Medzik
/
HomeDisk
mirror of https://github.com/MedzikUser/HomeDisk.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

refactor: rewrite

Browse Source
pull/73/head
MedzikUser 9 months ago
parent eef5cd8e02
commit 4dd9013521
No known key found for this signature in database
GPG Key ID: A5FAC1E185C112DB
69 changed files with 1321 additions and 2123 deletions
Show Stats Download Patch File Download Diff File

577
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

48
Cargo.toml
Unescape Escape View File

@ -1,8 +1,40 @@
[workspace]
members = [
"core",
"database",
"server",
"types",
]
resolver = "2"
[package]
name = "homedisk"
authors = ["MedzikUser <medzik@duck.com>"]
homepage = "https://github.com/HomeDisk/cloud"
repository = "https://github.com/HomeDisk/cloud"
license = "GPL-3.0-or-later"
version = "0.0.0-dev"
edition = "2021"
[dependencies]
# Types
serde = { version = "1.0", features = ["derive"] }
# Errors
anyhow = "1.0"
thiserror = "1.0"
# Logger
tracing = { version = "0.1", features = ["max_level_debug", "release_max_level_info", "log"] }
tracing-subscriber = "0.3"
# Backtrace in panic hook
backtrace = "0.3"
# Tokio runtime
tokio = { version = "1.20", features = ["rt-multi-thread", "macros"] }
# Database
futures-util = "0.3"
sqlx = { version = "0.6", features = ["runtime-tokio-rustls", "sqlite"] }
uuid = { version = "1.1", features = ["v4"] }
# Cryptographic
crypto-utils = "0.4"
hex = "0.4"
# Config
toml = "0.5"
# HTTP server
axum = { version = "0.6.0-rc.2", features = ["http2", "multipart"] }
byte-unit = "4.0.14"

22
core/Cargo.toml
Unescape Escape View File

@ -1,22 +0,0 @@
[package]
name = "homedisk"
authors = ["MedzikUser <medzik@duck.com>"]
homepage = "https://github.com/HomeDisk/cloud"
repository = "https://github.com/HomeDisk/cloud"
license = "GPL-3.0-or-later"
version = "0.0.0"
edition = "2021"
[[bin]]
name = "homedisk"
path = "./src/main.rs"
[dependencies]
anyhow = "1.0.62"
better-panic = "0.3.0"
tracing-subscriber = "0.3.15"
tracing = { version = "0.1.36", features = ["max_level_debug", "release_max_level_info"] }
tokio = { version = "1.20.1", features = ["rt-multi-thread", "macros"] }
homedisk-database = { path = "../database" }
homedisk-server = { path = "../server" }
homedisk-types = { path = "../types", features = ["config"] }

36
core/src/lib.rs
Unescape Escape View File

@ -1,36 +0,0 @@
//! # HomeDisk cloud server
//!
//! [github]: https://img.shields.io/badge/github-8da0cb?style=for-the-badge&labelColor=555555&logo=github
//! [docs-rs]: https://img.shields.io/badge/docs.rs-66c2a5?style=for-the-badge&labelColor=555555&logo=docs.rs
//! [total-lines]: https://img.shields.io/tokei/lines/github/MedzikUser/HomeDisk?style=for-the-badge&logo=github&color=fede00
//! [code-size]: https://img.shields.io/github/languages/code-size/MedzikUser/HomeDisk?style=for-the-badge&color=c8df52&logo=github
//! [ci]: https://img.shields.io/github/workflow/status/MedzikUser/HomeDisk/Rust/main?style=for-the-badge
//!
//! [home-screenshot]: https://i.imgur.com/x4Glw7w.png
//! [login-screenshot]: https://i.imgur.com/KpwY4nb.png
//!
//! [![github]](https://github.com/MedzikUser/HomeDisk)
//! [![docs-rs]](https://homedisk-doc.vercel.app)
//! [![total-lines]](https://github.com/MedzikUser/HomeDisk)
//! [![code-size]](https://github.com/MedzikUser/HomeDisk)
//! [![ci]](https://github.com/MedzikUser/HomeDisk/actions/workflows/rust.yml)
//!
//! ![home-screenshot]
//! ![login-screenshot]
//!
//! ## 👨‍💻 Building
//!
//! First clone the repository: `git clone https://github.com/MedzikUser/HomeDisk.git`
//!
//! ### Requirements
//! - [Rust](https://rust-lang.org)
//!
//! To build run the command: `cargo build --release`
//!
//! The compiled binary can be found in `./target/release/homedisk`
//!
//! ## Configure
//!
//! Go to [config](homedisk_types::config) module
#![doc(html_root_url = "https://homedisk-doc.medzik.xyz")]

17
core/src/logger.rs
Unescape Escape View File

@ -1,17 +0,0 @@
use tracing::level_filters::LevelFilter;
// Max Logger Level on debug build
#[cfg(debug_assertions)]
const MAX_LEVEL: LevelFilter = LevelFilter::DEBUG;
// Max Logger Level on release build
#[cfg(not(debug_assertions))]
const MAX_LEVEL: LevelFilter = LevelFilter::INFO;
pub fn init() {
// initialize better_panic
better_panic::install();
// initialize tracing
tracing_subscriber::fmt().with_max_level(MAX_LEVEL).init();
}

