Compare commits

..

3 Commits

Author SHA1 Message Date
353288bc05 Load configuration in server main
Some checks failed
Push Workflows / rustfmt (push) Failing after 5s
Push Workflows / tailwind-build (push) Successful in 5s
Push Workflows / test (push) Failing after 18s
Push Workflows / docs (push) Successful in 19s
Push Workflows / clippy (push) Failing after 15s
Push Workflows / build (push) Failing after 41s
Push Workflows / nix-build (push) Has been cancelled
2026-06-23 21:29:13 -04:00
5cbfa6ac9e Add web server launch message 2026-06-23 21:27:00 -04:00
f34aeafe0e Return Result from server main 2026-06-23 21:26:14 -04:00
27 changed files with 86 additions and 1770 deletions

11
.gitignore vendored
View File

@@ -7,14 +7,3 @@
/result
.env
# Anything the config crate looks for
config.ini
config.json
config.json5
config.ron
config.toml
config.yaml
config.yml
/migrations/.diesel_lock

703
Cargo.lock generated

File diff suppressed because it is too large Load Diff

View File

@@ -9,24 +9,16 @@ edition = "2024"
build = "src/build.rs"
[dependencies]
axum-login = { version = "0.18.0", optional = true }
cfg-if = "1.0.4"
chrono = { version = "0.4.45", features = ["serde"] }
config = { version = "0.15.24", optional = true }
diesel = { version = "2.3.10", optional = true, features = ["chrono"] }
diesel-async = { version = "0.9.1", optional = true, features = ["postgres", "deadpool", "migrations"] }
diesel_migrations = { version = "2.3.2", optional = true }
diesel = { version = "2.3.10", optional = true, features = [ "postgres" ] }
diesel_migrations = { version = "2.3.2", optional = true, features = [ "postgres" ] }
dioxus = { version = "0.7.9", features = ["router", "fullstack"] }
dioxus-html = "0.7.9"
dotenvy = { version = "0.15.7", optional = true }
fred = { version = "10.1.0", optional = true }
lucide-dioxus = { version = "3.11.0", features = ["notifications", "account"] }
pbkdf2 = { version = "0.13.0", optional = true, features = ["getrandom", "phc"] }
lucide-dioxus = { version = "3.11.0", features = ["notifications"] }
rand = "0.10.1"
serde = { version = "1.0.228", features = ["derive"] }
thiserror = "2.0.18"
tower-http = { version = "0.7.0", optional = true, features = ["fs"] }
tower-sessions-redis-store = { version = "0.16.0", optional = true }
tokio = { version = "1.52.3", optional = true, features = ["rt-multi-thread"] }
tracing = "0.1.44"
[features]
@@ -34,16 +26,11 @@ default = ["web"]
web = ["dioxus/web"]
server = [
"dioxus/server",
"dep:axum-login",
"dep:config",
"dep:diesel",
"dep:diesel-async",
"dep:diesel_migrations",
"dep:dotenvy",
"dep:fred",
"dep:pbkdf2",
"dep:tower-http",
"dep:tower-sessions-redis-store",
"dep:tokio",
]
# Disabled until supported

Binary file not shown.

