) -> Result<String> {
|
||||
if let Totp::Enabled { .. } = self.totp_token {
|
||||
return Err(create_error!(OperationFailed));
|
||||
}
|
||||
|
||||
let secret: [u8; 10] = rand::random();
|
||||
let secret = base32::encode(base32::Alphabet::RFC4648 { padding: false }, &secret);
|
||||
|
||||
self.totp_token = Totp::Pending {
|
||||
secret: secret.clone(),
|
||||
};
|
||||
|
||||
Ok(secret)
|
||||
}
|
||||
|
||||
/// Enable TOTP using a given MFA response
|
||||
pub fn enable_totp(&mut self, response: v0::MFAResponse) -> Result<()> {
|
||||
if let v0::MFAResponse::Totp { totp_code } = response {
|
||||
let code = self.totp_token.generate_code()?;
|
||||
|
||||
if code == totp_code {
|
||||
let mut totp = Totp::Disabled;
|
||||
std::mem::swap(&mut totp, &mut self.totp_token);
|
||||
|
||||
if let Totp::Pending { secret } = totp {
|
||||
self.totp_token = Totp::Enabled { secret };
|
||||
|
||||
Ok(())
|
||||
} else {
|
||||
Err(create_error!(OperationFailed))
|
||||
}
|
||||
} else {
|
||||
Err(create_error!(InvalidToken))
|
||||
}
|
||||
} else {
|
||||
Err(create_error!(InvalidToken))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Totp {
|
||||
/// Whether TOTP information is empty
|
||||
pub fn is_empty(&self) -> bool {
|
||||
matches!(self, Totp::Disabled)
|
||||
}
|
||||
|
||||
/// Whether TOTP is disabled
|
||||
pub fn is_disabled(&self) -> bool {
|
||||
!matches!(self, Totp::Enabled { .. })
|
||||
}
|
||||
|
||||
// Generate a TOTP code from secret
|
||||
pub fn generate_code(&self) -> Result<String> {
|
||||
if let Totp::Enabled { secret } | Totp::Pending { secret } = &self {
|
||||
let seconds: u64 = std::time::SystemTime::now()
|
||||
.duration_since(std::time::UNIX_EPOCH)
|
||||
.unwrap()
|
||||
.as_secs();
|
||||
|
||||
Ok(totp_lite::totp_custom::<totp_lite::Sha1>(
|
||||
totp_lite::DEFAULT_STEP,
|
||||
6,
|
||||
&base32::decode(base32::Alphabet::RFC4648 { padding: false }, secret)
|
||||
.expect("valid base32 secret"),
|
||||
seconds,
|
||||
))
|
||||
} else {
|
||||
Err(create_error!(OperationFailed))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Account {
|
||||
/// Save model
|
||||
pub async fn save(&self, db: &Database) -> Result<()> {
|
||||
db.save_account(self).await
|
||||
}
|
||||
|
||||
/// Create a new account
|
||||
pub async fn new(
|
||||
db: &Database,
|
||||
email: String,
|
||||
plaintext_password: String,
|
||||
verify_email: bool,
|
||||
) -> Result<Account> {
|
||||
// Get a normalised representation of the user's email
|
||||
let email_normalised = normalise_email(email.clone());
|
||||
|
||||
// Try to find an existing account
|
||||
if let Some(mut account) = db
|
||||
.fetch_account_by_normalised_email(&email_normalised)
|
||||
.await?
|
||||
{
|
||||
// Resend account verification or send password reset
|
||||
if let EmailVerification::Pending { .. } = &account.verification {
|
||||
account.start_email_verification(db).await?;
|
||||
} else {
|
||||
account.start_password_reset(db, true).await?;
|
||||
}
|
||||
|
||||
Ok(account)
|
||||
} else {
|
||||
// Hash the user's password
|
||||
let password = hash_password(plaintext_password)?;
|
||||
|
||||
// Create a new account
|
||||
let mut account = Account {
|
||||
id: ulid::Ulid::new().to_string(),
|
||||
|
||||
email,
|
||||
email_normalised,
|
||||
password,
|
||||
|
||||
disabled: false,
|
||||
verification: EmailVerification::Verified,
|
||||
password_reset: None,
|
||||
deletion: None,
|
||||
lockout: None,
|
||||
|
||||
mfa: Default::default(),
|
||||
};
|
||||
|
||||
// Send email verification
|
||||
if verify_email {
|
||||
account.start_email_verification(db).await?;
|
||||
} else {
|
||||
account.save(db).await?;
|
||||
}
|
||||
|
||||
// Create and push event
|
||||
EventV1::CreateAccount {
|
||||
account: account.clone(),
|
||||
}
|
||||
.global()
|
||||
.await;
|
||||
|
||||
Ok(account)
|
||||
}
|
||||
}
|
||||
|
||||
/// Create a new session
|
||||
pub async fn create_session(&self, db: &Database, name: String) -> Result<Session> {
|
||||
let config = config().await;
|
||||
|
||||
let session = Session {
|
||||
id: ulid::Ulid::new().to_string(),
|
||||
token: nanoid!(64),
|
||||
|
||||
user_id: self.id.clone(),
|
||||
name,
|
||||
|
||||
last_seen: Timestamp::now_utc(),
|
||||
|
||||
origin: Some(config.environment),
|
||||
subscription: None,
|
||||
};
|
||||
|
||||
// Save to database
|
||||
db.save_session(&session).await?;
|
||||
|
||||
// Create and push event
|
||||
EventV1::CreateSession {
|
||||
session: session.clone(),
|
||||
}
|
||||
.global()
|
||||
.await;
|
||||
|
||||
Ok(session)
|
||||
}
|
||||
|
||||
/// Send account verification email
|
||||
pub async fn start_email_verification(&mut self, db: &Database) -> Result<()> {
|
||||
let config = config().await;
|
||||
|
||||
if !config.api.smtp.host.is_empty() {
|
||||
let templates = email_templates().await;
|
||||
|
||||
let token = nanoid!(32);
|
||||
let url = format!("{}{}", templates.verify.url, token);
|
||||
|
||||
send_email(
|
||||
&config.api.smtp,
|
||||
self.email.clone(),
|
||||
&templates.verify,
|
||||
json!({
|
||||
"email": self.email.clone(),
|
||||
"url": url
|
||||
}),
|
||||
)?;
|
||||
|
||||
self.verification = EmailVerification::Pending {
|
||||
token,
|
||||
expiry: Timestamp::now_utc()
|
||||
.checked_add(Duration::seconds(
|
||||
config.api.smtp.expiry.expire_verification,
|
||||
))
|
||||
.unwrap(),
|
||||
};
|
||||
} else {
|
||||
self.verification = EmailVerification::Verified;
|
||||
}
|
||||
|
||||
self.save(db).await
|
||||
}
|
||||
|
||||
/// Send account verification to new email
|
||||
pub async fn start_email_move(&mut self, db: &Database, new_email: String) -> Result<()> {
|
||||
// This method should and will never be called on an unverified account,
|
||||
// but just validate this just in case.
|
||||
if let EmailVerification::Pending { .. } = self.verification {
|
||||
return Err(create_error!(UnverifiedAccount));
|
||||
}
|
||||
|
||||
let config = config().await;
|
||||
|
||||
if !config.api.smtp.host.is_empty() {
|
||||
let templates = email_templates().await;
|
||||
|
||||
let token = nanoid!(32);
|
||||
let url = format!("{}{}", templates.verify.url, token);
|
||||
|
||||
send_email(
|
||||
&config.api.smtp,
|
||||
new_email.clone(),
|
||||
&templates.verify,
|
||||
json!({
|
||||
"email": self.email.clone(),
|
||||
"url": url
|
||||
}),
|
||||
)?;
|
||||
|
||||
self.verification = EmailVerification::Moving {
|
||||
new_email,
|
||||
token,
|
||||
expiry: Timestamp::now_utc()
|
||||
.checked_add(Duration::seconds(
|
||||
config.api.smtp.expiry.expire_verification,
|
||||
))
|
||||
.unwrap(),
|
||||
};
|
||||
} else {
|
||||
self.email_normalised = normalise_email(new_email.clone());
|
||||
self.email = new_email;
|
||||
}
|
||||
|
||||
self.save(db).await
|
||||
}
|
||||
|
||||
/// Send password reset email
|
||||
pub async fn start_password_reset(
|
||||
&mut self,
|
||||
db: &Database,
|
||||
existing_account: bool,
|
||||
) -> Result<()> {
|
||||
let config = config().await;
|
||||
|
||||
if !config.api.smtp.host.is_empty() {
|
||||
let templates = email_templates().await;
|
||||
|
||||
let template = if existing_account {
|
||||
&templates.reset_existing
|
||||
} else {
|
||||
&templates.reset
|
||||
};
|
||||
|
||||
let token = nanoid!(32);
|
||||
let url = format!("{}{}", template.url, token);
|
||||
|
||||
send_email(
|
||||
&config.api.smtp,
|
||||
self.email.clone(),
|
||||
template,
|
||||
json!({
|
||||
"email": self.email.clone(),
|
||||
"url": url
|
||||
}),
|
||||
)?;
|
||||
|
||||
self.password_reset = Some(PasswordReset {
|
||||
token,
|
||||
expiry: Timestamp::now_utc()
|
||||
.checked_add(Duration::seconds(
|
||||
config.api.smtp.expiry.expire_password_reset,
|
||||
))
|
||||
.unwrap(),
|
||||
});
|
||||
} else {
|
||||
return Err(create_error!(OperationFailed));
|
||||
}
|
||||
|
||||
self.save(db).await
|
||||
}
|
||||
|
||||
/// Begin account deletion process by sending confirmation email
|
||||
///
|
||||
/// If email verification is not on, the account will be marked for deletion instantly
|
||||
pub async fn start_account_deletion(&mut self, db: &Database) -> Result<()> {
|
||||
let config = config().await;
|
||||
|
||||
if !config.api.smtp.host.is_empty() {
|
||||
let templates = email_templates().await;
|
||||
|
||||
let token = nanoid!(32);
|
||||
let url = format!("{}{}", templates.deletion.url, token);
|
||||
|
||||
send_email(
|
||||
&config.api.smtp,
|
||||
self.email.clone(),
|
||||
&templates.deletion,
|
||||
json!({
|
||||
"email": self.email.clone(),
|
||||
"url": url
|
||||
}),
|
||||
)?;
|
||||
|
||||
self.deletion = Some(DeletionInfo::WaitingForVerification {
|
||||
token,
|
||||
expiry: Timestamp::now_utc()
|
||||
.checked_add(Duration::seconds(
|
||||
config.api.smtp.expiry.expire_password_reset,
|
||||
))
|
||||
.unwrap(),
|
||||
});
|
||||
|
||||
self.save(db).await
|
||||
} else {
|
||||
self.schedule_deletion(db).await
|
||||
}
|
||||
}
|
||||
|
||||
/// Verify a user's password is correct
|
||||
pub fn verify_password(&self, plaintext_password: &str) -> Result<()> {
|
||||
argon2::verify_encoded(&self.password, plaintext_password.as_bytes())
|
||||
.map(|v| {
|
||||
if v {
|
||||
Ok(())
|
||||
} else {
|
||||
Err(create_error!(InvalidCredentials))
|
||||
}
|
||||
})
|
||||
// To prevent user enumeration, we should ignore
|
||||
// the error and pretend the password is wrong.
|
||||
.map_err(|_| create_error!(InvalidCredentials))?
|
||||
}
|
||||
|
||||
/// Validate an MFA response
|
||||
pub async fn consume_mfa_response(
|
||||
&mut self,
|
||||
db: &Database,
|
||||
response: v0::MFAResponse,
|
||||
ticket: Option<MFATicket>,
|
||||
) -> Result<()> {
|
||||
let allowed_methods = self.mfa.get_methods();
|
||||
|
||||
match response {
|
||||
v0::MFAResponse::Password { password } => {
|
||||
if allowed_methods.contains(&MFAMethod::Password) {
|
||||
self.verify_password(&password)
|
||||
} else {
|
||||
Err(create_error!(DisallowedMFAMethod))
|
||||
}
|
||||
}
|
||||
v0::MFAResponse::Totp { totp_code } => {
|
||||
if allowed_methods.contains(&MFAMethod::Totp) {
|
||||
if let Totp::Enabled { .. } = &self.mfa.totp_token {
|
||||
// Use TOTP code at generation if applicable
|
||||
if let Some(ticket) = ticket {
|
||||
if let Some(code) = ticket.last_totp_code {
|
||||
if code == totp_code {
|
||||
return Ok(());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Otherwise read current TOTP token
|
||||
if self.mfa.totp_token.generate_code()? == totp_code {
|
||||
Ok(())
|
||||
} else {
|
||||
Err(create_error!(InvalidToken))
|
||||
}
|
||||
} else {
|
||||
unreachable!()
|
||||
}
|
||||
} else {
|
||||
Err(create_error!(DisallowedMFAMethod))
|
||||
}
|
||||
}
|
||||
v0::MFAResponse::Recovery { recovery_code } => {
|
||||
if allowed_methods.contains(&MFAMethod::Recovery) {
|
||||
if let Some(index) = self
|
||||
.mfa
|
||||
.recovery_codes
|
||||
.iter()
|
||||
.position(|x| x == &recovery_code)
|
||||
{
|
||||
self.mfa.recovery_codes.remove(index);
|
||||
self.save(db).await
|
||||
} else {
|
||||
Err(create_error!(InvalidToken))
|
||||
}
|
||||
} else {
|
||||
Err(create_error!(DisallowedMFAMethod))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// Delete all sessions for an account
|
||||
pub async fn delete_all_sessions(
|
||||
&self,
|
||||
db: &Database,
|
||||
exclude_session_id: Option<String>,
|
||||
) -> Result<()> {
|
||||
db.delete_all_sessions(&self.id, exclude_session_id.clone())
|
||||
.await?;
|
||||
|
||||
// Create and push event
|
||||
EventV1::DeleteAllSessions {
|
||||
user_id: self.id.clone(),
|
||||
exclude_session_id,
|
||||
}
|
||||
.private(self.id.clone())
|
||||
.await;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Disable an account
|
||||
pub async fn disable(&mut self, db: &Database) -> Result<()> {
|
||||
self.disabled = true;
|
||||
self.delete_all_sessions(db, None).await?;
|
||||
self.save(db).await
|
||||
}
|
||||
|
||||
/// Schedule an account for deletion
|
||||
pub async fn schedule_deletion(&mut self, db: &Database) -> Result<()> {
|
||||
self.deletion = Some(DeletionInfo::Scheduled {
|
||||
after: Timestamp::now_utc()
|
||||
.checked_add(Duration::weeks(1))
|
||||
.unwrap(),
|
||||
});
|
||||
|
||||
self.disable(db).await
|
||||
}
|
||||
|
||||
/// Removes all information from the account and marks it as fully deleted
|
||||
pub async fn mark_deleted(&mut self, db: &Database) -> Result<()> {
|
||||
self.email = format!("Deleted User {}", &self.id);
|
||||
self.email_normalised = format!("Deleted User {}", &self.id);
|
||||
self.deletion = Some(DeletionInfo::Deleted);
|
||||
|
||||
self.save(db).await?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
34
crates/core/database/src/models/accounts/ops.rs
Normal file
34
crates/core/database/src/models/accounts/ops.rs
Normal file
@@ -0,0 +1,34 @@
|
||||
use revolt_result::Result;
|
||||
|
||||
use crate::Account;
|
||||
|
||||
#[cfg(feature = "mongodb")]
|
||||
mod mongodb;
|
||||
mod reference;
|
||||
|
||||
#[async_trait]
|
||||
pub trait AbstractAccounts: Sync + Send {
|
||||
/// Find account by id
|
||||
async fn fetch_account(&self, id: &str) -> Result<Account>;
|
||||
|
||||
/// Find account by normalised email
|
||||
async fn fetch_account_by_normalised_email(
|
||||
&self,
|
||||
normalised_email: &str,
|
||||
) -> Result<Option<Account>>;
|
||||
|
||||
/// Find account with active pending email verification
|
||||
async fn fetch_account_with_email_verification(&self, token: &str) -> Result<Account>;
|
||||
|
||||
/// Find account with active password reset
|
||||
async fn fetch_account_with_password_reset(&self, token: &str) -> Result<Account>;
|
||||
|
||||
/// Find account with active deletion token
|
||||
async fn fetch_account_with_deletion_token(&self, token: &str) -> Result<Account>;
|
||||
|
||||
/// Find accounts which are due to be deleted
|
||||
async fn fetch_accounts_due_for_deletion(&self) -> Result<Vec<Account>>;
|
||||
|
||||
// Save account
|
||||
async fn save_account(&self, account: &Account) -> Result<()>;
|
||||
}
|
||||
118
crates/core/database/src/models/accounts/ops/mongodb.rs
Normal file
118
crates/core/database/src/models/accounts/ops/mongodb.rs
Normal file
@@ -0,0 +1,118 @@
|
||||
use crate::{AbstractAccounts, Account, MongoDb};
|
||||
use bson::{to_bson, to_document};
|
||||
use iso8601_timestamp::Timestamp;
|
||||
use mongodb::options::{Collation, CollationStrength, FindOneOptions, UpdateOptions};
|
||||
use revolt_result::Result;
|
||||
|
||||
const COL: &str = "accounts";
|
||||
|
||||
#[async_trait]
|
||||
impl AbstractAccounts for MongoDb {
|
||||
/// Find account by id
|
||||
async fn fetch_account(&self, id: &str) -> Result<Account> {
|
||||
query!(self, find_one_by_id, COL, id)?.ok_or_else(|| create_error!(UnknownUser))
|
||||
}
|
||||
|
||||
/// Find account by normalised email
|
||||
async fn fetch_account_by_normalised_email(
|
||||
&self,
|
||||
normalised_email: &str,
|
||||
) -> Result<Option<Account>> {
|
||||
query!(
|
||||
self,
|
||||
find_one_with_options,
|
||||
COL,
|
||||
doc! {
|
||||
"email_normalised": normalised_email
|
||||
},
|
||||
FindOneOptions::builder()
|
||||
.collation(
|
||||
Collation::builder()
|
||||
.locale("en")
|
||||
.strength(CollationStrength::Secondary)
|
||||
.build(),
|
||||
)
|
||||
.build()
|
||||
)
|
||||
}
|
||||
|
||||
/// Find account with active pending email verification
|
||||
async fn fetch_account_with_email_verification(&self, token: &str) -> Result<Account> {
|
||||
query!(
|
||||
self,
|
||||
find_one,
|
||||
COL,
|
||||
doc! {
|
||||
"verification.token": token,
|
||||
"verification.expiry": {
|
||||
"$gte": to_bson(&Timestamp::now_utc()).unwrap()
|
||||
}
|
||||
}
|
||||
)?
|
||||
.ok_or_else(|| create_error!(InvalidToken))
|
||||
}
|
||||
|
||||
/// Find account with active password reset
|
||||
async fn fetch_account_with_password_reset(&self, token: &str) -> Result<Account> {
|
||||
query!(
|
||||
self,
|
||||
find_one,
|
||||
COL,
|
||||
doc! {
|
||||
"password_reset.token": token,
|
||||
"password_reset.expiry": {
|
||||
"$gte": to_bson(&Timestamp::now_utc()).unwrap()
|
||||
}
|
||||
}
|
||||
)?
|
||||
.ok_or_else(|| create_error!(InvalidToken))
|
||||
}
|
||||
|
||||
/// Find account with active deletion token
|
||||
async fn fetch_account_with_deletion_token(&self, token: &str) -> Result<Account> {
|
||||
query!(
|
||||
self,
|
||||
find_one,
|
||||
COL,
|
||||
doc! {
|
||||
"deletion.token": token,
|
||||
"deletion.expiry": {
|
||||
"$gte": to_bson(&Timestamp::now_utc()).unwrap()
|
||||
}
|
||||
}
|
||||
)?
|
||||
.ok_or_else(|| create_error!(InvalidToken))
|
||||
}
|
||||
|
||||
/// Find accounts which are due to be deleted
|
||||
async fn fetch_accounts_due_for_deletion(&self) -> Result<Vec<Account>> {
|
||||
query!(
|
||||
self,
|
||||
find,
|
||||
COL,
|
||||
doc! {
|
||||
"deletion.status": "Scheduled",
|
||||
"deletion.after": {
|
||||
"$lte": to_bson(&Timestamp::now_utc()).unwrap()
|
||||
}
|
||||
}
|
||||
)
|
||||
}
|
||||
|
||||
// Save account
|
||||
async fn save_account(&self, account: &Account) -> Result<()> {
|
||||
self.col::<Account>(COL)
|
||||
.update_one(
|
||||
doc! {
|
||||
"_id": &account.id
|
||||
},
|
||||
doc! {
|
||||
"$set": to_document(account).map_err(|_| create_database_error!("to_document", COL))?
