Added auth
This commit is contained in:
Connor Johnstone
@@ -1,9 +1,11 @@
|
||||
use actix_session::Session;
|
||||
use actix_web::{HttpResponse, web};
|
||||
use serde::Deserialize;
|
||||
|
||||
use shanty_db::entities::download_queue::DownloadStatus;
|
||||
use shanty_db::queries;
|
||||
|
||||
use crate::auth;
|
||||
use crate::config::AppConfig;
|
||||
use crate::error::ApiError;
|
||||
use crate::routes::artists::enrich_all_watched_artists;
|
||||
@@ -25,7 +27,8 @@ pub fn configure(cfg: &mut web::ServiceConfig) {
|
||||
);
|
||||
}
|
||||
|
||||
async fn get_status(state: web::Data<AppState>) -> Result<HttpResponse, ApiError> {
|
||||
async fn get_status(state: web::Data<AppState>, session: Session) -> Result<HttpResponse, ApiError> {
|
||||
auth::require_auth(&session)?;
|
||||
let summary = shanty_watch::library_summary(state.db.conn()).await?;
|
||||
let pending_items =
|
||||
queries::downloads::list(state.db.conn(), Some(DownloadStatus::Pending)).await?;
|
||||
@@ -58,7 +61,8 @@ async fn get_status(state: web::Data<AppState>) -> Result<HttpResponse, ApiError
|
||||
})))
|
||||
}
|
||||
|
||||
async fn trigger_index(state: web::Data<AppState>) -> Result<HttpResponse, ApiError> {
|
||||
async fn trigger_index(state: web::Data<AppState>, session: Session) -> Result<HttpResponse, ApiError> {
|
||||
auth::require_auth(&session)?;
|
||||
let task_id = state.tasks.register("index");
|
||||
let state = state.clone();
|
||||
let tid = task_id.clone();
|
||||
@@ -82,7 +86,8 @@ async fn trigger_index(state: web::Data<AppState>) -> Result<HttpResponse, ApiEr
|
||||
Ok(HttpResponse::Accepted().json(serde_json::json!({ "task_id": task_id })))
|
||||
}
|
||||
|
||||
async fn trigger_tag(state: web::Data<AppState>) -> Result<HttpResponse, ApiError> {
|
||||
async fn trigger_tag(state: web::Data<AppState>, session: Session) -> Result<HttpResponse, ApiError> {
|
||||
auth::require_auth(&session)?;
|
||||
let task_id = state.tasks.register("tag");
|
||||
let state = state.clone();
|
||||
let tid = task_id.clone();
|
||||
@@ -114,7 +119,8 @@ async fn trigger_tag(state: web::Data<AppState>) -> Result<HttpResponse, ApiErro
|
||||
Ok(HttpResponse::Accepted().json(serde_json::json!({ "task_id": task_id })))
|
||||
}
|
||||
|
||||
async fn trigger_organize(state: web::Data<AppState>) -> Result<HttpResponse, ApiError> {
|
||||
async fn trigger_organize(state: web::Data<AppState>, session: Session) -> Result<HttpResponse, ApiError> {
|
||||
auth::require_auth(&session)?;
|
||||
let task_id = state.tasks.register("organize");
|
||||
let state = state.clone();
|
||||
let tid = task_id.clone();
|
||||
@@ -150,7 +156,8 @@ async fn trigger_organize(state: web::Data<AppState>) -> Result<HttpResponse, Ap
|
||||
Ok(HttpResponse::Accepted().json(serde_json::json!({ "task_id": task_id })))
|
||||
}
|
||||
|
||||
async fn trigger_pipeline(state: web::Data<AppState>) -> Result<HttpResponse, ApiError> {
|
||||
async fn trigger_pipeline(state: web::Data<AppState>, session: Session) -> Result<HttpResponse, ApiError> {
|
||||
auth::require_auth(&session)?;
|
||||
let sync_id = state.tasks.register_pending("sync");
|
||||
let download_id = state.tasks.register_pending("download");
|
||||
let index_id = state.tasks.register_pending("index");
|
||||
@@ -308,8 +315,10 @@ async fn trigger_pipeline(state: web::Data<AppState>) -> Result<HttpResponse, Ap
|
||||
|
||||
async fn get_task(
|
||||
state: web::Data<AppState>,
|
||||
session: Session,
|
||||
path: web::Path<String>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
auth::require_auth(&session)?;
|
||||
let id = path.into_inner();
|
||||
match state.tasks.get(&id) {
|
||||
Some(task) => Ok(HttpResponse::Ok().json(task)),
|
||||
@@ -317,21 +326,25 @@ async fn get_task(
|
||||
}
|
||||
}
|
||||
|
||||
async fn list_watchlist(state: web::Data<AppState>) -> Result<HttpResponse, ApiError> {
|
||||
let items = shanty_watch::list_items(state.db.conn(), None, None).await?;
|
||||
async fn list_watchlist(state: web::Data<AppState>, session: Session) -> Result<HttpResponse, ApiError> {
|
||||
let (user_id, _, _) = auth::require_auth(&session)?;
|
||||
let items = shanty_watch::list_items(state.db.conn(), None, None, Some(user_id)).await?;
|
||||
Ok(HttpResponse::Ok().json(items))
|
||||
}
|
||||
|
||||
async fn remove_watchlist(
|
||||
state: web::Data<AppState>,
|
||||
session: Session,
|
||||
path: web::Path<i32>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
auth::require_auth(&session)?;
|
||||
let id = path.into_inner();
|
||||
shanty_watch::remove_item(state.db.conn(), id).await?;
|
||||
Ok(HttpResponse::NoContent().finish())
|
||||
}
|
||||
|
||||
async fn get_config(state: web::Data<AppState>) -> Result<HttpResponse, ApiError> {
|
||||
async fn get_config(state: web::Data<AppState>, session: Session) -> Result<HttpResponse, ApiError> {
|
||||
auth::require_auth(&session)?;
|
||||
let config = state.config.read().await;
|
||||
Ok(HttpResponse::Ok().json(&*config))
|
||||
}
|
||||
@@ -344,8 +357,10 @@ struct SaveConfigRequest {
|
||||
|
||||
async fn save_config(
|
||||
state: web::Data<AppState>,
|
||||
session: Session,
|
||||
body: web::Json<SaveConfigRequest>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
auth::require_admin(&session)?;
|
||||
let new_config = body.into_inner().config;
|
||||
|
||||
// Persist to YAML
|
||||
|
||||
Reference in New Issue
Block a user