65
core/src/main.rs
Unescape Escape View File

@ -1,65 +0,0 @@
use std::{fs::File, path::Path};
use homedisk_database::Database;
use homedisk_server::serve_http;
use homedisk_types::config::Config;
use tracing::{info, warn};
mod logger;
pub const DATABASE_FILE: &str = "homedisk.db";
#[tokio::main]
async fn main() {
logger::init();
let config = Config::parse().expect("Failed to parse configuration file");
// open database connection
let db =
// if database file doesn't exists create it
if !Path::new(DATABASE_FILE).exists() {
warn!("Database file doesn't exists.");
info!("Creating database file...");
// create an empty database file
File::create(DATABASE_FILE).expect("Failed to create a database file");
// open database file
let db = Database::open(DATABASE_FILE)
.await
.expect("Failed to open database file");
// create tables in the database
db.create_tables()
.await
.expect("Failed to create tables in the database");
db
}
// if database file exists
else {
Database::open(DATABASE_FILE)
.await
.expect("Failed to open database file")
};
// change the type from Vec<String> to Vec<HeaderValue> so that the http server can correctly detect CORS hosts
let origins = config
.http
.cors
.iter()
.map(|e| e.parse().expect("parse CORS hosts"))
.collect();
// format host ip and port
let host = format!(
"{host}:{port}",
host = config.http.host,
port = config.http.port
);
serve_http(host, origins, db, config)
.await
.expect("start http server");
}

14
database/Cargo.toml
Unescape Escape View File

@ -1,14 +0,0 @@
[package]
name = "homedisk-database"
version = "0.0.0"
edition = "2021"
[dependencies]
tracing = "0.1.36"
futures-util = "0.3.23"
sqlx = { version = "0.6.1", features = ["runtime-tokio-rustls", "sqlite"] }
uuid = { version = "1.1.2", features = ["v5"] }
homedisk-types = { path = "../types", features = ["database"] }
[dev-dependencies]
tokio = { version = "1.20.1", features = ["rt-multi-thread", "macros"] }

9
database/src/lib.rs
Unescape Escape View File

@ -1,9 +0,0 @@
#![doc(html_root_url = "https://homedisk-doc.medzik.xyz")]
mod sqlite;
pub use homedisk_types::{
database::User,
errors::{DatabaseError as Error, DatabaseResult as Result},
};
pub use sqlite::*;

