Skip to content

Commit

Permalink
feat: [#448] new authorization service implemented in the other services
Browse files Browse the repository at this point in the history
  • Loading branch information
mario-nt committed May 31, 2024
1 parent e16bde6 commit 5709f55
Show file tree
Hide file tree
Showing 6 changed files with 38 additions and 63 deletions.
7 changes: 4 additions & 3 deletions src/services/authentication.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,18 @@ use argon2::{Argon2, PasswordHash, PasswordVerifier};
use jsonwebtoken::{decode, encode, Algorithm, DecodingKey, EncodingKey, Header, Validation};
use pbkdf2::Pbkdf2;

use super::user::{DbUserProfileRepository, DbUserRepository};
use super::user::DbUserProfileRepository;
use crate::config::Configuration;
use crate::databases::database::{Database, Error};
use crate::errors::ServiceError;
use crate::models::user::{UserAuthentication, UserClaims, UserCompact, UserId};
use crate::services::user::Repository;
use crate::utils::clock;

pub struct Service {
configuration: Arc<Configuration>,
json_web_token: Arc<JsonWebToken>,
user_repository: Arc<DbUserRepository>,
user_repository: Arc<Box<dyn Repository>>,
user_profile_repository: Arc<DbUserProfileRepository>,
user_authentication_repository: Arc<DbUserAuthenticationRepository>,
}
Expand All @@ -24,7 +25,7 @@ impl Service {
pub fn new(
configuration: Arc<Configuration>,
json_web_token: Arc<JsonWebToken>,
user_repository: Arc<DbUserRepository>,
user_repository: Arc<Box<dyn Repository>>,
user_profile_repository: Arc<DbUserProfileRepository>,
user_authentication_repository: Arc<DbUserAuthenticationRepository>,
) -> Self {
Expand Down
28 changes: 10 additions & 18 deletions src/services/category.rs
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
//! Category service.
use std::sync::Arc;

use super::user::DbUserRepository;
use super::authorization::{self, ACTION};
use crate::databases::database::{Category, Database, Error as DatabaseError};
use crate::errors::ServiceError;
use crate::models::category::CategoryId;
use crate::models::user::UserId;

pub struct Service {
category_repository: Arc<DbCategoryRepository>,
user_repository: Arc<DbUserRepository>,
authorization_service: Arc<authorization::Service>,
}

impl Service {
#[must_use]
pub fn new(category_repository: Arc<DbCategoryRepository>, user_repository: Arc<DbUserRepository>) -> Service {
pub fn new(category_repository: Arc<DbCategoryRepository>, authorization_service: Arc<authorization::Service>) -> Service {
Service {
category_repository,
user_repository,
authorization_service,
}
}

Expand All @@ -32,13 +32,9 @@ impl Service {
/// * The category already exists.
/// * There is a database error.
pub async fn add_category(&self, category_name: &str, user_id: &UserId) -> Result<i64, ServiceError> {
let user = self.user_repository.get_compact(user_id).await?;

// Check if user is administrator
// todo: extract authorization service
if !user.administrator {
return Err(ServiceError::Unauthorized);
}
self.authorization_service
.authorize(ACTION::AddCategory, Some(*user_id))
.await?;

let trimmed_name = category_name.trim();

Expand Down Expand Up @@ -70,13 +66,9 @@ impl Service {
/// * The user does not have the required permissions.
/// * There is a database error.
pub async fn delete_category(&self, category_name: &str, user_id: &UserId) -> Result<(), ServiceError> {
let user = self.user_repository.get_compact(user_id).await?;

// Check if user is administrator
// todo: extract authorization service
if !user.administrator {
return Err(ServiceError::Unauthorized);
}
self.authorization_service
.authorize(ACTION::DeleteCategory, Some(*user_id))
.await?;

match self.category_repository.delete(category_name).await {
Ok(()) => Ok(()),
Expand Down
6 changes: 3 additions & 3 deletions src/services/proxy.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,18 +10,18 @@ use std::sync::Arc;

use bytes::Bytes;

use super::user::DbUserRepository;
use crate::cache::image::manager::{Error, ImageCacheService};
use crate::models::user::UserId;
use crate::services::user::Repository;

pub struct Service {
image_cache_service: Arc<ImageCacheService>,
user_repository: Arc<DbUserRepository>,
user_repository: Arc<Box<dyn Repository>>,
}

impl Service {
#[must_use]
pub fn new(image_cache_service: Arc<ImageCacheService>, user_repository: Arc<DbUserRepository>) -> Self {
pub fn new(image_cache_service: Arc<ImageCacheService>, user_repository: Arc<Box<dyn Repository>>) -> Self {
Self {
image_cache_service,
user_repository,
Expand Down
28 changes: 10 additions & 18 deletions src/services/settings.rs
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
//! Settings service.
use std::sync::Arc;

use super::user::DbUserRepository;
use super::authorization::{self, ACTION};
use crate::config::{Configuration, ConfigurationPublic, Settings};
use crate::errors::ServiceError;
use crate::models::user::UserId;

pub struct Service {
configuration: Arc<Configuration>,
user_repository: Arc<DbUserRepository>,
authorization_service: Arc<authorization::Service>,
}

impl Service {
#[must_use]
pub fn new(configuration: Arc<Configuration>, user_repository: Arc<DbUserRepository>) -> Service {
pub fn new(configuration: Arc<Configuration>, authorization_service: Arc<authorization::Service>) -> Service {
Service {
configuration,
user_repository,
authorization_service,
}
}

