Skip to content

Commit 65de89c

Browse files
bors[bot]MikailBag
bors[bot]
and
MikailBag
authored
Merge #127
127: Refactor security r=MikailBag a=MikailBag bors r+ Co-authored-by: Mikail Bagishov <bagishov.mikail@yandex.ru>
2 parents d4c3b94 + f53e98a commit 65de89c

File tree

20 files changed

+154
-105
lines changed

20 files changed

+154
-105
lines changed

Cargo.lock

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/frontend-engine/src/gql_server.rs renamed to src/frontend-engine/src/api.rs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ mod monitor;
55
mod queries;
66
mod runs;
77
mod schema;
8+
mod security;
89
mod users;
910
use slog_scope::error;
1011

@@ -219,6 +220,7 @@ mod prelude {
219220
}
220221

221222
pub(crate) use context::{Context, ContextFactory};
223+
pub use security::{TokenMgr, TokenMgrError};
222224

223225
pub(crate) struct Query;
224226

src/frontend-engine/src/gql_server/auth.rs renamed to src/frontend-engine/src/api/auth.rs

File renamed without changes.

src/frontend-engine/src/gql_server/context.rs renamed to src/frontend-engine/src/api/context.rs

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
use crate::security::{AccessChecker, Token, TokenMgr, TokenMgrError};
1+
use super::security::{RawAccessChecker, Token, TokenMgr, TokenMgrError};
22
use std::sync::{Arc, Mutex};
33

44
pub(crate) type DbPool = Arc<dyn db::DbConn>;
@@ -14,8 +14,8 @@ pub(crate) struct ContextData {
1414
}
1515

1616
impl ContextData {
17-
pub(crate) fn access(&self) -> AccessChecker {
18-
AccessChecker {
17+
pub(crate) fn access(&self) -> RawAccessChecker {
18+
RawAccessChecker {
1919
token: &self.token,
2020
cfg: &self.cfg,
2121
db: &*self.db,
@@ -53,7 +53,7 @@ impl<'a, 'r> rocket::request::FromRequest<'a, 'r> for ContextData {
5353
.expect("State<Arc<FrontendConfig>> missing");
5454

5555
let secret_key = request
56-
.guard::<rocket::State<crate::security::SecretKey>>()
56+
.guard::<rocket::State<crate::secret_key::SecretKey>>()
5757
.expect("State<SecretKey> missing");
5858

5959
let token = request

src/frontend-engine/src/gql_server/misc.rs renamed to src/frontend-engine/src/api/misc.rs

File renamed without changes.

src/frontend-engine/src/gql_server/monitor.rs renamed to src/frontend-engine/src/api/monitor.rs

File renamed without changes.

src/frontend-engine/src/gql_server/queries.rs renamed to src/frontend-engine/src/api/queries.rs

File renamed without changes.

src/frontend-engine/src/gql_server/runs.rs renamed to src/frontend-engine/src/api/runs.rs

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -216,7 +216,12 @@ pub(super) fn submit_simple(
216216
if contest != "TODO" {
217217
return Err(ApiError::new(ctx, "ContestUnknown"));
218218
}
219-
if !ctx.access().user_can_submit(&contest).internal(ctx)? {
219+
if !ctx
220+
.access()
221+
.wrap_contest(contest)
222+
.can_submit()
223+
.internal(ctx)?
224+
{
220225
return Err(ApiError::access_denied(ctx));
221226
}
222227
let problem = ctx.cfg.contests[0]
@@ -274,7 +279,7 @@ pub(super) fn modify(
274279
rejudge: Option<bool>,
275280
delete: Option<bool>,
276281
) -> ApiResult<()> {
277-
if !ctx.access().user_can_modify_run(id).internal(ctx)? {
282+
if !ctx.access().wrap_run(id).can_modify_run().internal(ctx)? {
278283
return Err(ApiError::access_denied(ctx));
279284
}
280285
let should_delete = delete.unwrap_or(false);

src/frontend-engine/src/gql_server/schema.rs renamed to src/frontend-engine/src/api/schema.rs

File renamed without changes.

src/frontend-engine/src/gql_server/schema/contest.rs renamed to src/frontend-engine/src/api/schema/contest.rs

File renamed without changes.

0 commit comments

Comments
 (0)