|
||||
},
|
||||
)
|
||||
.with_options(UpdateOptions::builder().upsert(true).build())
|
||||
.await
|
||||
.map_err(|_| create_database_error!("find_one", COL))
|
||||
.map(|_| ())
|
||||
}
|
||||
}
|
||||
99
crates/core/database/src/models/accounts/ops/reference.rs
Normal file
99
crates/core/database/src/models/accounts/ops/reference.rs
Normal file
@@ -0,0 +1,99 @@
|
||||
use crate::{AbstractAccounts, Account, DeletionInfo, EmailVerification, ReferenceDb};
|
||||
use iso8601_timestamp::Timestamp;
|
||||
use revolt_result::Result;
|
||||
|
||||
#[async_trait]
|
||||
impl AbstractAccounts for ReferenceDb {
|
||||
/// Find account by id
|
||||
async fn fetch_account(&self, id: &str) -> Result<Account> {
|
||||
let accounts = self.accounts.lock().await;
|
||||
accounts
|
||||
.get(id)
|
||||
.cloned()
|
||||
.ok_or_else(|| create_error!(UnknownUser))
|
||||
}
|
||||
|
||||
/// Find account by normalised email
|
||||
async fn fetch_account_by_normalised_email(
|
||||
&self,
|
||||
normalised_email: &str,
|
||||
) -> Result<Option<Account>> {
|
||||
let accounts = self.accounts.lock().await;
|
||||
Ok(accounts
|
||||
.values()
|
||||
.find(|account| account.email_normalised == normalised_email)
|
||||
.cloned())
|
||||
}
|
||||
|
||||
/// Find account with active pending email verification
|
||||
async fn fetch_account_with_email_verification(&self, token_to_match: &str) -> Result<Account> {
|
||||
let accounts = self.accounts.lock().await;
|
||||
accounts
|
||||
.values()
|
||||
.find(|account| match &account.verification {
|
||||
EmailVerification::Pending { token, .. }
|
||||
| EmailVerification::Moving { token, .. } => token == token_to_match,
|
||||
_ => false,
|
||||
})
|
||||
.cloned()
|
||||
.ok_or_else(|| create_error!(InvalidToken))
|
||||
}
|
||||
|
||||
/// Find account with active password reset
|
||||
async fn fetch_account_with_password_reset(&self, token: &str) -> Result<Account> {
|
||||
let accounts = self.accounts.lock().await;
|
||||
accounts
|
||||
.values()
|
||||
.find(|account| {
|
||||
if let Some(reset) = &account.password_reset {
|
||||
reset.token == token
|
||||
} else {
|
||||
false
|
||||
}
|
||||
})
|
||||
.cloned()
|
||||
.ok_or_else(|| create_error!(InvalidToken))
|
||||
}
|
||||
|
||||
/// Find account with active deletion token
|
||||
async fn fetch_account_with_deletion_token(&self, token_to_match: &str) -> Result<Account> {
|
||||
let accounts = self.accounts.lock().await;
|
||||
accounts
|
||||
.values()
|
||||
.find(|account| {
|
||||
if let Some(DeletionInfo::WaitingForVerification { token, .. }) = &account.deletion
|
||||
{
|
||||
token == token_to_match
|
||||
} else {
|
||||
false
|
||||
}
|
||||
})
|
||||
.cloned()
|
||||
.ok_or_else(|| create_error!(InvalidToken))
|
||||
}
|
||||
|
||||
/// Find accounts which are due to be deleted
|
||||
async fn fetch_accounts_due_for_deletion(&self) -> Result<Vec<Account>> {
|
||||
let now = Timestamp::now_utc();
|
||||
let accounts = self.accounts.lock().await;
|
||||
|
||||
Ok(accounts
|
||||
.values()
|
||||
.filter(|account| {
|
||||
if let Some(DeletionInfo::Scheduled { after }) = &account.deletion {
|
||||
after <= &now
|
||||
} else {
|
||||
false
|
||||
}
|
||||
})
|
||||
.cloned()
|
||||
.collect())
|
||||
}
|
||||
|
||||
// Save account
|
||||
async fn save_account(&self, account: &Account) -> Result<()> {
|
||||
let mut accounts = self.accounts.lock().await;
|
||||
accounts.insert(account.id.to_string(), account.clone());
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
32
crates/core/database/src/models/accounts/rocket.rs
Normal file
32
crates/core/database/src/models/accounts/rocket.rs
Normal file
@@ -0,0 +1,32 @@
|
||||
use crate::{Account, Database, Session};
|
||||
use revolt_result::Error;
|
||||
use rocket::{
|
||||
http::Status,
|
||||
request::{FromRequest, Outcome},
|
||||
Request,
|
||||
};
|
||||
|
||||
#[rocket::async_trait]
|
||||
impl<'r> FromRequest<'r> for Account {
|
||||
type Error = Error;
|
||||
|
||||
async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
|
||||
match request.guard::<Session>().await {
|
||||
Outcome::Success(session) => {
|
||||
if let Ok(account) = request
|
||||
.rocket()
|
||||
.state::<Database>()
|
||||
.expect("`Database`")
|
||||
.fetch_account(&session.user_id)
|
||||
.await
|
||||
{
|
||||
Outcome::Success(account)
|
||||
} else {
|
||||
Outcome::Error((Status::InternalServerError, create_error!(InternalError)))
|
||||
}
|
||||
}
|
||||
Outcome::Forward(_) => unreachable!(),
|
||||
Outcome::Error(err) => Outcome::Error(err),
|
||||
}
|
||||
}
|
||||
}
|
||||
32
crates/core/database/src/models/accounts/schema.rs
Normal file
32
crates/core/database/src/models/accounts/schema.rs
Normal file
@@ -0,0 +1,32 @@
|
||||
use revolt_okapi::openapi3::{SecurityScheme, SecuritySchemeData};
|
||||
use revolt_rocket_okapi::{
|
||||
gen::OpenApiGenerator,
|
||||
request::{OpenApiFromRequest, RequestHeaderInput},
|
||||
};
|
||||
|
||||
use crate::Account;
|
||||
|
||||
|
||||
impl<'r> OpenApiFromRequest<'r> for Account {
|
||||
fn from_request_input(
|
||||
_gen: &mut OpenApiGenerator,
|
||||
_name: String,
|
||||
_required: bool,
|
||||
) -> revolt_rocket_okapi::Result<RequestHeaderInput> {
|
||||
let mut requirements = schemars::Map::new();
|
||||
requirements.insert("Session Token".to_owned(), vec![]);
|
||||
|
||||
Ok(RequestHeaderInput::Security(
|
||||
"Session Token".to_owned(),
|
||||
SecurityScheme {
|
||||
data: SecuritySchemeData::ApiKey {
|
||||
name: "x-session-token".to_owned(),
|
||||
location: "header".to_owned(),
|
||||
},
|
||||
description: Some("Used to authenticate as a user.".to_owned()),
|
||||
extensions: schemars::Map::new(),
|
||||
},
|
||||
requirements,
|
||||
))
|
||||
}
|
||||
}
|
||||
@@ -11,7 +11,7 @@ auto_derived!(
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
#[async_std::test]
|
||||
#[tokio::test]
|
||||
async fn migrate() {
|
||||
database_test!(|db| async move {
|
||||
// Initialise the database
|
||||
|
||||
@@ -98,6 +98,21 @@ pub async fn create_database(db: &MongoDb) {
|
||||
.await
|
||||
.expect("Failed to create pubsub collection.");
|
||||
|
||||
db.create_collection("audit_logs")
|
||||
.await
|
||||
.expect("Failed to create audit_logs collection");
|
||||
db.create_collection("sessions")
|
||||
.await
|
||||
.expect("Failed to create sessions collection.");
|
||||
|
||||
db.create_collection("account_invites")
|
||||
.await
|
||||
.expect("Failed to create account_invites collection.");
|
||||
|
||||
db.create_collection("mfa_tickets")
|
||||
.await
|
||||
.expect("Failed to create mfa_tickets collection.");
|
||||
|
||||
db.run_command(doc! {
|
||||
"createIndexes": "users",
|
||||
"indexes": [
|
||||
@@ -263,5 +278,141 @@ pub async fn create_database(db: &MongoDb) {
|
||||
.await
|
||||
.expect("Failed to create ratelimit_events index.");
|
||||
|
||||
db.run_command(doc! {
|
||||
"createIndexes": "audit_logs",
|
||||
"indexes": [
|
||||
{
|
||||
"key": {
|
||||
"expires_at": 1_i32,
|
||||
},
|
||||
"name": "expires_at_ttl",
|
||||
// We set the expire after to 0 because we store when it expires instead of when the document was inserted,
|
||||
// this is because mongo cant read the timestamp from the ulid so we need to do this workaround.
|
||||
// relevant docs: https://www.mongodb.com/docs/manual/tutorial/expire-data/#expire-documents-at-a-specific-clock-time
|
||||
"expireAfterSeconds": 0
|
||||
},
|
||||
{
|
||||
"key": {
|
||||
"server": 1_i32,
|
||||
"user": 1_i32,
|
||||
"action.type": 1_i32,
|
||||
},
|
||||
"name": "audit_log_filters",
|
||||
},
|
||||
]
|
||||
})
|
||||
.await
|
||||
.expect("Failed to create audit_logs index");
|
||||
|
||||
db.run_command(doc! {
|
||||
"createIndexes": "audit_logs",
|
||||
"indexes": [
|
||||
{
|
||||
"key": {
|
||||
"expires_at": 1_i32,
|
||||
},
|
||||
"name": "expires_at_ttl",
|
||||
// We set the expire after to 0 because we store when it expires instead of when the document was inserted,
|
||||
// this is because mongo cant read the timestamp from the ulid so we need to do this workaround.
|
||||
// relevant docs: https://www.mongodb.com/docs/manual/tutorial/expire-data/#expire-documents-at-a-specific-clock-time
|
||||
"expireAfterSeconds": 0
|
||||
},
|
||||
{
|
||||
"key": {
|
||||
"server": 1_i32,
|
||||
"user": 1_i32,
|
||||
"action.type": 1_i32,
|
||||
},
|
||||
"name": "audit_log_filters",
|
||||
},
|
||||
]
|
||||
})
|
||||
.await
|
||||
.expect("Failed to create audit_logs index");
|
||||
|
||||
db.run_command(doc! {
|
||||
"createIndexes": "accounts",
|
||||
"indexes": [
|
||||
{
|
||||
"key": {
|
||||
"email": 1
|
||||
},
|
||||
"name": "email",
|
||||
"unique": true,
|
||||
"collation": {
|
||||
"locale": "en",
|
||||
"strength": 2
|
||||
}
|
||||
},
|
||||
{
|
||||
"key": {
|
||||
"email_normalised": 1
|
||||
},
|
||||
"name": "email_normalised",
|
||||
"unique": true,
|
||||
"collation": {
|
||||
"locale": "en",
|
||||
"strength": 2
|
||||
}
|
||||
},
|
||||
{
|
||||
"key": {
|
||||
"verification.token": 1
|
||||
},
|
||||
"name": "email_verification"
|
||||
},
|
||||
{
|
||||
"key": {
|
||||
"password_reset.token": 1
|
||||
},
|
||||
"name": "password_reset"
|
||||
},
|
||||
{
|
||||
"key": {
|
||||
"deletion.token": 1
|
||||
},
|
||||
"name": "account_deletion"
|
||||
}
|
||||
]
|
||||
})
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
db.run_command(doc! {
|
||||
"createIndexes": "sessions",
|
||||
"indexes": [
|
||||
{
|
||||
"key": {
|
||||
"token": 1
|
||||
},
|
||||
"name": "token",
|
||||
"unique": true
|
||||
},
|
||||
{
|
||||
"key": {
|
||||
"user_id": 1
|
||||
},
|
||||
"name": "user_id"
|
||||
}
|
||||
]
|
||||
})
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
db.run_command(doc! {
|
||||
"createIndexes": "mfa_tickets",
|
||||
"indexes": [
|
||||
{
|
||||
"key": {
|
||||
"token": 1
|
||||
},
|
||||
"name": "token",
|
||||
"unique": true
|
||||
}
|
||||
]
|
||||
})
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
info!("Created database.");
|
||||
}
|
||||
|
||||
@@ -17,6 +17,7 @@ use iso8601_timestamp::Timestamp;
|
||||
use rand::seq::SliceRandom;
|
||||
use revolt_permissions::{ChannelPermission, DEFAULT_WEBHOOK_PERMISSIONS};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use ulid::Ulid;
|
||||
use unicode_segmentation::UnicodeSegmentation;
|
||||
|
||||
#[derive(Serialize, Deserialize)]
|
||||
@@ -25,7 +26,7 @@ struct MigrationInfo {
|
||||
revision: i32,
|
||||
}
|
||||
|
||||
pub const LATEST_REVISION: i32 = 50; // MUST BE +1 to last migration
|
||||
pub const LATEST_REVISION: i32 = 52; // MUST BE +1 to last migration
|
||||
|
||||
pub async fn migrate_database(db: &MongoDb) {
|
||||
let migrations = db.col::<Document>("migrations");
|
||||
@@ -451,7 +452,7 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
||||
warn!("This is a destructive operation and will wipe existing permission data (excl. defaults for SendMessage).");
|
||||
warn!("Taking a backup is advised.");
|
||||
warn!("Continuing in 10 seconds...");
|
||||
async_std::task::sleep(Duration::from_secs(10)).await;
|
||||
tokio::time::sleep(Duration::from_secs(10)).await;
|
||||
|
||||
let servers = db.col::<Document>("servers");
|
||||
let mut cursor = servers.find(doc! {}).await.unwrap();
|
||||
@@ -573,20 +574,145 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
||||
if revision <= 15 {
|
||||
info!("Running migration [revision 15 / 04-06-2022]: Migrate Authifier to latest version.");
|
||||
|
||||
let db = authifier::Database::MongoDb(authifier::database::MongoDb(db.db()));
|
||||
db.run_migration(authifier::Migration::M2022_06_03EnsureUpToSpec)
|
||||
if !db
|
||||
.db()
|
||||
.collection::<Document>("mfa_tickets")
|
||||
.list_index_names()
|
||||
.await
|
||||
.unwrap();
|
||||
.unwrap_or_default()
|
||||
.contains(&"token".to_owned())
|
||||
{
|
||||
// Make sure all collections exist
|
||||
let list = db.db().list_collection_names().await.unwrap();
|
||||
let collections = ["accounts", "sessions", "invites", "mfa_tickets"];
|
||||
|
||||
for name in collections {
|
||||
if !list.contains(&name.to_string()) {
|
||||
db.db().create_collection(name).await.unwrap();
|
||||
}
|
||||
}
|
||||
|
||||
// Setup index for `accounts`
|
||||
let col = db.db().collection::<Document>("accounts");
|
||||
col.drop_indexes().await.unwrap();
|
||||
|
||||
db.db()
|
||||
.run_command(doc! {
|
||||
"createIndexes": "accounts",
|
||||
"indexes": [
|
||||
{
|
||||
"key": {
|
||||
"email": 1
|
||||
},
|
||||
"name": "email",
|
||||
"unique": true,
|
||||
"collation": {
|
||||
"locale": "en",
|
||||
"strength": 2
|
||||
}
|
||||
},
|
||||
{
|
||||
"key": {
|
||||
"email_normalised": 1
|
||||
},
|
||||
"name": "email_normalised",
|
||||
"unique": true,
|
||||
"collation": {
|
||||
"locale": "en",
|
||||
"strength": 2
|
||||
}
|
||||
},
|
||||
{
|
||||
"key": {
|
||||
"verification.token": 1
|
||||
},
|
||||
"name": "email_verification"
|
||||
},
|
||||
{
|
||||
"key": {
|
||||
"password_reset.token": 1
|
||||
},
|
||||
"name": "password_reset"
|
||||
}
|
||||
]
|
||||
})
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
// Setup index for `sessions`
|
||||
let col = db.db().collection::<Document>("sessions");
|
||||
col.drop_indexes().await.unwrap();
|
||||
|
||||
db.db()
|
||||
.run_command(doc! {
|
||||
"createIndexes": "sessions",
|
||||
"indexes": [
|
||||
{
|
||||
"key": {
|
||||
"token": 1
|
||||
},
|
||||
"name": "token",
|
||||
"unique": true
|
||||
},
|
||||
{
|
||||
"key": {
|
||||
"user_id": 1
|
||||
},
|
||||
"name": "user_id"
|
||||
}
|
||||
]
|
||||
})
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
// Setup index for `mfa_tickets`
|
||||
let col = db.db().collection::<Document>("mfa_tickets");
|
||||
col.drop_indexes().await.unwrap();
|
||||
|
||||
db.db()
|
||||
.run_command(doc! {
|
||||
"createIndexes": "mfa_tickets",
|
||||
"indexes": [
|
||||
{
|
||||
"key": {
|
||||
"token": 1
|
||||
},
|
||||
"name": "token",
|
||||
"unique": true
|
||||
}
|
||||
]
|
||||
})
|
||||
.await
|
||||
.unwrap();
|
||||
}
|
||||
}
|
||||
|
||||
if revision <= 16 {
|
||||
info!("Running migration [revision 16 / 07-07-2022]: Add `emojis` collection and Authifier migration.");
|
||||
|
||||
let authifier_db = authifier::Database::MongoDb(authifier::database::MongoDb(db.db()));
|
||||
authifier_db
|
||||
.run_migration(authifier::Migration::M2022_06_09AddIndexForDeletion)
|
||||
if !db
|
||||
.db()
|
||||
.collection::<Document>("accounts")
|
||||
.list_index_names()
|
||||
.await
|
||||
.unwrap();
|
||||
.expect("list of index names")
|
||||
.contains(&"account_deletion".to_owned())
|
||||
{
|
||||
db.db()
|
||||
.run_command(doc! {
|
||||
"createIndexes": "accounts",
|
||||
"indexes": [
|
||||
{
|
||||
"key": {
|
||||
"deletion.token": 1
|
||||
},
|
||||
"name": "account_deletion"
|
||||
}
|
||||
]
|
||||
})
|
||||
.await
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
db.db()
|
||||
.create_collection("emojis")
|
||||
@@ -1085,7 +1211,7 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
||||
enum Channel {
|
||||
Group { owner: String },
|
||||
TextChannel { server: String },
|
||||
VoiceChannel { server: String }
|
||||
VoiceChannel { server: String },
|
||||
}
|
||||
|
||||
let webhooks = db
|
||||
@@ -1099,7 +1225,12 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
||||
.await;
|
||||
|
||||
for webhook in webhooks {
|
||||
match db.col::<Channel>("channels").find_one(doc! { "_id": &webhook.channel_id }).await.unwrap() {
|
||||
match db
|
||||
.col::<Channel>("channels")
|
||||
.find_one(doc! { "_id": &webhook.channel_id })
|
||||
.await
|
||||
.unwrap()
|
||||
{
|
||||
Some(channel) => {
|
||||
let creator_id = match channel {
|
||||
Channel::Group { owner, .. } => owner,
|
||||
@@ -1141,10 +1272,51 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
||||
"Running migration [revision 32 / 12-05-2025]: (Authifier) Add last_seen to sessions."
|
||||
);
|
||||
|
||||
let db = authifier::Database::MongoDb(authifier::database::MongoDb(db.db()));
|
||||
db.run_migration(authifier::Migration::M2025_02_20AddLastSeenToSession)
|
||||
.await
|
||||
.unwrap();
|
||||
loop {
|
||||
#[derive(Deserialize)]
|
||||
struct SessionId {
|
||||
_id: String,
|
||||
}
|
||||
|
||||
let sessions: Vec<SessionId> = db
|
||||
.db()
|
||||
.collection("sessions")
|
||||
.find(doc! {
|
||||
"$or": [
|
||||
{ "last_seen": { "$exists": false } },
|
||||
{ "last_seen": "1970-01-01T00:00:00.000Z" }
|
||||
]
|
||||
})
|
||||
.limit(50_000) // about 400 batches for 2 million
|
||||
.await
|
||||
.expect("Failed to create cursor for sessions!")
|
||||
.map(|doc| doc.expect("id and username"))
|
||||
.collect()
|
||||
.await;
|
||||
|
||||
if sessions.is_empty() {
|
||||
break;
|
||||
}
|
||||
|
||||
for session in sessions {
|
||||
let timestamp = iso8601_timestamp::Timestamp::from(Ulid::from_string(&session._id).unwrap().datetime());
|
||||
|
||||
db.db()
|
||||
.collection::<Document>("sessions")
|
||||
.update_one(
|
||||
doc! {
|
||||
"_id": &session._id.to_string(),
|
||||
},
|
||||
doc! {
|
||||
"$set": {
|
||||
"last_seen": timestamp.format().to_string()
|
||||
}
|
||||
},
|
||||
)
|
||||
.await
|
||||
.expect("Failed to update a session.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if revision <= 40 {
|
||||
@@ -1240,7 +1412,7 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
||||
"channel_type": "TextChannel",
|
||||
"voice": {}
|
||||
}
|
||||
}
|
||||
},
|
||||
)
|
||||
.await
|
||||
.expect("Failed to update voice channels");
|
||||
@@ -1292,10 +1464,7 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
||||
let mut doc = doc! {};
|
||||
|
||||
for id in server.roles.keys() {
|
||||
doc.insert(
|
||||
format!("roles.{id}._id"),
|
||||
id,
|
||||
);
|
||||
doc.insert(format!("roles.{id}._id"), id);
|
||||
}
|
||||
|
||||
db.db()
|
||||
@@ -1306,6 +1475,54 @@ pub async fn run_migrations(db: &MongoDb, revision: i32) -> i32 {
|
||||
}
|
||||
};
|
||||
|
||||
if revision <= 50 {
|
||||
info!("Running migration [revision 50 / 13-04-2026]: Rename invites collection to account_invites");
|
||||
|
||||
db.db()
|
||||
.client()
|
||||
.database("admin")
|
||||
.run_command(doc! {
|
||||
"renameCollection": "revolt.invites",
|
||||
"to": "revolt.account_invites",
|
||||
"dropTarget": true
|
||||
})
|
||||
.await
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
if revision >= 51 {
|
||||
info!("Running migration [revision 51 / 28-11-2025]: Add audit logs collection");
|
||||
|
||||
db.db()
|
||||
.create_collection("audit_logs")
|
||||
.await
|
||||
.expect("Failed to create audit_logs collection");
|
||||
|
||||
db.db()
|
||||
.run_command(doc! {
|
||||
"createIndexes": "audit_logs",
|
||||
"indexes": [
|
||||
{
|
||||
"key": {
|
||||
"expires_at": 1_i32,
|
||||
},
|
||||
"name": "expires_at_ttl",
|
||||
"expireAfterSeconds": 0
|
||||
},
|
||||
{
|
||||
"key": {
|
||||
"server": 1_i32,
|
||||
"user": 1_i32,
|
||||
"action.type": 1_i32,
|
||||
},
|
||||
"name": "audit_log_filters",
|
||||
},
|
||||
]
|
||||
})
|
||||
.await
|
||||
.expect("Failed to create audit_logs index");
|
||||
};
|
||||
|
||||
// Reminder to update LATEST_REVISION when adding new migrations.
|
||||
LATEST_REVISION.max(revision)
|
||||
}
|
||||
|
||||
5
crates/core/database/src/models/audit_logs/mod.rs
Normal file
5
crates/core/database/src/models/audit_logs/mod.rs
Normal file
@@ -0,0 +1,5 @@
|
||||
mod model;
|
||||
mod ops;
|
||||
|
||||
pub use model::*;
|
||||
pub use ops::*;
|
||||
275
crates/core/database/src/models/audit_logs/model.rs
Normal file
275
crates/core/database/src/models/audit_logs/model.rs
Normal file
@@ -0,0 +1,275 @@
|
||||
use std::{collections::HashSet, time::Duration};
|
||||
|
||||
use iso8601_timestamp::Timestamp;
|
||||
use revolt_config::config;
|
||||
use ulid::Ulid;
|
||||
|
||||
use crate::{Database, PartialChannel, PartialMember, PartialRole, PartialServer, User, PartialEmoji};
|
||||
use revolt_models::v0;
|
||||
use revolt_permissions::OverrideField;
|
||||
use revolt_result::Result;
|
||||
|
||||
auto_derived!(
|
||||
/// Audit log entry
|
||||
pub struct AuditLogEntry {
|
||||
/// Unique ID
|
||||
#[serde(rename = "_id")]
|
||||
pub id: String,
|
||||
|
||||
/// When the audit log entry gets auto-deleted
|
||||
///
|
||||
/// This is only stored in the database and not given to users.
|
||||
pub expires_at: Timestamp,
|
||||
|
||||
/// The server the entry happened in
|
||||
pub server: String,
|
||||
/// User provided reason
|
||||
pub reason: Option<String>,
|
||||
/// User who ran the action
|
||||
pub user: String,
|
||||
/// User this action is targetting
|
||||
pub target: Option<String>,
|
||||
/// The action ran
|
||||
pub action: AuditLogEntryAction,
|
||||
}
|
||||
|
||||
/// Indivual audit log action
|
||||
#[serde(tag = "type")]
|
||||
#[allow(clippy::large_enum_variant)]
|
||||
pub enum AuditLogEntryAction {
|
||||
MessageDelete {
|
||||
author: String,
|
||||
channel: String,
|
||||
},
|
||||
MessageBulkDelete {
|
||||
channel: String,
|
||||
count: usize,
|
||||
},
|
||||
MessagePin {
|
||||
message: String,
|
||||
author: String,
|
||||
channel: String,
|
||||
},
|
||||
MessageUnpin {
|
||||
message: String,
|
||||
author: String,
|
||||
channel: String,
|
||||
},
|
||||
BanCreate {
|
||||
user: String,
|
||||
},
|
||||
BanDelete {
|
||||
user: String,
|
||||
},
|
||||
ChannelCreate {
|
||||
channel: String,
|
||||
name: String,
|
||||
},
|
||||
ChannelEdit {
|
||||
channel: String,
|
||||
before: PartialChannel,
|
||||
after: PartialChannel,
|
||||
},
|
||||
ChannelRolePermissionsEdit {
|
||||
channel: String,
|
||||
role: String,
|
||||
permissions: OverrideField,
|
||||
},
|
||||
ChannelDelete {
|
||||
channel: String,
|
||||
name: String,
|
||||
},
|
||||
MemberEdit {
|
||||
user: String,
|
||||
before: PartialMember,
|
||||
after: PartialMember,
|
||||
},
|
||||
MemberKick {
|
||||
user: String,
|
||||
},
|
||||
ServerEdit {
|
||||
before: PartialServer,
|
||||
after: PartialServer,
|
||||
},
|
||||
RoleEdit {
|
||||
role: String,
|
||||
before: PartialRole,
|
||||
after: PartialRole,
|
||||
},
|
||||
RoleCreate {
|
||||
role: String,
|
||||
name: String,
|
||||
},
|
||||
RoleDelete {
|
||||
role: String,
|
||||
name: String,
|
||||
},
|
||||
RolesReorder {
|
||||
before: Vec<String>,
|
||||
after: Vec<String>,
|
||||
},
|
||||
InviteCreate {
|
||||
invite: String,
|
||||
channel: String,
|
||||
},
|
||||
InviteDelete {
|
||||
invite: String,
|
||||
channel: String,
|
||||
},
|
||||
WebhookCreate {
|
||||
webhook: String,
|
||||
name: String,
|
||||
channel: String,
|
||||
},
|
||||
WebhookDelete {
|
||||
webhook: String,
|
||||
name: String,
|
||||
channel: String,
|
||||
},
|
||||
EmojiCreate {
|
||||
emoji: String,
|
||||
name: String,
|
||||
},
|
||||
EmojiUpdate {
|
||||
emoji: String,
|
||||
before: PartialEmoji,
|
||||
after: PartialEmoji,
|
||||
},
|
||||
EmojiDelete {
|
||||
emoji: String,
|
||||
name: String,
|
||||
},
|
||||
}
|
||||
|
||||
/// Audit Log Query
|
||||
pub struct AuditLogQuery {
|
||||
/// Filter by who ran the action
|
||||
pub user: Option<String>,
|
||||
/// Filter by who the action is targetting
|
||||
pub target: Option<String>,
|
||||
/// Filter by the action type
|
||||
pub r#type: Option<Vec<String>>,
|
||||
/// Entries before a certain entry id
|
||||
pub before: Option<String>,
|
||||
/// Entries after a certain entry id
|
||||
pub after: Option<String>,
|
||||
/// Maximum number of entries to fetch
|
||||
pub limit: i64,
|
||||
}
|
||||
);
|
||||
|
||||
impl AuditLogEntryAction {
|
||||
// TODO: migrate this to a rabbitmq queue to avoid spawning lots of tasks
|
||||
/// Generates an `AuditLogEntry` for the current action and inserts it into the database
|
||||
pub async fn insert<R: Into<Option<String>>>(
|
||||
self,
|
||||
db: &Database,
|
||||
server: String,
|
||||
reason: R,
|
||||
user: String,
|
||||
target: Option<String>,
|
||||
) -> AuditLogEntry {
|
||||
let config = config().await;
|
||||
|
||||
let id = Ulid::new();
|
||||
let expires_at = id
|
||||
.datetime()
|
||||
.checked_add(Duration::from_secs(config.api.audit_logs.expires_after))
|
||||
.unwrap()
|
||||
.into();
|
||||
|
||||
let entry = AuditLogEntry {
|
||||
id: id.to_string(),
|
||||
expires_at,
|
||||
server,
|
||||
reason: reason.into(),
|
||||
user,
|
||||
target,
|
||||
action: self,
|
||||
};
|
||||
|
||||
// running the insert inside a task can cause race conditions in the test so for now just dont use a task for tests for now
|
||||
// this will need to be redone for when we migrate to using rabbitmq here anyway.
