Compare commits

...

75 Commits

Author SHA1 Message Date
d5eba9620c Link to favicon
All checks were successful
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 6s
Push Workflows / docs (push) Successful in 20s
Push Workflows / test (push) Successful in 23s
Push Workflows / clippy (push) Successful in 18s
Push Workflows / build (push) Successful in 47s
Push Workflows / nix-build (push) Successful in 6m24s
2026-07-11 12:41:03 -04:00
39afdd83a7 Add username and password form input presets
All checks were successful
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 6s
Push Workflows / docs (push) Successful in 31s
Push Workflows / clippy (push) Successful in 28s
Push Workflows / test (push) Successful in 35s
Push Workflows / build (push) Successful in 1m12s
Push Workflows / nix-build (push) Successful in 6m24s
2026-07-11 12:37:30 -04:00
34b887730a Enable account icons in Lucide 2026-07-11 12:37:30 -04:00
f2dc4c908e Export individual components from crate::components 2026-07-11 12:28:35 -04:00
219f1f5e7d Add open-signup to list of allowed endpoints 2026-07-11 12:26:28 -04:00
102387fdad Initialize tracing to INFO in release mode 2026-07-11 12:21:37 -04:00
87bd1b50a9 Add form component
All checks were successful
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 6s
Push Workflows / docs (push) Successful in 49s
Push Workflows / clippy (push) Successful in 1m19s
Push Workflows / test (push) Successful in 1m30s
Push Workflows / build (push) Successful in 2m24s
Push Workflows / nix-build (push) Successful in 5m35s
2026-07-08 21:33:04 -04:00
c8cd4b95dc Add dioxus-html 2026-07-08 21:33:04 -04:00
8348277a87 Add endpoint to check open signup 2026-07-08 20:47:58 -04:00
e7c43e7a47 Allow icon in form input component
Misc style adjustments
2026-07-08 20:44:38 -04:00
4bacbfd1ab Add FormInput component
All checks were successful
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 4s
Push Workflows / docs (push) Successful in 19s
Push Workflows / clippy (push) Successful in 17s
Push Workflows / test (push) Successful in 25s
Push Workflows / build (push) Successful in 51s
Push Workflows / nix-build (push) Successful in 5m13s
2026-06-30 21:29:20 -04:00
fa9ea95657 Don't check for /favicon.ico path in require_auth_mw
All checks were successful
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 5s
Push Workflows / clippy (push) Successful in 28s
Push Workflows / test (push) Successful in 40s
Push Workflows / docs (push) Successful in 41s
Push Workflows / build (push) Successful in 1m50s
Push Workflows / nix-build (push) Successful in 5m17s
The server returns the icon before this middleware is reached
2026-06-30 21:17:37 -04:00
3ec07c0469 Serve favicon on /favicon.ico 2026-06-30 21:16:52 -04:00
f41f4f8d80 Set DIOXUS_PUBLIC_PATH to configured value 2026-06-30 21:11:26 -04:00
c9b7bbfece Enable fs feature on tower-http 2026-06-30 21:10:29 -04:00
9de0b13ee8 Add tower-http 2026-06-30 21:09:02 -04:00
8b00db60eb Add public_path config option 2026-06-30 21:08:05 -04:00
69eb3a5e80 Move loading config outside of router setup
All checks were successful
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 6s
Push Workflows / clippy (push) Successful in 18s
Push Workflows / docs (push) Successful in 23s
Push Workflows / test (push) Successful in 26s
Push Workflows / build (push) Successful in 54s
Push Workflows / nix-build (push) Successful in 5m54s
2026-06-30 21:04:16 -04:00
7133e53536 Fix clip path on logo
All checks were successful
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 5s
Push Workflows / docs (push) Successful in 20s
Push Workflows / clippy (push) Successful in 18s
Push Workflows / test (push) Successful in 26s
Push Workflows / build (push) Successful in 52s
Push Workflows / nix-build (push) Successful in 5m8s
2026-06-29 22:04:58 -04:00
ebfe18aca2 Use more descriptive errors for signup checks 2026-06-29 21:58:10 -04:00
843572b487 Add function to get source of error
All checks were successful
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 5s
Push Workflows / docs (push) Successful in 21s
Push Workflows / clippy (push) Successful in 19s
Push Workflows / test (push) Successful in 27s
Push Workflows / build (push) Successful in 54s
Push Workflows / nix-build (push) Successful in 5m15s
2026-06-29 21:01:17 -04:00
2cbc6aeaff Add function to display error as alert
Move random modal id generation to function
2026-06-29 21:01:17 -04:00
f84e51d13a Add Footer component 2026-06-29 21:01:17 -04:00
4e03be050a Add logo assets to app
All checks were successful
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 5s
Push Workflows / docs (push) Successful in 20s
Push Workflows / clippy (push) Successful in 18s
Push Workflows / test (push) Successful in 26s
Push Workflows / build (push) Successful in 51s
Push Workflows / nix-build (push) Successful in 5m15s
2026-06-29 19:32:32 -04:00
32699fcf9b Reduce focus outline on input boxes 2026-06-29 19:31:44 -04:00
b0d5c45caf Add endpoint to get current user 2026-06-29 19:31:04 -04:00
280d63ed71 Add logo favicon 2026-06-28 14:44:01 -04:00
8da7f1ab66 Add logo SVG 2026-06-28 14:43:23 -04:00
3527892cfd Bring toast to front
All checks were successful
Push Workflows / rustfmt (push) Successful in 12s
Push Workflows / tailwind-build (push) Successful in 10s
Push Workflows / docs (push) Successful in 21s
Push Workflows / clippy (push) Successful in 18s
Push Workflows / test (push) Successful in 25s
Push Workflows / build (push) Successful in 49s
Push Workflows / nix-build (push) Successful in 5m13s
2026-06-28 13:49:28 -04:00
4466396259 Enable config option for secure auth cookies
All checks were successful
Push Workflows / rustfmt (push) Successful in 16s
Push Workflows / tailwind-build (push) Successful in 15s
Push Workflows / test (push) Successful in 27s
Push Workflows / docs (push) Successful in 25s
Push Workflows / clippy (push) Successful in 19s
Push Workflows / build (push) Successful in 50s
Push Workflows / nix-build (push) Successful in 5m13s
Enable by default in release mode
2026-06-28 13:48:31 -04:00
142182af74 Allow unauthenticated access to /wasm/ in dev mode 2026-06-28 13:47:46 -04:00
0463714882 Add middleware to require authentication for some routes
All checks were successful
Push Workflows / rustfmt (push) Successful in 14s
Push Workflows / tailwind-build (push) Successful in 13s
Push Workflows / clippy (push) Successful in 25s
Push Workflows / test (push) Successful in 34s
Push Workflows / docs (push) Successful in 31s
Push Workflows / build (push) Successful in 59s
Push Workflows / nix-build (push) Successful in 5m27s
2026-06-28 11:56:18 -04:00
62a7103423 Add signup endpoint
All checks were successful
Push Workflows / rustfmt (push) Successful in 6s
Push Workflows / tailwind-build (push) Successful in 10s
Push Workflows / clippy (push) Successful in 21s