Before

Width:  |  Height:  |  Size: 121 KiB

View File

@@ -1 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <svg viewBox="0 0 254 254" version="1.1" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:svg="http://www.w3.org/2000/svg"><clipPath clipPathUnits="userSpaceOnUse" id="clippath"><path fill="#4032a8" d="m 9.028871e-5,480.0001 v 0 C 9.028871e-5,214.90342 214.90341,1.0022047e-4 480.00009,1.0022047e-4 v 0 c 127.30393,0 249.39377,50.57128477953 339.41122,140.58874977953 90.01752,90.01746 140.58875,212.10733 140.58875,339.41125 v 0 c 0,265.09665 -214.90332,479.99997 -479.99997,479.99997 v 0 C 214.90341,960.00007 9.028871e-5,745.09675 9.028871e-5,480.0001 Z" fill-rule="evenodd" style="display:inline;fill:#4032a8;fill-opacity:.495496"/></clipPath><g><g style="fill:none;stroke:none;stroke-linecap:square;stroke-miterlimit:10" transform="matrix(0.26458333,0,0,0.26458333,0,4.5672766)"><g clip-path="url(#p.0)" transform="translate(0,-17.262248)"><path fill="#4032a8" d="m 9.028871e-5,480.0001 v 0 C 9.028871e-5,214.90342 214.90341,1e-4 480.00009,1e-4 v 0 c 127.30393,0 249.39377,50.571285 339.41122,140.58875 90.01752,90.01746 140.58875,212.10733 140.58875,339.41125 v 0 c 0,265.09665 -214.90332,479.99997 -479.99997,479.99997 v 0 C 214.90341,960.00007 9.028871e-5,745.09675 9.028871e-5,480.0001 Z" fill-rule="evenodd"/><path stroke="#ffffff" stroke-width="4" stroke-linejoin="round" stroke-linecap="butt" d="m 60.00009,480.0001 v 0 c 0,-231.9596 188.0404,-420 420,-420 v 0 c 111.3909,0 218.21957,44.24988 296.98483,123.01516 78.76532,78.76527 123.01514,185.59392 123.01514,296.98486 v 0 c 0,231.95956 -188.0404,419.99997 -419.99997,419.99997 v 0 c -231.9596,0 -420,-188.0404 -420,-419.99997 z" fill-rule="evenodd" style="stroke-width:10.6666668;stroke-dasharray:none"/><path stroke="#ffffff" stroke-width="4" stroke-linejoin="round" stroke-linecap="butt" d="m 120.00009,480.0001 v 0 c 0,-198.82251 161.17749,-360 360,-360 v 0 c 95.47794,0 187.04532,37.92846 254.55844,105.44157 67.51312,67.51309 105.44153,159.0805 105.44153,254.55844 v 0 c 0,198.82248 -161.17749,359.99997 -359.99997,359.99997 v 0 c -198.82251,0 -360,-161.17749 -360,-359.99997 z" fill-rule="evenodd" style="stroke-width:10.6666668;stroke-dasharray:none"/><path fill="#ffffff" d="m 319.01666,480.00092 v 0 c 0,-88.90915 72.0751,-160.98425 160.98425,-160.98425 v 0 c 42.69568,0 83.64264,16.96078 113.83307,47.15121 30.19037,30.1904 47.15118,71.13736 47.15118,113.83304 v 0 c 0,88.90918 -72.07507,160.98425 -160.98425,160.98425 v 0 c -88.90915,0 -160.98425,-72.07507 -160.98425,-160.98425 z" fill-rule="evenodd" style="display:inline"/><path stroke="#ffffff" stroke-width="4" stroke-linejoin="round" stroke-linecap="butt" d="m 180.00009,480.0001 v 0 c 0,-165.68542 134.31458,-300 300,-300 v 0 c 79.56497,0 155.87112,31.60704 212.13205,87.86795 56.26092,56.26092 87.86792,132.56711 87.86792,212.13205 v 0 c 0,165.6854 -134.31458,299.99997 -299.99997,299.99997 v 0 c -165.68542,0 -300,-134.31458 -300,-299.99997 z" fill-rule="evenodd" style="stroke-width:10.6666668;stroke-dasharray:none"/><path fill="#ffffff" d="M 427.60658,-273.65095 504.05265,93.386828 478.34507,135.07715 570.21183,450.80446 544.78065,501.65549 662.47712,1028.614 477.52388,620.42282 508.81779,566.37301 393.66837,305.06321 429.7686,227.61648 308.24258,-46.542095 Z" fill-rule="evenodd" style="stroke-width:1.16873" clip-path="url(#clippath)"/></g></g></g></svg>

Before

Width:  |  Height:  |  Size: 3.3 KiB

View File

@@ -1,2 +0,0 @@
DROP INDEX users_username_idx;
DROP TABLE users;

View File

@@ -1,8 +0,0 @@
CREATE TABLE users (
id INTEGER PRIMARY KEY UNIQUE NOT NULL GENERATED ALWAYS AS IDENTITY,
username VARCHAR UNIQUE NOT NULL,
hashed_password VARCHAR NOT NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE UNIQUE INDEX users_username_idx ON users(username);

View File

@@ -1,94 +0,0 @@
use dioxus::prelude::*;
use crate::models::user::{User, UserCredentials};
use crate::util::error::Result;
cfg_if::cfg_if! {
if #[cfg(feature = "server")] {
use dioxus::server::axum::Extension;
use crate::server::{auth::{AuthSession, create_user}, config::Config, database::DbPool};
use crate::util::error::{AuthError, Contextualize, Error, ErrorType};
}
}
#[post("/api/v1/auth/signup", mut auth: Extension<AuthSession>, db_pool: Extension<DbPool>, config: Extension<Config>)]
pub async fn signup(credentials: UserCredentials) -> Result<User> {
if !config.auth.open_signup {
return Err(Error::message_here("Signup is disabled"));
}
// Don't allow signup when already logged in
if auth.user.is_some() {
return Err(Error::message_here("Log out before creating an account"));
}
let hashed_creds = credentials
.try_hash()
.map_err(|e| Error::message_here(e.to_string()))
.err_context("Error hashing new user credentials")?;
let mut db_conn = db_pool
.get()
.await
.err_context("Failed to get database pool connection")?;
let new_user = create_user(&mut db_conn, &hashed_creds)
.await
.err_context("Error creating user")?;
// Don't return this to the client, logging in immediately isn't strictly necessary
if let Err(e) = auth.login(&new_user).await {
tracing::warn!("Failed to log in user after creating: {e}");
}
Ok(new_user.into())
}
#[post("/api/v1/auth/login", mut auth: Extension<AuthSession>)]
pub async fn login(credentials: UserCredentials) -> Result<User> {
let db_user = match auth.authenticate(credentials).await {
Ok(Some(db_user)) => Ok(db_user),
Ok(None) => Err(Error::new_here(ErrorType::Auth(
AuthError::InvalidCredentials,
))),
Err(axum_login::Error::Session(e)) => Err(Error::new_here(ErrorType::Auth(
AuthError::Error(format!("Session error: {e}")),
))),
Err(axum_login::Error::Backend(e)) => Err(e),
}
.err_context("Error authenticating")?;
auth.login(&db_user)
.await
.map_err(|e| Error::new_here(ErrorType::Auth(AuthError::Error(e.to_string()))))
.err_context("Error logging in")?;
Ok(db_user.into())
}
#[post("/api/v1/auth/logout", mut auth: Extension<AuthSession>)]
pub async fn logout() -> Result<()> {
match auth.logout().await {
Ok(_) => Ok(()),
Err(axum_login::Error::Session(e)) => Err(Error::new_here(ErrorType::Auth(
AuthError::Error(format!("Session error: {e}")),
))),
Err(axum_login::Error::Backend(e)) => Err(e),
}
.err_context("Error logging out")
}
/// Retrieve the currently logged-in user, or `None` if unauthenticated
#[get("/api/v1/auth/user", auth: Extension<AuthSession>)]
pub async fn get_user() -> Result<Option<User>> {
Ok(auth.user.clone().map(Into::into))
}
/// Check if open signup is enabled
#[get("/api/v1/auth/open-signup", config: Extension<Config>)]
pub async fn open_signup() -> Result<bool> {
Ok(config.auth.open_signup)
}