|
||||
#[cfg(not(test))]
|
||||
tokio::task::spawn({
|
||||
let db = db.clone();
|
||||
let entry = entry.clone();
|
||||
|
||||
async move { revolt_config::report_internal_error!(db.insert_audit_log_entry(&entry).await) }
|
||||
});
|
||||
|
||||
#[cfg(test)]
|
||||
db.insert_audit_log_entry(&entry).await.unwrap();
|
||||
|
||||
entry
|
||||
}
|
||||
}
|
||||
|
||||
impl AuditLogEntry {
|
||||
/// Fetches the corrasponding users and members for each audit log entry
|
||||
pub async fn with_users(
|
||||
db: &Database,
|
||||
server_id: &str,
|
||||
user: &User,
|
||||
entries: &[Self],
|
||||
) -> Result<(Vec<v0::User>, Vec<v0::Member>)> {
|
||||
let mut user_ids = HashSet::new();
|
||||
|
||||
for entry in entries {
|
||||
user_ids.insert(entry.user.clone());
|
||||
|
||||
match &entry.action {
|
||||
AuditLogEntryAction::MessageDelete { author, .. } => {
|
||||
user_ids.insert(author.clone());
|
||||
}
|
||||
AuditLogEntryAction::BanCreate { user } => {
|
||||
user_ids.insert(user.clone());
|
||||
}
|
||||
AuditLogEntryAction::BanDelete { user } => {
|
||||
user_ids.insert(user.clone());
|
||||
}
|
||||
AuditLogEntryAction::ChannelCreate { .. } => {}
|
||||
AuditLogEntryAction::MemberEdit { user, .. } => {
|
||||
user_ids.insert(user.clone());
|
||||
}
|
||||
AuditLogEntryAction::MemberKick { user } => {
|
||||
user_ids.insert(user.clone());
|
||||
}
|
||||
AuditLogEntryAction::MessagePin { author, .. } => {
|
||||
user_ids.insert(author.clone());
|
||||
}
|
||||
AuditLogEntryAction::MessageUnpin { author, .. } => {
|
||||
user_ids.insert(author.clone());
|
||||
}
|
||||
AuditLogEntryAction::ServerEdit { .. } => {}
|
||||
AuditLogEntryAction::RoleEdit { .. } => {}
|
||||
AuditLogEntryAction::RoleCreate { .. } => {}
|
||||
AuditLogEntryAction::RoleDelete { .. } => {}
|
||||
AuditLogEntryAction::RolesReorder { .. } => {}
|
||||
AuditLogEntryAction::MessageBulkDelete { .. } => {}
|
||||
AuditLogEntryAction::ChannelEdit { .. } => {}
|
||||
AuditLogEntryAction::ChannelRolePermissionsEdit { .. } => {}
|
||||
AuditLogEntryAction::ChannelDelete { .. } => {}
|
||||
AuditLogEntryAction::InviteCreate { .. } => {}
|
||||
AuditLogEntryAction::InviteDelete { .. } => {}
|
||||
AuditLogEntryAction::WebhookCreate { .. } => {}
|
||||
AuditLogEntryAction::WebhookDelete { .. } => {}
|
||||
AuditLogEntryAction::EmojiCreate { .. } => {}
|
||||
AuditLogEntryAction::EmojiUpdate { .. } => {}
|
||||
AuditLogEntryAction::EmojiDelete { .. } => {}
|
||||
};
|
||||
}
|
||||
|
||||
let user_ids = user_ids.into_iter().collect::<Vec<_>>();
|
||||
|
||||
let users = User::fetch_many_ids_as_mutuals(db, user, &user_ids).await?;
|
||||
let members = db
|
||||
.fetch_members(server_id, &user_ids)
|
||||
.await?
|
||||
.into_iter()
|
||||
.map(Into::into)
|
||||
.collect();
|
||||
|
||||
Ok((users, members))
|
||||
}
|
||||
}
|
||||
20
crates/core/database/src/models/audit_logs/ops.rs
Normal file
20
crates/core/database/src/models/audit_logs/ops.rs
Normal file
@@ -0,0 +1,20 @@
|
||||
use revolt_result::Result;
|
||||
|
||||
use crate::{AuditLogEntry, AuditLogQuery};
|
||||
|
||||
#[cfg(feature = "mongodb")]
|
||||
mod mongodb;
|
||||
mod reference;
|
||||
|
||||
#[async_trait]
|
||||
pub trait AbstractAuditLogs: Sync + Send {
|
||||
/// Inserts an entry into the server's audit log
|
||||
async fn insert_audit_log_entry(&self, entry: &AuditLogEntry) -> Result<()>;
|
||||
|
||||
/// Fetches a server's audit logs using the provided query options
|
||||
async fn get_server_audit_logs(
|
||||
&self,
|
||||
server: &str,
|
||||
query: AuditLogQuery,
|
||||
) -> Result<Vec<AuditLogEntry>>;
|
||||
}
|
||||
66
crates/core/database/src/models/audit_logs/ops/mongodb.rs
Normal file
66
crates/core/database/src/models/audit_logs/ops/mongodb.rs
Normal file
@@ -0,0 +1,66 @@
|
||||
use mongodb::options::FindOptions;
|
||||
use revolt_result::Result;
|
||||
|
||||
use crate::{AuditLogEntry, AuditLogQuery, MongoDb};
|
||||
|
||||
use super::AbstractAuditLogs;
|
||||
|
||||
static COL: &str = "audit_logs";
|
||||
|
||||
#[async_trait]
|
||||
impl AbstractAuditLogs for MongoDb {
|
||||
/// Inserts an entry into the server's audit log
|
||||
async fn insert_audit_log_entry(&self, entry: &AuditLogEntry) -> Result<()> {
|
||||
query!(self, insert_one, COL, entry).map(|_| ())
|
||||
}
|
||||
|
||||
/// Fetches a server's audit logs using the provided query options
|
||||
async fn get_server_audit_logs(
|
||||
&self,
|
||||
server: &str,
|
||||
query: AuditLogQuery,
|
||||
) -> Result<Vec<AuditLogEntry>> {
|
||||
let mut filter = doc! {
|
||||
"server": server
|
||||
};
|
||||
|
||||
if let Some(user) = query.user {
|
||||
filter.insert("user", user);
|
||||
};
|
||||
|
||||
if let Some(target) = query.target {
|
||||
filter.insert("target", target);
|
||||
}
|
||||
|
||||
if let Some(types) = query.r#type {
|
||||
filter.insert("action.type", doc! { "$in": types });
|
||||
};
|
||||
|
||||
if let Some(doc) = match (query.before, query.after) {
|
||||
(Some(before), Some(after)) => Some(doc! {
|
||||
"$lt": before,
|
||||
"$gt": after
|
||||
}),
|
||||
(Some(before), _) => Some(doc! {
|
||||
"$lt": before
|
||||
}),
|
||||
(_, Some(after)) => Some(doc! {
|
||||
"$gt": after
|
||||
}),
|
||||
_ => None,
|
||||
} {
|
||||
filter.insert("_id", doc);
|
||||
};
|
||||
|
||||
self.find_with_options(
|
||||
COL,
|
||||
filter,
|
||||
FindOptions::builder()
|
||||
.limit(query.limit)
|
||||
.sort(doc! { "_id": -1 })
|
||||
.build(),
|
||||
)
|
||||
.await
|
||||
.map_err(|_| create_database_error!("find", COL))
|
||||
}
|
||||
}
|
||||
81
crates/core/database/src/models/audit_logs/ops/reference.rs
Normal file
81
crates/core/database/src/models/audit_logs/ops/reference.rs
Normal file
@@ -0,0 +1,81 @@
|
||||
use revolt_result::Result;
|
||||
|
||||
use crate::{AuditLogEntry, AuditLogQuery, ReferenceDb};
|
||||
|
||||
use super::AbstractAuditLogs;
|
||||
|
||||
#[async_trait]
|
||||
impl AbstractAuditLogs for ReferenceDb {
|
||||
/// Inserts an entry into the server's audit log
|
||||
async fn insert_audit_log_entry(&self, entry: &AuditLogEntry) -> Result<()> {
|
||||
self.audit_logs
|
||||
.lock()
|
||||
.await
|
||||
.insert(entry.id.clone(), entry.clone());
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Fetches a server's audit logs using the provided query options
|
||||
async fn get_server_audit_logs(
|
||||
&self,
|
||||
server: &str,
|
||||
query: AuditLogQuery,
|
||||
) -> Result<Vec<AuditLogEntry>> {
|
||||
let lock = self.audit_logs.lock().await;
|
||||
|
||||
let mut logs = lock
|
||||
.values()
|
||||
.filter(|entry| {
|
||||
if entry.server != server {
|
||||
return false;
|
||||
};
|
||||
|
||||
if let Some(user) = &query.user {
|
||||
if &entry.user != user {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if query.target.is_some() && entry.target != query.target {
|
||||
return false;
|
||||
}
|
||||
|
||||
if let Some(before) = &query.before {
|
||||
if &entry.id > before {
|
||||
return false;
|
||||
};
|
||||
};
|
||||
|
||||
if let Some(after) = &query.after {
|
||||
if &entry.id < after {
|
||||
return false;
|
||||
};
|
||||
};
|
||||
|
||||
if let Some(action_types) = &query.r#type {
|
||||
let entry_type = serde_json::to_value(entry.action.clone())
|
||||
.unwrap()
|
||||
.as_object()
|
||||
.unwrap()
|
||||
.get("type")
|
||||
.unwrap()
|
||||
.as_str()
|
||||
.unwrap()
|
||||
.to_string();
|
||||
|
||||
if !action_types.contains(&entry_type) {
|
||||
return false;
|
||||
}
|
||||
};
|
||||
|
||||
true
|
||||
})
|
||||
.cloned()
|
||||
.collect::<Vec<_>>();
|
||||
|
||||
logs.sort_by(|a, b| b.id.cmp(&a.id));
|
||||
logs.truncate(query.limit as usize);
|
||||
Ok(logs)
|
||||
}
|
||||
}
|
||||
@@ -164,7 +164,7 @@ impl Bot {
|
||||
mod tests {
|
||||
use crate::{Bot, FieldsBot, PartialBot, User};
|
||||
|
||||
#[async_std::test]
|
||||
#[tokio::test]
|
||||
async fn crud() {
|
||||
database_test!(|db| async move {
|
||||
let owner = User::create(&db, "Owner".to_string(), None, None)
|
||||
|
||||
@@ -128,7 +128,7 @@ impl Webhook {
|
||||
mod tests {
|
||||
use crate::{FieldsWebhook, PartialWebhook, Webhook};
|
||||
|
||||
#[async_std::test]
|
||||
#[tokio::test]
|
||||
async fn crud() {
|
||||
database_test!(|db| async move {
|
||||
let webhook_id = "webhook";
|
||||
|
||||
@@ -408,7 +408,10 @@ impl Channel {
|
||||
/// Check whether has a user as a recipient
|
||||
pub fn contains_user(&self, user_id: &str) -> bool {
|
||||
match self {
|
||||
Channel::Group { recipients, .. } => recipients.contains(&String::from(user_id)),
|
||||
Channel::Group { recipients, .. } | Channel::DirectMessage { recipients, .. } => {
|
||||
recipients.iter().any(|recipient| recipient == user_id)
|
||||
}
|
||||
Channel::SavedMessages { user, .. } => user == user_id,
|
||||
_ => false,
|
||||
}
|
||||
}
|
||||
@@ -416,7 +419,9 @@ impl Channel {
|
||||
/// Get list of recipients
|
||||
pub fn users(&self) -> Result<Vec<String>> {
|
||||
match self {
|
||||
Channel::Group { recipients, .. } => Ok(recipients.to_owned()),
|
||||
Channel::Group { recipients, .. } | Channel::DirectMessage { recipients, .. } => {
|
||||
Ok(recipients.to_owned())
|
||||
}
|
||||
_ => Err(create_error!(NotFound)),
|
||||
}
|
||||
}
|
||||
@@ -643,6 +648,122 @@ impl Channel {
|
||||
}
|
||||
}
|
||||
|
||||
/// Generates a PartialChannel containing the data which has changed in an update
|
||||
pub fn generate_diff(
|
||||
&self,
|
||||
partial: &PartialChannel,
|
||||
remove: &[FieldsChannel],
|
||||
) -> PartialChannel {
|
||||
let mut before = PartialChannel::default();
|
||||
|
||||
match self {
|
||||
Channel::SavedMessages { .. } => {}
|
||||
Channel::DirectMessage {
|
||||
active,
|
||||
last_message_id,
|
||||
..
|
||||
} => {
|
||||
if partial.active.is_some() {
|
||||
before.active = Some(*active);
|
||||
};
|
||||
|
||||
if partial.last_message_id.is_some() {
|
||||
before.last_message_id = last_message_id.clone()
|
||||
};
|
||||
}
|
||||
Channel::Group {
|
||||
name,
|
||||
owner,
|
||||
description,
|
||||
icon,
|
||||
last_message_id,
|
||||
permissions,
|
||||
nsfw,
|
||||
..
|
||||
} => {
|
||||
if partial.name.is_some() {
|
||||
before.name = Some(name.clone());
|
||||
};
|
||||
|
||||
if partial.owner.is_some() {
|
||||
before.owner = Some(owner.clone());
|
||||
};
|
||||
|
||||
if partial.description.is_some() || remove.contains(&FieldsChannel::Description) {
|
||||
before.description = description.clone();
|
||||
};
|
||||
|
||||
if partial.icon.is_some() || remove.contains(&FieldsChannel::Icon) {
|
||||
before.icon = icon.clone();
|
||||
};
|
||||
|
||||
if partial.last_message_id.is_some() {
|
||||
before.last_message_id = last_message_id.clone()
|
||||
};
|
||||
|
||||
if partial.permissions.is_some() {
|
||||
before.permissions = *permissions;
|
||||
};
|
||||
|
||||
if partial.nsfw.is_some() {
|
||||
before.nsfw = Some(*nsfw);
|
||||
};
|
||||
}
|
||||
Channel::TextChannel {
|
||||
name,
|
||||
description,
|
||||
icon,
|
||||
last_message_id,
|
||||
default_permissions,
|
||||
role_permissions,
|
||||
nsfw,
|
||||
voice,
|
||||
slowmode,
|
||||
..
|
||||
} => {
|
||||
if partial.name.is_some() {
|
||||
before.name = Some(name.clone());
|
||||
};
|
||||
|
||||
if partial.description.is_some() || remove.contains(&FieldsChannel::Description) {
|
||||
before.description = description.clone();
|
||||
};
|
||||
|
||||
if partial.icon.is_some() || remove.contains(&FieldsChannel::Icon) {
|
||||
before.icon = icon.clone();
|
||||
};
|
||||
|
||||
if partial.last_message_id.is_some() {
|
||||
before.last_message_id = last_message_id.clone()
|
||||
};
|
||||
|
||||
if partial.default_permissions.is_some()
|
||||
|| remove.contains(&FieldsChannel::DefaultPermissions)
|
||||
{
|
||||
before.default_permissions = *default_permissions;
|
||||
};
|
||||
|
||||
if partial.role_permissions.is_some() {
|
||||
before.role_permissions = Some(role_permissions.clone());
|
||||
};
|
||||
|
||||
if partial.nsfw.is_some() {
|
||||
before.nsfw = Some(*nsfw);
|
||||
};
|
||||
|
||||
if partial.voice.is_some() || remove.contains(&FieldsChannel::Voice) {
|
||||
before.voice = voice.clone();
|
||||
};
|
||||
|
||||
if partial.slowmode.is_some() {
|
||||
before.slowmode = *slowmode;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
before
|
||||
}
|
||||
|
||||
/// Acknowledge a message
|
||||
pub async fn ack(&self, user: &str, message: &str, amqp: &AMQP) -> Result<()> {
|
||||
EventV1::ChannelAck {
|
||||
@@ -782,7 +903,7 @@ mod tests {
|
||||
|
||||
use crate::{fixture, util::permissions::DatabasePermissionQuery};
|
||||
|
||||
#[async_std::test]
|
||||
#[tokio::test]
|
||||
async fn permissions_group_channel() {
|
||||
database_test!(|db| async move {
|
||||
fixture!(db, "group_with_members",
|
||||
@@ -808,7 +929,7 @@ mod tests {
|
||||
});
|
||||
}
|
||||
|
||||
#[async_std::test]
|
||||
#[tokio::test]
|
||||
async fn permissions_text_channel() {
|
||||
database_test!(|db| async move {
|
||||
fixture!(db, "server_with_roles",
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
use crate::{revolt_result::Result, Channel, FieldsChannel, PartialChannel};
|
||||
use crate::{Channel, FieldsChannel, PartialChannel, revolt_result::Result, util::ChunkedDatabaseGenerator};
|
||||
use revolt_permissions::OverrideField;
|
||||
|
||||
#[cfg(feature = "mongodb")]
|
||||
@@ -19,6 +19,9 @@ pub trait AbstractChannels: Sync + Send {
|
||||
/// Fetch all direct messages for a user
|
||||
async fn find_direct_messages(&self, user_id: &str) -> Result<Vec<Channel>>;
|
||||
|
||||
// Fetch all group dms for a user
|
||||
async fn find_group_message_channels(&self, user_id: &str) -> Result<ChunkedDatabaseGenerator<Channel>>;
|
||||
|
||||
// Fetch saved messages channel
|
||||
async fn find_saved_messages_channel(&self, user_id: &str) -> Result<Channel>;
|
||||
|
||||
@@ -47,6 +50,9 @@ pub trait AbstractChannels: Sync + Send {
|
||||
// Remove a user from a group
|
||||
async fn remove_user_from_group(&self, channel_id: &str, user_id: &str) -> Result<()>;
|
||||
|
||||
// Remove a user from all specified groups
|
||||
async fn remove_user_from_groups(&self, channel_ids: Vec<String>, user_id: &str) -> Result<()>;
|
||||
|
||||
// Delete a channel
|
||||
async fn delete_channel(&self, channel_id: &Channel) -> Result<()>;
|
||||
}
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
use super::AbstractChannels;
|
||||
use crate::{AbstractServers, Channel, FieldsChannel, IntoDocumentPath, MongoDb, PartialChannel};
|
||||
use crate::{AbstractServers, Channel, FieldsChannel, IntoDocumentPath, MongoDb, PartialChannel, util::ChunkedDatabaseGenerator};
|
||||
use bson::{Bson, Document};
|
||||
use futures::StreamExt;
|
||||
use mongodb::options::ReadConcern;
|
||||
use revolt_permissions::OverrideField;
|
||||
use revolt_result::Result;
|
||||
|
||||
@@ -69,6 +70,32 @@ impl AbstractChannels for MongoDb {
|
||||
)
|
||||
}
|
||||
|
||||
// Fetch all group dms for a user
|
||||
async fn find_group_message_channels(&self, user_id: &str) -> Result<ChunkedDatabaseGenerator<Channel>> {
|
||||
let mut session = self
|
||||
.start_session()
|
||||
.await
|
||||
.map_err(|_| create_database_error!("start_session", COL))?;
|
||||
|
||||
session
|
||||
.start_transaction()
|
||||
.read_concern(ReadConcern::snapshot())
|
||||
.await
|
||||
.map_err(|_| create_database_error!("start_transaction", COL))?;
|
||||
|
||||
let cursor = self.col(COL)
|
||||
.find(doc! {
|
||||
"channel_type": "Group",
|
||||
"recipients": user_id
|
||||
})
|
||||
.session(&mut session)
|
||||
.batch_size(100)
|
||||
.await
|
||||
.map_err(|_| create_database_error!("find", COL))?;
|
||||
|
||||
Ok(ChunkedDatabaseGenerator::new_mongo(session, cursor))
|
||||
}
|
||||
|
||||
// Fetch saved messages channel
|
||||
async fn find_saved_messages_channel(&self, user_id: &str) -> Result<Channel> {
|
||||
query!(
|
||||
@@ -180,13 +207,29 @@ impl AbstractChannels for MongoDb {
|
||||
.map_err(|_| create_database_error!("update_one", "channels"))
|
||||
}
|
||||
|
||||
// Remove a user from all specified groups
|
||||
async fn remove_user_from_groups(&self, channel_ids: Vec<String>, user_id: &str) -> Result<()> {
|
||||
self.col::<Document>(COL)
|
||||
.update_many(
|
||||
doc! {
|
||||
"_id": { "$in": channel_ids },
|
||||
},
|
||||
doc! {
|
||||
"$pull": {
|
||||
"recipients": user_id
|
||||
}
|
||||
},
|
||||
