eightball/PluralKit
1
0
Fork 0
mirror of https://github.com/PluralKit/PluralKit.git synced 2026-02-16 10:40:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixup! cargo fmt
Some checks failed
Build and push Rust service Docker images / rust docker build (push) Has been cancelled
Details
rust checks / cargo fmt (push) Has been cancelled
Details

Browse source
This commit is contained in:
Iris System 2025-08-18 22:33:03 +12:00
parent be218c89cc
commit 3b2c1332c2
10 changed files with 99 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/rust-docker.yml vendored
View file

@ -29,7 +29,7 @@ jobs:
- uses: docker/setup-buildx-action@v1 - uses: docker/setup-buildx-action@v1
# main docker build # main docker build
- run: echo "BRANCH_NAME=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV - run: echo "BRANCH_NAME=${GITHUB_REF#refs/heads/}" | sed 's|/|-|g' >> $GITHUB_ENV
- uses: docker/build-push-action@v2 - uses: docker/build-push-action@v2
with: with:
# https://github.com/docker/build-push-action/issues/378 # https://github.com/docker/build-push-action/issues/378

8
crates/api/src/auth.rs
View file

@ -34,7 +34,13 @@ pub struct AuthState {
} }
impl AuthState { impl AuthState {
pub fn new(system_id: Option<i32>, app_id: Option<Uuid>, api_key_id: Option<Uuid>, access_level: AccessLevel, internal: bool) -> Self { pub fn new(
system_id: Option<i32>,
app_id: Option<Uuid>,
api_key_id: Option<Uuid>,
access_level: AccessLevel,
internal: bool,
) -> Self {
Self { Self {
system_id, system_id,
app_id, app_id,

10
crates/api/src/endpoints/internal.rs
View file

@ -1,6 +1,6 @@
use crate::{util::json_err, AuthState, ApiContext}; use crate::{util::json_err, ApiContext, AuthState};
use pluralkit_models::{ApiKeyType, PKApiKey, PKSystem, SystemId};
use pk_macros::api_internal_endpoint; use pk_macros::api_internal_endpoint;
use pluralkit_models::{ApiKeyType, PKApiKey, PKSystem, SystemId};
use axum::{ use axum::{
extract::State, extract::State,
@ -76,7 +76,8 @@ pub async fn create_api_key_user(
"valid": true, "valid": true,
})) }))
.expect("should not error"), .expect("should not error"),
).into_response()); )
.into_response());
} }
let token: PKApiKey = sqlx::query_as( let token: PKApiKey = sqlx::query_as(
@ -110,5 +111,6 @@ pub async fn create_api_key_user(
"token": token, "token": token,
})) }))
.expect("should not error"), .expect("should not error"),
).into_response()) )
.into_response())
} }

5
crates/api/src/endpoints/private.rs
View file

@ -1,6 +1,6 @@
use crate::{util::json_err, ApiContext}; use crate::{util::json_err, ApiContext};
use libpk::config; use libpk::config;
use pluralkit_models::{PrivacyLevel, PKApiKey, PKSystem, PKSystemConfig}; use pluralkit_models::{PKApiKey, PKSystem, PKSystemConfig, PrivacyLevel};
use axum::{ use axum::{
extract::{self, State}, extract::{self, State},
@ -201,5 +201,6 @@ pub async fn discord_callback(
"token": token, "token": token,
})) }))
.expect("should not error"), .expect("should not error"),
).into_response()) )
.into_response())
} }

22
crates/api/src/main.rs
View file

@ -1,6 +1,9 @@
#![feature(let_chains)] #![feature(let_chains)]
use auth::{AuthState, INTERNAL_APPID_HEADER, INTERNAL_SYSTEMID_HEADER, INTERNAL_TOKENID_HEADER, INTERNAL_PRIVACYLEVEL_HEADER}; use auth::{
AuthState, INTERNAL_APPID_HEADER, INTERNAL_PRIVACYLEVEL_HEADER, INTERNAL_SYSTEMID_HEADER,
INTERNAL_TOKENID_HEADER,
};
use axum::{ use axum::{
body::Body, body::Body,
extract::{Request as ExtractRequest, State}, extract::{Request as ExtractRequest, State},
@ -15,8 +18,8 @@ use hyper_util::{
}; };
use jsonwebtoken::{DecodingKey, EncodingKey}; use jsonwebtoken::{DecodingKey, EncodingKey};
use tracing::{error, info};
use pk_macros::api_endpoint; use pk_macros::api_endpoint;
use tracing::{error, info};
mod auth; mod auth;
mod endpoints; mod endpoints;
@ -62,15 +65,24 @@ async fn rproxy(
if let Some(sid) = auth.system_id() { if let Some(sid) = auth.system_id() {
headers.append(INTERNAL_SYSTEMID_HEADER, sid.into()); headers.append(INTERNAL_SYSTEMID_HEADER, sid.into());
headers.append(INTERNAL_PRIVACYLEVEL_HEADER, HeaderValue::from_str(&auth.access_level().privacy_level().to_string())?); headers.append(
INTERNAL_PRIVACYLEVEL_HEADER,
HeaderValue::from_str(&auth.access_level().privacy_level().to_string())?,
);
} }
if let Some(aid) = auth.app_id() { if let Some(aid) = auth.app_id() {
headers.append(INTERNAL_APPID_HEADER, HeaderValue::from_str(&format!("{}", aid))?); headers.append(
INTERNAL_APPID_HEADER,
HeaderValue::from_str(&format!("{}", aid))?,
);
} }
if let Some(tid) = auth.api_key_id() { if let Some(tid) = auth.api_key_id() {
headers.append(INTERNAL_TOKENID_HEADER, HeaderValue::from_str(&format!("{}", tid))?); headers.append(
INTERNAL_TOKENID_HEADER,
HeaderValue::from_str(&format!("{}", tid))?,
);
} }
Ok(ctx.rproxy_client.request(req).await?.into_response()) Ok(ctx.rproxy_client.request(req).await?.into_response())