View File

@@ -1 +1 @@
pub mod auth;

View File

@@ -1,7 +1,5 @@
use dioxus::prelude::*;
pub const LOGO_SVG: Asset = asset!("/assets/logo.svg");
pub const LOGO_ICO: Asset = asset!("/assets/favicon.ico");
const TAILWIND_CSS: Asset = asset!("/assets/tailwind.css");
#[derive(Debug, Clone, Routable, PartialEq)]
@@ -14,7 +12,6 @@ enum Route {
#[component]
pub fn App() -> Element {
rsx! {
document::Link { rel: "icon", href: LOGO_ICO }
document::Link { rel: "stylesheet", href: TAILWIND_CSS }
Router::<Route> {}
}

View File

@@ -1,35 +0,0 @@
use dioxus::prelude::*;
use crate::app::LOGO_SVG;
#[component]
pub fn Footer() -> Element {
rsx! {
footer {
class: "footer md:footer-horizontal fixed bottom-0 text-base-content/70 bg-base-300 items-center p-4",
aside {
class: "flex items-center",
img {
class: "w-12 h-12",
src: LOGO_SVG,
}
div {
p {
class: "text-xl font-bold",
"LibreTunes",
}
a {
class: "text-sm",
href: env!("CARGO_PKG_REPOSITORY"),
"v" {env!("CARGO_PKG_VERSION")},
}
}
}
}
}
}

View File

@@ -1,101 +0,0 @@
use dioxus::prelude::*;
use serde::de::DeserializeOwned;
use crate::util::error::Error;
/// A simple styled form card. Parses form fields into the provided generic type, and calls the
/// callback when submitted via button or enter key.
#[component]
pub fn Form<T>(
/// Heading above the form
title: String,
/// Form content, placed inside a `fieldset`
children: Element,
/// Text displayed on the form button
action_message: String,
/// Form-related error. Set to a parsing error on parse failure, or can be used to display any
/// submission error. Clears on each submit. Displays as a card between the inputs and action
/// button, opens a modal on click.
#[props(default)]
error: Signal<Option<Error>>,
/// Whether the form should display in a "loading" state, disables the action button and
/// displays a loading animation instead. For best UX, especially on pages the user might open
/// directly as opposed to navigate to within the app, initialize to true. This component will
/// set it to false when run. This sequence will discourage users from submitting the form
/// before the page is ready to handle it. Can also be used to indicate background work is
/// taking place in the `callback`, but this is not done automatically.
#[props(default)]
loading: Signal<bool>,
/// Content to display below the action button
#[props(default)]
extra_content: Option<Element>,
/// Form submission callback. Called with the deserialized form inputs.
onsubmit: Callback<T>,
) -> Element
where
T: DeserializeOwned + 'static,
{
// Button is initialized to loading, then set back when WASM is finished loading (use_effect
// runs only on the client)
use_effect(move || loading.set(false));
rsx! {
div {
class: "card card-xl w-full sm:w-100 sm:h-fit bg-base-200",
form {
onsubmit: move |evt| {
evt.prevent_default();
let data: T = match evt.data.parsed_values() {
Ok(data) => data,
Err(e) => {
let e = Error::message_here(e.to_string())
.with_context("Failed to parse form inputs");
error.set(Some(e));
return;
}
};
error.set(None);
onsubmit.call(data);
},
class: "card-body gap-3",
h1 {
class: "card-title",
{title}
}
fieldset {
class: "fieldset pt-0 gap-1",
{children}
}
{error().map(|e| e.as_alert())}
div {
class: "card-actions gap-4",
button {
class: "btn btn-primary btn-block",
disabled: loading(),
if loading() {
span {
class: "loading loading-dots"
}
} else {
{action_message}
}
}
{extra_content}
}
}
}
}
}

View File

@@ -1,68 +0,0 @@
use dioxus::prelude::*;
/// A simple styled input box
#[component]
pub fn FormInput(
/// The placeholder text and label. When text is entered in the input, the label is shown above
/// the input box.
label: String,
#[props(default)] name: Option<String>,
#[props(default)] required: bool,
#[props(default)] r#type: String,
children: Element,
) -> Element {
let name = name.unwrap_or(label.to_lowercase());
rsx! {
div {
class: "group/field",
p {
class: "opacity-0 not-group-has-placeholder-shown/field:opacity-70 transition-opacity pl-2",
{label.clone()}
}
label {
class: "input w-full",
{children}
input {
name,
required,
r#type,
placeholder: label,
}
}
}
}
}
#[component]
pub fn UsernameInput() -> Element {
rsx! {
FormInput {
label: "Username",
required: true,
lucide_dioxus::UserRound {
class: "opacity-50",
}
}
}
}
#[component]
pub fn PasswordInput() -> Element {
rsx! {
FormInput {
label: "Password",
required: true,
r#type: "password",
lucide_dioxus::KeyRound {
class: "opacity-50",
}
}
}
}