Push Workflows / test (push) Successful in 29s
Push Workflows / docs (push) Successful in 27s
Push Workflows / build (push) Successful in 52s
Push Workflows / nix-build (push) Successful in 5m17s
2026-06-27 22:34:07 -04:00
d028636e43 Add Unauthorized error 2026-06-27 22:33:50 -04:00
7ca7056fac Add Config to router as Extension 2026-06-27 22:32:57 -04:00
ab90cd81f9 Add function to create user 2026-06-27 22:32:36 -04:00
04ca8abce9 Add login and logout endpoints
All checks were successful
Push Workflows / rustfmt (push) Successful in 6s
Push Workflows / tailwind-build (push) Successful in 11s
Push Workflows / clippy (push) Successful in 43s
Push Workflows / test (push) Successful in 1m4s
Push Workflows / docs (push) Successful in 1m8s
Push Workflows / build (push) Successful in 1m30s
Push Workflows / nix-build (push) Successful in 5m27s
2026-06-27 22:18:10 -04:00
08fc3995e5 Add auth layer to router 2026-06-27 22:17:27 -04:00
4b2fb25c6d Create function to build auth layer 2026-06-27 22:17:07 -04:00
17ea0ee46a Add AuthError 2026-06-27 22:14:40 -04:00
1b5a5125a7 Derive Ser/De on User and UserCredentials 2026-06-27 22:14:10 -04:00
978c9c4202 Add tower-sessions-redis-store 2026-06-27 22:01:25 -04:00
7fc0513efc Attach db_pool to router as Extension 2026-06-27 18:54:32 -04:00
f2a1296454 Move server setup into router_setup
All checks were successful
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 8s
Push Workflows / docs (push) Successful in 33s
Push Workflows / clippy (push) Successful in 31s
Push Workflows / test (push) Successful in 57s
Push Workflows / build (push) Successful in 1m25s
Push Workflows / nix-build (push) Successful in 5m17s
Remove tokio (dioxus::serve provides a runtime)
2026-06-27 18:51:44 -04:00
d52c4cbe9e Add open_signup config flag
All checks were successful
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 7s
Push Workflows / clippy (push) Successful in 18s
Push Workflows / docs (push) Successful in 22s
Push Workflows / test (push) Successful in 26s
Push Workflows / build (push) Successful in 49s
Push Workflows / nix-build (push) Successful in 5m11s
2026-06-27 17:33:23 -04:00
1282c2b8b5 Implement axum-login
All checks were successful
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 7s
Push Workflows / docs (push) Successful in 40s
Push Workflows / clippy (push) Successful in 46s
Push Workflows / test (push) Successful in 1m2s
Push Workflows / build (push) Successful in 1m54s
Push Workflows / nix-build (push) Successful in 5m20s
2026-06-27 17:25:46 -04:00
f7f4fd2813 Add password check function 2026-06-27 17:23:02 -04:00
46ce08e02f Add HashedPassword::auth_hash 2026-06-27 17:22:35 -04:00
8a049edeeb Add axum-login 2026-06-27 17:21:52 -04:00
0b7e25c792 Add database::DbConn type 2026-06-27 17:07:42 -04:00
554ae23175 Remove unnecessary error conversion 2026-06-27 17:07:27 -04:00
87aa18b7cc Allow error::Result type to use other error
Convenience since this Result will shadow std::result::Result when
imported
2026-06-27 17:06:24 -04:00
86291f1eb5 Convert deadpool::PoolError into Database error 2026-06-27 17:06:02 -04:00
f8e2dad58a Set up key-value store in server main
All checks were successful
Push Workflows / rustfmt (push) Successful in 13s
Push Workflows / tailwind-build (push) Successful in 12s
Push Workflows / docs (push) Successful in 38s
Push Workflows / clippy (push) Successful in 41s
Push Workflows / test (push) Successful in 48s
Push Workflows / build (push) Successful in 1m45s
Push Workflows / nix-build (push) Successful in 5m21s
2026-06-27 15:28:52 -04:00
2b800c2df4 Add key-value store setup function 2026-06-27 15:28:39 -04:00
9e3d534190 Add config for key-value store connection 2026-06-27 15:26:07 -04:00
d74479851f Add format_uri function 2026-06-27 15:25:52 -04:00
4ecbf6da15 Add error type for key-value store 2026-06-27 15:17:22 -04:00
674b58e290 Use wildcard match for Error variants without special status codes 2026-06-27 15:17:02 -04:00
ef9f88e72c Add fred 2026-06-27 15:16:20 -04:00
97cf3f62ad Add User models 2026-06-27 13:24:12 -04:00
3677b6adfa Add cfg_if 2026-06-27 13:23:57 -04:00
ca8c96306f Add pbkdf2
All checks were successful
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 8s
Push Workflows / test (push) Successful in 40s
Push Workflows / clippy (push) Successful in 40s
Push Workflows / docs (push) Successful in 48s
Push Workflows / build (push) Successful in 1m26s
Push Workflows / nix-build (push) Successful in 5m14s
2026-06-27 12:35:05 -04:00
f4f1e4b96f Move schema module to server only
All checks were successful
Push Workflows / rustfmt (push) Successful in 4s
Push Workflows / tailwind-build (push) Successful in 5s
Push Workflows / docs (push) Successful in 39s
Push Workflows / clippy (push) Successful in 42s
Push Workflows / test (push) Successful in 52s
Push Workflows / build (push) Successful in 1m26s
Push Workflows / nix-build (push) Successful in 5m3s
2026-06-26 18:10:13 -04:00
1bf5c0f2da Ignore diesel lock file 2026-06-26 18:08:52 -04:00
773d8dffd1 Create users table 2026-06-26 18:08:03 -04:00
fb3afaf31c Add chrono
Enable chrono feature for diesel
2026-06-26 17:46:50 -04:00
3fae599c6f Ignore all config files
All checks were successful
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 5s
Push Workflows / docs (push) Successful in 26s
Push Workflows / clippy (push) Successful in 37s
Push Workflows / test (push) Successful in 47s
Push Workflows / build (push) Successful in 1m15s
Push Workflows / nix-build (push) Successful in 5m8s
2026-06-23 22:08:57 -04:00
a40fc81d0e Call database setup from server main 2026-06-23 22:08:57 -04:00
cc468b5b14 Create tokio runtime for async setup tasks 2026-06-23 22:08:57 -04:00
655afa77ac Add database setup 2026-06-23 22:08:57 -04:00
91c79d124a Add diesel-async
Make appropriate feature flag changes to other diesel dependencies
2026-06-23 22:08:57 -04:00
81d8a96d59 Add database connection configuration
Some checks failed
Push Workflows / rustfmt (push) Successful in 5s
Push Workflows / tailwind-build (push) Successful in 5s
Push Workflows / test (push) Successful in 19s
Push Workflows / clippy (push) Failing after 15s
Push Workflows / build (push) Failing after 40s
Push Workflows / docs (push) Successful in 19s
Push Workflows / nix-build (push) Successful in 5m4s
2026-06-23 21:44:27 -04:00
f9c6f1afd1 Load configuration in server main 2026-06-23 21:38:04 -04:00
598215e50e Add web server launch message
All checks were successful
Push Workflows / rustfmt (push) Successful in 6s
Push Workflows / tailwind-build (push) Successful in 7s
Push Workflows / test (push) Successful in 22s
Push Workflows / clippy (push) Successful in 17s
Push Workflows / docs (push) Successful in 22s
Push Workflows / build (push) Successful in 45s
Push Workflows / nix-build (push) Successful in 5m2s
2026-06-23 21:37:35 -04:00
27 changed files with 1776 additions and 85 deletions