)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|_| create_database_error!("update_many", COL))
|
||||
}
|
||||
|
||||
// Delete a channel
|
||||
async fn delete_channel(&self, channel: &Channel) -> Result<()> {
|
||||
let id = channel.id().to_string();
|
||||
let server_id = match channel {
|
||||
Channel::TextChannel { server, .. } => {
|
||||
Some(server)
|
||||
}
|
||||
Channel::TextChannel { server, .. } => Some(server),
|
||||
_ => None,
|
||||
};
|
||||
|
||||
|
||||
@@ -2,6 +2,7 @@ use std::collections::hash_map::Entry;
|
||||
|
||||
use super::AbstractChannels;
|
||||
use crate::ReferenceDb;
|
||||
use crate::util::ChunkedDatabaseGenerator;
|
||||
use crate::{Channel, FieldsChannel, PartialChannel};
|
||||
use revolt_permissions::OverrideField;
|
||||
use revolt_result::Result;
|
||||
@@ -51,6 +52,23 @@ impl AbstractChannels for ReferenceDb {
|
||||
.collect())
|
||||
}
|
||||
|
||||
// Fetch all group dms for a user
|
||||
async fn find_group_message_channels(&self, user_id: &str) -> Result<ChunkedDatabaseGenerator<Channel>> {
|
||||
let channels = self.channels.lock().await;
|
||||
let groups = channels
|
||||
.values()
|
||||
.filter(|channel| match channel {
|
||||
Channel::Group { recipients, .. } => {
|
||||
recipients.iter().any(|recipient| recipient == user_id)
|
||||
}
|
||||
_ => false,
|
||||
})
|
||||
.cloned()
|
||||
.collect();
|
||||
|
||||
Ok(ChunkedDatabaseGenerator::new_reference(groups))
|
||||
}
|
||||
|
||||
// Fetch saved messages channel
|
||||
async fn find_saved_messages_channel(&self, user_id: &str) -> Result<Channel> {
|
||||
let channels = self.channels.lock().await;
|
||||
@@ -131,9 +149,9 @@ impl AbstractChannels for ReferenceDb {
|
||||
// Remove a user from a group
|
||||
async fn remove_user_from_group(&self, channel: &str, user: &str) -> Result<()> {
|
||||
let mut channels = self.channels.lock().await;
|
||||
if let Some(channel_data) = channels.get_mut(channel) {
|
||||
if channel_data.users()?.contains(&String::from(user)) {
|
||||
channel_data.users()?.retain(|x| x != user);
|
||||
if let Some(Channel::Group { recipients, .. }) = channels.get_mut(channel) {
|
||||
if let Some(index) = recipients.iter().position(|recipient| recipient == user) {
|
||||
recipients.remove(index);
|
||||
return Ok(());
|
||||
} else {
|
||||
return Err(create_error!(NotFound));
|
||||
@@ -142,6 +160,19 @@ impl AbstractChannels for ReferenceDb {
|
||||
Err(create_error!(NotFound))
|
||||
}
|
||||
|
||||
// Remove a user from all specified groups
|
||||
async fn remove_user_from_groups(&self, channel_ids: Vec<String>, user_id: &str) -> Result<()> {
|
||||
let mut channels = self.channels.lock().await;
|
||||
|
||||
for channel_id in channel_ids {
|
||||
if let Some(Channel::Group { recipients, .. }) = channels.get_mut(&channel_id) {
|
||||
recipients.retain(|recipient| recipient != user_id);
|
||||
}
|
||||
};
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
// Delete a channel
|
||||
async fn delete_channel(&self, channel: &Channel) -> Result<()> {
|
||||
let mut channels = self.channels.lock().await;
|
||||
|
||||
@@ -16,7 +16,7 @@ static PERMISSIBLE_EMOJIS: Lazy<HashSet<String>> = Lazy::new(|| {
|
||||
.collect()
|
||||
});
|
||||
|
||||
auto_derived!(
|
||||
auto_derived_partial!(
|
||||
/// Emoji
|
||||
pub struct Emoji {
|
||||
/// Unique Id
|
||||
@@ -34,20 +34,17 @@ auto_derived!(
|
||||
/// Whether the emoji is marked as nsfw
|
||||
#[serde(skip_serializing_if = "crate::if_false", default)]
|
||||
pub nsfw: bool,
|
||||
}
|
||||
},
|
||||
"PartialEmoji"
|
||||
);
|
||||
|
||||
auto_derived!(
|
||||
/// Parent Id of the emoji
|
||||
#[serde(tag = "type")]
|
||||
pub enum EmojiParent {
|
||||
Server { id: String },
|
||||
Detached,
|
||||
}
|
||||
|
||||
/// Partial representation of an emoji
|
||||
pub struct PartialEmoji {
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub name: Option<String>,
|
||||
}
|
||||
);
|
||||
|
||||
#[allow(clippy::disallowed_methods)]
|
||||
@@ -72,14 +69,14 @@ impl Emoji {
|
||||
}
|
||||
|
||||
/// Delete an emoji
|
||||
pub async fn delete(self, db: &Database) -> Result<()> {
|
||||
pub async fn delete(&self, db: &Database) -> Result<()> {
|
||||
EventV1::EmojiDelete {
|
||||
id: self.id.to_string(),
|
||||
}
|
||||
.p(self.parent().to_string())
|
||||
.await;
|
||||
|
||||
db.detach_emoji(&self).await
|
||||
db.detach_emoji(self).await
|
||||
}
|
||||
|
||||
/// Update an emoji
|
||||
@@ -112,4 +109,18 @@ impl Emoji {
|
||||
Ok(PERMISSIBLE_EMOJIS.contains(&sanitized_emoji))
|
||||
}
|
||||
}
|
||||
|
||||
/// Generates a PartialEmoji containing the data which has changed in an update
|
||||
pub fn generate_diff(&self, partial: &PartialEmoji) -> PartialEmoji {
|
||||
let mut before = PartialEmoji::default();
|
||||
|
||||
generate_diff!(
|
||||
self, before, partial, remove,
|
||||
(
|
||||
name,
|
||||
)
|
||||
);
|
||||
|
||||
before
|
||||
}
|
||||
}
|
||||
|
||||
@@ -998,11 +998,13 @@ impl Message {
|
||||
}
|
||||
|
||||
/// Delete a message
|
||||
pub async fn delete(self, db: &Database) -> Result<()> {
|
||||
let file_ids: Vec<String> = self
|
||||
pub async fn delete(&self, db: &Database) -> Result<()> {
|
||||
let file_ids = self
|
||||
.attachments
|
||||
.map(|files| files.iter().map(|file| file.id.to_string()).collect())
|
||||
.unwrap_or_default();
|
||||
.iter()
|
||||
.flatten()
|
||||
.map(|file| file.id.clone())
|
||||
.collect::<Vec<_>>();
|
||||
|
||||
if !file_ids.is_empty() {
|
||||
db.mark_attachments_as_deleted(&file_ids).await?;
|
||||
@@ -1011,10 +1013,10 @@ impl Message {
|
||||
db.delete_message(&self.id).await?;
|
||||
|
||||
EventV1::MessageDelete {
|
||||
id: self.id,
|
||||
id: self.id.clone(),
|
||||
channel: self.channel.clone(),
|
||||
}
|
||||
.p(self.channel)
|
||||
.p(self.channel.clone())
|
||||
.await;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
@@ -50,4 +50,6 @@ pub trait AbstractMessages: Sync + Send {
|
||||
author: &str,
|
||||
since: SystemTime
|
||||
) -> Result<HashMap<String, Vec<String>>>;
|
||||
|
||||
async fn delete_messages_by_user(&self, user_id: &str) -> Result<()>;
|
||||
}
|
||||
|
||||
@@ -416,6 +416,12 @@ impl AbstractMessages for MongoDb {
|
||||
|
||||
Ok(deleted_messages)
|
||||
}
|
||||
|
||||
async fn delete_messages_by_user(&self, user_id: &str) -> Result<()> {
|
||||
self.delete_bulk_messages(doc! {
|
||||
"author": user_id,
|
||||
}).await
|
||||
}
|
||||
}
|
||||
|
||||
impl IntoDocumentPath for FieldsMessage {
|
||||
|
||||
@@ -1,10 +1,13 @@
|
||||
use std::collections::HashMap;
|
||||
use crate::{
|
||||
AppendMessage, FieldsMessage, Message, MessageQuery,
|
||||
PartialMessage, ReferenceDb,
|
||||
};
|
||||
use futures::future::try_join_all;
|
||||
use indexmap::IndexSet;
|
||||
use revolt_result::Result;
|
||||
use std::collections::HashMap;
|
||||
use std::time::SystemTime;
|
||||
use ulid::Ulid;
|
||||
use crate::{AppendMessage, FieldsMessage, Message, MessageQuery, PartialMessage, ReferenceDb};
|
||||
|
||||
use super::AbstractMessages;
|
||||
|
||||
@@ -60,7 +63,7 @@ impl AbstractMessages for ReferenceDb {
|
||||
|
||||
if let Some(pinned) = query.filter.pinned {
|
||||
if message.pinned.unwrap_or_default() == pinned {
|
||||
return false
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -191,7 +194,12 @@ impl AbstractMessages for ReferenceDb {
|
||||
}
|
||||
|
||||
/// Update a given message with new information
|
||||
async fn update_message(&self, id: &str, message: &PartialMessage, remove: Vec<FieldsMessage>) -> Result<()> {
|
||||
async fn update_message(
|
||||
&self,
|
||||
id: &str,
|
||||
message: &PartialMessage,
|
||||
remove: Vec<FieldsMessage>,
|
||||
) -> Result<()> {
|
||||
let mut messages = self.messages.lock().await;
|
||||
if let Some(message_data) = messages.get_mut(id) {
|
||||
message_data.apply_options(message.to_owned());
|
||||
@@ -294,7 +302,7 @@ impl AbstractMessages for ReferenceDb {
|
||||
&self,
|
||||
channels: &[String],
|
||||
author: &str,
|
||||
since: SystemTime
|
||||
since: SystemTime,
|
||||
) -> Result<HashMap<String, Vec<String>>> {
|
||||
let threshold_ulid = Ulid::from_datetime(since).to_string();
|
||||
let mut deleted_messages: HashMap<String, Vec<String>> = HashMap::new();
|
||||
@@ -335,16 +343,23 @@ impl AbstractMessages for ReferenceDb {
|
||||
}
|
||||
|
||||
// Delete the messages
|
||||
self.messages
|
||||
.lock()
|
||||
.await
|
||||
.retain(|id, message| {
|
||||
let should_keep = !(message.author == author
|
||||
&& channels.contains(&message.channel)
|
||||
&& id.as_str() >= threshold_ulid.as_str());
|
||||
should_keep
|
||||
});
|
||||
self.messages.lock().await.retain(|id, message| {
|
||||
let should_keep = !(message.author == author
|
||||
&& channels.contains(&message.channel)
|
||||
&& id.as_str() >= threshold_ulid.as_str());
|
||||
should_keep
|
||||
});
|
||||
|
||||
Ok(deleted_messages)
|
||||
}
|
||||
|
||||
async fn delete_messages_by_user(&self, user_id: &str) -> Result<()> {
|
||||
let mut messages = self.messages.lock().await;
|
||||
|
||||
messages.retain(|_, message| message.author != user_id);
|
||||
|
||||
// TODO: remove attachments as well
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
67
crates/core/database/src/models/mfa_tickets/axum.rs
Normal file
67
crates/core/database/src/models/mfa_tickets/axum.rs
Normal file
@@ -0,0 +1,67 @@
|
||||
use axum::{
|
||||
extract::{FromRef, FromRequestParts},
|
||||
http::request::Parts,
|
||||
};
|
||||
|
||||
use revolt_result::{Error, Result};
|
||||
|
||||
use crate::{Database, MFATicket, UnvalidatedTicket, ValidatedTicket};
|
||||
|
||||
#[async_trait]
|
||||
impl<S> FromRequestParts<S> for MFATicket
|
||||
where
|
||||
Database: FromRef<S>,
|
||||
S: Send + Sync,
|
||||
{
|
||||
type Rejection = Error;
|
||||
|
||||
async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self> {
|
||||
let db = Database::from_ref(state);
|
||||
|
||||
if let Some(Ok(token)) = parts.headers.get("x-mfa-ticket").map(|v| v.to_str()) {
|
||||
db.fetch_ticket_by_token(token).await
|
||||
} else {
|
||||
Err(create_error!(MissingHeaders))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[async_trait]
|
||||
impl<S> FromRequestParts<S> for ValidatedTicket
|
||||
where
|
||||
Database: FromRef<S>,
|
||||
S: Send + Sync,
|
||||
{
|
||||
type Rejection = Error;
|
||||
|
||||
async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self> {
|
||||
let db = Database::from_ref(state);
|
||||
|
||||
let ticket = MFATicket::from_request_parts(parts, state).await?;
|
||||
|
||||
if ticket.validated && ticket.claim(&db).await.is_ok() {
|
||||
Ok(ValidatedTicket(ticket))
|
||||
} else {
|
||||
Err(create_error!(InvalidToken))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[async_trait]
|
||||
impl<S> FromRequestParts<S> for UnvalidatedTicket
|
||||
where
|
||||
Database: FromRef<S>,
|
||||
S: Send + Sync,
|
||||
{
|
||||
type Rejection = Error;
|
||||
|
||||
async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self> {
|
||||
let ticket = MFATicket::from_request_parts(parts, state).await?;
|
||||
|
||||
if !ticket.validated {
|
||||
Ok(UnvalidatedTicket(ticket))
|
||||
} else {
|
||||
Err(create_error!(InvalidToken))
|
||||
}
|
||||
}
|
||||
}
|
||||
11
crates/core/database/src/models/mfa_tickets/mod.rs
Normal file
11
crates/core/database/src/models/mfa_tickets/mod.rs
Normal file
@@ -0,0 +1,11 @@
|
||||
#[cfg(feature = "axum-impl")]
|
||||
mod axum;
|
||||
mod model;
|
||||
mod ops;
|
||||
#[cfg(feature = "rocket-impl")]
|
||||
mod rocket;
|
||||
#[cfg(feature = "rocket-impl")]
|
||||
mod schema;
|
||||
|
||||
pub use model::*;
|
||||
pub use ops::*;
|
||||
105
crates/core/database/src/models/mfa_tickets/model.rs
Normal file
105
crates/core/database/src/models/mfa_tickets/model.rs
Normal file
@@ -0,0 +1,105 @@
|
||||
use iso8601_timestamp::{Duration, Timestamp};
|
||||
use std::ops::Deref;
|
||||
|
||||
use nanoid::nanoid;
|
||||
use revolt_result::Result;
|
||||
|
||||
use crate::{Database, MultiFactorAuthentication};
|
||||
|
||||
auto_derived_partial!(
|
||||
/// Multi-factor auth ticket
|
||||
pub struct MFATicket {
|
||||
/// Unique Id
|
||||
#[serde(rename = "_id")]
|
||||
pub id: String,
|
||||
|
||||
/// Account Id
|
||||
pub account_id: String,
|
||||
|
||||
/// Unique Token
|
||||
pub token: String,
|
||||
|
||||
/// Whether this ticket has been validated
|
||||
/// (can be used for account actions)
|
||||
pub validated: bool,
|
||||
|
||||
/// Whether this ticket is authorised
|
||||
/// (can be used to log a user in)
|
||||
pub authorised: bool,
|
||||
|
||||
/// TOTP code at time of ticket creation
|
||||
pub last_totp_code: Option<String>,
|
||||
},
|
||||
"PartialMFATicket"
|
||||
);
|
||||
|
||||
/// Ticket which is guaranteed to be valid for use
|
||||
///
|
||||
/// If used in a Rocket guard, it will be consumed on match
|
||||
#[derive(Debug, Serialize, Deserialize)]
|
||||
pub struct ValidatedTicket(pub MFATicket);
|
||||
|
||||
/// Ticket which is guaranteed to not be valid for use
|
||||
#[derive(Debug, Serialize, Deserialize)]
|
||||
pub struct UnvalidatedTicket(pub MFATicket);
|
||||
|
||||
impl MFATicket {
|
||||
/// Create a new MFA ticket
|
||||
pub fn new(account_id: String, validated: bool) -> MFATicket {
|
||||
MFATicket {
|
||||
id: ulid::Ulid::new().to_string(),
|
||||
account_id,
|
||||
token: nanoid!(64),
|
||||
validated,
|
||||
authorised: false,
|
||||
last_totp_code: None,
|
||||
}
|
||||
}
|
||||
|
||||
/// Populate an MFA ticket with valid MFA codes
|
||||
pub async fn populate(&mut self, mfa: &MultiFactorAuthentication) {
|
||||
self.last_totp_code = mfa.totp_token.generate_code().ok();
|
||||
}
|
||||
|
||||
/// Save model
|
||||
pub async fn save(&self, db: &Database) -> Result<()> {
|
||||
db.save_ticket(self).await
|
||||
}
|
||||
|
||||
/// Check if this MFA ticket has expired
|
||||
pub fn is_expired(&self) -> bool {
|
||||
let now = Timestamp::now_utc();
|
||||
|
||||
let datetime: Timestamp = ulid::Ulid::from_string(&self.id)
|
||||
.expect("Valid `ulid`")
|
||||
.datetime()
|
||||
.into();
|
||||
|
||||
now > (datetime.checked_add(Duration::minutes(5)).unwrap())
|
||||
}
|
||||
|
||||
/// Claim and remove this MFA ticket
|
||||
pub async fn claim(&self, db: &Database) -> Result<()> {
|
||||
if self.is_expired() {
|
||||
return Err(create_error!(InvalidToken));
|
||||
}
|
||||
|
||||
db.delete_ticket(&self.id).await
|
||||
}
|
||||
}
|
||||
|
||||
impl Deref for ValidatedTicket {
|
||||
type Target = MFATicket;
|
||||
|
||||
fn deref(&self) -> &Self::Target {
|
||||
&self.0
|
||||
}
|
||||
}
|
||||
|
||||
impl Deref for UnvalidatedTicket {
|
||||
type Target = MFATicket;
|
||||
|
||||
fn deref(&self) -> &Self::Target {
|
||||
&self.0
|
||||
}
|
||||
}
|
||||
22
crates/core/database/src/models/mfa_tickets/ops.rs
Normal file
22
crates/core/database/src/models/mfa_tickets/ops.rs
Normal file
@@ -0,0 +1,22 @@
|
||||
use revolt_result::Result;
|
||||
|
||||
use crate::MFATicket;
|
||||
|
||||
#[cfg(feature = "mongodb")]
|
||||
mod mongodb;
|
||||
mod reference;
|
||||
|
||||
#[async_trait]
|
||||
pub trait AbstractMFATickets: Sync + Send {
|
||||
/// Find ticket by token
|
||||
async fn fetch_ticket_by_token(&self, token: &str) -> Result<MFATicket>;
|
||||
|
||||
/// Save ticket
|
||||
async fn save_ticket(&self, ticket: &MFATicket) -> Result<()>;
|
||||
|
||||
/// Delete ticket
|
||||
async fn delete_ticket(&self, id: &str) -> Result<()>;
|
||||
|
||||
/// Delete all expired tickets
|
||||
async fn delete_expired_tickets(&self) -> Result<usize>;
|
||||
}
|
||||
67
crates/core/database/src/models/mfa_tickets/ops/mongodb.rs
Normal file
67
crates/core/database/src/models/mfa_tickets/ops/mongodb.rs
Normal file
@@ -0,0 +1,67 @@
|
||||
use std::time::{Duration, SystemTime};
|
||||
|
||||
use crate::{AbstractMFATickets, MFATicket, MongoDb};
|
||||
use bson::{to_document, Document};
|
||||
use iso8601_timestamp::Timestamp;
|
||||
use mongodb::options::UpdateOptions;
|
||||
use revolt_result::Result;
|
||||
use ulid::Ulid;
|
||||
|
||||
const COL: &str = "mfa_tickets";
|
||||
|
||||
#[async_trait]
|
||||
impl AbstractMFATickets for MongoDb {
|
||||
/// Find ticket by token
|
||||
///
|
||||
/// Ticket is only valid for 5 minute
|
||||
async fn fetch_ticket_by_token(&self, token: &str) -> Result<MFATicket> {
|
||||
let ticket: MFATicket = query!(self, find_one, COL, doc! { "token": token })?