View File

@@ -1,7 +1 @@
pub mod footer;
pub mod form;
pub mod form_input;
pub use footer::*;
pub use form::*;
pub use form_input::*;

View File

@@ -3,10 +3,8 @@ pub mod app;
pub mod components;
pub mod models;
pub mod pages;
pub mod util;
#[cfg(feature = "server")]
pub mod schema;
pub mod util;
#[cfg(feature = "server")]
pub mod server;
@@ -16,9 +14,6 @@ use crate::app::App;
fn tracing_setup() {
#[cfg(debug_assertions)]
dioxus::logger::init(tracing::Level::DEBUG).expect("Failed to initialize tracing logger");
#[cfg(not(debug_assertions))]
dioxus::logger::init(tracing::Level::INFO).expect("Failed to initialize tracing logger");
}
#[cfg(not(feature = "server"))]
@@ -31,8 +26,9 @@ fn main() {
fn main() -> std::process::ExitCode {
tracing_setup();
let Err(e) = server::main();
tracing::error!("Server main failed:\n{e}");
if let Err(e) = server::main() {
tracing::error!("Server main failed:\n{e}");
}
std::process::ExitCode::FAILURE
}

View File

@@ -1 +1 @@
pub mod user;

View File

@@ -1,147 +0,0 @@
//! Various user types. Some types marked server-only to help prevent
//! leaking passwords to the frontend
use serde::{Deserialize, Serialize};
/// Standard informational user type, contains no password information
#[derive(Clone, Debug, Deserialize, Serialize)]
#[cfg_attr(feature = "server", derive(Queryable, Selectable, Identifiable))]
#[cfg_attr(feature = "server", diesel(table_name = crate::schema::users,
check_for_backend(diesel::pg::Pg)))]
pub struct User {
pub id: i32,
pub username: String,
pub created_at: chrono::DateTime<chrono::Local>,
}
/// Plaintext user credentials, used for login/signup form
#[derive(Deserialize, Serialize)]
pub struct UserCredentials {
pub username: String,
pub password: String,
}
cfg_if::cfg_if! {
if #[cfg(feature = "server")] {
use diesel::{
deserialize::{FromSql, FromSqlRow},
expression::AsExpression,
prelude::*,
serialize::ToSql,
sql_types,
};
use pbkdf2::{
PasswordHasher, PasswordVerifier, Pbkdf2, password_hash::Error::PasswordInvalid,
phc::PasswordHash,
};
use crate::util::error::{Error, Result};
/// Newtype for a `String`-represented hashed password
#[derive(Clone, Debug, AsExpression, FromSqlRow)]
#[diesel(sql_type = sql_types::Text)]
pub struct HashedPassword(String);
impl HashedPassword {
/// Check a password attempt against this hashed password
///
/// # Returns
///
/// `Ok(true)` for a correct password
/// `Ok(false)` for an incorrect password
/// `Err` for a hashing error
pub fn check(&self, password_attempt: String) -> Result<bool> {
let pw_hash = PasswordHash::new(&self.0)
.map_err(|e| Error::message_here(format!("Error parsing `HashedPassword`: {e}")))?;
match Pbkdf2::default().verify_password(password_attempt.as_bytes(), &pw_hash) {
Ok(()) => Ok(true),
Err(PasswordInvalid) => Ok(false),
Err(e) => Err(Error::message_here(format!(
"Error comparing password attempt against hash: {e}"
))),
}
}
/// Returns the "session auth hash" for `axum-login`, just the hashed password as bytes
pub fn auth_hash(&self) -> &[u8] {
self.0.as_bytes()
}
}
impl<DB> FromSql<diesel::sql_types::Text, DB> for HashedPassword
where
DB: diesel::backend::Backend,
String: FromSql<sql_types::Text, DB>,
{
fn from_sql(bytes: DB::RawValue<'_>) -> diesel::deserialize::Result<Self> {
Ok(Self(String::from_sql(bytes)?))
}
}
impl<DB> ToSql<diesel::sql_types::Text, DB> for HashedPassword
where
DB: diesel::backend::Backend,
String: ToSql<sql_types::Text, DB>,
{
fn to_sql<'b>(
&'b self,
out: &mut diesel::serialize::Output<'b, '_, DB>,
) -> diesel::serialize::Result {
self.0.to_sql(out)
}
}
/// User as it appears in the database, with hashed password
#[derive(Clone, Debug, Identifiable, Queryable, Selectable)]
#[diesel(table_name = crate::schema::users, check_for_backend(diesel::pg::Pg))]
pub struct DbUser {
pub id: i32,
pub username: String,
pub hashed_password: HashedPassword,
pub created_at: chrono::DateTime<chrono::Local>,
}
impl From<DbUser> for User {
fn from(db_user: DbUser) -> Self {
User {
id: db_user.id,
username: db_user.username,
created_at: db_user.created_at,
}
}
}
/// User credentials with hashed password
#[derive(Clone, Debug, Insertable, Queryable, Selectable)]
#[diesel(table_name = crate::schema::users, check_for_backend(diesel::pg::Pg))]
pub struct HashedUserCredentials {
username: String,
hashed_password: HashedPassword,
}
impl From<DbUser> for HashedUserCredentials {
fn from(db_user: DbUser) -> Self {
HashedUserCredentials {
username: db_user.username,
hashed_password: db_user.hashed_password,
}
}
}
impl UserCredentials {
/// Attempt to convert into `HashedUserCredentials` by hashing the password. Yields a PBKDF2
/// error on failure.
pub fn try_hash(self) -> Result<HashedUserCredentials, pbkdf2::password_hash::Error> {
let hashed_password = Pbkdf2::default().hash_password(self.password.as_bytes())?;
Ok(HashedUserCredentials {
username: self.username,
hashed_password: HashedPassword(hashed_password.to_string()),
})
}
}
}
}

