traxys/regalade
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

server: Don't match household id with tuples

Browse source
This commit is contained in:
traxys 2023-05-29 22:01:20 +02:00
parent d5f3edc33f
commit 14fbde812f
2 changed files with 19 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

29
src/routes/household.rs
View file

@ -13,12 +13,13 @@ use api::{
AddToHouseholdRequest, CreateHouseholdRequest, CreateHouseholdResponse, EmptyResponse, AddToHouseholdRequest, CreateHouseholdRequest, CreateHouseholdResponse, EmptyResponse,
Households, Households,
}; };
use serde::Deserialize;
use super::{AppState, AuthenticatedUser, RouteError}; use super::{AppState, AuthenticatedUser, RouteError};
use crate::entity::{household, household_members, prelude::*}; use crate::entity::{household, household_members, prelude::*};
#[derive(Debug)] #[derive(Debug)]
pub(super) struct AuthorizedHousehold(Uuid); pub(super) struct AuthorizedHousehold(pub household::Model);
#[async_trait] #[async_trait]
impl<S> FromRequestParts<S> for AuthorizedHousehold impl<S> FromRequestParts<S> for AuthorizedHousehold
@ -35,18 +36,24 @@ where
let user = AuthenticatedUser::from_request_parts(parts, state).await?; let user = AuthenticatedUser::from_request_parts(parts, state).await?;
let Path(household): Path<Uuid> = Path::from_request_parts(parts, state).await?; #[derive(Deserialize)]
struct HouseholdPathParam {
house_id: Uuid,
}
let matching_count = user let Path(household): Path<HouseholdPathParam> =
Path::from_request_parts(parts, state).await?;
let household = user
.model .model
.find_related(Household) .find_related(Household)
.filter(household::Column::Id.eq(household)) .filter(household::Column::Id.eq(household.house_id))
.count(&app_state.db) .one(&app_state.db)
.await?; .await?;
match matching_count { match household {
0 => Err(RouteError::Unauthorized), None => Err(RouteError::Unauthorized),
_ => Ok(AuthorizedHousehold(household)), Some(household) => Ok(AuthorizedHousehold(household)),
} }
} }
} }
@ -101,7 +108,7 @@ pub(super) async fn add_member(
Json(request): Json<AddToHouseholdRequest>, Json(request): Json<AddToHouseholdRequest>,
) -> super::JsonResult<EmptyResponse> { ) -> super::JsonResult<EmptyResponse> {
let member = household_members::ActiveModel { let member = household_members::ActiveModel {
household: ActiveValue::Set(household), household: ActiveValue::Set(household.id),
user: ActiveValue::Set(request.user), user: ActiveValue::Set(request.user),
}; };
@ -130,11 +137,11 @@ pub(super) async fn leave(
user: AuthenticatedUser, user: AuthenticatedUser,
state: State<AppState>, state: State<AppState>,
) -> super::JsonResult<EmptyResponse> { ) -> super::JsonResult<EmptyResponse> {
HouseholdMembers::delete_by_id((household, user.model.id)) HouseholdMembers::delete_by_id((household.id, user.model.id))
.exec(&state.db) .exec(&state.db)
.await?; .await?;
let Some(household) = Household::find_by_id(household) let Some(household) = Household::find_by_id(household.id)
.one(&state.db) .one(&state.db)
.await? else { .await? else {
return Ok(Json(EmptyResponse {})); return Ok(Json(EmptyResponse {}));

2
src/routes/mod.rs
View file

@ -181,7 +181,7 @@ pub(crate) fn router(api_allowed: Option<HeaderValue>) -> Router<AppState> {
.layer(mk_service(vec![Method::GET, Method::POST])), .layer(mk_service(vec![Method::GET, Method::POST])),
) )
.route( .route(
"/household/:id", "/household/:house_id",
put(household::add_member) put(household::add_member)
.delete(household::leave) .delete(household::leave)
.layer(mk_service(vec![Method::PUT, Method::DELETE])), .layer(mk_service(vec![Method::PUT, Method::DELETE])),