286
database/src/sqlite.rs
Unescape Escape View File

@ -1,286 +0,0 @@
use std::str::FromStr;
use futures_util::TryStreamExt;
use sqlx::{
sqlite::{SqliteConnectOptions, SqliteQueryResult},
ConnectOptions, Executor, Row, SqlitePool,
};
use tracing::{debug, log::LevelFilter};
use super::{Error, Result, User};
/// SQL Database
#[derive(Debug, Clone)]
pub struct Database {
/// SQLite Connection Pool
pub conn: SqlitePool,
}
impl Database {
/// Open a SQLite database
/// ```no_run
/// # async fn foo() -> homedisk_database::Result<()> {
/// use homedisk_database::Database;
///
/// // open database in memory
/// Database::open("sqlite::memory:").await?;
///
/// // open database from file
/// Database::open("path/to/database.db").await?;
///
/// # Ok(()) }
/// ```
pub async fn open(path: &str) -> Result<Self> {
debug!("Opening SQLite database");
// sqlite connection options
let mut options = SqliteConnectOptions::from_str(path).map_err(Error::OpenDatabase)?;
// set log level to Debug
options.log_statements(LevelFilter::Debug);
// create a database pool
let conn = SqlitePool::connect_with(options)
.await
.map_err(Error::ConnectDatabase)?;
// return `Database`
Ok(Self { conn })
}
/// Create all required tabled for HomeDisk
/// ```
/// # async fn foo() -> homedisk_database::Result<()> {
/// # let db = homedisk_database::Database::open("sqlite::memory:").await?;
/// db.create_tables().await?;
///
/// # Ok(()) }
/// ```
pub async fn create_tables(&self) -> Result<SqliteQueryResult> {
let query = sqlx::query(include_str!("../../tables.sql"));
self.conn.execute(query).await.map_err(Error::Execute)
}
/// Create a new User
/// ```
/// # async fn foo() -> homedisk_database::Result<()> {
/// # let db = homedisk_database::Database::open("sqlite::memory:").await?;
/// # db.create_tables().await?;
/// use homedisk_database::User;
///
/// // create `User` type
/// let user = User::new("username", "password");
///
/// // create a user in database
/// db.create_user(&user).await?;
///
/// # Ok(()) }
/// ```
pub async fn create_user(&self, user: &User) -> Result<SqliteQueryResult> {
debug!("Creating user - {}", user.username);
// insert user to a database
let query = sqlx::query("INSERT INTO user (id, username, password) VALUES (?, ?, ?)")
.bind(&user.id)
.bind(&user.username)
.bind(&user.password);
// execute query and return output
self.conn.execute(query).await.map_err(Error::Execute)
}
/// Search for a user
/// ```
/// # async fn foo() -> homedisk_database::Result<()> {
/// # let db = homedisk_database::Database::open("sqlite::memory:").await?;
/// # db.create_tables().await?;
/// use homedisk_database::User;
///
/// // create `User` type
/// let user = User::new("username", "password");
///
/// # db.create_user(&user).await?;
/// db.find_user(&user).await?;
///
/// # Ok(()) }
/// ```
pub async fn find_user(&self, user: &User) -> Result<User> {
debug!("Searching for a user - {}", user.username);
// create query request to database
let query =
sqlx::query_as::<_, User>("SELECT * FROM user WHERE username = ? AND password = ?")
.bind(&user.username)
.bind(&user.password);
// fetch query
let mut stream = self.conn.fetch(query);
// get rows from query
let row = stream
.try_next()
.await
.map_err(Error::Execute)?
.ok_or(Error::UserNotFound)?;
// get `id` row
let id = row.try_get("id").map_err(Error::GetRow)?;
// get `username` row
let username = row.try_get("username").map_err(Error::GetRow)?;
// get `password` row
let password = row.try_get("password").map_err(Error::GetRow)?;
// return `User`
Ok(User {
id,
username,
password,
})
}
/// Search for a user by UUID
/// ```
/// # async fn foo() -> homedisk_database::Result<()> {
/// # let db = homedisk_database::Database::open("sqlite::memory:").await?;
/// # db.create_tables().await?;
/// use homedisk_database::User;
///
/// // create `User` type
/// let user = User::new("username", "password");
///
/// # db.create_user(&user).await?;
/// db.find_user_by_id(&user.id).await?;
///
/// # Ok(()) }
/// ```
pub async fn find_user_by_id(&self, id: &str) -> Result<User> {
debug!("Searching for a user by UUID - {}", id);
// create query request to database
let query = sqlx::query_as::<_, User>("SELECT * FROM user WHERE id = ?").bind(id);
// fetch query
let mut stream = self.conn.fetch(query);
// get rows from query
let row = stream
.try_next()
.await
.map_err(Error::Execute)?
.ok_or(Error::UserNotFound)?;
// get `id` row
let id = row.try_get("id").map_err(Error::GetRow)?;
// get `username` row
let username = row.try_get("username").map_err(Error::GetRow)?;
// get `password` row
let password = row.try_get("password").map_err(Error::GetRow)?;
// return `User`
Ok(User {
id,
username,
password,
})
}
}
#[cfg(test)]
mod tests {
use crate::{Database, User};
const USERNAME: &str = "medzik";
const PASSWORD: &str = "SuperSecretPassword123!";
/// Utils to open database in tests
async fn open_db() -> Database {
Database::open("sqlite::memory:").await.expect("open db")
}
/// Utils to create a new user in tests
async fn new_user(db: &Database) {
// create tables
db.create_tables().await.expect("create tables");
// create new user
let user = User::new(USERNAME, PASSWORD);
db.create_user(&user).await.expect("create user");
}
/// Test a create user
#[tokio::test]
async fn create_user() {
let db = open_db().await;
new_user(&db).await;
}
// Test a search for a user
#[tokio::test]
async fn find_user() {
let db = open_db().await;
new_user(&db).await;
let user = User::new(USERNAME, PASSWORD);
let user = db.find_user(&user).await.unwrap();
assert_eq!(user.username, USERNAME)
}
// Test a search for a user by id
#[tokio::test]
async fn find_user_by_id() {
let db = open_db().await;
new_user(&db).await;
let user = User::new(USERNAME, PASSWORD);
let user = db.find_user_by_id(&user.id).await.unwrap();
assert_eq!(user.username, USERNAME)
}
/// Test a search for a user with an invalid password to see if the user is returned (it shouldn't be)
#[tokio::test]
async fn find_user_wrong_password() {
let db = open_db().await;
new_user(&db).await;
let user = User::new(USERNAME, "wrong password 123!");
let err = db.find_user(&user).await.unwrap_err();
assert_eq!(err.to_string(), "user not found")
}
/// Test a search for a user who doesn't exist
#[tokio::test]
async fn find_user_wrong_username() {
let db = open_db().await;
new_user(&db).await;
let user = User::new("not_exists_user", PASSWORD);
let err = db.find_user(&user).await.unwrap_err();
assert_eq!(err.to_string(), "user not found")
}
/// Test a search for a user by UUID who doesn't exist
#[tokio::test]
async fn find_user_wrong_id() {
let db = open_db().await;
new_user(&db).await;
let other_user = User::new("not_exists_user", "my secret passphrase");
let err = db.find_user_by_id(&other_user.id).await.unwrap_err();
assert_eq!(err.to_string(), "user not found")
}
}