View File

@@ -1,10 +1 @@
// @generated automatically by Diesel CLI.
diesel::table! {
users (id) {
id -> Int4,
username -> Varchar,
hashed_password -> Varchar,
created_at -> Timestamptz,
}
}

View File

@@ -1,122 +0,0 @@
use axum_login::{AuthManagerLayer, AuthUser, AuthnBackend, UserId};
use diesel::prelude::*;
use diesel_async::RunQueryDsl;
use tower_sessions_redis_store::RedisStore;
use crate::models::user::{DbUser, HashedUserCredentials, UserCredentials};
use crate::server::{
database::{DbConn, DbPool},
key_val_store::KeyValPool,
};
use crate::util::error::{Contextualize, Error, Result};
pub type AuthLayer = AuthManagerLayer<AuthBackend, RedisStore<KeyValPool>>;
pub type AuthSession = axum_login::AuthSession<AuthBackend>;
impl AuthUser for DbUser {
type Id = i32;
fn id(&self) -> Self::Id {
self.id
}
fn session_auth_hash(&self) -> &[u8] {
self.hashed_password.auth_hash()
}
}
#[derive(Clone)]
pub struct AuthBackend {
pub db_pool: DbPool,
}
impl AuthnBackend for AuthBackend {
type User = DbUser;
type Credentials = UserCredentials;
type Error = Error;
async fn authenticate(
&self,
attempt_creds: Self::Credentials,
) -> Result<Option<Self::User>, Self::Error> {
let mut db_conn = self
.db_pool
.get()
.await
.err_context("Failed to get database pool connection")?;
let user = get_user_by_username(&mut db_conn, attempt_creds.username)
.await
.err_context("Error fetching user for authentication check")?;
let Some(user) = user else { return Ok(None) };
let password_result = user
.hashed_password
.check(attempt_creds.password)
.err_context("Error checking user password attempt")?;
if password_result {
Ok(Some(user))
} else {
Ok(None)
}
}
async fn get_user(&self, user_id: &UserId<Self>) -> Result<Option<Self::User>, Self::Error> {
let mut db_conn = self
.db_pool
.get()
.await
.err_context("Failed to get database pool connection")?;
get_user_by_id(&mut db_conn, *user_id)
.await
.err_context("Failed fetching user for session")
}
}
pub async fn create_user(
db_conn: &mut DbConn,
credentials: &HashedUserCredentials,
) -> Result<DbUser> {
diesel::insert_into(crate::schema::users::table)
.values(credentials)
.get_result(db_conn)
.await
.err_context("Error creating user")
}
pub async fn get_user_by_id(db_conn: &mut DbConn, id: i32) -> Result<Option<DbUser>> {
crate::schema::users::table
.find(id)
.first(db_conn)
.await
.optional()
.err_context("Error fetching user from database by id")
}
pub async fn get_user_by_username(
db_conn: &mut DbConn,
username: String,
) -> Result<Option<DbUser>> {
crate::schema::users::table
.filter(crate::schema::users::username.eq(username))
.first(db_conn)
.await
.optional()
.err_context("Error fetching user from database by username")
}
/// Create the authentication middleware layer
pub fn build_auth_layer(db_pool: DbPool, key_val_pool: KeyValPool, use_secure: bool) -> AuthLayer {
use axum_login::{AuthManagerLayerBuilder, tower_sessions::SessionManagerLayer};
use tower_sessions_redis_store::RedisStore;
let auth_session_store = RedisStore::new(key_val_pool);
let session_layer = SessionManagerLayer::new(auth_session_store).with_secure(use_secure);
let auth_backend = AuthBackend { db_pool };
AuthManagerLayerBuilder::new(auth_backend, session_layer).build()
}