26
crates/api/src/middleware/auth.rs
View file

@ -1,19 +1,19 @@
use axum::{ use axum::{
extract::{Request, State, MatchedPath}, extract::{MatchedPath, Request, State},
http::StatusCode, http::StatusCode,
middleware::Next, middleware::Next,
response::Response, response::Response,
}; };
use uuid::Uuid;
use subtle::ConstantTimeEq; use subtle::ConstantTimeEq;
use uuid::Uuid;
use tracing::error;
use sqlx::Postgres; use sqlx::Postgres;
use tracing::error;
use pluralkit_models::{ApiKeyType, PKApiKey};
use crate::auth::{AccessLevel, AuthState}; use crate::auth::{AccessLevel, AuthState};
use crate::{util::json_err, ApiContext}; use crate::{util::json_err, ApiContext};
use pluralkit_models::{ApiKeyType, PKApiKey};
pub fn is_part_path<'a, 'b>(part: &'a str, endpoint: &'b str) -> bool { pub fn is_part_path<'a, 'b>(part: &'a str, endpoint: &'b str) -> bool {
if !endpoint.starts_with("/v2/") { if !endpoint.starts_with("/v2/") {
@ -133,8 +133,10 @@ pub async fn auth(State(ctx): State<ApiContext>, mut req: Request, next: Next) -
.flatten() .flatten()
{ {
if system_auth_header.starts_with("Bearer ") if system_auth_header.starts_with("Bearer ")
&& let Some(tid) = && let Some(tid) = PKApiKey::parse_header_str(
PKApiKey::parse_header_str(system_auth_header[7..].to_string(), &ctx.token_publickey) system_auth_header[7..].to_string(),
&ctx.token_publickey,
)
&& let Some(token) = && let Some(token) =
sqlx::query_as::<Postgres, PKApiKey>("select * from api_keys where id = $1") sqlx::query_as::<Postgres, PKApiKey>("select * from api_keys where id = $1")
.bind(&tid) .bind(&tid)
@ -145,8 +147,7 @@ pub async fn auth(State(ctx): State<ApiContext>, mut req: Request, next: Next) -
authed_system_id = Some(token.system); authed_system_id = Some(token.system);
authed_api_key_id = Some(tid); authed_api_key_id = Some(tid);
access_level = apikey_can_access(&token, req.method().to_string(), endpoint.clone()); access_level = apikey_can_access(&token, req.method().to_string(), endpoint.clone());
} } else if let Some(system_id) =
else if let Some(system_id) =
match libpk::db::repository::legacy_token_auth(&ctx.db, system_auth_header).await { match libpk::db::repository::legacy_token_auth(&ctx.db, system_auth_header).await {
Ok(val) => val, Ok(val) => val,
Err(err) => { Err(err) => {
@ -199,8 +200,13 @@ pub async fn auth(State(ctx): State<ApiContext>, mut req: Request, next: Next) -
false false
}; };
req.extensions_mut() req.extensions_mut().insert(AuthState::new(
.insert(AuthState::new(authed_system_id, authed_app_id, authed_api_key_id, access_level, internal)); authed_system_id,
authed_app_id,
authed_api_key_id,
access_level,
internal,
));
next.run(req).await next.run(req).await
} }

2
crates/api/src/middleware/ratelimit.rs
View file

@ -12,9 +12,9 @@ use sqlx::Postgres;
use tracing::{debug, error, info, warn}; use tracing::{debug, error, info, warn};
use crate::{ use crate::{
ApiContext,
auth::AuthState, auth::AuthState,
util::{header_or_unknown, json_err}, util::{header_or_unknown, json_err},
ApiContext,
}; };
use pluralkit_models::PKExternalApp; use pluralkit_models::PKExternalApp;