11
.gitignore vendored
View File

@@ -7,3 +7,14 @@
/result
.env
# Anything the config crate looks for
config.ini
config.json
config.json5
config.ron
config.toml
config.yaml
config.yml
/migrations/.diesel_lock

703
Cargo.lock generated

File diff suppressed because it is too large Load Diff

View File

@@ -9,16 +9,24 @@ edition = "2024"
build = "src/build.rs"
[dependencies]
axum-login = { version = "0.18.0", optional = true }
cfg-if = "1.0.4"
chrono = { version = "0.4.45", features = ["serde"] }
config = { version = "0.15.24", optional = true }
diesel = { version = "2.3.10", optional = true, features = [ "postgres" ] }
diesel_migrations = { version = "2.3.2", optional = true, features = [ "postgres" ] }
diesel = { version = "2.3.10", optional = true, features = ["chrono"] }
diesel-async = { version = "0.9.1", optional = true, features = ["postgres", "deadpool", "migrations"] }
diesel_migrations = { version = "2.3.2", optional = true }
dioxus = { version = "0.7.9", features = ["router", "fullstack"] }
dioxus-html = "0.7.9"
dotenvy = { version = "0.15.7", optional = true }
lucide-dioxus = { version = "3.11.0", features = ["notifications"] }
fred = { version = "10.1.0", optional = true }
lucide-dioxus = { version = "3.11.0", features = ["notifications", "account"] }
pbkdf2 = { version = "0.13.0", optional = true, features = ["getrandom", "phc"] }
rand = "0.10.1"
serde = { version = "1.0.228", features = ["derive"] }
thiserror = "2.0.18"
tokio = { version = "1.52.3", optional = true, features = ["rt-multi-thread"] }
tower-http = { version = "0.7.0", optional = true, features = ["fs"] }
tower-sessions-redis-store = { version = "0.16.0", optional = true }
tracing = "0.1.44"
[features]
@@ -26,11 +34,16 @@ default = ["web"]
web = ["dioxus/web"]
server = [
"dioxus/server",
"dep:axum-login",
"dep:config",
"dep:diesel",
"dep:diesel-async",
"dep:diesel_migrations",
"dep:dotenvy",
"dep:tokio",
"dep:fred",
"dep:pbkdf2",
"dep:tower-http",
"dep:tower-sessions-redis-store",
]
# Disabled until supported

BIN
assets/favicon.ico Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 121 KiB

1
assets/logo.svg Normal file
View File

@@ -0,0 +1 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <svg viewBox="0 0 254 254" version="1.1" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:svg="http://www.w3.org/2000/svg"><clipPath clipPathUnits="userSpaceOnUse" id="clippath"><path fill="#4032a8" d="m 9.028871e-5,480.0001 v 0 C 9.028871e-5,214.90342 214.90341,1.0022047e-4 480.00009,1.0022047e-4 v 0 c 127.30393,0 249.39377,50.57128477953 339.41122,140.58874977953 90.01752,90.01746 140.58875,212.10733 140.58875,339.41125 v 0 c 0,265.09665 -214.90332,479.99997 -479.99997,479.99997 v 0 C 214.90341,960.00007 9.028871e-5,745.09675 9.028871e-5,480.0001 Z" fill-rule="evenodd" style="display:inline;fill:#4032a8;fill-opacity:.495496"/></clipPath><g><g style="fill:none;stroke:none;stroke-linecap:square;stroke-miterlimit:10" transform="matrix(0.26458333,0,0,0.26458333,0,4.5672766)"><g clip-path="url(#p.0)" transform="translate(0,-17.262248)"><path fill="#4032a8" d="m 9.028871e-5,480.0001 v 0 C 9.028871e-5,214.90342 214.90341,1e-4 480.00009,1e-4 v 0 c 127.30393,0 249.39377,50.571285 339.41122,140.58875 90.01752,90.01746 140.58875,212.10733 140.58875,339.41125 v 0 c 0,265.09665 -214.90332,479.99997 -479.99997,479.99997 v 0 C 214.90341,960.00007 9.028871e-5,745.09675 9.028871e-5,480.0001 Z" fill-rule="evenodd"/><path stroke="#ffffff" stroke-width="4" stroke-linejoin="round" stroke-linecap="butt" d="m 60.00009,480.0001 v 0 c 0,-231.9596 188.0404,-420 420,-420 v 0 c 111.3909,0 218.21957,44.24988 296.98483,123.01516 78.76532,78.76527 123.01514,185.59392 123.01514,296.98486 v 0 c 0,231.95956 -188.0404,419.99997 -419.99997,419.99997 v 0 c -231.9596,0 -420,-188.0404 -420,-419.99997 z" fill-rule="evenodd" style="stroke-width:10.6666668;stroke-dasharray:none"/><path stroke="#ffffff" stroke-width="4" stroke-linejoin="round" stroke-linecap="butt" d="m 120.00009,480.0001 v 0 c 0,-198.82251 161.17749,-360 360,-360 v 0 c 95.47794,0 187.04532,37.92846 254.55844,105.44157 67.51312,67.51309 105.44153,159.0805 105.44153,254.55844 v 0 c 0,198.82248 -161.17749,359.99997 -359.99997,359.99997 v 0 c -198.82251,0 -360,-161.17749 -360,-359.99997 z" fill-rule="evenodd" style="stroke-width:10.6666668;stroke-dasharray:none"/><path fill="#ffffff" d="m 319.01666,480.00092 v 0 c 0,-88.90915 72.0751,-160.98425 160.98425,-160.98425 v 0 c 42.69568,0 83.64264,16.96078 113.83307,47.15121 30.19037,30.1904 47.15118,71.13736 47.15118,113.83304 v 0 c 0,88.90918 -72.07507,160.98425 -160.98425,160.98425 v 0 c -88.90915,0 -160.98425,-72.07507 -160.98425,-160.98425 z" fill-rule="evenodd" style="display:inline"/><path stroke="#ffffff" stroke-width="4" stroke-linejoin="round" stroke-linecap="butt" d="m 180.00009,480.0001 v 0 c 0,-165.68542 134.31458,-300 300,-300 v 0 c 79.56497,0 155.87112,31.60704 212.13205,87.86795 56.26092,56.26092 87.86792,132.56711 87.86792,212.13205 v 0 c 0,165.6854 -134.31458,299.99997 -299.99997,299.99997 v 0 c -165.68542,0 -300,-134.31458 -300,-299.99997 z" fill-rule="evenodd" style="stroke-width:10.6666668;stroke-dasharray:none"/><path fill="#ffffff" d="M 427.60658,-273.65095 504.05265,93.386828 478.34507,135.07715 570.21183,450.80446 544.78065,501.65549 662.47712,1028.614 477.52388,620.42282 508.81779,566.37301 393.66837,305.06321 429.7686,227.61648 308.24258,-46.542095 Z" fill-rule="evenodd" style="stroke-width:1.16873" clip-path="url(#clippath)"/></g></g></g></svg>

