frontend v0.4.1

- fixed most of the bugs with the rewrite. should be ready to deploy now
2026-04-08 00:00:28 +01:00
parent 5291e7dee6
commit 529d09aabc
10 changed files with 124 additions and 29 deletions
@@ -37,7 +37,7 @@ pub async fn login(

 #[post("/invite", data = "<form>")]
 pub async fn generate_invite(
-    session: Session,
+    session: AdminSession,
    form: Json<AccessTokenForm>,
    svc: &State<AccessTokenService>,
 ) -> ApiResult<String> {
@@ -86,6 +86,56 @@ impl<'r> FromRequest<'r> for Session {
    }
 }

+pub struct AdminSession {
+    pub uid: i64,
+}
+
+#[rocket::async_trait]
+impl<'r> FromRequest<'r> for AdminSession {
+    type Error = ();
+
+    async fn from_request(req: &'r Request<'_>) -> Outcome<Self, Self::Error> {
+        // First verify the session is valid
+        match Claims::from_request(req).await {
+            Outcome::Success(user) if user.scope == TokenScope::Full => {
+                let uid = user.sub as i64;
+
+                // Get AuthService from Rocket state
+                let auth_svc = match req.guard::<&State<AuthService>>().await {
+                    Outcome::Success(svc) => svc,
+                    Outcome::Error(err) => {
+                        tracing::error!("AdminSession: Failed to get AuthService from state");
+                        return Outcome::Error(err);
+                    }
+                    _ => unreachable!("forward should never be called"),
+                };
+
+                // Check if user is admin
+                match auth_svc.is_admin(uid).await {
+                    Ok(true) => Outcome::Success(AdminSession { uid }),
+                    Ok(false) => {
+                        tracing::debug!("non-admin user attempted to access admin session");
+                        Outcome::Error((Status::Forbidden, ()))
+                    }
+                    Err(err) => {
+                        tracing::error!("AdminSession: is_admin check failed: {:?}", err);
+                        Outcome::Error((Status::InternalServerError, ()))
+                    }
+                }
+            }
+            Outcome::Success(_) => {
+                tracing::debug!("warning: user with scope other than Full attempted to access admin session");
+                Outcome::Error((Status::Forbidden, ()))
+            }
+            Outcome::Error(err) => {
+                tracing::debug!("AdminSession request guard failed: {:?}", err);
+                Outcome::Error(err)
+            }
+            _ => unreachable!("forward should never be called"),
+        }
+    }
+}
+
 #[derive(Serialize, Deserialize)]
 pub struct Claims {
    pub sub: i32,