|
||||
.ok_or_else(|| create_error!(InvalidToken))?;
|
||||
|
||||
if let Ok(ulid) = Ulid::from_string(&ticket.id) {
|
||||
if Timestamp::from(ulid.datetime() + Duration::from_mins(5)) > Timestamp::now_utc() {
|
||||
Ok(ticket)
|
||||
} else {
|
||||
Err(create_error!(InvalidToken))
|
||||
}
|
||||
} else {
|
||||
Err(create_error!(InvalidToken))
|
||||
}
|
||||
}
|
||||
|
||||
/// Save ticket
|
||||
async fn save_ticket(&self, ticket: &MFATicket) -> Result<()> {
|
||||
self.col::<MFATicket>(COL)
|
||||
.update_one(
|
||||
doc! {
|
||||
"_id": &ticket.id
|
||||
},
|
||||
doc! {
|
||||
"$set": to_document(ticket).map_err(|_| create_database_error!("to_document", COL))?,
|
||||
},
|
||||
)
|
||||
.with_options(UpdateOptions::builder().upsert(true).build())
|
||||
.await
|
||||
.map_err(|_| create_database_error!("upsert_one", COL))
|
||||
.map(|_| ())
|
||||
}
|
||||
|
||||
/// Delete ticket
|
||||
async fn delete_ticket(&self, id: &str) -> Result<()> {
|
||||
query!(self, delete_one_by_id, COL, id).map(|_| ())
|
||||
}
|
||||
|
||||
/// Delete all expired tickets
|
||||
async fn delete_expired_tickets(&self) -> Result<usize> {
|
||||
let threshhold =
|
||||
Ulid::from_datetime(SystemTime::now() - Duration::from_mins(5)).to_string();
|
||||
|
||||
self.col::<Document>(COL)
|
||||
.delete_many(doc! {
|
||||
"_id": { "$lt": threshhold }
|
||||
})
|
||||
.await
|
||||
.map_err(|_| create_database_error!("delete_many", COL))
|
||||
.map(|result| result.deleted_count as usize)
|
||||
}
|
||||
}
|
||||
57
crates/core/database/src/models/mfa_tickets/ops/reference.rs
Normal file
57
crates/core/database/src/models/mfa_tickets/ops/reference.rs
Normal file
@@ -0,0 +1,57 @@
|
||||
use std::time::{Duration, SystemTime};
|
||||
|
||||
use crate::{AbstractMFATickets, MFATicket, ReferenceDb};
|
||||
use iso8601_timestamp::Timestamp;
|
||||
use revolt_result::Result;
|
||||
use ulid::Ulid;
|
||||
|
||||
#[async_trait]
|
||||
impl AbstractMFATickets for ReferenceDb {
|
||||
/// Find ticket by token
|
||||
async fn fetch_ticket_by_token(&self, token: &str) -> Result<MFATicket> {
|
||||
let tickets = self.tickets.lock().await;
|
||||
let ticket = tickets
|
||||
.values()
|
||||
.find(|ticket| ticket.token == token)
|
||||
.ok_or_else(|| create_error!(InvalidToken))?;
|
||||
|
||||
if let Ok(ulid) = Ulid::from_string(&ticket.id) {
|
||||
if Timestamp::from(ulid.datetime() + Duration::from_mins(5)) > Timestamp::now_utc() {
|
||||
Ok(ticket.clone())
|
||||
} else {
|
||||
Err(create_error!(InvalidToken))
|
||||
}
|
||||
} else {
|
||||
Err(create_error!(InvalidToken))
|
||||
}
|
||||
}
|
||||
|
||||
/// Save ticket
|
||||
async fn save_ticket(&self, ticket: &MFATicket) -> Result<()> {
|
||||
let mut tickets = self.tickets.lock().await;
|
||||
tickets.insert(ticket.id.to_string(), ticket.clone());
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Delete ticket
|
||||
async fn delete_ticket(&self, id: &str) -> Result<()> {
|
||||
let mut tickets = self.tickets.lock().await;
|
||||
if tickets.remove(id).is_some() {
|
||||
Ok(())
|
||||
} else {
|
||||
Err(create_error!(InvalidToken))
|
||||
}
|
||||
}
|
||||
|
||||
/// Delete all expired tickets
|
||||
async fn delete_expired_tickets(&self) -> Result<usize> {
|
||||
let threshhold =
|
||||
Ulid::from_datetime(SystemTime::now() - Duration::from_mins(5)).to_string();
|
||||
let mut tickets = self.tickets.lock().await;
|
||||
|
||||
let before = tickets.len();
|
||||
tickets.retain(|_, ticket| ticket.id >= threshhold);
|
||||
|
||||
Ok(before - tickets.len())
|
||||
}
|
||||
}
|
||||
81
crates/core/database/src/models/mfa_tickets/rocket.rs
Normal file
81
crates/core/database/src/models/mfa_tickets/rocket.rs
Normal file
@@ -0,0 +1,81 @@
|
||||
use crate::{Database, MFATicket, UnvalidatedTicket, ValidatedTicket};
|
||||
use revolt_result::Error;
|
||||
use rocket::{
|
||||
http::Status,
|
||||
outcome::Outcome,
|
||||
request::{self, FromRequest},
|
||||
Request,
|
||||
};
|
||||
|
||||
#[rocket::async_trait]
|
||||
impl<'r> FromRequest<'r> for MFATicket {
|
||||
type Error = Error;
|
||||
|
||||
#[allow(clippy::collapsible_match)]
|
||||
async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
|
||||
if let Some(header_mfa_ticket) = request.headers().get("x-mfa-ticket").next() {
|
||||
if let Ok(ticket) = request
|
||||
.rocket()
|
||||
.state::<Database>()
|
||||
.expect("`Database`")
|
||||
.fetch_ticket_by_token(header_mfa_ticket)
|
||||
.await
|
||||
{
|
||||
Outcome::Success(ticket)
|
||||
} else {
|
||||
Outcome::Error((Status::Unauthorized, create_error!(InvalidToken)))
|
||||
}
|
||||
} else {
|
||||
Outcome::Error((Status::Unauthorized, create_error!(MissingHeaders)))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[rocket::async_trait]
|
||||
impl<'r> FromRequest<'r> for ValidatedTicket {
|
||||
type Error = Error;
|
||||
|
||||
#[allow(clippy::collapsible_match)]
|
||||
async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
|
||||
match request.guard::<MFATicket>().await {
|
||||
Outcome::Success(ticket) => {
|
||||
if ticket.validated {
|
||||
let db = request
|
||||
.rocket()
|
||||
.state::<Database>()
|
||||
.expect("`Database`");
|
||||
|
||||
if ticket.claim(db).await.is_ok() {
|
||||
Outcome::Success(ValidatedTicket(ticket))
|
||||
} else {
|
||||
Outcome::Error((Status::Forbidden, create_error!(InvalidToken)))
|
||||
}
|
||||
} else {
|
||||
Outcome::Error((Status::Forbidden, create_error!(InvalidToken)))
|
||||
}
|
||||
}
|
||||
Outcome::Forward(f) => Outcome::Forward(f),
|
||||
Outcome::Error(err) => Outcome::Error(err),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[rocket::async_trait]
|
||||
impl<'r> FromRequest<'r> for UnvalidatedTicket {
|
||||
type Error = Error;
|
||||
|
||||
#[allow(clippy::collapsible_match)]
|
||||
async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
|
||||
match request.guard::<MFATicket>().await {
|
||||
Outcome::Success(ticket) => {
|
||||
if !ticket.validated {
|
||||
Outcome::Success(UnvalidatedTicket(ticket))
|
||||
} else {
|
||||
Outcome::Error((Status::Forbidden, create_error!(InvalidToken)))
|
||||
}
|
||||
}
|
||||
Outcome::Forward(f) => Outcome::Forward(f),
|
||||
Outcome::Error(err) => Outcome::Error(err),
|
||||
}
|
||||
}
|
||||
}
|
||||
80
crates/core/database/src/models/mfa_tickets/schema.rs
Normal file
80
crates/core/database/src/models/mfa_tickets/schema.rs
Normal file
@@ -0,0 +1,80 @@
|
||||
use revolt_okapi::openapi3::{SecurityScheme, SecuritySchemeData};
|
||||
use revolt_rocket_okapi::{
|
||||
gen::OpenApiGenerator,
|
||||
request::{OpenApiFromRequest, RequestHeaderInput},
|
||||
};
|
||||
|
||||
use crate::{MFATicket, ValidatedTicket, UnvalidatedTicket};
|
||||
|
||||
|
||||
impl<'r> OpenApiFromRequest<'r> for MFATicket {
|
||||
fn from_request_input(
|
||||
_gen: &mut OpenApiGenerator,
|
||||
_name: String,
|
||||
_required: bool,
|
||||
) -> revolt_rocket_okapi::Result<RequestHeaderInput> {
|
||||
let mut requirements = schemars::Map::new();
|
||||
requirements.insert("MFA Ticket".to_owned(), vec![]);
|
||||
|
||||
Ok(RequestHeaderInput::Security(
|
||||
"MFA Ticket".to_owned(),
|
||||
SecurityScheme {
|
||||
data: SecuritySchemeData::ApiKey {
|
||||
name: "x-mfa-ticket".to_owned(),
|
||||
location: "header".to_owned(),
|
||||
},
|
||||
description: Some("Used to authorise a request.".to_owned()),
|
||||
extensions: schemars::Map::new(),
|
||||
},
|
||||
requirements,
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
impl<'r> OpenApiFromRequest<'r> for ValidatedTicket {
|
||||
fn from_request_input(
|
||||
_gen: &mut OpenApiGenerator,
|
||||
_name: String,
|
||||
_required: bool,
|
||||
) -> revolt_rocket_okapi::Result<RequestHeaderInput> {
|
||||
let mut requirements = schemars::Map::new();
|
||||
requirements.insert("Valid MFA Ticket".to_owned(), vec![]);
|
||||
|
||||
Ok(RequestHeaderInput::Security(
|
||||
"Valid MFA Ticket".to_owned(),
|
||||
SecurityScheme {
|
||||
data: SecuritySchemeData::ApiKey {
|
||||
name: "x-mfa-ticket".to_owned(),
|
||||
location: "header".to_owned(),
|
||||
},
|
||||
description: Some("Used to authorise a request.".to_owned()),
|
||||
extensions: schemars::Map::new(),
|
||||
},
|
||||
requirements,
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
impl<'r> OpenApiFromRequest<'r> for UnvalidatedTicket {
|
||||
fn from_request_input(
|
||||
_gen: &mut OpenApiGenerator,
|
||||
_name: String,
|
||||
_required: bool,
|
||||
) -> revolt_rocket_okapi::Result<RequestHeaderInput> {
|
||||
let mut requirements = schemars::Map::new();
|
||||
requirements.insert("Unvalidated MFA Ticket".to_owned(), vec![]);
|
||||
|
||||
Ok(RequestHeaderInput::Security(
|
||||
"Unvalidated MFA Ticket".to_owned(),
|
||||
SecurityScheme {
|
||||
data: SecuritySchemeData::ApiKey {
|
||||
name: "x-mfa-ticket".to_owned(),
|
||||
location: "header".to_owned(),
|
||||
},
|
||||
description: Some("Used to authorise a request.".to_owned()),
|
||||
extensions: schemars::Map::new(),
|
||||
},
|
||||
requirements,
|
||||
))
|
||||
}
|
||||
}
|
||||
@@ -1,4 +1,5 @@
|
||||
mod admin_migrations;
|
||||
mod audit_logs;
|
||||
mod bots;
|
||||
mod channel_invites;
|
||||
mod channel_unreads;
|
||||
@@ -17,8 +18,13 @@ mod server_members;
|
||||
mod servers;
|
||||
mod user_settings;
|
||||
mod users;
|
||||
mod accounts;
|
||||
mod account_invites;
|
||||
mod sessions;
|
||||
mod mfa_tickets;
|
||||
|
||||
pub use admin_migrations::*;
|
||||
pub use audit_logs::*;
|
||||
pub use bots::*;
|
||||
pub use channel_invites::*;
|
||||
pub use channel_unreads::*;
|
||||
@@ -37,6 +43,10 @@ pub use server_members::*;
|
||||
pub use servers::*;
|
||||
pub use user_settings::*;
|
||||
pub use users::*;
|
||||
pub use accounts::*;
|
||||
pub use account_invites::*;
|
||||
pub use sessions::*;
|
||||
pub use mfa_tickets::*;
|
||||
|
||||
use crate::{Database, ReferenceDb};
|
||||
|
||||
@@ -47,6 +57,7 @@ pub trait AbstractDatabase:
|
||||
Sync
|
||||
+ Send
|
||||
+ admin_migrations::AbstractMigrations
|
||||
+ audit_logs::AbstractAuditLogs
|
||||
+ bots::AbstractBots
|
||||
+ channels::AbstractChannels
|
||||
+ channel_invites::AbstractChannelInvites
|
||||
@@ -65,6 +76,10 @@ pub trait AbstractDatabase:
|
||||
+ servers::AbstractServers
|
||||
+ user_settings::AbstractUserSettings
|
||||
+ users::AbstractUsers
|
||||
+ accounts::AbstractAccounts
|
||||
+ account_invites::AbstractAccountInvites
|
||||
+ sessions::AbstractSessions
|
||||
+ mfa_tickets::AbstractMFATickets
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
@@ -28,6 +28,9 @@ auto_derived_partial!(
|
||||
/// Member's nickname
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub nickname: Option<String>,
|
||||
/// Member's pronouns
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub pronouns: Option<String>,
|
||||
/// Avatar attachment
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub avatar: Option<File>,
|
||||
@@ -65,6 +68,7 @@ auto_derived!(
|
||||
/// Optional fields on server member object
|
||||
pub enum FieldsMember {
|
||||
Nickname,
|
||||
Pronouns,
|
||||
Avatar,
|
||||
Roles,
|
||||
Timeout,
|
||||
@@ -88,6 +92,7 @@ impl Default for Member {
|
||||
id: Default::default(),
|
||||
joined_at: Timestamp::now_utc(),
|
||||
nickname: None,
|
||||
pronouns: None,
|
||||
avatar: None,
|
||||
roles: vec![],
|
||||
timeout: None,
|
||||
@@ -231,6 +236,7 @@ impl Member {
|
||||
FieldsMember::JoinedAt => {}
|
||||
FieldsMember::Avatar => self.avatar = None,
|
||||
FieldsMember::Nickname => self.nickname = None,
|
||||
FieldsMember::Pronouns => self.pronouns = None,
|
||||
FieldsMember::Roles => self.roles.clear(),
|
||||
FieldsMember::Timeout => self.timeout = None,
|
||||
FieldsMember::CanReceive => self.can_receive = true,
|
||||
@@ -239,6 +245,26 @@ impl Member {
|
||||
}
|
||||
}
|
||||
|
||||
/// Generates a PartialMember containing the data which has changed in an update
|
||||
pub fn generate_diff(&self, partial: &PartialMember, remove: &[FieldsMember]) -> PartialMember {
|
||||
let mut before = PartialMember::default();
|
||||
|
||||
generate_diff!(
|
||||
self, before, partial, remove,
|
||||
(
|
||||
(FieldsMember::Nickname) nickname,
|
||||
(FieldsMember::Avatar) avatar,
|
||||
(FieldsMember::Timeout) timeout,
|
||||
(FieldsMember::Pronouns) pronouns,
|
||||
((default) FieldsMember::Roles) roles,
|
||||
((default) FieldsMember::CanPublish) can_publish,
|
||||
((default) FieldsMember::CanReceive) can_receive,
|
||||
)
|
||||
);
|
||||
|
||||
before
|
||||
}
|
||||
|
||||
/// Get this user's current ranking
|
||||
pub fn get_ranking(&self, server: &Server) -> i64 {
|
||||
let mut value = i64::MAX;
|
||||
@@ -264,7 +290,7 @@ impl Member {
|
||||
|
||||
/// Remove member from server
|
||||
pub async fn remove(
|
||||
self,
|
||||
&self,
|
||||
db: &Database,
|
||||
server: &Server,
|
||||
intention: RemovalIntention,
|
||||
@@ -291,9 +317,9 @@ impl Member {
|
||||
})
|
||||
{
|
||||
match intention {
|
||||
RemovalIntention::Leave => SystemMessage::UserLeft { id: self.id.user },
|
||||
RemovalIntention::Kick => SystemMessage::UserKicked { id: self.id.user },
|
||||
RemovalIntention::Ban => SystemMessage::UserBanned { id: self.id.user },
|
||||
RemovalIntention::Leave => SystemMessage::UserLeft { id: self.id.user.clone() },
|
||||
RemovalIntention::Kick => SystemMessage::UserKicked { id: self.id.user.clone() },
|
||||
RemovalIntention::Ban => SystemMessage::UserBanned { id: self.id.user.clone() },
|
||||
}
|
||||
.into_message(id.to_string())
|
||||
// TODO: support notifications here in the future?
|
||||
@@ -314,7 +340,7 @@ mod tests {
|
||||
|
||||
use crate::{Member, PartialMember, RemovalIntention, Server, User};
|
||||
|
||||
#[async_std::test]
|
||||
#[tokio::test]
|
||||
async fn muted_member_rejoin() {
|
||||
database_test!(|db| async move {
|
||||
match db {
|
||||
|
||||
@@ -129,4 +129,7 @@ pub trait AbstractServerMembers: Sync + Send {
|
||||
|
||||
/// Fetch all members who have been marked for deletion.
|
||||
async fn remove_dangling_members(&self) -> Result<()>;
|
||||
|
||||
/// Removes a user from every server they are in
|
||||
async fn clear_memberships(&self, user_id: &str) -> Result<()>;
|
||||
}
|
||||
|
||||
@@ -326,6 +326,17 @@ impl AbstractServerMembers for MongoDb {
|
||||
.map(|_| ())
|
||||
.map_err(|_| create_database_error!("count_documents", COL))
|
||||
}
|
||||
|
||||
/// Removes a user from every server they are in
|
||||
///
|
||||
/// **This should only be used for account deletion.**
|
||||
async fn clear_memberships(&self, user_id: &str) -> Result<()> {
|
||||
self.col::<Member>(COL)
|
||||
.delete_many(doc! { "_id.user": user_id })
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|_| create_database_error!("delete_many", COL))
|
||||
}
|
||||
}
|
||||
|
||||
impl IntoDocumentPath for FieldsMember {
|
||||
@@ -334,6 +345,7 @@ impl IntoDocumentPath for FieldsMember {
|
||||
FieldsMember::JoinedAt => Some("joined_at"),
|
||||
FieldsMember::Avatar => Some("avatar"),
|
||||
FieldsMember::Nickname => Some("nickname"),
|
||||
FieldsMember::Pronouns => Some("pronouns"),
|
||||
FieldsMember::Roles => Some("roles"),
|
||||
FieldsMember::Timeout => Some("timeout"),
|
||||
FieldsMember::CanPublish => Some("can_publish"),
|
||||
|
||||
@@ -200,4 +200,13 @@ impl AbstractServerMembers for ReferenceDb {
|
||||
async fn remove_dangling_members(&self) -> Result<()> {
|
||||
todo!()
|
||||
}
|
||||
|
||||
/// Removes a user from every server they are in
|
||||
async fn clear_memberships(&self, user_id: &str) -> Result<()> {
|
||||
let mut server_members = self.server_members.lock().await;
|
||||
|
||||
server_members.retain(|_, v| v.id.user != user_id);
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -235,6 +235,31 @@ impl Server {
|
||||
}
|
||||
}
|
||||
|
||||
/// Generates a PartialServer containing the data which has changed in an update
|
||||
pub fn generate_diff(&self, partial: &PartialServer, remove: &[FieldsServer]) -> PartialServer {
|
||||
let mut before = PartialServer::default();
|
||||
|
||||
generate_diff!(
|
||||
self, before, partial, remove,
|
||||
(
|
||||
owner,
|
||||
name,
|
||||
(FieldsServer::Description) description,
|
||||
(FieldsServer::Categories) categories,
|
||||
(FieldsServer::SystemMessages) system_messages,
|
||||
roles,
|
||||
default_permissions,
|
||||
(FieldsServer::Icon) icon,
|
||||
(FieldsServer::Banner) banner,
|
||||
nsfw,
|
||||
analytics,
|
||||
discoverable,
|
||||
)
|
||||
);
|
||||
|
||||
before
|
||||
}
|
||||
|
||||
/// Ordered roles list
|
||||
pub fn ordered_roles(&self) -> Vec<(String, Role)> {
|
||||
let mut ordered_roles = self.roles.clone().into_iter().collect::<Vec<_>>();
|
||||
@@ -377,8 +402,27 @@ impl Role {
|
||||
}
|
||||
}
|
||||
|
||||
/// Generates a PartialRole containing the data which has changed in an update
|
||||
pub fn generate_diff(&self, partial: &PartialRole, remove: &[FieldsRole]) -> PartialRole {
|
||||
let mut before = PartialRole::default();
|
||||
|
||||
generate_diff!(
|
||||
self, before, partial, remove,
|
||||
(
|
||||
name,
|
||||
permissions,
|
||||
(FieldsRole::Colour) colour,
|
||||
hoist,
|
||||
rank,
|
||||
(FieldsRole::Icon) icon,
|
||||
)
|
||||
);
|
||||
|
||||
before
|
||||
}
|
||||
|
||||
/// Delete a role
|
||||
pub async fn delete(self, db: &Database, server_id: &str) -> Result<()> {
|
||||
pub async fn delete(&self, db: &Database, server_id: &str) -> Result<()> {
|
||||
EventV1::ServerRoleDelete {
|
||||
id: server_id.to_string(),
|
||||
role_id: self.id.clone(),
|
||||
@@ -420,7 +464,7 @@ mod tests {
|
||||
|
||||
use crate::{fixture, util::permissions::DatabasePermissionQuery};
|
||||
|
||||
#[async_std::test]
|
||||
#[tokio::test]
|
||||
async fn permissions() {
|
||||
database_test!(|db| async move {
|
||||
fixture!(db, "server_with_roles",
|
||||
|
||||
@@ -17,6 +17,8 @@ pub trait AbstractServers: Sync + Send {
|
||||
/// Fetch a servers by their ids
|
||||
async fn fetch_servers<'a>(&self, ids: &'a [String]) -> Result<Vec<Server>>;
|
||||
|
||||
async fn fetch_owned_servers(&self, user_id: &str) -> Result<Vec<Server>>;
|
||||
|
||||
/// Update a server with new information
|
||||
async fn update_server(
|
||||
&self,
|
||||
|
||||
@@ -43,6 +43,17 @@ impl AbstractServers for MongoDb {
|
||||
.await)
|
||||
}
|
||||
|
||||
async fn fetch_owned_servers(&self, user_id: &str) -> Result<Vec<Server>> {
|
||||
query!(
|
||||
self,
|
||||
find,
|
||||
COL,
|
||||
doc! {
|
||||
"owner": user_id
|
||||
}
|
||||
)
|
||||
}
|
||||
|
||||
/// Update a server with new information
|
||||
async fn update_server(
|
||||
&self,
|
||||
@@ -248,6 +259,13 @@ impl MongoDb {
|
||||
})
|
||||
.await?;
|
||||
|
||||
self.col::<Document>("audit_logs")
|
||||
.delete_many(doc! {
|
||||
"server": &server_id
|
||||
})
|
||||
.await
|
||||
.map_err(|_| create_database_error!("delete_many", "audit_logs"))?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -40,6 +40,16 @@ impl AbstractServers for ReferenceDb {
|
||||
.collect()
|
||||
}
|
||||
|
||||
async fn fetch_owned_servers(&self, user_id: &str) -> Result<Vec<Server>> {
|
||||
let servers = self.servers.lock().await;
|
||||
|
||||
Ok(servers
|
||||
.values()
|
||||
.filter(|server| server.owner == user_id)
|
||||
.cloned()
|
||||
.collect())
|
||||
}
|
||||
|
||||
/// Update a server with new information
|
||||
async fn update_server(
|
||||
&self,
|
||||
|
||||
24
crates/core/database/src/models/sessions/axum.rs
Normal file
24
crates/core/database/src/models/sessions/axum.rs
Normal file
@@ -0,0 +1,24 @@
|
||||
use axum::{extract::{FromRef, FromRequestParts}, http::request::Parts};
|
||||
|
||||
use revolt_result::{create_error, Error, Result};
|
||||
|
||||
use crate::{Database, Session};
|
||||
|
||||
#[async_trait]
|
||||
impl<S> FromRequestParts<S> for Session
|
||||
where
|
||||
Database: FromRef<S>,
|
||||
S: Send + Sync
|
||||
{
|
||||
type Rejection = Error;
|
||||
|
||||
async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self> {
|
||||
let db = Database::from_ref(state);
|
||||
|
||||
if let Some(Ok(token)) = parts.headers.get("x-session-token").map(|v| v.to_str()) {
|
||||
db.fetch_session_by_token(token).await
|
||||
} else {
|
||||
Err(create_error!(MissingHeaders))
|
||||
}
|
||||
}
|
||||
}
|
||||
11
crates/core/database/src/models/sessions/mod.rs
Normal file
11
crates/core/database/src/models/sessions/mod.rs
Normal file
@@ -0,0 +1,11 @@
|
||||
#[cfg(feature = "axum-impl")]
|
||||
mod axum;
|
||||
mod model;
|
||||
mod ops;
|
||||
#[cfg(feature = "rocket-impl")]
|
||||
mod rocket;
|
||||
#[cfg(feature = "rocket-impl")]
|
||||
mod schema;
|
||||
|
||||
pub use model::*;
|
||||
pub use ops::*;
|
||||
68
crates/core/database/src/models/sessions/model.rs
Normal file
68
crates/core/database/src/models/sessions/model.rs
Normal file
@@ -0,0 +1,68 @@
|
||||
use iso8601_timestamp::Timestamp;
|
||||
|
||||
use crate::{events::client::EventV1, Database};
|
||||
use revolt_result::Result;
|
||||
|
||||
auto_derived_partial!(
|
||||
/// Session information
|
||||
pub struct Session {
|
||||
/// Unique Id
|
||||
#[serde(rename = "_id")]
|
||||
pub id: String,
|
||||
|
||||
/// User Id
|
||||
pub user_id: String,
|
||||
|
||||
/// Session token
|
||||
pub token: String,
|
||||
|
||||
/// Display name
|
||||
pub name: String,
|
||||
|
||||
/// When the session was last logged in
|
||||
pub last_seen: Timestamp,
|
||||
|
||||
/// Where the session originated from
|
||||
///
|
||||
/// This could be used to differentiate sessions that come from staging/test vs prod, etc.