After

Width:  |  Height:  |  Size: 3.3 KiB

View File

@@ -0,0 +1,2 @@
DROP INDEX users_username_idx;
DROP TABLE users;

View File

@@ -0,0 +1,8 @@
CREATE TABLE users (
id INTEGER PRIMARY KEY UNIQUE NOT NULL GENERATED ALWAYS AS IDENTITY,
username VARCHAR UNIQUE NOT NULL,
hashed_password VARCHAR NOT NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE UNIQUE INDEX users_username_idx ON users(username);

94
src/api/auth.rs Normal file
View File

@@ -0,0 +1,94 @@
use dioxus::prelude::*;
use crate::models::user::{User, UserCredentials};
use crate::util::error::Result;
cfg_if::cfg_if! {
if #[cfg(feature = "server")] {
use dioxus::server::axum::Extension;
use crate::server::{auth::{AuthSession, create_user}, config::Config, database::DbPool};
use crate::util::error::{AuthError, Contextualize, Error, ErrorType};
}
}
#[post("/api/v1/auth/signup", mut auth: Extension<AuthSession>, db_pool: Extension<DbPool>, config: Extension<Config>)]
pub async fn signup(credentials: UserCredentials) -> Result<User> {
if !config.auth.open_signup {
return Err(Error::message_here("Signup is disabled"));
}
// Don't allow signup when already logged in
if auth.user.is_some() {
return Err(Error::message_here("Log out before creating an account"));
}
let hashed_creds = credentials
.try_hash()
.map_err(|e| Error::message_here(e.to_string()))
.err_context("Error hashing new user credentials")?;
let mut db_conn = db_pool
.get()
.await
.err_context("Failed to get database pool connection")?;
let new_user = create_user(&mut db_conn, &hashed_creds)
.await
.err_context("Error creating user")?;
// Don't return this to the client, logging in immediately isn't strictly necessary
if let Err(e) = auth.login(&new_user).await {
tracing::warn!("Failed to log in user after creating: {e}");
}
Ok(new_user.into())
}
#[post("/api/v1/auth/login", mut auth: Extension<AuthSession>)]
pub async fn login(credentials: UserCredentials) -> Result<User> {
let db_user = match auth.authenticate(credentials).await {
Ok(Some(db_user)) => Ok(db_user),
Ok(None) => Err(Error::new_here(ErrorType::Auth(
AuthError::InvalidCredentials,
))),
Err(axum_login::Error::Session(e)) => Err(Error::new_here(ErrorType::Auth(
AuthError::Error(format!("Session error: {e}")),
))),
Err(axum_login::Error::Backend(e)) => Err(e),
}
.err_context("Error authenticating")?;
auth.login(&db_user)
.await
.map_err(|e| Error::new_here(ErrorType::Auth(AuthError::Error(e.to_string()))))
.err_context("Error logging in")?;
Ok(db_user.into())
}
#[post("/api/v1/auth/logout", mut auth: Extension<AuthSession>)]
pub async fn logout() -> Result<()> {
match auth.logout().await {
Ok(_) => Ok(()),
Err(axum_login::Error::Session(e)) => Err(Error::new_here(ErrorType::Auth(
AuthError::Error(format!("Session error: {e}")),
))),
Err(axum_login::Error::Backend(e)) => Err(e),
}
.err_context("Error logging out")
}
/// Retrieve the currently logged-in user, or `None` if unauthenticated
#[get("/api/v1/auth/user", auth: Extension<AuthSession>)]
pub async fn get_user() -> Result<Option<User>> {
Ok(auth.user.clone().map(Into::into))
}
/// Check if open signup is enabled
#[get("/api/v1/auth/open-signup", config: Extension<Config>)]
pub async fn open_signup() -> Result<bool> {
Ok(config.auth.open_signup)
}

View File

@@ -1 +1 @@
pub mod auth;

View File

@@ -1,5 +1,7 @@
use dioxus::prelude::*;
pub const LOGO_SVG: Asset = asset!("/assets/logo.svg");
pub const LOGO_ICO: Asset = asset!("/assets/favicon.ico");
const TAILWIND_CSS: Asset = asset!("/assets/tailwind.css");
#[derive(Debug, Clone, Routable, PartialEq)]
@@ -12,6 +14,7 @@ enum Route {
#[component]
pub fn App() -> Element {
rsx! {
document::Link { rel: "icon", href: LOGO_ICO }
document::Link { rel: "stylesheet", href: TAILWIND_CSS }
Router::<Route> {}
}

35
src/components/footer.rs Normal file
View File

@@ -0,0 +1,35 @@
use dioxus::prelude::*;
use crate::app::LOGO_SVG;
#[component]
pub fn Footer() -> Element {
rsx! {
footer {
class: "footer md:footer-horizontal fixed bottom-0 text-base-content/70 bg-base-300 items-center p-4",
aside {
class: "flex items-center",
img {
class: "w-12 h-12",
src: LOGO_SVG,
}
div {
p {
class: "text-xl font-bold",
"LibreTunes",
}
a {
class: "text-sm",
href: env!("CARGO_PKG_REPOSITORY"),
"v" {env!("CARGO_PKG_VERSION")},
}
}
}
}
}
}

101
src/components/form.rs Normal file
View File

@@ -0,0 +1,101 @@
use dioxus::prelude::*;
use serde::de::DeserializeOwned;
use crate::util::error::Error;
/// A simple styled form card. Parses form fields into the provided generic type, and calls the
/// callback when submitted via button or enter key.
#[component]
pub fn Form<T>(
/// Heading above the form
title: String,
/// Form content, placed inside a `fieldset`
children: Element,
/// Text displayed on the form button
action_message: String,
/// Form-related error. Set to a parsing error on parse failure, or can be used to display any
/// submission error. Clears on each submit. Displays as a card between the inputs and action
/// button, opens a modal on click.
#[props(default)]
error: Signal<Option<Error>>,
/// Whether the form should display in a "loading" state, disables the action button and
/// displays a loading animation instead. For best UX, especially on pages the user might open
/// directly as opposed to navigate to within the app, initialize to true. This component will
/// set it to false when run. This sequence will discourage users from submitting the form
/// before the page is ready to handle it. Can also be used to indicate background work is
/// taking place in the `callback`, but this is not done automatically.
#[props(default)]
loading: Signal<bool>,
/// Content to display below the action button
#[props(default)]
extra_content: Option<Element>,
/// Form submission callback. Called with the deserialized form inputs.
onsubmit: Callback<T>,
) -> Element
where
T: DeserializeOwned + 'static,
{
// Button is initialized to loading, then set back when WASM is finished loading (use_effect
// runs only on the client)
use_effect(move || loading.set(false));
rsx! {
div {
class: "card card-xl w-full sm:w-100 sm:h-fit bg-base-200",
form {
onsubmit: move |evt| {
evt.prevent_default();
let data: T = match evt.data.parsed_values() {
Ok(data) => data,
Err(e) => {
let e = Error::message_here(e.to_string())
.with_context("Failed to parse form inputs");
error.set(Some(e));
return;
}
};
error.set(None);
onsubmit.call(data);
},
class: "card-body gap-3",
h1 {
class: "card-title",
{title}
}
fieldset {
class: "fieldset pt-0 gap-1",
{children}
}
{error().map(|e| e.as_alert())}
div {
class: "card-actions gap-4",
button {
class: "btn btn-primary btn-block",
disabled: loading(),
if loading() {
span {
class: "loading loading-dots"
}
} else {
{action_message}
}
}
{extra_content}
}
}
}
}
}