Expand All @@ -26,13 +26,9 @@ impl Service {
///
/// It returns an error if the user does not have the required permissions.
pub async fn get_all(&self, user_id: &UserId) -> Result<Settings, ServiceError> {
let user = self.user_repository.get_compact(user_id).await?;

// Check if user is administrator
// todo: extract authorization service
if !user.administrator {
return Err(ServiceError::Unauthorized);
}
self.authorization_service
.authorize(ACTION::GetSettings, Some(*user_id))
.await?;

let torrust_index_configuration = self.configuration.get_all().await;

Expand All @@ -45,13 +41,9 @@ impl Service {
///
/// It returns an error if the user does not have the required permissions.
pub async fn get_all_masking_secrets(&self, user_id: &UserId) -> Result<Settings, ServiceError> {
let user = self.user_repository.get_compact(user_id).await?;

// Check if user is administrator
// todo: extract authorization service
if !user.administrator {
return Err(ServiceError::Unauthorized);
}
self.authorization_service
.authorize(ACTION::GetSettingsSecret, Some(*user_id))
.await?;

let mut torrust_index_configuration = self.configuration.get_all().await;

Expand Down
26 changes: 8 additions & 18 deletions src/services/tag.rs
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
//! Tag service.
use std::sync::Arc;

use super::user::DbUserRepository;
use super::authorization::{self, ACTION};
use crate::databases::database::{Database, Error as DatabaseError, Error};
use crate::errors::ServiceError;
use crate::models::torrent_tag::{TagId, TorrentTag};
use crate::models::user::UserId;

pub struct Service {
tag_repository: Arc<DbTagRepository>,
user_repository: Arc<DbUserRepository>,
authorization_service: Arc<authorization::Service>,
}

impl Service {
#[must_use]
pub fn new(tag_repository: Arc<DbTagRepository>, user_repository: Arc<DbUserRepository>) -> Service {
pub fn new(tag_repository: Arc<DbTagRepository>, authorization_service: Arc<authorization::Service>) -> Service {
Service {
tag_repository,
user_repository,
authorization_service,
}
}

Expand All @@ -30,13 +30,7 @@ impl Service {
/// * The user does not have the required permissions.
/// * There is a database error.
pub async fn add_tag(&self, tag_name: &str, user_id: &UserId) -> Result<TagId, ServiceError> {
let user = self.user_repository.get_compact(user_id).await?;

// Check if user is administrator
// todo: extract authorization service
if !user.administrator {
return Err(ServiceError::Unauthorized);
}
self.authorization_service.authorize(ACTION::AddTag, Some(*user_id)).await?;

let trimmed_name = tag_name.trim();

Expand All @@ -62,13 +56,9 @@ impl Service {
/// * The user does not have the required permissions.
/// * There is a database error.
pub async fn delete_tag(&self, tag_id: &TagId, user_id: &UserId) -> Result<(), ServiceError> {
let user = self.user_repository.get_compact(user_id).await?;

// Check if user is administrator
// todo: extract authorization service
if !user.administrator {
return Err(ServiceError::Unauthorized);
}
self.authorization_service
.authorize(ACTION::DeleteTag, Some(*user_id))
.await?;

match self.tag_repository.delete(tag_id).await {
Ok(()) => Ok(()),
Expand Down
6 changes: 3 additions & 3 deletions src/services/torrent.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ use serde_derive::{Deserialize, Serialize};
use url::Url;

use super::category::DbCategoryRepository;
use super::user::DbUserRepository;
use crate::config::{Configuration, TrackerMode};
use crate::databases::database::{Database, Error, Sorting};
use crate::errors::ServiceError;
Expand All @@ -17,6 +16,7 @@ use crate::models::torrent::{Metadata, TorrentId, TorrentListing};
use crate::models::torrent_file::{DbTorrent, Torrent, TorrentFile};
use crate::models::torrent_tag::{TagId, TorrentTag};
use crate::models::user::UserId;
use crate::services::user::Repository;
use crate::tracker::statistics_importer::StatisticsImporter;
use crate::utils::parse_torrent::decode_and_validate_torrent_file;
use crate::{tracker, AsCSV};
Expand All @@ -25,7 +25,7 @@ pub struct Index {
configuration: Arc<Configuration>,
tracker_statistics_importer: Arc<StatisticsImporter>,
tracker_service: Arc<tracker::service::Service>,
user_repository: Arc<DbUserRepository>,
user_repository: Arc<Box<dyn Repository>>,
category_repository: Arc<DbCategoryRepository>,
torrent_repository: Arc<DbTorrentRepository>,
torrent_info_hash_repository: Arc<DbCanonicalInfoHashGroupRepository>,
Expand Down Expand Up @@ -81,7 +81,7 @@ impl Index {
configuration: Arc<Configuration>,
tracker_statistics_importer: Arc<StatisticsImporter>,
tracker_service: Arc<tracker::service::Service>,
user_repository: Arc<DbUserRepository>,
user_repository: Arc<Box<dyn Repository>>,
category_repository: Arc<DbCategoryRepository>,
torrent_repository: Arc<DbTorrentRepository>,
torrent_info_hash_repository: Arc<DbCanonicalInfoHashGroupRepository>,
Expand Down

0 comments on commit 5709f55

Please sign in to comment.