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub origin: Option<String>,
|
||||
|
||||
/// Web Push subscription
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub subscription: Option<WebPushSubscription>,
|
||||
},
|
||||
"PartialSession"
|
||||
);
|
||||
|
||||
auto_derived!(
|
||||
/// Web Push subscription
|
||||
pub struct WebPushSubscription {
|
||||
pub endpoint: String,
|
||||
pub p256dh: String,
|
||||
pub auth: String,
|
||||
}
|
||||
);
|
||||
|
||||
impl Session {
|
||||
/// Save model
|
||||
pub async fn save(&self, db: &Database) -> Result<()> {
|
||||
db.save_session(self).await
|
||||
}
|
||||
|
||||
/// Delete session
|
||||
pub async fn delete(self, db: &Database) -> Result<()> {
|
||||
// Delete from database
|
||||
db.delete_session(&self.id).await?;
|
||||
|
||||
// Create and push event
|
||||
EventV1::DeleteSession {
|
||||
user_id: self.user_id.clone(),
|
||||
session_id: self.id,
|
||||
}
|
||||
.private(self.user_id)
|
||||
.await;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
37
crates/core/database/src/models/sessions/ops.rs
Normal file
37
crates/core/database/src/models/sessions/ops.rs
Normal file
@@ -0,0 +1,37 @@
|
||||
use iso8601_timestamp::Timestamp;
|
||||
use revolt_result::Result;
|
||||
|
||||
use crate::Session;
|
||||
|
||||
#[cfg(feature = "mongodb")]
|
||||
mod mongodb;
|
||||
mod reference;
|
||||
|
||||
#[async_trait]
|
||||
pub trait AbstractSessions: Sync + Send {
|
||||
/// Find session by id
|
||||
async fn fetch_session(&self, id: &str) -> Result<Session>;
|
||||
|
||||
/// Find sessions by user id
|
||||
async fn fetch_sessions(&self, user_id: &str) -> Result<Vec<Session>>;
|
||||
|
||||
/// Find sessions by user ids
|
||||
async fn fetch_sessions_with_subscription(&self, user_ids: &[String]) -> Result<Vec<Session>>;
|
||||
|
||||
/// Find session by token
|
||||
async fn fetch_session_by_token(&self, token: &str) -> Result<Session>;
|
||||
|
||||
/// Save session
|
||||
async fn save_session(&self, session: &Session) -> Result<()>;
|
||||
|
||||
/// Delete session
|
||||
async fn delete_session(&self, id: &str) -> Result<()>;
|
||||
|
||||
/// Delete session
|
||||
async fn delete_all_sessions(&self, user_id: &str, ignore: Option<String>) -> Result<()>;
|
||||
|
||||
/// Remove push subscription for a session by session id
|
||||
async fn remove_push_subscription_by_session_id(&self, session_id: &str) -> Result<()>;
|
||||
|
||||
async fn update_session_last_seen(&self, session_id: &str, when: Timestamp) -> Result<()>;
|
||||
}
|
||||
142
crates/core/database/src/models/sessions/ops/mongodb.rs
Normal file
142
crates/core/database/src/models/sessions/ops/mongodb.rs
Normal file
@@ -0,0 +1,142 @@
|
||||
use crate::{AbstractSessions, MongoDb, Session};
|
||||
use bson::{to_bson, to_document};
|
||||
use iso8601_timestamp::Timestamp;
|
||||
use mongodb::options::UpdateOptions;
|
||||
use revolt_result::Result;
|
||||
|
||||
const COL: &str = "sessions";
|
||||
|
||||
#[async_trait]
|
||||
impl AbstractSessions for MongoDb {
|
||||
/// Find session by id
|
||||
async fn fetch_session(&self, id: &str) -> Result<Session> {
|
||||
query!(self, find_one_by_id, COL, id)?.ok_or_else(|| create_error!(UnknownUser))
|
||||
}
|
||||
|
||||
/// Find sessions by user id
|
||||
async fn fetch_sessions(&self, user_id: &str) -> Result<Vec<Session>> {
|
||||
query!(
|
||||
self,
|
||||
find,
|
||||
COL,
|
||||
doc! {
|
||||
"user_id": user_id
|
||||
}
|
||||
)
|
||||
}
|
||||
|
||||
/// Find sessions by user ids
|
||||
async fn fetch_sessions_with_subscription(&self, user_ids: &[String]) -> Result<Vec<Session>> {
|
||||
query!(
|
||||
self,
|
||||
find,
|
||||
COL,
|
||||
doc! {
|
||||
"user_id": {
|
||||
"$in": user_ids
|
||||
},
|
||||
"subscription": {
|
||||
"$exists": true
|
||||
}
|
||||
}
|
||||
)
|
||||
}
|
||||
|
||||
/// Fetch a session from the database by token
|
||||
async fn fetch_session_by_token(&self, token: &str) -> Result<Session> {
|
||||
query!(
|
||||
self,
|
||||
find_one,
|
||||
COL,
|
||||
doc! {
|
||||
"token": token
|
||||
}
|
||||
)?
|
||||
.ok_or_else(|| create_error!(InvalidSession))
|
||||
}
|
||||
|
||||
/// Save session
|
||||
async fn save_session(&self, session: &Session) -> Result<()> {
|
||||
self.col::<Session>(COL)
|
||||
.update_one(
|
||||
doc! {
|
||||
"_id": &session.id
|
||||
},
|
||||
doc! {
|
||||
"$set": to_document(session).map_err(|_| create_database_error!("to_document", COL))?,
|
||||
},
|
||||
)
|
||||
.with_options(UpdateOptions::builder().upsert(true).build())
|
||||
.await
|
||||
.map_err(|_| create_database_error!("upsert_one", COL))
|
||||
.map(|_| ())
|
||||
}
|
||||
|
||||
/// Delete session
|
||||
async fn delete_session(&self, id: &str) -> Result<()> {
|
||||
self.col::<Session>(COL)
|
||||
.delete_one(doc! {
|
||||
"_id": id
|
||||
})
|
||||
.await
|
||||
.map_err(|_| create_database_error!("delete_one", COL))
|
||||
.map(|_| ())
|
||||
}
|
||||
|
||||
/// Delete session
|
||||
async fn delete_all_sessions(&self, user_id: &str, ignore: Option<String>) -> Result<()> {
|
||||
let mut query = doc! {
|
||||
"user_id": user_id
|
||||
};
|
||||
|
||||
if let Some(id) = ignore {
|
||||
query.insert(
|
||||
"_id",
|
||||
doc! {
|
||||
"$ne": id
|
||||
},
|
||||
);
|
||||
}
|
||||
|
||||
self.col::<Session>(COL)
|
||||
.delete_many(query)
|
||||
.await
|
||||
.map_err(|_| create_database_error!("delete_one", COL))
|
||||
.map(|_| ())
|
||||
}
|
||||
|
||||
/// Remove push subscription for a session by session id
|
||||
async fn remove_push_subscription_by_session_id(&self, session_id: &str) -> Result<()> {
|
||||
self.col::<Session>(COL)
|
||||
.update_one(
|
||||
doc! {
|
||||
"_id": session_id
|
||||
},
|
||||
doc! {
|
||||
"$unset": {
|
||||
"subscription": 1
|
||||
}
|
||||
},
|
||||
)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|_| create_database_error!("update_one", COL))
|
||||
}
|
||||
|
||||
async fn update_session_last_seen(&self, session_id: &str, when: Timestamp) -> Result<()> {
|
||||
self.col::<Session>(COL)
|
||||
.update_one(
|
||||
doc! {
|
||||
"_id": session_id
|
||||
},
|
||||
doc! {
|
||||
"$set": {
|
||||
"last_seen": to_bson(&when).unwrap()
|
||||
}
|
||||
},
|
||||
)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|_| create_database_error!("update_one", COL))
|
||||
}
|
||||
}
|
||||
101
crates/core/database/src/models/sessions/ops/reference.rs
Normal file
101
crates/core/database/src/models/sessions/ops/reference.rs
Normal file
@@ -0,0 +1,101 @@
|
||||
use crate::{AbstractSessions, ReferenceDb, Session};
|
||||
use iso8601_timestamp::Timestamp;
|
||||
use revolt_result::Result;
|
||||
|
||||
#[async_trait]
|
||||
impl AbstractSessions for ReferenceDb {
|
||||
/// Find session by id
|
||||
async fn fetch_session(&self, id: &str) -> Result<Session> {
|
||||
let sessions = self.sessions.lock().await;
|
||||
sessions
|
||||
.get(id)
|
||||
.cloned()
|
||||
.ok_or_else(|| create_error!(UnknownUser))
|
||||
}
|
||||
|
||||
/// Find sessions by user id
|
||||
async fn fetch_sessions(&self, user_id: &str) -> Result<Vec<Session>> {
|
||||
let sessions = self.sessions.lock().await;
|
||||
Ok(sessions
|
||||
.values()
|
||||
.filter(|session| session.user_id == user_id)
|
||||
.cloned()
|
||||
.collect())
|
||||
}
|
||||
|
||||
/// Find sessions by user ids
|
||||
async fn fetch_sessions_with_subscription(&self, user_ids: &[String]) -> Result<Vec<Session>> {
|
||||
let sessions = self.sessions.lock().await;
|
||||
Ok(sessions
|
||||
.values()
|
||||
.filter(|session| session.subscription.is_some() && user_ids.contains(&session.user_id))
|
||||
.cloned()
|
||||
.collect())
|
||||
}
|
||||
|
||||
/// Find session by token
|
||||
async fn fetch_session_by_token(&self, token: &str) -> Result<Session> {
|
||||
let sessions = self.sessions.lock().await;
|
||||
sessions
|
||||
.values()
|
||||
.find(|session| session.token == token)
|
||||
.cloned()
|
||||
.ok_or_else(|| create_error!(InvalidSession))
|
||||
}
|
||||
|
||||
/// Save session
|
||||
async fn save_session(&self, session: &Session) -> Result<()> {
|
||||
let mut sessions = self.sessions.lock().await;
|
||||
sessions.insert(session.id.to_string(), session.clone());
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Delete session
|
||||
async fn delete_session(&self, id: &str) -> Result<()> {
|
||||
let mut sessions = self.sessions.lock().await;
|
||||
if sessions.remove(id).is_some() {
|
||||
Ok(())
|
||||
} else {
|
||||
Err(create_error!(InvalidSession))
|
||||
}
|
||||
}
|
||||
|
||||
/// Delete session
|
||||
async fn delete_all_sessions(&self, user_id: &str, ignore: Option<String>) -> Result<()> {
|
||||
let mut sessions = self.sessions.lock().await;
|
||||
sessions.retain(|_, session| {
|
||||
if session.user_id == user_id {
|
||||
if let Some(ignore) = &ignore {
|
||||
ignore == &session.id
|
||||
} else {
|
||||
false
|
||||
}
|
||||
} else {
|
||||
true
|
||||
}
|
||||
});
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Remove push subscription for a session by session id
|
||||
async fn remove_push_subscription_by_session_id(&self, session_id: &str) -> Result<()> {
|
||||
let mut sessions = self.sessions.lock().await;
|
||||
|
||||
if let Some(session) = sessions.get_mut(session_id) {
|
||||
session.subscription = None;
|
||||
};
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
async fn update_session_last_seen(&self, session_id: &str, when: Timestamp) -> Result<()> {
|
||||
let mut sessions = self.sessions.lock().await;
|
||||
|
||||
if let Some(session) = sessions.get_mut(session_id) {
|
||||
session.last_seen = when;
|
||||
};
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
30
crates/core/database/src/models/sessions/rocket.rs
Normal file
30
crates/core/database/src/models/sessions/rocket.rs
Normal file
@@ -0,0 +1,30 @@
|
||||
use crate::{Database, Session};
|
||||
use revolt_result::Error;
|
||||
use rocket::{
|
||||
http::Status,
|
||||
request::{FromRequest, Outcome},
|
||||
Request,
|
||||
};
|
||||
|
||||
#[rocket::async_trait]
|
||||
impl<'r> FromRequest<'r> for Session {
|
||||
type Error = Error;
|
||||
|
||||
async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
|
||||
if let Some(token) = request.headers().get("x-session-token").next() {
|
||||
if let Ok(session) = request
|
||||
.rocket()
|
||||
.state::<Database>()
|
||||
.expect("`Database`")
|
||||
.fetch_session_by_token(token)
|
||||
.await
|
||||
{
|
||||
Outcome::Success(session)
|
||||
} else {
|
||||
Outcome::Error((Status::Unauthorized, create_error!(InvalidSession)))
|
||||
}
|
||||
} else {
|
||||
Outcome::Error((Status::Unauthorized, create_error!(MissingHeaders)))
|
||||
}
|
||||
}
|
||||
}
|
||||
32
crates/core/database/src/models/sessions/schema.rs
Normal file
32
crates/core/database/src/models/sessions/schema.rs
Normal file
@@ -0,0 +1,32 @@
|
||||
use revolt_okapi::openapi3::{SecurityScheme, SecuritySchemeData};
|
||||
use revolt_rocket_okapi::{
|
||||
gen::OpenApiGenerator,
|
||||
request::{OpenApiFromRequest, RequestHeaderInput},
|
||||
};
|
||||
|
||||
use crate::Session;
|
||||
|
||||
|
||||
impl<'r> OpenApiFromRequest<'r> for Session {
|
||||
fn from_request_input(
|
||||
_gen: &mut OpenApiGenerator,
|
||||
_name: String,
|
||||
_required: bool,
|
||||
) -> revolt_rocket_okapi::Result<RequestHeaderInput> {
|
||||
let mut requirements = schemars::Map::new();
|
||||
requirements.insert("Session Token".to_owned(), vec![]);
|
||||
|
||||
Ok(RequestHeaderInput::Security(
|
||||
"Session Token".to_owned(),
|
||||
SecurityScheme {
|
||||
data: SecuritySchemeData::ApiKey {
|
||||
name: "x-session-token".to_owned(),
|
||||
location: "header".to_owned(),
|
||||
},
|
||||
description: Some("Used to authenticate as a user.".to_owned()),
|
||||
extensions: schemars::Map::new(),
|
||||
},
|
||||
requirements,
|
||||
))
|
||||
}
|
||||
}
|
||||
@@ -1,8 +1,11 @@
|
||||
use std::{collections::HashSet, str::FromStr, time::Duration};
|
||||
|
||||
use crate::{events::client::EventV1, Database, File, RatelimitEvent, AMQP};
|
||||
use crate::{
|
||||
events::client::EventV1,
|
||||
util::email::{email_templates, send_email},
|
||||
Database, File, RatelimitEvent, AMQP,
|
||||
};
|
||||
|
||||
use authifier::config::{EmailVerificationConfig, Template};
|
||||
use futures::future::join_all;
|
||||
use iso8601_timestamp::Timestamp;
|
||||
use once_cell::sync::Lazy;
|
||||
@@ -28,6 +31,9 @@ auto_derived_partial!(
|
||||
/// Display name
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub display_name: Option<String>,
|
||||
/// User's pronouns
|
||||
#[serde(skip_serializing_if = "Option::is_none", default)]
|
||||
pub pronouns: Option<String>,
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
/// Avatar attachment
|
||||
pub avatar: Option<File>,
|
||||
@@ -73,6 +79,7 @@ auto_derived!(
|
||||
ProfileContent,
|
||||
ProfileBackground,
|
||||
DisplayName,
|
||||
Pronouns,
|
||||
|
||||
// internal fields
|
||||
Suspension,
|
||||
@@ -179,6 +186,7 @@ impl Default for User {
|
||||
username: Default::default(),
|
||||
discriminator: Default::default(),
|
||||
display_name: Default::default(),
|
||||
pronouns: Default::default(),
|
||||
avatar: Default::default(),
|
||||
relations: Default::default(),
|
||||
badges: Default::default(),
|
||||
@@ -703,6 +711,7 @@ impl User {
|
||||
}
|
||||
}
|
||||
FieldsUser::DisplayName => self.display_name = None,
|
||||
FieldsUser::Pronouns => self.pronouns = None,
|
||||
FieldsUser::Suspension => self.suspended_until = None,
|
||||
FieldsUser::None => {}
|
||||
}
|
||||
@@ -718,22 +727,11 @@ impl User {
|
||||
duration_days: Option<usize>,
|
||||
reason: Option<Vec<String>>,
|
||||
) -> Result<()> {
|
||||
let authifier = db.clone().to_authifier().await;
|
||||
let mut account = authifier
|
||||
.database
|
||||
.find_account(&self.id)
|
||||
.await
|
||||
.map_err(|_| create_error!(InternalError))?;
|
||||
let mut account = db.fetch_account(&self.id).await?;
|
||||
|
||||
account
|
||||
.disable(&authifier)
|
||||
.await
|
||||
.map_err(|_| create_error!(InternalError))?;
|
||||
account.disable(db).await?;
|
||||
|
||||
account
|
||||
.delete_all_sessions(&authifier, None)
|
||||
.await
|
||||
.map_err(|_| create_error!(InternalError))?;
|
||||
account.delete_all_sessions(db, None).await?;
|
||||
|
||||
self.update(
|
||||
db,
|
||||
@@ -749,18 +747,15 @@ impl User {
|
||||
.await?;
|
||||
|
||||
if let Some(reason) = reason {
|
||||
if let EmailVerificationConfig::Enabled { smtp, .. } =
|
||||
authifier.config.email_verification
|
||||
{
|
||||
smtp.send_email(
|
||||
let config = config().await;
|
||||
|
||||
if !config.api.smtp.host.is_empty() {
|
||||
let templates = email_templates().await;
|
||||
|
||||
send_email(
|
||||
&config.api.smtp,
|
||||
account.email.clone(),
|
||||
// maybe move this to common area?
|
||||
&Template {
|
||||
title: "Account Suspension".to_string(),
|
||||
html: Some(include_str!("../../../templates/suspension.html").to_owned()),
|
||||
text: include_str!("../../../templates/suspension.txt").to_owned(),
|
||||
url: Default::default(),
|
||||
},
|
||||
&templates.suspension,
|
||||
json!({
|
||||
"email": account.email,
|
||||
"list": reason.join(", "),
|
||||
@@ -809,7 +804,9 @@ impl User {
|
||||
db,
|
||||
PartialUser {
|
||||
username: Some(format!("Deleted User {}", self.id)),
|
||||
discriminator: Some("0000".to_string()),
|
||||
flags: Some(2),
|
||||
relations: Some(Vec::new()),
|
||||
..Default::default()
|
||||
},
|
||||
vec![
|
||||
@@ -837,6 +834,56 @@ impl User {
|
||||
|
||||
badges
|
||||
}
|
||||
|
||||
/// Removes all relationships which include the user
|
||||
pub async fn clear_relationships(&self, db: &Database) -> Result<()> {
|
||||
let user_ids = self
|
||||
.relations
|
||||
.iter()
|
||||
.flatten()
|
||||
.map(|relation| relation.id.clone())
|
||||
.collect();
|
||||
|
||||
db.clear_user_relationships(&self.id, user_ids).await
|
||||
}
|
||||
|
||||
/// Removes user from all joined groups
|
||||
pub async fn remove_from_all_groups(&self, db: &Database) -> Result<()> {
|
||||
let mut generator = db.find_group_message_channels(&self.id).await?;
|
||||
|
||||
while let Some(groups) = generator.next_n(100).await? {
|
||||
let ids = groups
|
||||
.into_iter()
|
||||
.map(|channel| channel.id().to_string())
|
||||
.collect();
|
||||
|
||||
db.remove_user_from_groups(ids, &self.id).await?;
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Deletes the user along with:
|
||||
/// - deletes owned bots, servers and messages
|
||||
/// - removes user from all groups
|
||||
/// - clears relationships
|
||||
pub async fn delete(&mut self, db: &Database) -> Result<()> {
|
||||
for bot in db.fetch_bots_by_user(&self.id).await? {
|
||||
bot.delete(db).await?;
|
||||
}
|
||||
|
||||
for server in db.fetch_owned_servers(&self.id).await? {
|
||||
server.delete(db).await?;
|
||||
}
|
||||
|
||||
self.remove_from_all_groups(db).await?;
|
||||
db.clear_memberships(&self.id).await?;
|
||||
self.clear_relationships(db).await?;
|
||||
db.delete_messages_by_user(&self.id).await?;
|
||||
self.mark_deleted(db).await?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
@@ -879,7 +926,7 @@ mod tests {
|
||||
assert!(User::validate_username(username_https).is_err());
|
||||
}
|
||||
|
||||
#[async_std::test]
|
||||
#[tokio::test]
|
||||
async fn username_sanitisation_clean() {
|
||||
let username_clean = "Test";
|
||||
|
||||
@@ -889,7 +936,7 @@ mod tests {
|
||||
assert_eq!(username_clean, username_clean_sanitised.unwrap());
|
||||
}
|
||||
|
||||
#[async_std::test]
|
||||
#[tokio::test]
|
||||
async fn username_sanitisation_homoglyphs() {
|
||||
let username_homoglyphs = "𝔽𝕌Ňℕy";
|
||||
|
||||
@@ -900,7 +947,7 @@ mod tests {
|
||||
assert_eq!("funny", username_homoglyphs_sanitised);
|
||||
}
|
||||
|
||||
#[async_std::test]
|
||||
#[tokio::test]
|
||||
async fn username_sanitisation_padding() {
|
||||
let username_padding = "a";
|
||||
|
||||
@@ -909,7 +956,7 @@ mod tests {
|
||||
assert_eq!("a_", username);
|
||||
}
|
||||
|
||||
#[async_std::test]
|
||||
#[tokio::test]
|
||||
async fn create_user() {
|
||||
use revolt_result::Result;
|
||||
|
||||
|
||||
@@ -1,5 +1,3 @@
|
||||
use authifier::models::Session;
|
||||
use iso8601_timestamp::Timestamp;
|
||||
use revolt_result::Result;
|
||||
|
||||
use crate::{FieldsUser, PartialUser, RelationshipStatus, User};
|
||||
@@ -19,9 +17,6 @@ pub trait AbstractUsers: Sync + Send {
|
||||
/// Fetch a user from the database by their username
|
||||
async fn fetch_user_by_username(&self, username: &str, discriminator: &str) -> Result<User>;
|
||||
|
||||
/// Fetch a session from the database by token
|
||||
async fn fetch_session_by_token(&self, token: &str) -> Result<Session>;
|
||||
|
||||
/// Fetch multiple users by their ids
|
||||
async fn fetch_users<'a>(&self, ids: &'a [String]) -> Result<Vec<User>>;
|
||||
|
||||
@@ -61,8 +56,6 @@ pub trait AbstractUsers: Sync + Send {
|
||||
/// Delete a user by their id
|
||||
async fn delete_user(&self, id: &str) -> Result<()>;
|
||||
|
||||
/// Remove push subscription for a session by session id (TODO: remove)
|
||||
async fn remove_push_subscription_by_session_id(&self, session_id: &str) -> Result<()>;
|
||||
|
||||
async fn update_session_last_seen(&self, session_id: &str, when: Timestamp) -> Result<()>;
|
||||
/// Removes all relationships with the user from the list of users
|
||||
async fn clear_user_relationships(&self, target_id: &str, user_ids: Vec<String>) -> Result<()>;
|
||||
}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
use ::mongodb::options::{Collation, CollationStrength, FindOneOptions, FindOptions};
|
||||
use authifier::models::Session;
|
||||
use futures::StreamExt;
|
||||
use iso8601_timestamp::Timestamp;
|
||||
use revolt_result::Result;
|
||||
|
||||
use crate::DocumentId;
|
||||
@@ -47,17 +45,6 @@ impl AbstractUsers for MongoDb {
|
||||
.ok_or_else(|| create_error!(NotFound))
|
||||
}
|
||||
|
||||
/// Fetch a session from the database by token
|
||||
async fn fetch_session_by_token(&self, token: &str) -> Result<Session> {
|
||||
self.col::<Session>("sessions")
|
||||
.find_one(doc! {
|
||||
"token": token
|
||||
})
|
||||
.await
|
||||
.map_err(|_| create_database_error!("find_one", "sessions"))?
|
||||
.ok_or_else(|| create_error!(InvalidSession))
|
||||
}
|
||||
|
||||
/// Fetch multiple users by their ids
|
||||
async fn fetch_users<'a>(&self, ids: &'a [String]) -> Result<Vec<User>> {
|
||||
Ok(self
|
||||
@@ -321,41 +308,22 @@ impl AbstractUsers for MongoDb {
|
||||
query!(self, delete_one_by_id, COL, id).map(|_| ())
|
||||
}
|
||||
|
||||
/// Remove push subscription for a session by session id (TODO: remove)
|
||||
async fn remove_push_subscription_by_session_id(&self, session_id: &str) -> Result<()> {
|
||||
self.col::<User>("sessions")
|
||||
.update_one(
|
||||
/// Removes all relationships with the user from the list of users
|
||||
async fn clear_user_relationships(&self, target_id: &str, user_ids: Vec<String>) -> Result<()> {
|
||||
self.col::<User>(COL)
|
||||
.update_many(
|
||||
doc! { "_id": { "$in": user_ids } },
|
||||
doc! {
|
||||
"_id": session_id
|
||||
},
|
||||
doc! {
|
||||
"$unset": {
|
||||
"subscription": 1
|
||||
"$pull": {
|
||||
"relations": {
|
||||
"_id": target_id.to_string()
|
||||
}
|
||||
}
|
||||
},
|
||||
)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|_| create_database_error!("update_one", "sessions"))
|
||||
}
|
||||
|
||||
async fn update_session_last_seen(&self, session_id: &str, when: Timestamp) -> Result<()> {
|
||||
let formatted: &str = &when.format();
|
||||
|
||||
self.col::<Session>("sessions")
|
||||
.update_one(
|
||||
doc! {
|
||||
"_id": session_id
|
||||
},
|
||||
doc! {
|
||||
"$set": {
|
||||
"last_seen": formatted
|
||||
}
|
||||
},
|
||||
)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|_| create_database_error!("update_one", "sessions"))
|
||||
.map_err(|_| create_database_error!("bulk_write", COL))
|
||||
}
|
||||
}
|
||||
|
||||
@@ -368,6 +336,7 @@ impl IntoDocumentPath for FieldsUser {
|
||||
FieldsUser::StatusPresence => "status.presence",
|
||||
FieldsUser::StatusText => "status.text",
|
||||
FieldsUser::DisplayName => "display_name",
|
||||
FieldsUser::Pronouns => "pronouns",
|
||||
FieldsUser::Suspension => "suspended_until",
|
||||
FieldsUser::None => "none",
|
||||
})
|
||||
|
||||
@@ -1,5 +1,3 @@
|
||||
use authifier::models::Session;
|
||||
use iso8601_timestamp::Timestamp;
|
||||
use revolt_result::Result;
|
||||
|
||||
use crate::{FieldsUser, PartialUser, RelationshipStatus, User};
|
||||
@@ -42,11 +40,6 @@ impl AbstractUsers for ReferenceDb {
|
||||
.ok_or_else(|| create_error!(NotFound))
|
||||
}
|
||||
|
||||
/// Fetch a session from the database by token
|
||||
async fn fetch_session_by_token(&self, _token: &str) -> Result<Session> {
|
||||
todo!()
|
||||
}
|
||||
|
||||
/// Fetch multiple users by their ids
|
||||
async fn fetch_users<'a>(&self, ids: &'a [String]) -> Result<Vec<User>> {
|
||||
let users = self.users.lock().await;
|
||||
@@ -165,12 +158,22 @@ impl AbstractUsers for ReferenceDb {
|
||||
}
|
||||
}
|
||||
|
||||
/// Remove push subscription for a session by session id (TODO: remove)
|
||||
async fn remove_push_subscription_by_session_id(&self, _session_id: &str) -> Result<()> {
|
||||
todo!()
|
||||
}
|
||||
/// Removes all relationships with the user from the list of users
|
||||
async fn clear_user_relationships(
|
||||
&self,
|
||||
target_id: &str,
|
||||
user_ids: Vec<String>,
|
||||
) -> Result<()> {
|
||||
let mut users = self.users.lock().await;
|
||||
|
||||
async fn update_session_last_seen(&self, _session_id: &str, _when: Timestamp) -> Result<()> {
|
||||
todo!()
|
||||
for user_id in user_ids {
|
||||
if let Some(user) = users.get_mut(&user_id) {
|
||||
if let Some(relations) = &mut user.relations {
|
||||
relations.retain(|relation| relation.id != target_id);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
use authifier::models::Session;
|
||||
use rocket::http::Status;
|
||||
use rocket::request::{self, FromRequest, Outcome, Request};
|
||||
use revolt_result::Error;
|
||||
|
||||
use crate::{Database, User};
|
||||
use crate::{Database, Session, User};
|
||||
|
||||
#[rocket::async_trait]
|
||||
impl<'r> FromRequest<'r> for User {
|
||||
type Error = authifier::Error;
|
||||
type Error = Error;
|
||||
|
||||
async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
|
||||
let user: &Option<User> = request
|
||||
@@ -38,7 +38,7 @@ impl<'r> FromRequest<'r> for User {
|
||||
if let Some(user) = user {
|
||||
Outcome::Success(user.clone())
|
||||
} else {
|
||||
Outcome::Error((Status::Unauthorized, authifier::Error::InvalidSession))
|
||||
Outcome::Error((Status::Unauthorized, create_error!(InvalidSession)))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -305,6 +305,6 @@ pub async fn worker(db: Database, amqp: AMQP) {
|
||||
}
|
||||
|
||||
// Sleep for an arbitrary amount of time.