View File

@@ -0,0 +1,68 @@
use dioxus::prelude::*;
/// A simple styled input box
#[component]
pub fn FormInput(
/// The placeholder text and label. When text is entered in the input, the label is shown above
/// the input box.
label: String,
#[props(default)] name: Option<String>,
#[props(default)] required: bool,
#[props(default)] r#type: String,
children: Element,
) -> Element {
let name = name.unwrap_or(label.to_lowercase());
rsx! {
div {
class: "group/field",
p {
class: "opacity-0 not-group-has-placeholder-shown/field:opacity-70 transition-opacity pl-2",
{label.clone()}
}
label {
class: "input w-full",
{children}
input {
name,
required,
r#type,
placeholder: label,
}
}
}
}
}
#[component]
pub fn UsernameInput() -> Element {
rsx! {
FormInput {
label: "Username",
required: true,
lucide_dioxus::UserRound {
class: "opacity-50",
}
}
}
}
#[component]
pub fn PasswordInput() -> Element {
rsx! {
FormInput {
label: "Password",
required: true,
r#type: "password",
lucide_dioxus::KeyRound {
class: "opacity-50",
}
}
}
}

View File

@@ -1 +1,7 @@
pub mod footer;
pub mod form;
pub mod form_input;
pub use footer::*;
pub use form::*;
pub use form_input::*;

View File

@@ -3,9 +3,11 @@ pub mod app;
pub mod components;
pub mod models;
pub mod pages;
pub mod schema;
pub mod util;
#[cfg(feature = "server")]
pub mod schema;
#[cfg(feature = "server")]
pub mod server;
@@ -14,6 +16,9 @@ use crate::app::App;
fn tracing_setup() {
#[cfg(debug_assertions)]
dioxus::logger::init(tracing::Level::DEBUG).expect("Failed to initialize tracing logger");
#[cfg(not(debug_assertions))]
dioxus::logger::init(tracing::Level::INFO).expect("Failed to initialize tracing logger");
}
#[cfg(not(feature = "server"))]
@@ -26,9 +31,8 @@ fn main() {
fn main() -> std::process::ExitCode {
tracing_setup();
if let Err(e) = server::main() {
let Err(e) = server::main();
tracing::error!("Server main failed:\n{e}");
}
std::process::ExitCode::FAILURE
}

View File

@@ -1 +1 @@
pub mod user;

147
src/models/user.rs Normal file
View File

@@ -0,0 +1,147 @@
//! Various user types. Some types marked server-only to help prevent
//! leaking passwords to the frontend
use serde::{Deserialize, Serialize};
/// Standard informational user type, contains no password information
#[derive(Clone, Debug, Deserialize, Serialize)]
#[cfg_attr(feature = "server", derive(Queryable, Selectable, Identifiable))]
#[cfg_attr(feature = "server", diesel(table_name = crate::schema::users,
check_for_backend(diesel::pg::Pg)))]
pub struct User {
pub id: i32,
pub username: String,
pub created_at: chrono::DateTime<chrono::Local>,
}
/// Plaintext user credentials, used for login/signup form
#[derive(Deserialize, Serialize)]
pub struct UserCredentials {
pub username: String,
pub password: String,
}
cfg_if::cfg_if! {
if #[cfg(feature = "server")] {
use diesel::{
deserialize::{FromSql, FromSqlRow},
expression::AsExpression,
prelude::*,
serialize::ToSql,
sql_types,
};
use pbkdf2::{
PasswordHasher, PasswordVerifier, Pbkdf2, password_hash::Error::PasswordInvalid,
phc::PasswordHash,
};
use crate::util::error::{Error, Result};
/// Newtype for a `String`-represented hashed password
#[derive(Clone, Debug, AsExpression, FromSqlRow)]
#[diesel(sql_type = sql_types::Text)]
pub struct HashedPassword(String);
impl HashedPassword {
/// Check a password attempt against this hashed password
///
/// # Returns
///
/// `Ok(true)` for a correct password
/// `Ok(false)` for an incorrect password
/// `Err` for a hashing error
pub fn check(&self, password_attempt: String) -> Result<bool> {
let pw_hash = PasswordHash::new(&self.0)
.map_err(|e| Error::message_here(format!("Error parsing `HashedPassword`: {e}")))?;
match Pbkdf2::default().verify_password(password_attempt.as_bytes(), &pw_hash) {
Ok(()) => Ok(true),
Err(PasswordInvalid) => Ok(false),
Err(e) => Err(Error::message_here(format!(
"Error comparing password attempt against hash: {e}"
))),
}
}
/// Returns the "session auth hash" for `axum-login`, just the hashed password as bytes
pub fn auth_hash(&self) -> &[u8] {
self.0.as_bytes()
}
}
impl<DB> FromSql<diesel::sql_types::Text, DB> for HashedPassword
where
DB: diesel::backend::Backend,
String: FromSql<sql_types::Text, DB>,
{
fn from_sql(bytes: DB::RawValue<'_>) -> diesel::deserialize::Result<Self> {
Ok(Self(String::from_sql(bytes)?))
}
}
impl<DB> ToSql<diesel::sql_types::Text, DB> for HashedPassword
where
DB: diesel::backend::Backend,
String: ToSql<sql_types::Text, DB>,
{
fn to_sql<'b>(
&'b self,
out: &mut diesel::serialize::Output<'b, '_, DB>,
) -> diesel::serialize::Result {
self.0.to_sql(out)
}
}
/// User as it appears in the database, with hashed password
#[derive(Clone, Debug, Identifiable, Queryable, Selectable)]
#[diesel(table_name = crate::schema::users, check_for_backend(diesel::pg::Pg))]
pub struct DbUser {
pub id: i32,
pub username: String,
pub hashed_password: HashedPassword,
pub created_at: chrono::DateTime<chrono::Local>,
}
impl From<DbUser> for User {
fn from(db_user: DbUser) -> Self {
User {
id: db_user.id,
username: db_user.username,
created_at: db_user.created_at,
}
}
}
/// User credentials with hashed password
#[derive(Clone, Debug, Insertable, Queryable, Selectable)]
#[diesel(table_name = crate::schema::users, check_for_backend(diesel::pg::Pg))]
pub struct HashedUserCredentials {
username: String,
hashed_password: HashedPassword,
}
impl From<DbUser> for HashedUserCredentials {
fn from(db_user: DbUser) -> Self {
HashedUserCredentials {
username: db_user.username,
hashed_password: db_user.hashed_password,
}
}
}
impl UserCredentials {
/// Attempt to convert into `HashedUserCredentials` by hashing the password. Yields a PBKDF2
/// error on failure.
pub fn try_hash(self) -> Result<HashedUserCredentials, pbkdf2::password_hash::Error> {
let hashed_password = Pbkdf2::default().hash_password(self.password.as_bytes())?;
Ok(HashedUserCredentials {
username: self.username,
hashed_password: HashedPassword(hashed_password.to_string()),
})
}
}
}
}