View File

@@ -1,161 +1,8 @@
use std::path::PathBuf;
use serde::Deserialize;
/// Enable secure cookies by default only in release mode
/// (Secure cookies can't be set over HTTP. Rough assumption: development is done over HTTP)
const DEFAULT_COOKIES_SECURE: bool = cfg!(not(debug_assertions));
#[derive(Debug, Clone, Deserialize)]
pub struct AuthConfig {
pub open_signup: bool,
pub cookies_secure: bool,
}
/// Build a connection URI from parts
fn format_uri(
scheme: &str,
username: &Option<String>,
password: &Option<String>,
host: &str,
port: &Option<u16>,
path: &Option<String>,
) -> String {
let mut url = format!("{scheme}://");
if let Some(username) = username {
url.push_str(username);
if let Some(password) = password {
url.push_str(&format!(":{password}"));
}
url.push('@');
}
url.push_str(host);
if let Some(port) = port {
url.push_str(&format!(":{port}"));
}
if let Some(path) = path {
url.push_str(&format!("/{path}"));
}
url
}
#[derive(Debug, Clone, Deserialize)]
pub struct DatabaseConfig {
#[serde(flatten)]
connection: DatabaseConnectionConfig,
}
impl DatabaseConfig {
/// Get the configured database connection URI
pub fn connection_uri(&self) -> String {
self.connection.as_uri()
}
}
#[derive(Debug, Clone, Deserialize)]
#[serde(untagged)]
enum DatabaseConnectionConfig {
FromUrl {
url: String,
},
FromParts {
host: String,
port: Option<u16>,
database: Option<String>,
username: Option<String>,
password: Option<String>,
},
}
impl DatabaseConnectionConfig {
/// Convert this configuration into the Postgres connection URI
pub fn as_uri(&self) -> String {
match self {
Self::FromUrl { url } => url.clone(),
Self::FromParts {
host,
port,
database,
username,
password,
} => format_uri("postgres", username, password, host, port, database),
}
}
}
#[derive(Debug, Clone, Deserialize)]
#[serde(untagged)]
enum KeyValStoreConnectionConfig {
FromUrl {
url: String,
},
FromParts {
scheme: Option<String>,
host: String,
port: Option<u16>,
database: Option<String>,
username: Option<String>,
password: Option<String>,
},
}
impl KeyValStoreConnectionConfig {
/// Convert this configuration into the Redis connection URI
pub fn as_uri(&self) -> String {
match self {
Self::FromUrl { url } => url.clone(),
Self::FromParts {
scheme,
host,
port,
database,
username,
password,
} => format_uri(
scheme.as_deref().unwrap_or("redis"),
username,
password,
host,
port,
database,
),
}
}
}
#[derive(Debug, Clone, Deserialize)]
pub struct KeyValStoreConfig {
#[serde(flatten)]
connection: KeyValStoreConnectionConfig,
}
impl KeyValStoreConfig {
/// Get the configured database connection URI
pub fn connection_uri(&self) -> String {
self.connection.as_uri()
}
}
#[derive(Debug, Clone, Deserialize)]
pub struct ServerConfig {
pub public_path: PathBuf,
}
#[derive(Debug, Clone, Deserialize)]
/// Top-level application configuration
pub struct Config {
pub auth: AuthConfig,
pub database: DatabaseConfig,
pub key_val_store: KeyValStoreConfig,
pub server: ServerConfig,
}
pub struct Config {}
/// Parse configuration from the expected files and environment variables
pub fn load_config() -> Result<Config, config::ConfigError> {
@@ -165,9 +12,6 @@ pub fn load_config() -> Result<Config, config::ConfigError> {
config::Config::builder()
.set_default("server.port", 8080)?
.set_default("auth.open_signup", false)?
.set_default("auth.cookies_secure", DEFAULT_COOKIES_SECURE)?
.set_default("server.public_path", default_public_dir())?
.add_source(File::with_name(&format!("/etc/{pkg_name}/config")).required(false))
.add_source(File::with_name(&format!("/etc/{pkg_name}")).required(false))
.add_source(File::with_name("config").required(false))
@@ -175,19 +19,3 @@ pub fn load_config() -> Result<Config, config::ConfigError> {
.build()?
.try_deserialize()
}
/// Provide a sane default for the public path, using the same sources as Dioxus does internally.
/// Checks the `DIOXUS_PUBLIC_PATH` environment variable, then tries relative to the path of this
/// executable
fn default_public_dir() -> Option<String> {
std::env::var("DIOXUS_PUBLIC_PATH").ok().or_else(|| {
std::env::current_exe().ok().and_then(|path| {
path.parent()
.expect("current executable path must have a parent")
.join("public")
.into_os_string()
.into_string()
.ok()
})
})
}

View File

@@ -1,40 +0,0 @@
use diesel_async::{
AsyncMigrationHarness, AsyncPgConnection,
pooled_connection::{AsyncDieselConnectionManager, deadpool::Pool},
};
use diesel_migrations::{EmbeddedMigrations, MigrationHarness, embed_migrations};
use crate::util::error::{Contextualize, Error, ErrorType};
pub const DB_MIGRATIONS: EmbeddedMigrations = embed_migrations!();
pub type DbPool = Pool<AsyncPgConnection>;
pub type DbConn = AsyncPgConnection;
/// Connect to the database using the given URI, and perform migrations
pub async fn setup<S: Into<String>>(database_uri: S) -> Result<DbPool, Error> {
let pool_manager = AsyncDieselConnectionManager::<AsyncPgConnection>::new(database_uri);
let pool = Pool::builder(pool_manager)
.build()
// At time of writing only the `NoRuntimeSpecified` error is possible from the builder,
// which should only occur when configuring timeouts without a `Runtime`
.map_err(|e| ErrorType::Database(e.to_string()))
.err_context("Error creating pool for database connections")?;
tracing::debug!("Establishing connection to database for migrations...");
let migration_conn = pool
.get()
.await
.err_context("Failed to get connection to database")?;
tracing::debug!("Running migrations...");
AsyncMigrationHarness::new(migration_conn)
.run_pending_migrations(DB_MIGRATIONS)
.map_err(|e| ErrorType::Database(e.to_string()))
.err_context("Failed to run pending database migrations")?;
Ok(pool)
}

View File

@@ -1,29 +0,0 @@
use fred::prelude::*;
use crate::util::error::{Contextualize, Error, ErrorType};
const KEY_VAL_POOL_SIZE: usize = 4;
pub type KeyValPool = Pool;
pub async fn setup(connection_uri: &str) -> Result<KeyValPool, Error> {
let config = Config::from_url(connection_uri)
.map_err(|e| ErrorType::KeyValStore(e.to_string()))
.err_context("Error creating key-value store config")?;
let pool = Builder::from_config(config)
.build_pool(KEY_VAL_POOL_SIZE)
// At time of writing the only error that could occur here is if config is not provided.
// Since we're building a pool `from_config`, this shouldn't be possible
.map_err(|e| ErrorType::KeyValStore(e.to_string()))
.err_context("Error creating pool for key-value store")?;
tracing::debug!("Establishing connection to key-value store...");
pool.init()
.await
.map_err(|e| ErrorType::KeyValStore(e.to_string()))
.err_context("Error connecting to key-value store")?;
Ok(pool)
}

