diff options
Diffstat (limited to 'web/converse/src/handlers.rs')
| -rw-r--r-- | web/converse/src/handlers.rs | 345 |
1 files changed, 345 insertions, 0 deletions
diff --git a/web/converse/src/handlers.rs b/web/converse/src/handlers.rs new file mode 100644 index 000000000000..efdffb3f9102 --- /dev/null +++ b/web/converse/src/handlers.rs @@ -0,0 +1,345 @@ +// Copyright (C) 2018-2021 Vincent Ambo <tazjin@tvl.su> +// +// This file is part of Converse. +// +// This program is free software: you can redistribute it and/or +// modify it under the terms of the GNU General Public License as +// published by the Free Software Foundation, either version 3 of the +// License, or (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see +// <https://www.gnu.org/licenses/>. + +//! This module contains the implementation of converse's actix-web +//! HTTP handlers. +//! +//! Most handlers have an associated rendering function using one of +//! the tera templates stored in the `/templates` directory in the +//! project root. + +use actix::prelude::*; +use actix_web::*; +use actix_web::http::Method; +use actix_web::middleware::identity::RequestIdentity; +use actix_web::middleware::{Started, Middleware}; +use actix_web; +use db::*; +use errors::ConverseError; +use futures::Future; +use mime_guess::guess_mime_type; +use models::*; +use oidc::*; +use render::*; + +type ConverseResponse = Box<Future<Item=HttpResponse, Error=ConverseError>>; + +const HTML: &'static str = "text/html"; +const ANONYMOUS: i32 = 1; +const NEW_THREAD_LENGTH_ERR: &'static str = "Title and body can not be empty!"; + +/// Represents the state carried by the web server actors. +pub struct AppState { + /// Address of the database actor + pub db: Addr<Syn, DbExecutor>, + + /// Address of the OIDC actor + pub oidc: Addr<Syn, OidcExecutor>, + + /// Address of the rendering actor + pub renderer: Addr<Syn, Renderer>, +} + +pub fn forum_index(state: State<AppState>) -> ConverseResponse { + state.db.send(ListThreads) + .flatten() + .and_then(move |res| state.renderer.send(IndexPage { + threads: res + }).from_err()) + .flatten() + .map(|res| HttpResponse::Ok().content_type(HTML).body(res)) + .responder() +} + +/// Returns the ID of the currently logged in user. If there is no ID +/// present, the ID of the anonymous user will be returned. +pub fn get_user_id(req: &HttpRequest<AppState>) -> i32 { + if let Some(id) = req.identity() { + // If this .expect() call is triggered, someone is likely + // attempting to mess with their cookies. These requests can + // be allowed to fail without further ado. + id.parse().expect("Session cookie contained invalid data!") + } else { + ANONYMOUS + } +} + +/// This handler retrieves and displays a single forum thread. +pub fn forum_thread(state: State<AppState>, + req: HttpRequest<AppState>, + thread_id: Path<i32>) -> ConverseResponse { + let id = thread_id.into_inner(); + let user = get_user_id(&req); + + state.db.send(GetThread(id)) + .flatten() + .and_then(move |res| state.renderer.send(ThreadPage { + current_user: user, + thread: res.0, + posts: res.1, + }).from_err()) + .flatten() + .map(|res| HttpResponse::Ok().content_type(HTML).body(res)) + .responder() +} + +/// This handler presents the user with the "New Thread" form. +pub fn new_thread(state: State<AppState>) -> ConverseResponse { + state.renderer.send(NewThreadPage::default()).flatten() + .map(|res| HttpResponse::Ok().content_type(HTML).body(res)) + .responder() +} + +#[derive(Deserialize)] +pub struct NewThreadForm { + pub title: String, + pub post: String, +} + +/// This handler receives a "New thread"-form and redirects the user +/// to the new thread after creation. +pub fn submit_thread(state: State<AppState>, + input: Form<NewThreadForm>, + req: HttpRequest<AppState>) -> ConverseResponse { + // Trim whitespace out of inputs: + let input = NewThreadForm { + title: input.title.trim().into(), + post: input.post.trim().into(), + }; + + // Perform simple validation and abort here if it fails: + if input.title.is_empty() || input.post.is_empty() { + return state.renderer + .send(NewThreadPage { + alerts: vec![NEW_THREAD_LENGTH_ERR], + title: Some(input.title), + post: Some(input.post), + }) + .flatten() + .map(|res| HttpResponse::Ok().content_type(HTML).body(res)) + .responder(); + } + + let user_id = get_user_id(&req); + + let new_thread = NewThread { + user_id, + title: input.title, + }; + + let msg = CreateThread { + new_thread, + post: input.post, + }; + + state.db.send(msg) + .from_err() + .and_then(move |res| { + let thread = res?; + info!("Created new thread \"{}\" with ID {}", thread.title, thread.id); + Ok(HttpResponse::SeeOther() + .header("Location", format!