View File

@@ -1 +1,10 @@
// @generated automatically by Diesel CLI.
diesel::table! {
users (id) {
id -> Int4,
username -> Varchar,
hashed_password -> Varchar,
created_at -> Timestamptz,
}
}

122
src/server/auth.rs Normal file
View File

@@ -0,0 +1,122 @@
use axum_login::{AuthManagerLayer, AuthUser, AuthnBackend, UserId};
use diesel::prelude::*;
use diesel_async::RunQueryDsl;
use tower_sessions_redis_store::RedisStore;
use crate::models::user::{DbUser, HashedUserCredentials, UserCredentials};
use crate::server::{
database::{DbConn, DbPool},
key_val_store::KeyValPool,
};
use crate::util::error::{Contextualize, Error, Result};
pub type AuthLayer = AuthManagerLayer<AuthBackend, RedisStore<KeyValPool>>;
pub type AuthSession = axum_login::AuthSession<AuthBackend>;
impl AuthUser for DbUser {
type Id = i32;
fn id(&self) -> Self::Id {
self.id
}
fn session_auth_hash(&self) -> &[u8] {
self.hashed_password.auth_hash()
}
}
#[derive(Clone)]
pub struct AuthBackend {
pub db_pool: DbPool,
}
impl AuthnBackend for AuthBackend {
type User = DbUser;
type Credentials = UserCredentials;
type Error = Error;
async fn authenticate(
&self,
attempt_creds: Self::Credentials,
) -> Result<Option<Self::User>, Self::Error> {
let mut db_conn = self
.db_pool
.get()
.await
.err_context("Failed to get database pool connection")?;
let user = get_user_by_username(&mut db_conn, attempt_creds.username)
.await
.err_context("Error fetching user for authentication check")?;
let Some(user) = user else { return Ok(None) };
let password_result = user
.hashed_password
.check(attempt_creds.password)
.err_context("Error checking user password attempt")?;
if password_result {
Ok(Some(user))
} else {
Ok(None)
}
}
async fn get_user(&self, user_id: &UserId<Self>) -> Result<Option<Self::User>, Self::Error> {
let mut db_conn = self
.db_pool
.get()
.await
.err_context("Failed to get database pool connection")?;
get_user_by_id(&mut db_conn, *user_id)
.await
.err_context("Failed fetching user for session")
}
}
pub async fn create_user(
db_conn: &mut DbConn,
credentials: &HashedUserCredentials,
) -> Result<DbUser> {
diesel::insert_into(crate::schema::users::table)
.values(credentials)
.get_result(db_conn)
.await
.err_context("Error creating user")
}
pub async fn get_user_by_id(db_conn: &mut DbConn, id: i32) -> Result<Option<DbUser>> {
crate::schema::users::table
.find(id)
.first(db_conn)
.await
.optional()
.err_context("Error fetching user from database by id")
}
pub async fn get_user_by_username(
db_conn: &mut DbConn,
username: String,
) -> Result<Option<DbUser>> {
crate::schema::users::table
.filter(crate::schema::users::username.eq(username))
.first(db_conn)
.await
.optional()
.err_context("Error fetching user from database by username")
}
/// Create the authentication middleware layer
pub fn build_auth_layer(db_pool: DbPool, key_val_pool: KeyValPool, use_secure: bool) -> AuthLayer {
use axum_login::{AuthManagerLayerBuilder, tower_sessions::SessionManagerLayer};
use tower_sessions_redis_store::RedisStore;
let auth_session_store = RedisStore::new(key_val_pool);
let session_layer = SessionManagerLayer::new(auth_session_store).with_secure(use_secure);
let auth_backend = AuthBackend { db_pool };
AuthManagerLayerBuilder::new(auth_backend, session_layer).build()
}

View File

@@ -1,8 +1,161 @@
use std::path::PathBuf;
use serde::Deserialize;
/// Enable secure cookies by default only in release mode
/// (Secure cookies can't be set over HTTP. Rough assumption: development is done over HTTP)
const DEFAULT_COOKIES_SECURE: bool = cfg!(not(debug_assertions));
#[derive(Debug, Clone, Deserialize)]
pub struct AuthConfig {
pub open_signup: bool,
pub cookies_secure: bool,
}
/// Build a connection URI from parts
fn format_uri(
scheme: &str,
username: &Option<String>,
password: &Option<String>,
host: &str,
port: &Option<u16>,
path: &Option<String>,
) -> String {
let mut url = format!("{scheme}://");
if let Some(username) = username {
url.push_str(username);
if let Some(password) = password {
url.push_str(&format!(":{password}"));
}
url.push('@');
}
url.push_str(host);
if let Some(port) = port {
url.push_str(&format!(":{port}"));
}
if let Some(path) = path {
url.push_str(&format!("/{path}"));
}
url
}
#[derive(Debug, Clone, Deserialize)]
pub struct DatabaseConfig {
#[serde(flatten)]
connection: DatabaseConnectionConfig,
}
impl DatabaseConfig {
/// Get the configured database connection URI
pub fn connection_uri(&self) -> String {
self.connection.as_uri()
}
}
#[derive(Debug, Clone, Deserialize)]
#[serde(untagged)]
enum DatabaseConnectionConfig {
FromUrl {
url: String,
},
FromParts {
host: String,
port: Option<u16>,
database: Option<String>,
username: Option<String>,
password: Option<String>,
},
}
impl DatabaseConnectionConfig {
/// Convert this configuration into the Postgres connection URI
pub fn as_uri(&self) -> String {
match self {
Self::FromUrl { url } => url.clone(),
Self::FromParts {
host,
port,
database,
username,
password,
} => format_uri("postgres", username, password, host, port, database),
}
}
}
#[derive(Debug, Clone, Deserialize)]
#[serde(untagged)]
enum KeyValStoreConnectionConfig {
FromUrl {
url: String,
},
FromParts {
scheme: Option<String>,
host: String,
port: Option<u16>,
database: Option<String>,
username: Option<String>,
password: Option<String>,
},
}
impl KeyValStoreConnectionConfig {
/// Convert this configuration into the Redis connection URI
pub fn as_uri(&self) -> String {
match self {
Self::FromUrl { url } => url.clone(),
Self::FromParts {
scheme,
host,
port,
database,
username,
password,
} => format_uri(
scheme.as_deref().unwrap_or("redis"),
username,
password,
host,
port,
database,
),
}
}
}
#[derive(Debug, Clone, Deserialize)]
pub struct KeyValStoreConfig {
#[serde(flatten)]
connection: KeyValStoreConnectionConfig,
}
impl KeyValStoreConfig {
/// Get the configured database connection URI
pub fn connection_uri(&self) -> String {
self.connection.as_uri()
}
}
#[derive(Debug, Clone, Deserialize)]
pub struct ServerConfig {
pub public_path: PathBuf,
}
#[derive(Debug, Clone, Deserialize)]
/// Top-level application configuration
pub struct Config {}
pub struct Config {
pub auth: AuthConfig,
pub database: DatabaseConfig,
pub key_val_store: KeyValStoreConfig,
pub server: ServerConfig,
}
/// Parse configuration from the expected files and environment variables
pub fn load_config() -> Result<Config, config::ConfigError> {
@@ -12,6 +165,9 @@ pub fn load_config() -> Result<Config, config::ConfigError> {
config::Config::builder()
.set_default("server.port", 8080)?
.set_default("auth.open_signup", false)?
.set_default("auth.cookies_secure", DEFAULT_COOKIES_SECURE)?
.set_default("server.public_path", default_public_dir())?
.add_source(File::with_name(&format!("/etc/{pkg_name}/config")).required(false))
.add_source(File::with_name(&format!("/etc/{pkg_name}")).required(false))
.add_source(File::with_name("config").required(false))
@@ -19,3 +175,19 @@ pub fn load_config() -> Result<Config, config::ConfigError> {
.build()?
.try_deserialize()
}
/// Provide a sane default for the public path, using the same sources as Dioxus does internally.
/// Checks the `DIOXUS_PUBLIC_PATH` environment variable, then tries relative to the path of this
/// executable
fn default_public_dir() -> Option<String> {
std::env::var("DIOXUS_PUBLIC_PATH").ok().or_else(|| {
std::env::current_exe().ok().and_then(|path| {
path.parent()
.expect("current executable path must have a parent")
.join("public")
.into_os_string()
.into_string()
.ok()
})
})
}

