nikdoof/rustical
1
1
Fork 0
mirror of https://github.com/lennart-k/rustical.git synced 2025-12-14 11:42:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

add some authentication

Browse Source
This commit is contained in:
Lennart
2024-03-27 19:39:37 +01:00
parent e6bc9b0989
commit 09b3ad0429
1 changed files with 24 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
crates/caldav/src/routes/event.rs
View File

@@ -42,10 +42,20 @@ pub async fn delete_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
pub async fn get_event<A: CheckAuthentication, C: CalendarStore + ?Sized>( pub async fn get_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
context: Data<CalDavContext<C>>, context: Data<CalDavContext<C>>,
path: Path<(String, String, String)>, path: Path<(String, String, String)>,
_auth: AuthInfoExtractor<A>, auth: AuthInfoExtractor<A>,
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, Error> {
// TODO: verify whether user is authorized // TODO: verify whether user is authorized
let (_principal, cid, mut uid) = path.into_inner(); let (principal, cid, mut uid) = path.into_inner();
let auth_info = auth.inner;
if auth_info.user_id != principal {
return Ok(HttpResponse::Unauthorized().body(""));
}
let calendar = context.store.read().await.get_calendar(&cid).await?;
if auth_info.user_id != calendar.owner {
return Ok(HttpResponse::Unauthorized().body(""));
}
if uid.ends_with(".ics") { if uid.ends_with(".ics") {
uid.truncate(uid.len() - 4); uid.truncate(uid.len() - 4);
} }
@@ -60,10 +70,19 @@ pub async fn put_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
context: Data<CalDavContext<C>>, context: Data<CalDavContext<C>>,
path: Path<(String, String, String)>, path: Path<(String, String, String)>,
body: String, body: String,
_auth: AuthInfoExtractor<A>, auth: AuthInfoExtractor<A>,
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, Error> {
// TODO: verify whether user is authorized let (principal, cid, mut uid) = path.into_inner();
let (_principal, cid, mut uid) = path.into_inner(); let auth_info = auth.inner;
if auth_info.user_id != principal {
return Ok(HttpResponse::Unauthorized().body(""));
}
let calendar = context.store.read().await.get_calendar(&cid).await?;
if auth_info.user_id != calendar.owner {
return Ok(HttpResponse::Unauthorized().body(""));
}
// Incredibly bodged method of normalising the uid but works for a prototype // Incredibly bodged method of normalising the uid but works for a prototype
if uid.ends_with(".ics") { if uid.ends_with(".ics") {
uid.truncate(uid.len() - 4); uid.truncate(uid.len() - 4);