("/thread/{}", thread.id)) + .finish()) + }) + .responder() +} + +#[derive(Deserialize)] +pub struct NewPostForm { + pub thread_id: i32, + pub post: String, +} + +/// This handler receives a "Reply"-form and redirects the user to the +/// new post after creation. +pub fn reply_thread(state: State<AppState>, + input: Form<NewPostForm>, + req: HttpRequest<AppState>) -> ConverseResponse { + let user_id = get_user_id(&req); + + let new_post = NewPost { + user_id, + thread_id: input.thread_id, + body: input.post.trim().into(), + }; + + state.db.send(CreatePost(new_post)) + .flatten() + .from_err() + .and_then(move |post| { + info!("Posted reply {} to thread {}", post.id, post.thread_id); + Ok(HttpResponse::SeeOther() + .header("Location", format!("/thread/{}#post-{}", post.thread_id, post.id)) + .finish()) + }) + .responder() +} + +/// This handler presents the user with the form to edit a post. If +/// the user attempts to edit a post that they do not have access to, +/// they are currently ungracefully redirected back to the post +/// itself. +pub fn edit_form(state: State<AppState>, + req: HttpRequest<AppState>, + query: Path<GetPost>) -> ConverseResponse { + let user_id = get_user_id(&req); + + state.db.send(query.into_inner()) + .flatten() + .from_err() + .and_then(move |post| { + if user_id != 1 && post.user_id == user_id { + return Ok(post); + } + + Err(ConverseError::PostEditForbidden { + user: user_id, + id: post.id, + }) + }) + .and_then(move |post| { + let edit_msg = EditPostPage { + id: post.id, + post: post.body, + }; + + state.renderer.send(edit_msg).from_err() + }) + .flatten() + .map(|page| HttpResponse::Ok().content_type(HTML).body(page)) + .responder() +} + +/// This handler "executes" an edit to a post if the current user owns +/// the edited post. +pub fn edit_post(state: State<AppState>, + req: HttpRequest<AppState>, + update: Form<UpdatePost>) -> ConverseResponse { + let user_id = get_user_id(&req); + + state.db.send(GetPost { id: update.post_id }) + .flatten() + .from_err() + .and_then(move |post| { + if user_id != 1 && post.user_id == user_id { + Ok(()) + } else { + Err(ConverseError::PostEditForbidden { + user: user_id, + id: post.id, + }) + } + }) + .and_then(move |_| state.db.send(update.0).from_err()) + .flatten() + .map(|updated| HttpResponse::SeeOther() + .header("Location", format!("/thread/{}#post-{}", + updated.thread_id, updated.id)) + .finish()) + .responder() +} + +/// This handler executes a full-text search on the forum database and +/// displays the results to the user. +pub fn search_forum(state: State<AppState>, + query: Query<SearchPosts>) -> ConverseResponse { + let query_string = query.query.clone(); + state.db.send(query.into_inner()) + .flatten() + .and_then(move |results| state.renderer.send(SearchResultPage { + results, + query: query_string, + }).from_err()) + .flatten() + .map(|res| HttpResponse::Ok().content_type(HTML).body(res)) + .responder() +} + +/// This handler initiates an OIDC login. +pub fn login(state: State<AppState>) -> ConverseResponse { + state.oidc.send(GetLoginUrl) + .from_err() + .and_then(|url| Ok(HttpResponse::TemporaryRedirect() + .header("Location", url) + .finish())) + .responder() +} + +/// This handler handles an OIDC callback (i.e. completed login). +/// +/// Upon receiving the callback, a token is retrieved from the OIDC +/// provider and a user lookup is performed. If a user with a matching +/// email-address is found in the database, it is logged in - +/// otherwise a new user is created. +pub fn callback(state: State<AppState>, + data: Form<CodeResponse>, + mut req: HttpRequest<AppState>) -> ConverseResponse { + state.oidc.send(RetrieveToken(data.0)).flatten() + .map(|author| LookupOrCreateUser { + email: author.email, + name: author.name, + }) + .and_then(move |msg| state.db.send(msg).from_err()).flatten() + .and_then(move |user| { + info!("Completed login for user {} ({})", user.email, user.id); + req.remember(user.id.to_string()); + Ok(HttpResponse::SeeOther() + .header("Location", "/") + .finish())}) + .responder() +} + +/// This is an extension trait to enable easy serving of embedded +/// static content. +/// +/// It is intended to be called with `include_bytes!()` when setting +/// up the actix-web application. +pub trait EmbeddedFile { + fn static_file(self, path: &'static str, content: &'static [u8]) -> Self; +} + +impl EmbeddedFile for App<AppState> { + fn static_file(self, path: &'static str, content: &'static [u8]) -> Self { + self.route(path, Method::GET, move |_: HttpRequest<_>| { + let mime = format!("{}", guess_mime_type(path)); + HttpResponse::Ok() + .content_type(mime.as_str()) + .body(content) + }) + } +} + +/// Middleware used to enforce logins unceremoniously. +pub struct RequireLogin; + +impl <S> Middleware<S> for RequireLogin { + fn start(&self, req: &mut HttpRequest<S>) -> actix_web::Result<Started> { + let logged_in = req.identity().is_some(); + let is_oidc_req = req.path().starts_with("/oidc"); + + if !is_oidc_req && !logged_in { + Ok(Started::Response( + HttpResponse::SeeOther() + .header("Location", "/oidc/login") + .finish() + )) + } else { + Ok(Started::Done) + } + } +} |