40
src/server/database.rs Normal file
View File

@@ -0,0 +1,40 @@
use diesel_async::{
AsyncMigrationHarness, AsyncPgConnection,
pooled_connection::{AsyncDieselConnectionManager, deadpool::Pool},
};
use diesel_migrations::{EmbeddedMigrations, MigrationHarness, embed_migrations};
use crate::util::error::{Contextualize, Error, ErrorType};
pub const DB_MIGRATIONS: EmbeddedMigrations = embed_migrations!();
pub type DbPool = Pool<AsyncPgConnection>;
pub type DbConn = AsyncPgConnection;
/// Connect to the database using the given URI, and perform migrations
pub async fn setup<S: Into<String>>(database_uri: S) -> Result<DbPool, Error> {
let pool_manager = AsyncDieselConnectionManager::<AsyncPgConnection>::new(database_uri);
let pool = Pool::builder(pool_manager)
.build()
// At time of writing only the `NoRuntimeSpecified` error is possible from the builder,
// which should only occur when configuring timeouts without a `Runtime`
.map_err(|e| ErrorType::Database(e.to_string()))
.err_context("Error creating pool for database connections")?;
tracing::debug!("Establishing connection to database for migrations...");
let migration_conn = pool
.get()
.await
.err_context("Failed to get connection to database")?;
tracing::debug!("Running migrations...");
AsyncMigrationHarness::new(migration_conn)
.run_pending_migrations(DB_MIGRATIONS)
.map_err(|e| ErrorType::Database(e.to_string()))
.err_context("Failed to run pending database migrations")?;
Ok(pool)
}

View File

@@ -0,0 +1,29 @@
use fred::prelude::*;
use crate::util::error::{Contextualize, Error, ErrorType};
const KEY_VAL_POOL_SIZE: usize = 4;
pub type KeyValPool = Pool;
pub async fn setup(connection_uri: &str) -> Result<KeyValPool, Error> {
let config = Config::from_url(connection_uri)
.map_err(|e| ErrorType::KeyValStore(e.to_string()))
.err_context("Error creating key-value store config")?;
let pool = Builder::from_config(config)
.build_pool(KEY_VAL_POOL_SIZE)
// At time of writing the only error that could occur here is if config is not provided.
// Since we're building a pool `from_config`, this shouldn't be possible
.map_err(|e| ErrorType::KeyValStore(e.to_string()))
.err_context("Error creating pool for key-value store")?;
tracing::debug!("Establishing connection to key-value store...");
pool.init()
.await
.map_err(|e| ErrorType::KeyValStore(e.to_string()))
.err_context("Error connecting to key-value store")?;
Ok(pool)
}

View File

@@ -1,12 +1,77 @@
use crate::App;
use crate::util::error::{Error, Result};
use dioxus::{
fullstack::axum::{Router, middleware::from_fn},
server::axum::Extension,
};
use tower_http::services::ServeFile;
pub fn main() -> Result<()> {
use crate::App;
use crate::app::LOGO_ICO;
use crate::server::{
auth::build_auth_layer,
config::{self, Config},
database, key_val_store,
require_auth_mw::require_auth_middleware,
};
use crate::util::error::{Contextualize, Error, Result};
pub fn main() -> Result<std::convert::Infallible> {
if let Err(e) = dotenvy::dotenv() {
tracing::warn!("Error reading .env: {e}");
}
dioxus::launch(App);
tracing::debug!("Loading configuration...");
let config = config::load_config()
.map_err(|e| Error::message_here(e.to_string()))
.err_context("Failed to load config")?;
Err(Error::message_here("Web server exited"))
// Dioxus doesn't expose a way to configure the public path other than this environment
// variable, and also doesn't provide a way to read what the public path is. As a workaround we
// expose a config option and set this variable that Dioxus expects.
// SAFETY: "This function is safe to call in a single-threaded program."
unsafe {
std::env::set_var("DIOXUS_PUBLIC_PATH", config.server.public_path.clone());
}
// `Ok(...?)` is because `dioxus::serve` expects an `anyhow::Result`
dioxus::serve(move || {
let config = config.clone();
async move { Ok(router_setup(config).await?) }
});
}
/// Set up the axum Router
async fn router_setup(config: Config) -> Result<Router> {
let db_pool = database::setup(config.database.connection_uri())
.await
.err_context("Failed database setup")?;
let key_val_pool = key_val_store::setup(&config.key_val_store.connection_uri())
.await
.err_context("Failed key-value store setup")?;
let favicon_path = {
// Resolve the favicon path
let asset_path = LOGO_ICO.resolve();
// If the asset path starts with "/", strip it. Otherwise it behaves as an "absolute path"
// and replaces the base path in the join operation. This is necessary because Dioxus will
// produce a path like "/assets/" in the call to `resolve`
let asset_path_rel = asset_path.strip_prefix("/").unwrap_or(&asset_path);
config.server.public_path.join(asset_path_rel)
};
tracing::debug!("Favicon path: {}", favicon_path.display());
let auth_layer = build_auth_layer(db_pool.clone(), key_val_pool, config.auth.cookies_secure);
let router = dioxus::server::router(App)
.layer(from_fn(require_auth_middleware))
.layer(Extension(config))
.layer(Extension(db_pool))
.layer(auth_layer)
.nest_service("/favicon.ico", ServeFile::new(favicon_path));
tracing::info!("Setup complete, returning Router...");
Ok(router)
}

View File

@@ -1,4 +1,8 @@
pub mod auth;
pub mod config;
pub mod database;
pub mod key_val_store;
pub mod main;
pub mod require_auth_mw;
pub use main::main;