2
renovate.json
Unescape Escape View File

@ -22,4 +22,4 @@
"automerge": true
}
]
}
}

19
server/Cargo.toml
Unescape Escape View File

@ -1,19 +0,0 @@
[package]
name = "homedisk-server"
version = "0.0.0"
edition = "2021"
[dependencies]
axum = { version = "0.5.15", features = ["multipart"] }
axum-auth = "0.3.0"
base64 = "0.13.0"
byte-unit = "4.0.14"
futures = "0.3.23"
hyper = { version = "0.14.20", features = ["full"] }
log = "0.4.17"
crypto-utils = { version = "0.4.0", features = ["jwt"] }
serde = { version = "1.0.144", features = ["derive"] }
thiserror = "1.0.32"
tower-http = { version = "0.3.4", features = ["full"] }
homedisk-database = { path = "../database" }
homedisk-types = { path = "../types", features = ["axum"] }

46
server/src/auth/login.rs
Unescape Escape View File

@ -1,46 +0,0 @@
use axum::{extract::rejection::JsonRejection, Extension, Json};
use homedisk_database::{Database, Error, User};
use homedisk_types::{
auth::login::{Request, Response},
config::Config,
errors::{AuthError, ServerError},
};
use crate::middleware::{create_token, validate_json};
pub async fn handle(
Extension(db): Extension<Database>,
Extension(config): Extension<Config>,
request: Result<Json<Request>, JsonRejection>,
) -> Result<Json<Response>, ServerError> {
// validate json request
let request = validate_json(request)?;
// create `User` type
let user = User::new(&request.username, &request.password);
// search for a user in database
let response = match db.find_user(&user).await {
Ok(user) => {
// create user token
let token = create_token(&user, config.jwt.secret.as_bytes(), config.jwt.expires)?;
Response {
access_token: token,
}
},
// error while searching for a user
Err(err) => {
return match err {
// user not found
Error::UserNotFound => Err(ServerError::AuthError(AuthError::UserNotFound)),
// other error
_ => Err(ServerError::AuthError(AuthError::Other(err.to_string()))),
};
},
};
// send response
Ok(Json(response))
}

12
server/src/auth/mod.rs
Unescape Escape View File

@ -1,12 +0,0 @@
mod login;
mod register;
mod whoami;
pub fn app() -> axum::Router {
use axum::routing::{get, post};
axum::Router::new()
.route("/login", post(login::handle))
.route("/register", post(register::handle))
.route("/whoami", get(whoami::handle))
}

67
server/src/auth/register.rs
Unescape Escape View File

@ -1,67 +0,0 @@
use std::fs;
use axum::{extract::rejection::JsonRejection, Extension, Json};
use homedisk_database::{Database, User};
use homedisk_types::{
auth::login::{Request, Response},
config::Config,
errors::{AuthError, FsError, ServerError},
};
use crate::middleware::{create_token, validate_json};
pub async fn handle(
Extension(db): Extension<Database>,
Extension(config): Extension<Config>,
request: Result<Json<Request>, JsonRejection>,
) -> Result<Json<Response>, ServerError> {
// validate json request
let request = validate_json(request)?;
// username must contain at least 4 characters
if request.username.len() < 4 {
return Err(ServerError::AuthError(AuthError::UsernameTooShort));
}
// username must be less than 25 characters
if request.username.len() > 25 {
return Err(ServerError::AuthError(AuthError::UsernameTooLong));
}
// password must contain at least 8 characters
if request.password.len() < 8 {
return Err(ServerError::AuthError(AuthError::PasswordTooShort));
}
// create `User` type and hash password
let user = User::new(&request.username, &request.password);
// create user in the database
let response = match db.create_user(&user).await {
Ok(_result) => {
let token = create_token(&user, config.jwt.secret.as_bytes(), config.jwt.expires)?;
Response {
access_token: token,
}
},
// error while searching for a user
Err(err) => {
// user already exists
if err.to_string().contains("UNIQUE constraint failed") {
return Err(ServerError::AuthError(AuthError::UserAlreadyExists));
}
// other error
return Err(ServerError::AuthError(AuthError::Other(err.to_string())));
},
};
// create directory for the user files
fs::create_dir_all(&format!("{}/{}", config.storage.path, user.username,))
.map_err(|e| ServerError::FsError(FsError::CreateDirectory(e.to_string())))?;
// send response
Ok(Json(response))
}

37
server/src/auth/whoami.rs
Unescape Escape View File

@ -1,37 +0,0 @@
use axum::{Extension, Json};
use axum_auth::AuthBearer;
use homedisk_database::{Database, Error};
use homedisk_types::{
auth::whoami::Response,
config::Config,
errors::{AuthError, ServerError},
};
use crate::middleware::validate_jwt;
pub async fn handle(
db: Extension<Database>,
config: Extension<Config>,
AuthBearer(token): AuthBearer,
) -> Result<Json<Response>, ServerError> {
// validate user token
let token = validate_jwt(config.jwt.secret.as_bytes(), &token)?;
// search for a user in database
let response = match db.find_user_by_id(&token.claims.sub).await {
Ok(user) => Response {
username: user.username,
},
// error while searching for a user
Err(err) => match err {
// user not found
Error::UserNotFound => return Err(ServerError::AuthError(AuthError::UserNotFound)),
// other error
_ => return Err(ServerError::AuthError(AuthError::Other(err.to_string()))),
},
};
// send response
Ok(Json(response))
}