|
||||
async_std::task::sleep(Duration::from_secs(1)).await;
|
||||
tokio::time::sleep(Duration::from_secs(1)).await;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,29 +0,0 @@
|
||||
use async_std::channel::{unbounded, Receiver, Sender};
|
||||
use authifier::AuthifierEvent;
|
||||
use once_cell::sync::Lazy;
|
||||
|
||||
use crate::events::client::EventV1;
|
||||
|
||||
static Q: Lazy<(Sender<AuthifierEvent>, Receiver<AuthifierEvent>)> = Lazy::new(unbounded);
|
||||
|
||||
/// Get sender
|
||||
pub fn sender() -> Sender<AuthifierEvent> {
|
||||
Q.0.clone()
|
||||
}
|
||||
|
||||
/// Start a new worker
|
||||
pub async fn worker() {
|
||||
loop {
|
||||
let event = Q.1.recv().await.unwrap();
|
||||
match &event {
|
||||
AuthifierEvent::CreateSession { .. } | AuthifierEvent::CreateAccount { .. } => {
|
||||
EventV1::Auth(event).global().await
|
||||
}
|
||||
AuthifierEvent::DeleteSession { user_id, .. }
|
||||
| AuthifierEvent::DeleteAllSessions { user_id, .. } => {
|
||||
let id = user_id.to_string();
|
||||
EventV1::Auth(event).private(id).await
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -82,6 +82,6 @@ pub async fn worker(db: Database) {
|
||||
}
|
||||
|
||||
// Sleep for an arbitrary amount of time.
|
||||
async_std::task::sleep(Duration::from_secs(1)).await;
|
||||
tokio::time::sleep(Duration::from_secs(1)).await;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,20 +2,17 @@
|
||||
|
||||
use crate::{Database, AMQP};
|
||||
|
||||
use async_std::task;
|
||||
use tokio::task;
|
||||
use std::time::Instant;
|
||||
|
||||
const WORKER_COUNT: usize = 5;
|
||||
|
||||
pub mod ack;
|
||||
pub mod authifier_relay;
|
||||
pub mod last_message_id;
|
||||
pub mod process_embeds;
|
||||
|
||||
/// Spawn background workers
|
||||
pub fn start_workers(db: Database, amqp: AMQP) {
|
||||
task::spawn(authifier_relay::worker());
|
||||
|
||||
for _ in 0..WORKER_COUNT {
|
||||
task::spawn(ack::worker(db.clone(), amqp.clone()));
|
||||
task::spawn(last_message_id::worker(db.clone()));
|
||||
|
||||
@@ -7,11 +7,11 @@ use revolt_config::config;
|
||||
use revolt_result::Result;
|
||||
|
||||
use async_lock::Semaphore;
|
||||
use async_std::task::spawn;
|
||||
use deadqueue::limited::Queue;
|
||||
use once_cell::sync::Lazy;
|
||||
use revolt_models::v0::Embed;
|
||||
use std::{collections::HashSet, sync::Arc};
|
||||
use tokio::task::spawn;
|
||||
|
||||
use isahc::prelude::*;
|
||||
|
||||
@@ -159,6 +159,7 @@ pub async fn generate(
|
||||
.await
|
||||
.into_iter()
|
||||
.flatten()
|
||||
.flatten()
|
||||
.collect::<Vec<Embed>>();
|
||||
|
||||
// Prevent database update when no embeds are found.
|
||||
|
||||
@@ -631,6 +631,7 @@ impl From<crate::Member> for Member {
|
||||
id: value.id.into(),
|
||||
joined_at: value.joined_at,
|
||||
nickname: value.nickname,
|
||||
pronouns: value.pronouns,
|
||||
avatar: value.avatar.map(|f| f.into()),
|
||||
roles: value.roles,
|
||||
timeout: value.timeout,
|
||||
@@ -646,6 +647,7 @@ impl From<Member> for crate::Member {
|
||||
id: value.id.into(),
|
||||
joined_at: value.joined_at,
|
||||
nickname: value.nickname,
|
||||
pronouns: value.pronouns,
|
||||
avatar: value.avatar.map(|f| f.into()),
|
||||
roles: value.roles,
|
||||
timeout: value.timeout,
|
||||
@@ -661,6 +663,7 @@ impl From<crate::PartialMember> for PartialMember {
|
||||
id: value.id.map(|id| id.into()),
|
||||
joined_at: value.joined_at,
|
||||
nickname: value.nickname,
|
||||
pronouns: value.pronouns,
|
||||
avatar: value.avatar.map(|f| f.into()),
|
||||
roles: value.roles,
|
||||
timeout: value.timeout,
|
||||
@@ -676,6 +679,7 @@ impl From<PartialMember> for crate::PartialMember {
|
||||
id: value.id.map(|id| id.into()),
|
||||
joined_at: value.joined_at,
|
||||
nickname: value.nickname,
|
||||
pronouns: value.pronouns,
|
||||
avatar: value.avatar.map(|f| f.into()),
|
||||
roles: value.roles,
|
||||
timeout: value.timeout,
|
||||
@@ -708,6 +712,7 @@ impl From<crate::FieldsMember> for FieldsMember {
|
||||
match value {
|
||||
crate::FieldsMember::Avatar => FieldsMember::Avatar,
|
||||
crate::FieldsMember::Nickname => FieldsMember::Nickname,
|
||||
crate::FieldsMember::Pronouns => FieldsMember::Pronouns,
|
||||
crate::FieldsMember::Roles => FieldsMember::Roles,
|
||||
crate::FieldsMember::Timeout => FieldsMember::Timeout,
|
||||
crate::FieldsMember::CanReceive => FieldsMember::CanReceive,
|
||||
@@ -723,6 +728,7 @@ impl From<FieldsMember> for crate::FieldsMember {
|
||||
match value {
|
||||
FieldsMember::Avatar => crate::FieldsMember::Avatar,
|
||||
FieldsMember::Nickname => crate::FieldsMember::Nickname,
|
||||
FieldsMember::Pronouns => crate::FieldsMember::Pronouns,
|
||||
FieldsMember::Roles => crate::FieldsMember::Roles,
|
||||
FieldsMember::Timeout => crate::FieldsMember::Timeout,
|
||||
FieldsMember::CanReceive => crate::FieldsMember::CanReceive,
|
||||
@@ -1032,6 +1038,7 @@ impl crate::User {
|
||||
username: self.username,
|
||||
discriminator: self.discriminator,
|
||||
display_name: self.display_name,
|
||||
pronouns: self.pronouns,
|
||||
avatar: self.avatar.map(|file| file.into()),
|
||||
relations: if let Some(crate::User { id, .. }) = perspective {
|
||||
if id == &self.id {
|
||||
@@ -1108,6 +1115,7 @@ impl crate::User {
|
||||
username: self.username,
|
||||
discriminator: self.discriminator,
|
||||
display_name: self.display_name,
|
||||
pronouns: self.pronouns,
|
||||
avatar: self.avatar.map(|file| file.into()),
|
||||
relations: vec![],
|
||||
badges,
|
||||
@@ -1141,6 +1149,7 @@ impl crate::User {
|
||||
username: self.username,
|
||||
discriminator: self.discriminator,
|
||||
display_name: self.display_name,
|
||||
pronouns: self.pronouns,
|
||||
avatar: self.avatar.map(|file| file.into()),
|
||||
relations: vec![],
|
||||
badges,
|
||||
@@ -1168,6 +1177,7 @@ impl crate::User {
|
||||
username: self.username,
|
||||
discriminator: self.discriminator,
|
||||
display_name: self.display_name,
|
||||
pronouns: self.pronouns,
|
||||
avatar: self.avatar.map(|file| file.into()),
|
||||
relations: self
|
||||
.relations
|
||||
@@ -1211,6 +1221,7 @@ impl From<User> for crate::User {
|
||||
username: value.username,
|
||||
discriminator: value.discriminator,
|
||||
display_name: value.display_name,
|
||||
pronouns: value.pronouns,
|
||||
avatar: value.avatar.map(Into::into),
|
||||
relations: None,
|
||||
badges: Some(value.badges as i32),
|
||||
@@ -1231,6 +1242,7 @@ impl From<crate::PartialUser> for PartialUser {
|
||||
username: value.username,
|
||||
discriminator: value.discriminator,
|
||||
display_name: value.display_name,
|
||||
pronouns: value.pronouns,
|
||||
avatar: value.avatar.map(|file| file.into()),
|
||||
relations: value.relations.map(|relationships| {
|
||||
relationships
|
||||
@@ -1259,6 +1271,7 @@ impl From<FieldsUser> for crate::FieldsUser {
|
||||
FieldsUser::StatusPresence => crate::FieldsUser::StatusPresence,
|
||||
FieldsUser::StatusText => crate::FieldsUser::StatusText,
|
||||
FieldsUser::DisplayName => crate::FieldsUser::DisplayName,
|
||||
FieldsUser::Pronouns => crate::FieldsUser::Pronouns,
|
||||
|
||||
FieldsUser::Internal => crate::FieldsUser::None,
|
||||
}
|
||||
@@ -1274,6 +1287,7 @@ impl From<crate::FieldsUser> for FieldsUser {
|
||||
crate::FieldsUser::StatusPresence => FieldsUser::StatusPresence,
|
||||
crate::FieldsUser::StatusText => FieldsUser::StatusText,
|
||||
crate::FieldsUser::DisplayName => FieldsUser::DisplayName,
|
||||
crate::FieldsUser::Pronouns => FieldsUser::Pronouns,
|
||||
|
||||
crate::FieldsUser::Suspension => FieldsUser::Internal,
|
||||
crate::FieldsUser::None => FieldsUser::Internal,
|
||||
@@ -1407,6 +1421,14 @@ impl From<FieldsMessage> for crate::FieldsMessage {
|
||||
}
|
||||
}
|
||||
|
||||
impl From<crate::VoiceInformation> for VoiceInformation {
|
||||
fn from(value: crate::VoiceInformation) -> Self {
|
||||
VoiceInformation {
|
||||
max_users: value.max_users,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<VoiceInformation> for crate::VoiceInformation {
|
||||
fn from(value: VoiceInformation) -> Self {
|
||||
crate::VoiceInformation {
|
||||
@@ -1415,10 +1437,246 @@ impl From<VoiceInformation> for crate::VoiceInformation {
|
||||
}
|
||||
}
|
||||
|
||||
impl From<crate::VoiceInformation> for VoiceInformation {
|
||||
fn from(value: crate::VoiceInformation) -> Self {
|
||||
VoiceInformation {
|
||||
max_users: value.max_users,
|
||||
impl From<crate::AuditLogEntryAction> for AuditLogEntryAction {
|
||||
fn from(value: crate::AuditLogEntryAction) -> Self {
|
||||
match value {
|
||||
crate::AuditLogEntryAction::MessageDelete { author, channel } => {
|
||||
AuditLogEntryAction::MessageDelete { author, channel }
|
||||
}
|
||||
crate::AuditLogEntryAction::BanCreate { user } => {
|
||||
AuditLogEntryAction::BanCreate { user }
|
||||
}
|
||||
crate::AuditLogEntryAction::BanDelete { user } => {
|
||||
AuditLogEntryAction::BanDelete { user }
|
||||
}
|
||||
crate::AuditLogEntryAction::ChannelCreate { channel, name } => {
|
||||
AuditLogEntryAction::ChannelCreate { channel, name }
|
||||
}
|
||||
crate::AuditLogEntryAction::MemberEdit {
|
||||
user,
|
||||
before,
|
||||
after,
|
||||
} => AuditLogEntryAction::MemberEdit {
|
||||
user,
|
||||
before: before.into(),
|
||||
after: after.into(),
|
||||
},
|
||||
crate::AuditLogEntryAction::MemberKick { user } => {
|
||||
AuditLogEntryAction::MemberKick { user }
|
||||
}
|
||||
crate::AuditLogEntryAction::ServerEdit { before, after } => {
|
||||
AuditLogEntryAction::ServerEdit {
|
||||
before: before.into(),
|
||||
after: after.into(),
|
||||
}
|
||||
}
|
||||
crate::AuditLogEntryAction::RoleEdit {
|
||||
role,
|
||||
before,
|
||||
after,
|
||||
} => AuditLogEntryAction::RoleEdit {
|
||||
role,
|
||||
before: before.into(),
|
||||
after: after.into(),
|
||||
},
|
||||
crate::AuditLogEntryAction::RoleCreate { role, name } => {
|
||||
AuditLogEntryAction::RoleCreate { role, name }
|
||||
}
|
||||
crate::AuditLogEntryAction::RoleDelete { role, name } => {
|
||||
AuditLogEntryAction::RoleDelete { role, name }
|
||||
}
|
||||
crate::AuditLogEntryAction::RolesReorder { before, after } => {
|
||||
AuditLogEntryAction::RolesReorder { before, after }
|
||||
}
|
||||
crate::AuditLogEntryAction::MessageBulkDelete { channel, count } => {
|
||||
AuditLogEntryAction::MessageBulkDelete { channel, count }
|
||||
}
|
||||
crate::AuditLogEntryAction::ChannelEdit {
|
||||
channel,
|
||||
before,
|
||||
after,
|
||||
} => AuditLogEntryAction::ChannelEdit {
|
||||
channel,
|
||||
before: before.into(),
|
||||
after: after.into(),
|
||||
},
|
||||
crate::AuditLogEntryAction::ChannelRolePermissionsEdit {
|
||||
channel,
|
||||
role,
|
||||
permissions,
|
||||
} => AuditLogEntryAction::ChannelRolePermissionsEdit {
|
||||
channel,
|
||||
role,
|
||||
permissions: permissions.into(),
|
||||
},
|
||||
crate::AuditLogEntryAction::ChannelDelete { channel, name } => {
|
||||
AuditLogEntryAction::ChannelDelete { channel, name }
|
||||
}
|
||||
crate::AuditLogEntryAction::InviteDelete { invite, channel } => {
|
||||
AuditLogEntryAction::InviteDelete { invite, channel }
|
||||
}
|
||||
crate::AuditLogEntryAction::WebhookCreate {
|
||||
webhook,
|
||||
name,
|
||||
channel,
|
||||
} => AuditLogEntryAction::WebhookCreate {
|
||||
webhook,
|
||||
name,
|
||||
channel,
|
||||
},
|
||||
crate::AuditLogEntryAction::WebhookDelete {
|
||||
webhook,
|
||||
name,
|
||||
channel,
|
||||
} => AuditLogEntryAction::WebhookDelete {
|
||||
webhook,
|
||||
name,
|
||||
channel,
|
||||
},
|
||||
crate::AuditLogEntryAction::EmojiCreate { emoji, name } => {
|
||||
AuditLogEntryAction::EmojiCreate { emoji, name }
|
||||
}
|
||||
crate::AuditLogEntryAction::EmojiUpdate {
|
||||
emoji,
|
||||
before,
|
||||
after,
|
||||
} => AuditLogEntryAction::EmojiUpdate {
|
||||
emoji,
|
||||
before: before.into(),
|
||||
after: after.into(),
|
||||
},
|
||||
crate::AuditLogEntryAction::EmojiDelete { emoji, name } => {
|
||||
AuditLogEntryAction::EmojiDelete { emoji, name }
|
||||
}
|
||||
crate::AuditLogEntryAction::MessagePin {
|
||||
message,
|
||||
author,
|
||||
channel,
|
||||
} => AuditLogEntryAction::MessagePin {
|
||||
message,
|
||||
author,
|
||||
channel,
|
||||
},
|
||||
crate::AuditLogEntryAction::MessageUnpin {
|
||||
message,
|
||||
author,
|
||||
channel,
|
||||
} => AuditLogEntryAction::MessageUnpin {
|
||||
message,
|
||||
author,
|
||||
channel,
|
||||
},
|
||||
crate::AuditLogEntryAction::InviteCreate { invite, channel } => {
|
||||
AuditLogEntryAction::InviteCreate { invite, channel }
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<crate::AuditLogEntry> for AuditLogEntry {
|
||||
fn from(value: crate::AuditLogEntry) -> Self {
|
||||
AuditLogEntry {
|
||||
id: value.id,
|
||||
server: value.server,
|
||||
reason: value.reason,
|
||||
user: value.user,
|
||||
target: value.target,
|
||||
action: value.action.into(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<crate::Account> for AccountInfo {
|
||||
fn from(item: crate::Account) -> Self {
|
||||
AccountInfo {
|
||||
id: item.id,
|
||||
email: item.email,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<crate::MFATicket> for MFATicket {
|
||||
fn from(value: crate::MFATicket) -> Self {
|
||||
MFATicket {
|
||||
id: value.id,
|
||||
account_id: value.account_id,
|
||||
token: value.token,
|
||||
validated: value.validated,
|
||||
authorised: value.authorised,
|
||||
last_totp_code: value.last_totp_code,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<crate::MultiFactorAuthentication> for MultiFactorStatus {
|
||||
fn from(item: crate::MultiFactorAuthentication) -> Self {
|
||||
MultiFactorStatus {
|
||||
// email_otp: item.enable_email_otp,
|
||||
// trusted_handover: item.enable_trusted_handover,
|
||||
// email_mfa: item.enable_email_mfa,
|
||||
totp_mfa: !item.totp_token.is_disabled(),
|
||||
// security_key_mfa: item.security_key_token.is_some(),
|
||||
recovery_active: !item.recovery_codes.is_empty(),
|
||||
..Default::default()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<crate::MFAMethod> for MFAMethod {
|
||||
fn from(value: crate::MFAMethod) -> Self {
|
||||
match value {
|
||||
crate::MFAMethod::Password => MFAMethod::Password,
|
||||
crate::MFAMethod::Recovery => MFAMethod::Recovery,
|
||||
crate::MFAMethod::Totp => MFAMethod::Totp,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<crate::Session> for SessionInfo {
|
||||
fn from(item: crate::Session) -> Self {
|
||||
SessionInfo {
|
||||
id: item.id,
|
||||
name: item.name,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<crate::Session> for Session {
|
||||
fn from(value: crate::Session) -> Self {
|
||||
Session {
|
||||
id: value.id,
|
||||
user_id: value.user_id,
|
||||
token: value.token,
|
||||
name: value.name,
|
||||
last_seen: value.last_seen,
|
||||
origin: value.origin,
|
||||
subscription: value.subscription.map(Into::into),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<crate::WebPushSubscription> for WebPushSubscription {
|
||||
fn from(value: crate::WebPushSubscription) -> Self {
|
||||
WebPushSubscription {
|
||||
endpoint: value.endpoint,
|
||||
p256dh: value.p256dh,
|
||||
auth: value.auth,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<WebPushSubscription> for crate::WebPushSubscription {
|
||||
fn from(value: WebPushSubscription) -> Self {
|
||||
crate::WebPushSubscription {
|
||||
endpoint: value.endpoint,
|
||||
p256dh: value.p256dh,
|
||||
auth: value.auth,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<crate::PartialEmoji> for PartialEmoji {
|
||||
fn from(value: crate::PartialEmoji) -> Self {
|
||||
PartialEmoji { name: value.name }
|
||||
}
|
||||
}
|
||||
|
||||
42
crates/core/database/src/util/captcha.rs
Normal file
42
crates/core/database/src/util/captcha.rs
Normal file
@@ -0,0 +1,42 @@
|
||||
use reqwest::Client;
|
||||
use revolt_config::config;
|
||||
use revolt_result::Result;
|
||||
use std::sync::LazyLock;
|
||||
|
||||
static CLIENT: LazyLock<Client> = LazyLock::new(Client::new);
|
||||
|
||||
#[derive(Serialize, Deserialize)]
|
||||
struct CaptchaResponse {
|
||||
success: bool,
|
||||
}
|
||||
|
||||
pub async fn check_captcha(token: Option<&str>) -> Result<()> {
|
||||
let config = config().await;
|
||||
|
||||
if !config.api.security.captcha.hcaptcha_key.is_empty() {
|
||||
let Some(token) = token else {
|
||||
return Err(create_error!(CaptchaFailed));
|
||||
};
|
||||
|
||||
let response = CLIENT
|
||||
.post("https://hcaptcha.com/siteverify")
|
||||
.form(&[
|
||||
("secret", config.api.security.captcha.hcaptcha_key.as_str()),
|
||||
("response", token),
|
||||
])
|
||||
.send()
|
||||
.await
|
||||
.map_err(|_| create_error!(CaptchaFailed))?
