Start9/registry
2
0
Fork 0
mirror of https://github.com/Start9Labs/registry.git synced 2026-03-26 02:11:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
Lucy Cifferello
2024-04-16 14:43:35 -04:00
parent 0a41ab2b12
commit a75d9468c0
2 changed files with 61 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
src/Handler/Admin.hs
View File

@@ -58,7 +58,7 @@ import Handler.Util (
getHashFromQuery, getHashFromQuery,
getVersionFromQuery, getVersionFromQuery,
orThrow, orThrow,
sendResponseText, checkAdminAllowedPkgs, sendResponseText, checkAdminAllowedPkgs, checkAdminAuth,
) )
import Lib.PkgRepository ( import Lib.PkgRepository (
PkgRepo (PkgRepo, pkgRepoFileRoot), PkgRepo (PkgRepo, pkgRepoFileRoot),
@@ -197,13 +197,7 @@ postPkgUploadR = do
removePathForcibly targetPath removePathForcibly targetPath
createDirectoryIfMissing True targetPath createDirectoryIfMissing True targetPath
renameDirectory dir targetPath renameDirectory dir targetPath
maybeAuthId >>= \case (authorized, name) <- checkAdminAuth packageManifestId
Nothing -> do
$logError
"Impossible: an unauthenticated user has managed to upload a pacakge to this registry."
pure ()
Just name -> do
(authorized, _) <- checkAdminAllowedPkgs packageManifestId name
if authorized if authorized
then do then do
now <- liftIO getCurrentTime now <- liftIO getCurrentTime
@@ -256,14 +250,8 @@ instance ToJSON IndexPkgReq where
postPkgIndexR :: Handler () postPkgIndexR :: Handler ()
postPkgIndexR = do postPkgIndexR = do
IndexPkgReq{..} <- requireCheckJsonBody IndexPkgReq{..} <- requireCheckJsonBody
maybeAuthId >>= \case (admin, _) <- checkAdminAuth indexPkgReqId
Nothing -> do if admin
$logError
"Impossible: an unauthenticated user has accessed the index endpoint."
pure ()
Just name -> do
(authorized, _) <- checkAdminAllowedPkgs indexPkgReqId name
if authorized
then do then do
manifest <- getManifestLocation indexPkgReqId indexPkgReqVersion manifest <- getManifestLocation indexPkgReqId indexPkgReqVersion
man <- man <-
@@ -279,14 +267,8 @@ postPkgIndexR = do
postPkgDeindexR :: Handler () postPkgDeindexR :: Handler ()
postPkgDeindexR = do postPkgDeindexR = do
IndexPkgReq{..} <- requireCheckJsonBody IndexPkgReq{..} <- requireCheckJsonBody
maybeAuthId >>= \case (admin, _) <- checkAdminAuth indexPkgReqId
Nothing -> do if admin
$logError
"Impossible: an unauthenticated user has accessed the deindex endpoint."
pure ()
Just name -> do
(authorized, _) <- checkAdminAllowedPkgs indexPkgReqId name
if authorized
then do then do
case indexPkgReqArches of case indexPkgReqArches of
Nothing -> runDB $ delete (VersionRecordKey (PkgRecordKey indexPkgReqId) indexPkgReqVersion) Nothing -> runDB $ delete (VersionRecordKey (PkgRecordKey indexPkgReqId) indexPkgReqVersion)
@@ -345,14 +327,8 @@ deleteCategoryR cat = runDB $ deleteBy (UniqueName cat)
postPkgCategorizeR :: Text -> PkgId -> Handler () postPkgCategorizeR :: Text -> PkgId -> Handler ()
postPkgCategorizeR cat pkg = do postPkgCategorizeR cat pkg = do
maybeAuthId >>= \case (admin, _) <- checkAdminAuth pkg
Nothing -> do if admin
$logError
"Impossible: an unauthenticated user has accessed the categorize endpoint."
pure ()
Just name -> do
(authorized, _) <- checkAdminAllowedPkgs pkg name
if authorized
then runDB $ do then runDB $ do
catEnt <- getBy (UniqueName cat) `orThrow` sendResponseText status404 [i|Category "#{cat}" does not exist|] catEnt <- getBy (UniqueName cat) `orThrow` sendResponseText status404 [i|Category "#{cat}" does not exist|]
_pkgEnt <- get (PkgRecordKey pkg) `orThrow` sendResponseText status404 [i|Package "#{pkg}" does not exist|] _pkgEnt <- get (PkgRecordKey pkg) `orThrow` sendResponseText status404 [i|Package "#{pkg}" does not exist|]
@@ -367,14 +343,8 @@ postPkgCategorizeR cat pkg = do
deletePkgCategorizeR :: Text -> PkgId -> Handler () deletePkgCategorizeR :: Text -> PkgId -> Handler ()
deletePkgCategorizeR cat pkg = do deletePkgCategorizeR cat pkg = do
maybeAuthId >>= \case (admin, _) <- checkAdminAuth pkg
Nothing -> do if admin
$logError
"Impossible: an unauthenticated user has accessed the uncategorize endpoint."
pure ()
Just name -> do
(authorized, _) <- checkAdminAllowedPkgs pkg name
if authorized
then runDB $ do then runDB $ do
catEnt <- getBy (UniqueName cat) `orThrow` sendResponseText status404 [i|Category "#{cat}" does not exist|] catEnt <- getBy (UniqueName cat) `orThrow` sendResponseText status404 [i|Category "#{cat}" does not exist|]
deleteBy (UniquePkgCategory (PkgRecordKey pkg) (entityKey catEnt)) deleteBy (UniquePkgCategory (PkgRecordKey pkg) (entityKey catEnt))

13
src/Handler/Util.hs
View File

@@ -90,6 +90,8 @@ import Data.Bifunctor (Bifunctor(first))
import qualified Data.MultiMap as MM import qualified Data.MultiMap as MM
import Startlude (bimap) import Startlude (bimap)
import Data.List (length) import Data.List (length)
import Control.Monad.Logger (logError)
import Yesod.Auth (YesodAuth(maybeAuthId))
orThrow :: MonadHandler m => m (Maybe a) -> m a -> m a orThrow :: MonadHandler m => m (Maybe a) -> m a -> m a
orThrow action other = orThrow action other =
@@ -265,3 +267,14 @@ checkAdminAllowedPkgs pkgId adminId = do
res <- runDB $ getAllowedPkgs pkgId (AdminKey adminId) res <- runDB $ getAllowedPkgs pkgId (AdminKey adminId)
pure $ if length res > 0 then (True, False) else (False, False) pure $ if length res > 0 then (True, False) else (False, False)
else pure (True, True) else pure (True, True)
checkAdminAuth :: PkgId -> Handler (Bool, Text)
checkAdminAuth pkgId = do
maybeAuthId >>= \case
Nothing -> do
$logError
"Impossible: an unauthenticated user has accessed an authenticated endpoint."
pure (False, "")
Just name -> do
(authorized, _) <- checkAdminAllowedPkgs pkgId name
pure (authorized, name)