34
server/src/error.rs
Unescape Escape View File

@ -1,34 +0,0 @@
// HTTP Error
#[derive(Debug, thiserror::Error)]
pub enum Error {
// axum::Error
#[error("axum error - {0}")]
Axum(axum::Error),
// hyper::Error
#[error("hyper error - {0}")]
Hyper(hyper::Error),
// std::net::AddrParseError
#[error("std::net::AddrParseError - {0}")]
AddrParseError(std::net::AddrParseError),
}
/// Custom Result
pub type Result<T> = std::result::Result<T, Error>;
impl From<axum::Error> for Error {
fn from(err: axum::Error) -> Self {
Error::Axum(err)
}
}
impl From<hyper::Error> for Error {
fn from(err: hyper::Error) -> Self {
Error::Hyper(err)
}
}
impl From<std::net::AddrParseError> for Error {
fn from(err: std::net::AddrParseError) -> Self {
Error::AddrParseError(err)
}
}

45
server/src/fs/create_dir.rs
Unescape Escape View File

@ -1,45 +0,0 @@
use std::fs;
use axum::{extract::rejection::JsonRejection, Extension, Json};
use axum_auth::AuthBearer;
use homedisk_database::Database;
use homedisk_types::{
config::Config,
errors::{FsError, ServerError},
fs::create_dir::Request,
};
use crate::middleware::{find_user, validate_json, validate_jwt, validate_path};
pub async fn handle(
Extension(db): Extension<Database>,
Extension(config): Extension<Config>,
AuthBearer(token): AuthBearer,
request: Result<Json<Request>, JsonRejection>,
) -> Result<(), ServerError> {
// validate json request
let Json(request) = validate_json(request)?;
// validate user token
let token = validate_jwt(config.jwt.secret.as_bytes(), &token)?;
// validate the `path` can be used
validate_path(&request.path)?;
// search for a user by UUID from a token
let user = find_user(&db, &token.claims.sub).await?;
// directory where the file will be placed
let path = format!(
"{user_dir}/{req_dir}",
user_dir = user.user_dir(&config.storage.path),
req_dir = request.path
);
// create directories
fs::create_dir_all(path)
.map_err(|err| ServerError::FsError(FsError::CreateDirectory(err.to_string())))?;
// send an empty response
Ok(())
}

55
server/src/fs/delete.rs
Unescape Escape View File

@ -1,55 +0,0 @@
use std::{fs, path::Path};
use axum::{extract::Query, Extension};
use axum_auth::AuthBearer;
use homedisk_database::Database;
use homedisk_types::{
config::Config,
errors::{FsError, ServerError},
fs::delete::Request,
};
use crate::middleware::{find_user, validate_jwt, validate_path};
pub async fn handle(
Extension(db): Extension<Database>,
Extension(config): Extension<Config>,
AuthBearer(token): AuthBearer,
query: Query<Request>,
) -> Result<(), ServerError> {
// validate user token
let token = validate_jwt(config.jwt.secret.as_bytes(), &token)?;
// validate the `path` can be used
validate_path(&query.path)?;
// search for a user by UUID from a token
let user = find_user(&db, &token.claims.sub).await?;
// path to the file
let path = format!(
"{user_dir}/{request_path}",
user_dir = user.user_dir(&config.storage.path),
request_path = query.path
);
let path = Path::new(&path);
// if file does not exist return error
if !path.exists() {
return Err(ServerError::FsError(FsError::FileDoesNotExist));
}
// delete file
if path.is_file() {
fs::remove_file(&path)
.map_err(|err| ServerError::FsError(FsError::DeleteFile(err.to_string())))?;
}
// delete directory
else if path.is_dir() {
fs::remove_dir(&path)
.map_err(|err| ServerError::FsError(FsError::DeleteDirectory(err.to_string())))?;
}
// send an empty response
Ok(())
}

42
server/src/fs/download.rs
Unescape Escape View File

@ -1,42 +0,0 @@
use std::fs;
use axum::{extract::Query, Extension};
use axum_auth::AuthBearer;
use homedisk_database::Database;
use homedisk_types::{
config::Config,
errors::{FsError, ServerError},
fs::upload::Pagination,
};
use crate::middleware::{find_user, validate_jwt, validate_path};
pub async fn handle(
Extension(db): Extension<Database>,
Extension(config): Extension<Config>,
AuthBearer(token): AuthBearer,
query: Query<Pagination>,
) -> Result<Vec<u8>, ServerError> {
// validate user token
let token = validate_jwt(config.jwt.secret.as_bytes(), &token)?;
// validate the `path` can be used
validate_path(&query.path)?;
// search for a user by UUID from a token
let user = find_user(&db, &token.claims.sub).await?;
// directory where the file will be placed
let path = format!(
"{user_dir}/{req_dir}",
user_dir = user.user_dir(&config.storage.path),
req_dir = query.path
);
// read file content
let content =
fs::read(path).map_err(|err| ServerError::FsError(FsError::ReadFile(err.to_string())))?;
// send file content in response
Ok(content)
}