View File

@@ -1,20 +1,8 @@
use dioxus::{
fullstack::axum::{Router, middleware::from_fn},
server::axum::Extension,
};
use tower_http::services::ServeFile;
use crate::App;
use crate::app::LOGO_ICO;
use crate::server::{
auth::build_auth_layer,
config::{self, Config},
database, key_val_store,
require_auth_mw::require_auth_middleware,
};
use crate::util::error::{Contextualize, Error, Result};
use crate::util::error::Error;
use crate::server::config;
pub fn main() -> Result<std::convert::Infallible> {
pub fn main() -> Result<()> {
if let Err(e) = dotenvy::dotenv() {
tracing::warn!("Error reading .env: {e}");
}
@@ -24,54 +12,8 @@ pub fn main() -> Result<std::convert::Infallible> {
.map_err(|e| Error::message_here(e.to_string()))
.err_context("Failed to load config")?;
// Dioxus doesn't expose a way to configure the public path other than this environment
// variable, and also doesn't provide a way to read what the public path is. As a workaround we
// expose a config option and set this variable that Dioxus expects.
// SAFETY: "This function is safe to call in a single-threaded program."
unsafe {
std::env::set_var("DIOXUS_PUBLIC_PATH", config.server.public_path.clone());
}
tracing::info!("Setup complete, launching web server...");
dioxus::launch(App);
// `Ok(...?)` is because `dioxus::serve` expects an `anyhow::Result`
dioxus::serve(move || {
let config = config.clone();
async move { Ok(router_setup(config).await?) }
});
}
/// Set up the axum Router
async fn router_setup(config: Config) -> Result<Router> {
let db_pool = database::setup(config.database.connection_uri())
.await
.err_context("Failed database setup")?;
let key_val_pool = key_val_store::setup(&config.key_val_store.connection_uri())
.await
.err_context("Failed key-value store setup")?;
let favicon_path = {
// Resolve the favicon path
let asset_path = LOGO_ICO.resolve();
// If the asset path starts with "/", strip it. Otherwise it behaves as an "absolute path"
// and replaces the base path in the join operation. This is necessary because Dioxus will
// produce a path like "/assets/" in the call to `resolve`
let asset_path_rel = asset_path.strip_prefix("/").unwrap_or(&asset_path);
config.server.public_path.join(asset_path_rel)
};
tracing::debug!("Favicon path: {}", favicon_path.display());
let auth_layer = build_auth_layer(db_pool.clone(), key_val_pool, config.auth.cookies_secure);
let router = dioxus::server::router(App)
.layer(from_fn(require_auth_middleware))
.layer(Extension(config))
.layer(Extension(db_pool))
.layer(auth_layer)
.nest_service("/favicon.ico", ServeFile::new(favicon_path));
tracing::info!("Setup complete, returning Router...");
Ok(router)
Err(Error::message_here("Web server exited"))
}

View File

@@ -1,8 +1,4 @@
pub mod auth;
pub mod config;
pub mod database;
pub mod key_val_store;
pub mod main;
pub mod require_auth_mw;
pub use main::main;

View File

@@ -1,63 +0,0 @@
use dioxus::fullstack::{
axum::{body::Body, extract::Request, middleware::Next},
extract::FromRequestParts,
http::Response,
};
use dioxus::prelude::*;
use crate::server::auth::AuthSession;
#[cfg(not(debug_assertions))]
const ALLOWED_PATH_PREFIX: [&str; 1] = ["/assets/"];
#[cfg(debug_assertions)]
const ALLOWED_PATH_PREFIX: [&str; 2] = ["/assets/", "/wasm/"];
const ALLOWED_PATHS: [&str; 6] = [
"/login",
"/signup",
"/api/v1/auth/login",
"/api/v1/auth/signup",
"/api/v1/auth/user",
"/api/v1/auth/open-signup",
];
/// Axum middleware to redirect an unauthenticated request to /login unless it matches one of the allowed paths
pub async fn require_auth_middleware(
req: Request,
next: Next,
) -> Result<Response<Body>, (StatusCode, &'static str)> {
let path = req.uri().path();
if ALLOWED_PATH_PREFIX
.iter()
.any(|prefix| path.starts_with(prefix))
|| ALLOWED_PATHS.contains(&path)
{
let response = next.run(req).await;
return Ok(response);
}
let (mut parts, body) = req.into_parts();
let auth_session = AuthSession::from_request_parts(&mut parts, &()).await?;
if auth_session.user.is_none() {
let response = Response::builder()
.status(StatusCode::TEMPORARY_REDIRECT)
.header("Location", "/login")
.body(Body::empty())
.map_err(|_| {
(
StatusCode::INTERNAL_SERVER_ERROR,
"Failed to build response",
)
})?;
return Ok(response);
}
let req = Request::from_parts(parts, body);
let response = next.run(req).await;
Ok(response)
}