|
||||
.json::<CaptchaResponse>()
|
||||
.await
|
||||
.map_err(|_| create_error!(CaptchaFailed))?;
|
||||
|
||||
if response.success {
|
||||
Ok(())
|
||||
} else {
|
||||
Err(create_error!(CaptchaFailed))
|
||||
}
|
||||
} else {
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
63
crates/core/database/src/util/chunked.rs
Normal file
63
crates/core/database/src/util/chunked.rs
Normal file
@@ -0,0 +1,63 @@
|
||||
#[cfg(feature = "mongodb")]
|
||||
use ::mongodb::{ClientSession, SessionCursor};
|
||||
use revolt_result::{Result, ToRevoltError};
|
||||
use serde::Deserialize;
|
||||
|
||||
#[derive(Debug)]
|
||||
#[allow(clippy::large_enum_variant)]
|
||||
pub enum ChunkedDatabaseGenerator<T> {
|
||||
#[cfg(feature = "mongodb")]
|
||||
MongoDb {
|
||||
session: ClientSession,
|
||||
cursor: SessionCursor<T>,
|
||||
},
|
||||
|
||||
Reference {
|
||||
offset: usize,
|
||||
data: Vec<T>,
|
||||
},
|
||||
}
|
||||
|
||||
impl<T: for<'d> Deserialize<'d> + Clone> ChunkedDatabaseGenerator<T> {
|
||||
#[cfg(feature = "mongodb")]
|
||||
pub fn new_mongo(session: ClientSession, cursor: SessionCursor<T>) -> Self {
|
||||
Self::MongoDb { session, cursor }
|
||||
}
|
||||
|
||||
pub fn new_reference(data: Vec<T>) -> Self {
|
||||
Self::Reference { offset: 0, data }
|
||||
}
|
||||
|
||||
pub async fn next(&mut self) -> Result<Option<T>> {
|
||||
match self {
|
||||
#[cfg(feature = "mongodb")]
|
||||
Self::MongoDb { session, cursor } => {
|
||||
cursor.next(session).await.transpose().to_internal_error()
|
||||
}
|
||||
Self::Reference { offset, data } => {
|
||||
if let Some(value) = data.get(*offset) {
|
||||
*offset += 1;
|
||||
Ok(Some(value.clone()))
|
||||
} else {
|
||||
Ok(None)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn next_n(&mut self, n: usize) -> Result<Option<Vec<T>>> {
|
||||
let mut docs = Vec::new();
|
||||
|
||||
while docs.len() < n {
|
||||
if let Some(doc) = self.next().await? {
|
||||
docs.push(doc);
|
||||
} else if docs.is_empty() {
|
||||
return Ok(None);
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
Ok(Some(docs))
|
||||
}
|
||||
}
|
||||
271
crates/core/database/src/util/email.rs
Normal file
271
crates/core/database/src/util/email.rs
Normal file
@@ -0,0 +1,271 @@
|
||||
use std::{collections::HashSet, sync::LazyLock};
|
||||
|
||||
use lettre::{
|
||||
transport::smtp::{authentication::Credentials, client::Tls},
|
||||
SmtpTransport,
|
||||
};
|
||||
use regex::Regex;
|
||||
use revolt_config::{config, ApiSmtp};
|
||||
use revolt_result::Result;
|
||||
|
||||
static SPLIT: LazyLock<Regex> = LazyLock::new(|| Regex::new("([^@]+)(@.+)").unwrap());
|
||||
static SYMBOL_RE: LazyLock<Regex> = LazyLock::new(|| Regex::new("\\+.+|\\.").unwrap());
|
||||
static HANDLEBARS: LazyLock<handlebars::Handlebars<'static>> =
|
||||
LazyLock::new(handlebars::Handlebars::new);
|
||||
static REVOLT_SOURCE_LIST: LazyLock<HashSet<String>> = LazyLock::new(|| {
|
||||
include_str!("../../assets/revolt_source_list.txt")
|
||||
.split('\n')
|
||||
.map(|x| x.into())
|
||||
.collect()
|
||||
});
|
||||
|
||||
/// Strip special characters and aliases from emails
|
||||
pub fn normalise_email(original: String) -> String {
|
||||
let split = SPLIT.captures(&original).unwrap();
|
||||
let mut clean = SYMBOL_RE
|
||||
.replace_all(split.get(1).unwrap().as_str(), "")
|
||||
.to_string();
|
||||
|
||||
clean.push_str(split.get(2).unwrap().as_str());
|
||||
clean.to_lowercase()
|
||||
}
|
||||
|
||||
/// Email template
|
||||
#[derive(Clone)]
|
||||
pub struct Template {
|
||||
/// Title of the email
|
||||
pub title: String,
|
||||
/// Plain text version of this email
|
||||
pub text: String,
|
||||
/// HTML version of this email
|
||||
pub html: Option<String>,
|
||||
/// URL to redirect people to from the email
|
||||
///
|
||||
/// Use `{{url}}` to fill this field.
|
||||
///
|
||||
/// Any given URL will be suffixed with a unique token if applicable.
|
||||
///
|
||||
/// e.g. `https://example.com?t=` becomes `https://example.com?t=UNIQUE_CODE`
|
||||
pub url: String,
|
||||
}
|
||||
|
||||
/// Email templates
|
||||
#[derive(Clone)]
|
||||
pub struct Templates {
|
||||
/// Template for email verification
|
||||
pub verify: Template,
|
||||
/// Template for password reset
|
||||
pub reset: Template,
|
||||
/// Template for password reset when the account already exists on creation
|
||||
pub reset_existing: Template,
|
||||
/// Template for account deletion
|
||||
pub deletion: Template,
|
||||
/// Template for suspention
|
||||
pub suspension: Template,
|
||||
}
|
||||
|
||||
pub async fn email_templates() -> Templates {
|
||||
let config = config().await;
|
||||
|
||||
if std::env::var("TEST_DB").is_ok() {
|
||||
Templates {
|
||||
verify: Template {
|
||||
title: "verify".into(),
|
||||
text: "[[{{url}}]]".into(),
|
||||
url: "".into(),
|
||||
html: None,
|
||||
},
|
||||
reset: Template {
|
||||
title: "reset".into(),
|
||||
text: "[[{{url}}]]".into(),
|
||||
url: "".into(),
|
||||
html: None,
|
||||
},
|
||||
reset_existing: Template {
|
||||
title: "reset_existing".into(),
|
||||
text: "[[{{url}}]]".into(),
|
||||
url: "".into(),
|
||||
html: None,
|
||||
},
|
||||
deletion: Template {
|
||||
title: "deletion".into(),
|
||||
text: "[[{{url}}]]".into(),
|
||||
url: "".into(),
|
||||
html: None,
|
||||
},
|
||||
suspension: Template {
|
||||
title: "suspension".into(),
|
||||
text: "[[dummy]]".into(),
|
||||
url: "".into(),
|
||||
html: None,
|
||||
},
|
||||
}
|
||||
} else if config.production {
|
||||
Templates {
|
||||
verify: Template {
|
||||
title: "Verify your Stoat account.".into(),
|
||||
text: include_str!("../../templates/verify.txt").into(),
|
||||
url: format!("{}/login/verify/", config.hosts.app),
|
||||
html: Some(include_str!("../../templates/verify.html").into()),
|
||||
},
|
||||
reset: Template {
|
||||
title: "Reset your Stoat password.".into(),
|
||||
text: include_str!("../../templates/reset.txt").into(),
|
||||
url: format!("{}/login/reset/", config.hosts.app),
|
||||
html: Some(include_str!("../../templates/reset.html").into()),
|
||||
},
|
||||
reset_existing: Template {
|
||||
title: "You already have a Stoat account, reset your password.".into(),
|
||||
text: include_str!("../../templates/reset-existing.txt").into(),
|
||||
url: format!("{}/login/reset/", config.hosts.app),
|
||||
html: Some(include_str!("../../templates/reset-existing.html").into()),
|
||||
},
|
||||
deletion: Template {
|
||||
title: "Confirm account deletion.".into(),
|
||||
text: include_str!("../../templates/deletion.txt").into(),
|
||||
url: format!("{}/delete/", config.hosts.app),
|
||||
html: Some(include_str!("../../templates/deletion.html").into()),
|
||||
},
|
||||
suspension: Template {
|
||||
title: "Account Suspension".to_string(),
|
||||
html: Some(include_str!("../../templates/suspension.html").to_owned()),
|
||||
text: include_str!("../../templates/suspension.txt").to_owned(),
|
||||
url: Default::default(),
|
||||
},
|
||||
}
|
||||
} else {
|
||||
Templates {
|
||||
verify: Template {
|
||||
title: "Verify your account.".into(),
|
||||
text: include_str!("../../templates/verify.whitelabel.txt").into(),
|
||||
url: format!("{}/login/verify/", config.hosts.app),
|
||||
html: None,
|
||||
},
|
||||
reset: Template {
|
||||
title: "Reset your password.".into(),
|
||||
text: include_str!("../../templates/reset.whitelabel.txt").into(),
|
||||
url: format!("{}/login/reset/", config.hosts.app),
|
||||
html: None,
|
||||
},
|
||||
reset_existing: Template {
|
||||
title: "Reset your password.".into(),
|
||||
text: include_str!("../../templates/reset.whitelabel.txt").into(),
|
||||
url: format!("{}/login/reset/", config.hosts.app),
|
||||
html: None,
|
||||
},
|
||||
deletion: Template {
|
||||
title: "Confirm account deletion.".into(),
|
||||
text: include_str!("../../templates/deletion.whitelabel.txt").into(),
|
||||
url: format!("{}/delete/", config.hosts.app),
|
||||
html: None,
|
||||
},
|
||||
suspension: Template {
|
||||
title: "Account Suspension".to_string(),
|
||||
text: include_str!("../../templates/suspension.whitelabel.txt").to_owned(),
|
||||
url: Default::default(),
|
||||
html: None,
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// Create SMTP transport
|
||||
pub fn create_transport(smtp: &ApiSmtp) -> SmtpTransport {
|
||||
let relay = if smtp.use_starttls == Some(true) {
|
||||
SmtpTransport::starttls_relay(&smtp.host).unwrap()
|
||||
} else {
|
||||
SmtpTransport::relay(&smtp.host).unwrap()
|
||||
};
|
||||
|
||||
let relay = if let Some(port) = smtp.port {
|
||||
relay.port(port.try_into().unwrap())
|
||||
} else {
|
||||
relay
|
||||
};
|
||||
|
||||
let relay = if smtp.use_tls == Some(false) {
|
||||
relay.tls(Tls::None)
|
||||
} else {
|
||||
relay
|
||||
};
|
||||
|
||||
relay
|
||||
.credentials(Credentials::new(
|
||||
smtp.username.clone(),
|
||||
smtp.password.clone(),
|
||||
))
|
||||
.build()
|
||||
}
|
||||
|
||||
/// Render an email template
|
||||
fn render_template(text: &str, variables: &handlebars::JsonValue) -> Result<String> {
|
||||
HANDLEBARS
|
||||
.render_template(text, variables)
|
||||
.map_err(|_| create_error!(RenderFail))
|
||||
}
|
||||
|
||||
/// Send an email
|
||||
pub fn send_email(
|
||||
smtp: &ApiSmtp,
|
||||
address: String,
|
||||
template: &Template,
|
||||
variables: handlebars::JsonValue,
|
||||
) -> Result<()> {
|
||||
let m = lettre::Message::builder()
|
||||
.from(smtp.from_address.parse().expect("valid `smtp_from`"))
|
||||
.to(address.parse().expect("valid `smtp_to`"))
|
||||
.subject(template.title.clone());
|
||||
|
||||
let m = if let Some(reply_to) = &smtp.reply_to {
|
||||
m.reply_to(reply_to.parse().expect("valid `smtp_reply_to`"))
|
||||
} else {
|
||||
m
|
||||
};
|
||||
|
||||
let text = render_template(&template.text, &variables).expect("valid `template`");
|
||||
|
||||
let m = if let Some(html) = &template.html {
|
||||
m.multipart(lettre::message::MultiPart::alternative_plain_html(
|
||||
text,
|
||||
render_template(html, &variables).expect("valid `template`"),
|
||||
))
|
||||
} else {
|
||||
m.body(text)
|
||||
}
|
||||
.expect("valid `message`");
|
||||
|
||||
use lettre::Transport;
|
||||
let sender = create_transport(smtp);
|
||||
|
||||
match sender.send(&m) {
|
||||
Ok(_) => Ok(()),
|
||||
Err(error) => {
|
||||
error!(
|
||||
"Failed to send email to {}!\nlettre error: {}",
|
||||
address, error
|
||||
);
|
||||
|
||||
revolt_config::capture_error(&error);
|
||||
|
||||
Err(create_error!(EmailFailed))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub fn validate_email(email: &str) -> Result<()> {
|
||||
// Make sure this is an actual email
|
||||
if !validator::validate_email(email) {
|
||||
return Err(create_error!(IncorrectData {
|
||||
with: "email".to_string()
|
||||
}));
|
||||
}
|
||||
|
||||
// Check if the email is blacklisted
|
||||
if let Some(domain) = email.split('@').next_back() {
|
||||
if REVOLT_SOURCE_LIST.contains(&domain.to_string()) {
|
||||
return Err(create_error!(Blacklisted));
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
@@ -5,7 +5,7 @@ use revolt_result::{create_error, Result};
|
||||
#[cfg(feature = "rocket-impl")]
|
||||
use revolt_result::Error;
|
||||
|
||||
use async_std::sync::Mutex;
|
||||
use tokio::sync::Mutex;
|
||||
use once_cell::sync::Lazy;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
|
||||
56
crates/core/database/src/util/ip.rs
Normal file
56
crates/core/database/src/util/ip.rs
Normal file
@@ -0,0 +1,56 @@
|
||||
#[cfg(feature = "rocket-impl")]
|
||||
pub mod rocket {
|
||||
use revolt_config::config;
|
||||
use rocket::Request;
|
||||
|
||||
pub fn to_ip(request: &'_ Request<'_>) -> String {
|
||||
request
|
||||
.client_ip()
|
||||
.map(|x| x.to_string())
|
||||
.unwrap_or_default()
|
||||
}
|
||||
|
||||
/// Find the actual IP of the client
|
||||
pub async fn to_real_ip(request: &'_ Request<'_>) -> String {
|
||||
if config().await.api.security.trust_cloudflare {
|
||||
request
|
||||
.headers()
|
||||
.get_one("CF-Connecting-IP")
|
||||
.map(|x| x.to_string())
|
||||
.unwrap_or_else(|| to_ip(request))
|
||||
} else {
|
||||
to_ip(request)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(feature = "axum-impl")]
|
||||
pub mod axum {
|
||||
use axum::{
|
||||
extract::ConnectInfo,
|
||||
http::request::Parts,
|
||||
};
|
||||
use revolt_config::config;
|
||||
use std::net::SocketAddr;
|
||||
|
||||
pub fn to_ip(parts: &Parts) -> String {
|
||||
parts
|
||||
.extensions
|
||||
.get::<ConnectInfo<SocketAddr>>()
|
||||
.map(|info| info.ip().to_string())
|
||||
.unwrap_or_default()
|
||||
}
|
||||
|
||||
/// Find the actual IP of the client
|
||||
pub async fn to_real_ip(parts: &Parts) -> String {
|
||||
if config().await.api.security.trust_cloudflare {
|
||||
parts
|
||||
.headers
|
||||
.get("CF-Connecting-IP")
|
||||
.map(|x| x.to_str().unwrap().to_string())
|
||||
.unwrap_or_else(|| to_ip(parts))
|
||||
} else {
|
||||
to_ip(parts)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,10 +1,17 @@
|
||||
pub mod acker;
|
||||
pub mod bridge;
|
||||
pub mod bulk_permissions;
|
||||
pub mod captcha;
|
||||
pub mod chunked;
|
||||
pub mod email;
|
||||
mod funcs;
|
||||
pub mod idempotency;
|
||||
pub mod ip;
|
||||
pub mod password;
|
||||
pub mod permissions;
|
||||
pub mod reference;
|
||||
pub mod shield;
|
||||
pub mod test_fixtures;
|
||||
|
||||
pub use funcs::*;
|
||||
pub use chunked::ChunkedDatabaseGenerator;
|
||||
72
crates/core/database/src/util/password.rs
Normal file
72
crates/core/database/src/util/password.rs
Normal file
@@ -0,0 +1,72 @@
|
||||
use reqwest::Client;
|
||||
use sha1::Digest;
|
||||
use std::{collections::HashSet, sync::LazyLock};
|
||||
|
||||
use revolt_config::config;
|
||||
use revolt_result::{Result, ToRevoltError};
|
||||
|
||||
static CLIENT: LazyLock<Client> = LazyLock::new(Client::new);
|
||||
static ARGON_CONFIG: LazyLock<argon2::Config<'static>> = LazyLock::new(argon2::Config::default);
|
||||
static TOP_100K_COMPROMISED: LazyLock<HashSet<String>> = LazyLock::new(|| {
|
||||
include_str!("../../assets/pwned100k.txt")
|
||||
.split('\n')
|
||||
.map(|x| x.into())
|
||||
.collect()
|
||||
});
|
||||
|
||||
#[derive(Deserialize)]
|
||||
struct EasyPwnedResult {
|
||||
secure: bool,
|
||||
}
|
||||
|
||||
/// Hash a password using argon2
|
||||
pub fn hash_password(plaintext_password: String) -> Result<String> {
|
||||
argon2::hash_encoded(
|
||||
plaintext_password.as_bytes(),
|
||||
nanoid::nanoid!(24).as_bytes(),
|
||||
&ARGON_CONFIG,
|
||||
)
|
||||
.to_internal_error()
|
||||
}
|
||||
|
||||
pub async fn assert_safe(password: &str) -> Result<()> {
|
||||
// Make sure the password is long enough.
|
||||
if password.len() < 8 {
|
||||
return Err(create_error!(ShortPassword));
|
||||
}
|
||||
|
||||
let config = config().await;
|
||||
|
||||
if !config.api.security.easypwned.is_empty() {
|
||||
let mut hasher = sha1::Sha1::new();
|
||||
hasher.update(password);
|
||||
let pwd_hash = hasher.finalize();
|
||||
|
||||
let result = match CLIENT
|
||||
.get(format!(
|
||||
"{}/hash/{pwd_hash:#02x}",
|
||||
&config.api.security.easypwned
|
||||
))
|
||||
.send()
|
||||
.await
|
||||
{
|
||||
Ok(response) => match response.json::<EasyPwnedResult>().await {
|
||||
Ok(result) => Ok(result.secure),
|
||||
Err(e) => Err(e),
|
||||
},
|
||||
Err(e) => Err(e),
|
||||
};
|
||||
|
||||
if let Err(e) = &result {
|
||||
revolt_config::capture_error(e);
|
||||
} else if result.is_ok_and(|b| b) {
|
||||
return Ok(());
|
||||
}
|
||||
};
|
||||
|
||||
if TOP_100K_COMPROMISED.contains(password) {
|
||||
return Err(create_error!(CompromisedPassword));
|
||||
};
|
||||
|
||||
Ok(())
|
||||
}
|
||||
118
crates/core/database/src/util/shield.rs
Normal file
118
crates/core/database/src/util/shield.rs
Normal file
@@ -0,0 +1,118 @@
|
||||
use reqwest::Client;
|
||||
use revolt_config::config;
|
||||
use revolt_result::Result;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use std::{collections::HashMap, sync::LazyLock};
|
||||
use crate::util::ip;
|
||||
|
||||
static CLIENT: LazyLock<Client> = LazyLock::new(Client::new);
|
||||
|
||||
#[derive(Serialize, Deserialize, Default, Debug)]
|
||||
pub struct ShieldValidationInput {
|
||||
/// Remote user IP
|
||||
pub ip: Option<String>,
|
||||
|
||||
/// User provided email
|
||||
pub email: Option<String>,
|
||||
|
||||
/// Request headers
|
||||
pub headers: Option<HashMap<String, String>>,
|
||||
|
||||
/// Skip alerts and monitoring for this request
|
||||
pub dry_run: bool,
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize)]
|
||||
pub struct ValidationResult {
|
||||
/// Whether this request was blocked
|
||||
blocked: bool,
|
||||
|
||||
/// Reasons for the request being blocked
|
||||
reasons: Vec<String>,
|
||||
}
|
||||
|
||||
pub async fn validate_shield(input: ShieldValidationInput) -> Result<()> {
|
||||
let shield = config().await.api.security.shield;
|
||||
|
||||
if !shield.host.is_empty() {
|
||||
if let Ok(response) = CLIENT
|
||||
.post(format!("{}/validate", &shield.host))
|
||||
.json(&input)
|
||||
.header("Authorization", &shield.key)
|
||||
.send()
|
||||
.await
|
||||
{
|
||||
let result = response
|
||||
.json::<ValidationResult>()
|
||||
.await
|
||||
.map_err(|_| create_error!(InternalError))?;
|
||||
|
||||
if result.blocked {
|
||||
return Err(create_error!(BlockedByShield));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[cfg(feature = "rocket-impl")]
|
||||
#[async_trait]
|
||||
impl<'r> rocket::request::FromRequest<'r> for ShieldValidationInput {
|
||||
type Error = revolt_result::Error;
|
||||
|
||||
#[allow(clippy::collapsible_match)]
|
||||
async fn from_request(
|
||||
request: &'r rocket::Request<'_>,
|
||||
) -> rocket::request::Outcome<Self, Self::Error> {
|
||||
rocket::request::Outcome::Success(ShieldValidationInput {
|
||||
ip: Some(ip::rocket::to_real_ip(request).await),
|
||||
headers: Some(
|
||||
request
|
||||
.headers()
|
||||
.iter()
|
||||
.map(|entry| (entry.name.to_string(), entry.value.to_string()))
|
||||
.collect(),
|
||||
),
|
||||
..Default::default()
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(feature = "rocket-impl")]
|
||||
impl<'r> revolt_rocket_okapi::request::OpenApiFromRequest<'r> for ShieldValidationInput {
|
||||
fn from_request_input(
|
||||
_gen: &mut revolt_rocket_okapi::r#gen::OpenApiGenerator,
|
||||
_name: String,
|
||||
_required: bool,
|
||||
) -> revolt_rocket_okapi::Result<revolt_rocket_okapi::request::RequestHeaderInput> {
|
||||
Ok(revolt_rocket_okapi::request::RequestHeaderInput::None)
|
||||
}
|
||||
}
|
||||
#[cfg(feature = "axum-impl")]
|
||||
#[async_trait]
|
||||
impl<S> axum::extract::FromRequestParts<S> for ShieldValidationInput {
|
||||
type Rejection = axum::Json<revolt_result::Error> ;
|
||||
|
||||
async fn from_request_parts(
|
||||
parts: &mut axum::http::request::Parts,
|
||||
_state: &S,
|
||||
) -> Result<Self, Self::Rejection> {
|
||||
Ok(ShieldValidationInput {
|
||||
ip: Some(ip::axum::to_real_ip(parts).await),
|
||||
headers: Some(
|
||||
parts
|
||||
.headers
|
||||
.iter()
|
||||
.map(|(name, value)| {
|
||||
(
|
||||
name.to_string(),
|
||||
value.to_str().map(|s| s.to_string()).unwrap_or_default(),
|
||||
)
|
||||
})
|
||||
.collect(),
|
||||
),
|
||||
..Default::default()
|
||||
})
|
||||
}
|
||||
}
|
||||
@@ -42,7 +42,7 @@
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="line-height: 24px; font-size: 16px; margin: 0;" align="left">
|
||||
<img alt="Stoat Logo" class="w-24" src="https://stoat.chat/favicon.svg" style="height: auto; line-height: 100%; outline: none; text-decoration: none; display: block; width: 96px; border-style: none; border-width: 0;" width="96">
|
||||
<img alt="Stoat Logo" class="w-24" src="https://stoat.chat/favicon-stoat.svg" style="height: auto; line-height: 100%; outline: none; text-decoration: none; display: block; width: 96px; border-style: none; border-width: 0;" width="96">
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
|
||||
<body class="bg-light">
|
||||
<div class="container">
|
||||
<img alt="Stoat Logo" class="ax-center my-10 w-24" src="https://stoat.chat/favicon.svg" />
|
||||
<img alt="Stoat Logo" class="ax-center my-10 w-24" src="https://stoat.chat/favicon-stoat.svg" />
|
||||
<div class="card p-6 p-lg-10 space-y-4">
|
||||
<h1 class="h3 fw-700">Account Deletion</h1>
|
||||
<p>
|
||||
|
||||
@@ -42,7 +42,7 @@
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="line-height: 24px; font-size: 16px; margin: 0;" align="left">
|
||||
<img class="w-24" src="https://stoat.chat/favicon.svg" alt="Stoat Logo" style="height: auto; line-height: 100%; outline: none; text-decoration: none; display: block; width: 96px; border-style: none; border-width: 0;" width="96">
|
||||
<img class="w-24" src="https://stoat.chat/favicon-stoat.svg" alt="Stoat Logo" style="height: auto; line-height: 100%; outline: none; text-decoration: none; display: block; width: 96px; border-style: none; border-width: 0;" width="96">
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
<div class="container">
|
||||
<img
|
||||
class="ax-center my-10 w-24"
|
||||
src="https://stoat.chat/favicon.svg"
|
||||
src="https://stoat.chat/favicon-stoat.svg"
|
||||
alt="Stoat Logo"
|
||||
/>
|
||||
<div class="card p-6 p-lg-10 space-y-4">
|
||||
|
||||
@@ -42,7 +42,7 @@
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="line-height: 24px; font-size: 16px; margin: 0;" align="left">
|
||||
<img class="w-24" src="https://stoat.chat/favicon.svg" alt="Stoat Logo" style="height: auto; line-height: 100%; outline: none; text-decoration: none; display: block; width: 96px; border-style: none; border-width: 0;" width="96">
|
||||
<img class="w-24" src="https://stoat.chat/favicon-stoat.svg" alt="Stoat Logo" style="height: auto; line-height: 100%; outline: none; text-decoration: none; display: block; width: 96px; border-style: none; border-width: 0;" width="96">
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
|
||||
<body class="bg-light">
|
||||
<div class="container">
|
||||
<img class="ax-center my-10 w-24" src="https://stoat.chat/favicon.svg" alt="Stoat Logo" />
|
||||
<img class="ax-center my-10 w-24" src="https://stoat.chat/favicon-stoat.svg" alt="Stoat Logo" />
|
||||
<div class="card p-6 p-lg-10 space-y-4">
|
||||
<h1 class="h3 fw-700">Password Reset</h1>
|
||||
<p>You requested a password reset, click below to continue.</p>
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user