112
server/src/fs/list.rs
Unescape Escape View File

@ -1,112 +0,0 @@
use std::{fs, io, path::PathBuf, time::SystemTime};
use axum::{extract::rejection::JsonRejection, Extension, Json};
use axum_auth::AuthBearer;
use byte_unit::Byte;
use homedisk_database::Database;
use homedisk_types::{
config::Config,
errors::{FsError, ServerError},
fs::list::{DirInfo, FileInfo, Request, Response},
};
use crate::middleware::{find_user, validate_json, validate_jwt, validate_path};
/// Get directory size on disk (size of all files in directory).
fn dir_size(path: impl Into<PathBuf>) -> io::Result<u64> {
fn dir_size(mut dir: fs::ReadDir) -> io::Result<u64> {
dir.try_fold(0, |acc, file| {
let file = file?;
let size = match file.metadata()? {
data if data.is_dir() => dir_size(fs::read_dir(file.path())?)?,
data => data.len(),
};
Ok(acc + size)
})
}
dir_size(fs::read_dir(path.into())?)
}
pub async fn handle(
Extension(db): Extension<Database>,
Extension(config): Extension<Config>,
AuthBearer(token): AuthBearer,
request: Result<Json<Request>, JsonRejection>,
) -> Result<Json<Response>, ServerError> {
// validate json request
let Json(request) = validate_json::<Request>(request)?;
// validate user token
let token = validate_jwt(config.jwt.secret.as_bytes(), &token)?;
// validate the `path` can be used
validate_path(&request.path)?;
// search for a user by UUID from a token
let user = find_user(&db, &token.claims.sub).await?;
// directory where the file will be placed
let path = format!(
"{user_dir}/{req_dir}",
user_dir = user.user_dir(&config.storage.path),
req_dir = request.path
);
// get paths from dir
let paths = fs::read_dir(&path)
.map_err(|err| ServerError::FsError(FsError::ReadDirectory(err.to_string())))?;
let mut files = vec![];
let mut dirs = vec![];
for f in paths {
// handle Error
let f = f.map_err(|err| ServerError::FsError(FsError::Other(err.to_string())))?;
// get path metadata
let metadata = f
.metadata()
.map_err(|err| ServerError::FsError(FsError::Other(err.to_string())))?;
// get name of the path
let name = f.path().display().to_string().replace(&path, "");
// if path is directory
if metadata.is_dir() {
let size = Byte::from_bytes(
dir_size(f.path().display().to_string())
.map_err(|err| ServerError::FsError(FsError::Other(err.to_string())))?
.into(),
)
.get_appropriate_unit(true)
.to_string();
dirs.push(DirInfo { name, size })
}
// if path is file
else {
// get file size in bytes
let size = Byte::from_bytes(metadata.len().into())
.get_appropriate_unit(true)
.to_string();
// get modification time in unix time format
let modified = metadata
.modified()
.unwrap()
.duration_since(SystemTime::UNIX_EPOCH)
.unwrap()
.as_secs();
files.push(FileInfo {
name,
size,
modified,
})
}
}
// send response
Ok(Json(Response { files, dirs }))
}

16
server/src/fs/mod.rs
Unescape Escape View File

@ -1,16 +0,0 @@
mod create_dir;
mod delete;
mod download;
mod list;
mod upload;
pub fn app() -> axum::Router {
use axum::routing::{delete, get, post};
axum::Router::new()
.route("/list", post(list::handle))
.route("/upload", post(upload::handle))
.route("/delete", delete(delete::handle))
.route("/download", get(download::handle))
.route("/createdir", post(create_dir::handle))
}

79
server/src/fs/upload.rs
Unescape Escape View File

@ -1,79 +0,0 @@
use std::{fs, io::Write, path::Path};
use axum::{
extract::{Multipart, Query},
Extension,
};
use axum_auth::AuthBearer;
use futures::TryStreamExt;
use homedisk_database::Database;
use homedisk_types::{
config::Config,
errors::{FsError, ServerError},
fs::upload::Pagination,
};
use crate::middleware::{find_user, validate_jwt, validate_path};
pub async fn handle(
Extension(db): Extension<Database>,
Extension(config): Extension<Config>,
AuthBearer(token): AuthBearer,
mut multipart: Multipart,
query: Query<Pagination>,
) -> Result<(), ServerError> {
// validate user token
let token = validate_jwt(config.jwt.secret.as_bytes(), &token)?;
// validate the `path` can be used
validate_path(&query.path)?;
// search for a user by UUID from a token
let user = find_user(&db, &token.claims.sub).await?;
// path to the file
let file_path = format!(
"{user_dir}/{request_path}",
user_dir = user.user_dir(&config.storage.path),
request_path = query.path
);
let file_path = Path::new(&file_path);
// check if the file currently exists to avoid overwriting it
if file_path.exists() {
return Err(ServerError::FsError(FsError::FileAlreadyExists));
}
// create a directory where the file will be placed
// e.g. path ==> `/secret/files/images/screenshot.png`
// directories up to `{storage dir}/{username}/secret/files/images/` will be created
if let Some(prefix) = file_path.parent() {
fs::create_dir_all(&prefix)
.map_err(|err| ServerError::FsError(FsError::CreateFile(err.to_string())))?
}
// get multipart field
let field = multipart
.next_field()
.await
.map_err(|_| ServerError::FsError(FsError::MultipartError))?
.ok_or(ServerError::FsError(FsError::MultipartError))?;
// create file
let file = std::fs::File::create(&file_path)
.map_err(|err| ServerError::FsError(FsError::CreateFile(err.to_string())))?;
// write file (chunk by chunk)
field
.try_fold((file, 0u64), |(mut file, written_len), bytes| async move {
file.write_all(bytes.as_ref())
.expect("failed to write chunk to file");
Ok((file, written_len + bytes.len() as u64))
})
.await
.map_err(|err| ServerError::FsError(FsError::WriteFile(err.to_string())))?;
// send an empty response
Ok(())
}