View File

@@ -0,0 +1,63 @@
use dioxus::fullstack::{
axum::{body::Body, extract::Request, middleware::Next},
extract::FromRequestParts,
http::Response,
};
use dioxus::prelude::*;
use crate::server::auth::AuthSession;
#[cfg(not(debug_assertions))]
const ALLOWED_PATH_PREFIX: [&str; 1] = ["/assets/"];
#[cfg(debug_assertions)]
const ALLOWED_PATH_PREFIX: [&str; 2] = ["/assets/", "/wasm/"];
const ALLOWED_PATHS: [&str; 6] = [
"/login",
"/signup",
"/api/v1/auth/login",
"/api/v1/auth/signup",
"/api/v1/auth/user",
"/api/v1/auth/open-signup",
];
/// Axum middleware to redirect an unauthenticated request to /login unless it matches one of the allowed paths
pub async fn require_auth_middleware(
req: Request,
next: Next,
) -> Result<Response<Body>, (StatusCode, &'static str)> {
let path = req.uri().path();
if ALLOWED_PATH_PREFIX
.iter()
.any(|prefix| path.starts_with(prefix))
|| ALLOWED_PATHS.contains(&path)
{
let response = next.run(req).await;
return Ok(response);
}
let (mut parts, body) = req.into_parts();
let auth_session = AuthSession::from_request_parts(&mut parts, &()).await?;
if auth_session.user.is_none() {
let response = Response::builder()
.status(StatusCode::TEMPORARY_REDIRECT)
.header("Location", "/login")
.body(Body::empty())
.map_err(|_| {
(
StatusCode::INTERNAL_SERVER_ERROR,
"Failed to build response",
)
})?;
return Ok(response);
}
let req = Request::from_parts(parts, body);
let response = next.run(req).await;
Ok(response)
}

View File

@@ -43,7 +43,21 @@ impl fmt::Display for ErrorLocation {
}
}
pub type Result<T> = std::result::Result<T, Error>;
pub type Result<T, E = Error> = std::result::Result<T, E>;
/// Generate a random string to use as an id for the modal
/// This allows multiple toast/modal to be present
fn rand_modal_id() -> String {
use rand::RngExt;
let mut rng = rand::rng();
let random_str = (0..5)
.map(|_| rng.sample(rand::distr::Alphanumeric) as char)
.collect::<String>();
format!("err-modal-{random_str}")
}
#[derive(Debug, Clone, Deserialize, Serialize, thiserror::Error)]
pub struct Error {
@@ -97,6 +111,12 @@ impl Error {
}
}
/// Get the original cause of this error
/// Like `std::error::Error::source` but doesn't return an `Option`
pub fn source(&self) -> &ErrorType {
&self.source
}
/// Display this error as a modal dialog activated by a checkbox with the given id
pub fn as_modal(&self, id: String) -> Element {
rsx! {
@@ -173,28 +193,9 @@ impl Error {
}
}
/// Convert this error to a toast message, which opens a modal when clicked
pub fn as_toast(&self) -> Element {
// Generate a random string to use as an id for the modal
// This allows multiple toast/modal to be present
let modal_id = {
use rand::RngExt;
let mut rng = rand::rng();
let random_str = (0..5)
.map(|_| rng.sample(rand::distr::Alphanumeric) as char)
.collect::<String>();
format!("err-modal-{random_str}")
};
/// Convert this error into an alert label, tied to the given modal id
fn as_alert_for(&self, modal_id: String) -> Element {
rsx! {
{self.as_modal(modal_id.clone())}
div {
class: "toast",
label {
class: "alert alert-error alert-soft cursor-pointer",
role: "alert",
@@ -208,6 +209,29 @@ impl Error {
}
}
}
/// Convert this error to a toast message, which opens a modal when clicked
pub fn as_toast(&self) -> Element {
let modal_id = rand_modal_id();
rsx! {
{self.as_modal(modal_id.clone())}
div {
class: "toast z-99",
{self.as_alert_for(modal_id)}
}
}
}
/// Convert this error into an alert label, which opens a modal when clicked
pub fn as_alert(&self) -> Element {
let modal_id = rand_modal_id();
rsx! {
{self.as_modal(modal_id.clone())}
{self.as_alert_for(modal_id)}
}
}
}
@@ -239,12 +263,14 @@ impl From<ServerFnError> for Error {
impl dioxus_fullstack::AsStatusCode for Error {
fn as_status_code(&self) -> StatusCode {
match &self.source {
ErrorType::Auth(AuthError::InvalidCredentials | AuthError::Unauthorized) => {
StatusCode::UNAUTHORIZED
}
ErrorType::Database(msg) if *msg == (diesel::result::Error::NotFound).to_string() => {
StatusCode::NOT_FOUND
}
ErrorType::Database(_) => StatusCode::INTERNAL_SERVER_ERROR,
ErrorType::Error(_) => StatusCode::INTERNAL_SERVER_ERROR,
ErrorType::ServerFnError(e) => e.as_status_code(),
_ => StatusCode::INTERNAL_SERVER_ERROR,
}
}
}
@@ -283,6 +309,9 @@ impl<T, E: Into<Error>> Contextualize<Result<T>> for E {
#[derive(Debug, Clone, thiserror::Error, Deserialize, Serialize)]
pub enum ErrorType {
#[error("Authentication error: {0}")]
Auth(AuthError),
// Using string to represent Diesel errors, because Diesel's Error type is not `Serialize`,
// and Diesel is only available on the server
#[error("Database error: {0}")]
@@ -293,6 +322,11 @@ pub enum ErrorType {
#[error("Server function error: {0}")]
ServerFnError(ServerFnError),
// Using string to represent Fred errors, because Fred's Error type is not `Serialize`,
// and Fred is only available on the server
#[error("Key-value store error: {0}")]
KeyValStore(String),
}
impl From<ErrorType> for Error {
@@ -309,3 +343,33 @@ impl From<diesel::result::Error> for Error {
Error::new_here(ErrorType::Database(format!("{err}")))
}
}
// This would capture any `deapool::PoolError` and treat it as a database error
// but we're only using `deadpool` for our database, so it's fine
#[cfg(feature = "server")]
impl From<diesel_async::pooled_connection::deadpool::PoolError> for Error {
#[track_caller]
fn from(err: diesel_async::pooled_connection::deadpool::PoolError) -> Self {
Error::new_here(ErrorType::Database(format!("{err}")))
}
}
#[cfg(feature = "server")]
impl From<fred::error::Error> for Error {
#[track_caller]
fn from(err: fred::error::Error) -> Self {
Error::new_here(ErrorType::KeyValStore(format!("{err}")))
}
}
#[derive(Debug, Clone, thiserror::Error, Deserialize, Serialize)]
pub enum AuthError {
#[error("Invalid credentials")]
InvalidCredentials,
#[error("{0}")]
Error(String),
#[error("Unauthorized")]
Unauthorized,
}

View File

@@ -21,4 +21,9 @@
@apply hover:text-base-content/70;
@apply active:text-primary active:translate-y-[.5px] active:shadow-(--btn-shadow);
}
.input:focus-within {
outline-width: 1px;
outline-offset: 0px;
}
}