View File

@@ -43,21 +43,7 @@ impl fmt::Display for ErrorLocation {
}
}
pub type Result<T, E = Error> = std::result::Result<T, E>;
/// Generate a random string to use as an id for the modal
/// This allows multiple toast/modal to be present
fn rand_modal_id() -> String {
use rand::RngExt;
let mut rng = rand::rng();
let random_str = (0..5)
.map(|_| rng.sample(rand::distr::Alphanumeric) as char)
.collect::<String>();
format!("err-modal-{random_str}")
}
pub type Result<T> = std::result::Result<T, Error>;
#[derive(Debug, Clone, Deserialize, Serialize, thiserror::Error)]
pub struct Error {
@@ -111,12 +97,6 @@ impl Error {
}
}
/// Get the original cause of this error
/// Like `std::error::Error::source` but doesn't return an `Option`
pub fn source(&self) -> &ErrorType {
&self.source
}
/// Display this error as a modal dialog activated by a checkbox with the given id
pub fn as_modal(&self, id: String) -> Element {
rsx! {
@@ -193,46 +173,42 @@ impl Error {
}
}
/// Convert this error into an alert label, tied to the given modal id
fn as_alert_for(&self, modal_id: String) -> Element {
rsx! {
label {
class: "alert alert-error alert-soft cursor-pointer",
role: "alert",
r#for: modal_id,
lucide_dioxus::CircleAlert {}
p {
class: "max-w-120 text-ellipsis line-clamp-3",
{self.top_message()}
}
}
}
}
/// Convert this error to a toast message, which opens a modal when clicked
pub fn as_toast(&self) -> Element {
let modal_id = rand_modal_id();
// Generate a random string to use as an id for the modal
// This allows multiple toast/modal to be present
let modal_id = {
use rand::RngExt;
let mut rng = rand::rng();
let random_str = (0..5)
.map(|_| rng.sample(rand::distr::Alphanumeric) as char)
.collect::<String>();
format!("err-modal-{random_str}")
};
rsx! {
{self.as_modal(modal_id.clone())}
div {
class: "toast z-99",
{self.as_alert_for(modal_id)}
class: "toast",
label {
class: "alert alert-error alert-soft cursor-pointer",
role: "alert",
r#for: modal_id,
lucide_dioxus::CircleAlert {}
p {
class: "max-w-120 text-ellipsis line-clamp-3",
{self.top_message()}
}
}
}
}
}
/// Convert this error into an alert label, which opens a modal when clicked
pub fn as_alert(&self) -> Element {
let modal_id = rand_modal_id();
rsx! {
{self.as_modal(modal_id.clone())}
{self.as_alert_for(modal_id)}
}
}
}
impl fmt::Display for Error {
@@ -263,14 +239,12 @@ impl From<ServerFnError> for Error {
impl dioxus_fullstack::AsStatusCode for Error {
fn as_status_code(&self) -> StatusCode {
match &self.source {
ErrorType::Auth(AuthError::InvalidCredentials | AuthError::Unauthorized) => {
StatusCode::UNAUTHORIZED
}
ErrorType::Database(msg) if *msg == (diesel::result::Error::NotFound).to_string() => {
StatusCode::NOT_FOUND
}
ErrorType::Database(_) => StatusCode::INTERNAL_SERVER_ERROR,
ErrorType::Error(_) => StatusCode::INTERNAL_SERVER_ERROR,
ErrorType::ServerFnError(e) => e.as_status_code(),
_ => StatusCode::INTERNAL_SERVER_ERROR,
}
}
}
@@ -309,9 +283,6 @@ impl<T, E: Into<Error>> Contextualize<Result<T>> for E {
#[derive(Debug, Clone, thiserror::Error, Deserialize, Serialize)]
pub enum ErrorType {
#[error("Authentication error: {0}")]
Auth(AuthError),
// Using string to represent Diesel errors, because Diesel's Error type is not `Serialize`,
// and Diesel is only available on the server
#[error("Database error: {0}")]
@@ -322,11 +293,6 @@ pub enum ErrorType {
#[error("Server function error: {0}")]
ServerFnError(ServerFnError),
// Using string to represent Fred errors, because Fred's Error type is not `Serialize`,
// and Fred is only available on the server
#[error("Key-value store error: {0}")]
KeyValStore(String),
}
impl From<ErrorType> for Error {
@@ -343,33 +309,3 @@ impl From<diesel::result::Error> for Error {
Error::new_here(ErrorType::Database(format!("{err}")))
}
}
// This would capture any `deapool::PoolError` and treat it as a database error
// but we're only using `deadpool` for our database, so it's fine
#[cfg(feature = "server")]
impl From<diesel_async::pooled_connection::deadpool::PoolError> for Error {
#[track_caller]
fn from(err: diesel_async::pooled_connection::deadpool::PoolError) -> Self {
Error::new_here(ErrorType::Database(format!("{err}")))
}
}
#[cfg(feature = "server")]
impl From<fred::error::Error> for Error {
#[track_caller]
fn from(err: fred::error::Error) -> Self {
Error::new_here(ErrorType::KeyValStore(format!("{err}")))
}
}
#[derive(Debug, Clone, thiserror::Error, Deserialize, Serialize)]
pub enum AuthError {
#[error("Invalid credentials")]
InvalidCredentials,
#[error("{0}")]
Error(String),
#[error("Unauthorized")]
Unauthorized,
}

View File

@@ -21,9 +21,4 @@
@apply hover:text-base-content/70;
@apply active:text-primary active:translate-y-[.5px] active:shadow-(--btn-shadow);
}
.input:focus-within {
outline-width: 1px;
outline-offset: 0px;
}
}