44
server/src/lib.rs
Unescape Escape View File

@ -1,44 +0,0 @@
#![doc(html_root_url = "https://homedisk-doc.medzik.xyz")]
mod auth;
mod error;
mod fs;
mod middleware;
use axum::{http::HeaderValue, routing::get, Extension, Router, Server};
use homedisk_database::Database;
use homedisk_types::config::Config;
use log::{debug, info};
use tower_http::cors::{AllowOrigin, CorsLayer};
/// Handle `/health-check` requests
async fn health_check() -> &'static str {
"I'm alive!"
}
/// Start HTTP server
pub async fn serve_http(
host: String,
origins: Vec<HeaderValue>,
db: Database,
config: Config,
) -> error::Result<()> {
debug!("Starting http server");
info!("Website available at: http://{host}");
// create http Router
let app = Router::new()
.route("/health-check", get(health_check))
.nest("/api/auth", auth::app())
.nest("/api/fs", fs::app())
.layer(CorsLayer::new().allow_origin(AllowOrigin::list(origins)))
.layer(Extension(db))
.layer(Extension(config));
// bind the provided address and serve Router
Server::bind(&host.parse()?)
.serve(app.into_make_service())
.await?;
Ok(())
}

46
server/src/middleware/auth.rs
Unescape Escape View File

@ -1,46 +0,0 @@
use crypto_utils::jsonwebtoken::{Token, TokenData};
use homedisk_types::errors::{AuthError, ServerError};
/// Validate user token
pub fn validate_jwt(secret: &[u8], token: &str) -> Result<TokenData, ServerError> {
match Token::decode(secret, token.to_string()) {
// if success return claims
Ok(claims) => Ok(claims),
// invalid token
Err(_) => Err(ServerError::AuthError(AuthError::InvalidToken)),
}
}
#[cfg(test)]
mod tests {
use homedisk_database::User;
use super::validate_jwt;
use crate::middleware::create_token;
const USERNAME: &str = "username";
const PASSWORD: &str = "password";
const SECRET: &[u8] = b"secret";
const INVALID_SECRET: &[u8] = b"invalid secret";
/// Test a token validation
#[test]
fn validate_token() {
let user = User::new(USERNAME, PASSWORD);
let token = create_token(&user, SECRET, 1).unwrap();
validate_jwt(SECRET, &token).unwrap();
}
/// Test a token validation (invalid secret)
#[test]
fn validate_token_invalid_secret() {
let user = User::new(USERNAME, PASSWORD);
let token = create_token(&user, SECRET, 1).unwrap();
validate_jwt(INVALID_SECRET, &token).unwrap_err();
}
}

49
server/src/middleware/jwt.rs
Unescape Escape View File

@ -1,49 +0,0 @@
use crypto_utils::jsonwebtoken::{Claims, Token};
use homedisk_database::{Database, User};
use homedisk_types::errors::{AuthError, ServerError};
/// Create user token
pub fn create_token(user: &User, secret: &[u8], expires: i64) -> Result<String, ServerError> {
let token = Token::new(secret, Claims::new(&user.id, expires))
.map_err(|_| ServerError::AuthError(AuthError::TokenGenerate))?;
Ok(token.encoded)
}
/// Search for a user
pub async fn find_user(db: &Database, user_id: &str) -> Result<User, ServerError> {
match db.find_user_by_id(user_id).await {
// if success return user
Ok(user) => Ok(user),
// errors
Err(err) => match err {
// user not found
homedisk_database::Error::UserNotFound => {
Err(ServerError::AuthError(AuthError::UserNotFound))
},
// other error
_ => Err(ServerError::AuthError(AuthError::Other(err.to_string()))),
},
}
}
#[cfg(test)]
mod tests {
use homedisk_database::User;
use super::create_token;
const SECRET: &[u8] = b"secret";
const USERNAME: &str = "username";
const PASSWORD: &str = "password";
/// Test a token creation
#[test]
fn test_create_token() {
let secret = SECRET;
let user = User::new(USERNAME, PASSWORD);
create_token(&user, secret, 1).unwrap();
}
}

9
server/src/middleware/mod.rs
Unescape Escape View File

@ -1,9 +0,0 @@
mod auth;
mod jwt;
mod validate_json;
mod validate_path;
pub use auth::*;
pub use jwt::*;
pub use validate_json::*;
pub use validate_path::*;

20
server/src/middleware/validate_json.rs
Unescape Escape View File

@ -1,20 +0,0 @@
use axum::{extract::rejection::JsonRejection, Json};
use homedisk_types::errors::ServerError;
/// Validate json request
pub fn validate_json<T>(payload: Result<Json<T>, JsonRejection>) -> Result<Json<T>, ServerError> {
match payload {
// if success return payload
Ok(payload) => Ok(payload),
// mission json in Content-Type Header
Err(JsonRejection::MissingJsonContentType(_)) => Err(ServerError::InvalidContentType),
// failed to deserialize json
Err(JsonRejection::JsonDataError(_)) => Err(ServerError::JsonDataError),
// syntax error in json
Err(JsonRejection::JsonSyntaxError(_)) => Err(ServerError::JsonSyntaxError),
// failed to extract the request body
Err(JsonRejection::BytesRejection(_)) => Err(ServerError::BytesRejection),
// other error
Err(err) => Err(ServerError::Other(err.to_string())),
}
}

40
server/src/middleware/validate_path.rs
Unescape Escape View File

@ -1,40 +0,0 @@
use homedisk_types::errors::{FsError, ServerError};
/// Validate path param provided in the request
pub fn validate_path(path: &str) -> Result<(), ServerError> {
// `path` can't contain `..`
// to prevent attack attempts because by using a `..` you can access the previous folder
if path.contains("..") {
return Err(ServerError::FsError(FsError::ReadDirectory(
"the `path` can't contain `..`".to_string(),
)));
}
// `path` can't contain `~`
// to prevent attack attempts because `~` can get up a directory on `$HOME`
if path.contains('~') {
return Err(ServerError::FsError(FsError::ReadDirectory(
"the `path` can't not contain `~`".to_string(),
)));
}
Ok(())
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_validate_path() {
// Successfully
assert!(validate_path("Directory/path/to/test.png").is_ok());
assert!(validate_path("/test.png").is_ok()); // `/` doesn't point to the system root
assert!(validate_path("./test.png").is_ok());
// Errors
assert!(validate_path("../../test.png").is_err());
assert!(validate_path("../test.png").is_err());
assert!(validate_path("~/test.png").is_err());
}
}

2
types/src/errors/database.rs → src/database/error.rs
Unescape Escape View File

@ -11,6 +11,8 @@ pub enum Error {
ConnectDatabase(sqlx::Error),
#[error("failed to get row: {0}")]
GetRow(sqlx::Error),
#[error("failed to create all required tables: {0}")]
CreateTables(sqlx::Error),
#[error("failed to execute the query: {0}")]
Execute(sqlx::Error),
}

8
src/database/mod.rs
Unescape Escape View File

@ -0,0 +1,8 @@
//! [SQLite database functions](sqlite::Database).
pub mod error;
mod sqlite;
mod user;
pub use sqlite::*;
pub use user::*;

174
src/database/sqlite.rs
Unescape Escape View File

@ -0,0 +1,174 @@
use std::str::FromStr;
use futures_util::TryStreamExt;
use sqlx::{
sqlite::{SqliteConnectOptions, SqliteQueryResult, SqliteRow},
ConnectOptions, Executor, Row, SqlitePool,
};
use tracing::{debug, info, log::LevelFilter};
use super::{
error::{Error, Result},
User,
};
/// SQLite database
#[derive(Clone)]
pub struct Database {
/// Sqlite connection pool
pub pool: SqlitePool,
}
// TODO: Check UUID
impl Database {
/// Open a SQLite database
pub async fn open(path: &str) -> Result<Self> {
debug!("Opening SQLite database: {}", path);
// sqlite connection options
let mut options = SqliteConnectOptions::from_str(path).map_err(Error::OpenDatabase)?;
// set log level to Debug
options.log_statements(LevelFilter::Debug);
// create a database pool
let pool = SqlitePool::connect_with(options)
.await
.map_err(Error::ConnectDatabase)?;
info!("Connected to database!");
Ok(Self { pool })
}
/// Create all required tables for HomeDisk.
pub async fn create_tables(&self) -> Result<SqliteQueryResult> {
self.pool
.execute(include_str!("../../tables.sql"))
.await
.map_err(Error::CreateTables)
}
/// Create new user in the database.
pub async fn create_user(&self, user: &User) -> Result<SqliteQueryResult> {
debug!("Creating user - {}", user.username);
// build sql query
let query = sqlx::query("INSERT INTO user (id, username, password) VALUES (?, ?, ?)")
.bind(&user.id)
.bind(&user.username)
.bind(&user.password);
self.pool.execute(query).await.map_err(Error::Execute)
}
/// Search for a user.
pub async fn find_user(&self, user: &User) -> Result<User> {
debug!("Searching for a user - {}", user.username);
// create query request to database
let query = sqlx::query("SELECT * FROM user WHERE username = ? AND password = ?")
.bind(&user.username