feat: user avatar as public asset
This commit is contained in:
parent
f98a102854
commit
4763915812
17 changed files with 172 additions and 21 deletions
8
Cargo.lock
generated
8
Cargo.lock
generated
|
@ -879,6 +879,12 @@ version = "0.4.3"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
|
checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "hex-literal"
|
||||||
|
version = "0.4.1"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "6fe2267d4ed49bc07b63801559be28c718ea06c4738b7a03c94df7386d2cde46"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "hkdf"
|
name = "hkdf"
|
||||||
version = "0.12.4"
|
version = "0.12.4"
|
||||||
|
@ -1256,9 +1262,11 @@ dependencies = [
|
||||||
"dotenvy",
|
"dotenvy",
|
||||||
"env_logger",
|
"env_logger",
|
||||||
"fully_pub",
|
"fully_pub",
|
||||||
|
"hex-literal",
|
||||||
"log",
|
"log",
|
||||||
"serde",
|
"serde",
|
||||||
"serde_json",
|
"serde_json",
|
||||||
|
"sha2",
|
||||||
"sqlx",
|
"sqlx",
|
||||||
"strum",
|
"strum",
|
||||||
"strum_macros",
|
"strum_macros",
|
||||||
|
|
|
@ -23,6 +23,8 @@ strum_macros = "0.26"
|
||||||
uuid = { version = "1.8", features = ["serde", "v4"] }
|
uuid = { version = "1.8", features = ["serde", "v4"] }
|
||||||
dotenvy = "0.15.7"
|
dotenvy = "0.15.7"
|
||||||
url = "2.5.3"
|
url = "2.5.3"
|
||||||
|
sha2 = "0.10"
|
||||||
|
hex-literal = "0.4"
|
||||||
|
|
||||||
# CLI
|
# CLI
|
||||||
argh = "0.1"
|
argh = "0.1"
|
||||||
|
|
3
TODO.md
3
TODO.md
|
@ -47,3 +47,6 @@
|
||||||
|
|
||||||
- [x] UserWebGUI: activate account with token
|
- [x] UserWebGUI: activate account with token
|
||||||
|
|
||||||
|
- [X] basic docker setup
|
||||||
|
- [ ] make `docker stop` working (handle SIGTERM/SIGINT)
|
||||||
|
- [ ] implement docker secrets. https://docs.docker.com/engine/swarm/secrets/
|
||||||
|
|
2
justfile
2
justfile
|
@ -1,6 +1,6 @@
|
||||||
export RUST_BACKTRACE := "1"
|
export RUST_BACKTRACE := "1"
|
||||||
export RUST_LOG := "trace"
|
export RUST_LOG := "trace"
|
||||||
export CONTEXT_ARGS := "--config ./config.toml --database ./tmp/dbs/minauthator.db --static-assets ./assets"
|
export CONTEXT_ARGS := "--config config.toml --database tmp/dbs/minauthator.db --static-assets ./assets"
|
||||||
|
|
||||||
watch-server:
|
watch-server:
|
||||||
cargo-watch -x "run --bin minauthator-server -- $CONTEXT_ARGS"
|
cargo-watch -x "run --bin minauthator-server -- $CONTEXT_ARGS"
|
||||||
|
|
|
@ -2,3 +2,4 @@ pub mod index;
|
||||||
pub mod oauth2;
|
pub mod oauth2;
|
||||||
pub mod read_user;
|
pub mod read_user;
|
||||||
pub mod openid;
|
pub mod openid;
|
||||||
|
pub mod public_assets;
|
||||||
|
|
27
lib/http_server/src/controllers/api/public_assets.rs
Normal file
27
lib/http_server/src/controllers/api/public_assets.rs
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
use axum::{extract::{Path, State}, http::{header, HeaderMap, HeaderValue, StatusCode}, response::{Html, IntoResponse}};
|
||||||
|
use kernel::repositories::users::get_user_asset_by_id;
|
||||||
|
|
||||||
|
use crate::AppState;
|
||||||
|
|
||||||
|
pub async fn get_user_asset(
|
||||||
|
State(app_state): State<AppState>,
|
||||||
|
Path(asset_id): Path<String>
|
||||||
|
) -> impl IntoResponse {
|
||||||
|
let user_asset = match get_user_asset_by_id(&app_state.db, &asset_id).await {
|
||||||
|
Err(_) => {
|
||||||
|
return (
|
||||||
|
StatusCode::NOT_FOUND,
|
||||||
|
Html("Could not find user asset")
|
||||||
|
).into_response();
|
||||||
|
},
|
||||||
|
Ok(ua) => ua
|
||||||
|
};
|
||||||
|
|
||||||
|
let mut hm = HeaderMap::new();
|
||||||
|
hm.insert(
|
||||||
|
header::CONTENT_TYPE,
|
||||||
|
HeaderValue::from_str(&user_asset.mime_type).expect("Constructing header value.")
|
||||||
|
);
|
||||||
|
|
||||||
|
(hm, user_asset.content).into_response()
|
||||||
|
}
|
|
@ -1,7 +1,8 @@
|
||||||
|
use anyhow::Context;
|
||||||
use axum::{body::Bytes, extract::State, response::IntoResponse, Extension};
|
use axum::{body::Bytes, extract::State, response::IntoResponse, Extension};
|
||||||
use axum_typed_multipart::{FieldData, TryFromMultipart, TypedMultipart};
|
use axum_typed_multipart::{FieldData, TryFromMultipart, TypedMultipart};
|
||||||
use fully_pub::fully_pub;
|
use fully_pub::fully_pub;
|
||||||
use log::error;
|
use log::{error, info};
|
||||||
use minijinja::context;
|
use minijinja::context;
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
|
@ -9,7 +10,7 @@ use crate::{
|
||||||
renderer::TemplateRenderer,
|
renderer::TemplateRenderer,
|
||||||
AppState
|
AppState
|
||||||
};
|
};
|
||||||
use kernel::models::user::User;
|
use kernel::{models::{user::User, user_asset::UserAsset}, repositories::users::create_user_asset};
|
||||||
|
|
||||||
pub async fn me_page(
|
pub async fn me_page(
|
||||||
State(app_state): State<AppState>,
|
State(app_state): State<AppState>,
|
||||||
|
@ -61,7 +62,7 @@ struct UserDetailsUpdateForm {
|
||||||
website: String,
|
website: String,
|
||||||
|
|
||||||
#[form_data(limit = "5MiB")]
|
#[form_data(limit = "5MiB")]
|
||||||
picture: FieldData<Bytes>
|
avatar: FieldData<Bytes>
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -73,17 +74,41 @@ pub async fn me_perform_update_details(
|
||||||
) -> impl IntoResponse {
|
) -> impl IntoResponse {
|
||||||
let template_path = "pages/me/details-form";
|
let template_path = "pages/me/details-form";
|
||||||
|
|
||||||
let update_res = sqlx::query("UPDATE users SET handle = $2, email = $3, full_name = $4, website = $5, picture = $6 WHERE id = $1")
|
let user = sqlx::query_as::<_, User>("SELECT * FROM users WHERE id = $1")
|
||||||
|
.bind(&token_claims.sub)
|
||||||
|
.fetch_one(&app_state.db.0)
|
||||||
|
.await
|
||||||
|
.expect("To get user from claim");
|
||||||
|
|
||||||
|
let update_res = sqlx::query("UPDATE users SET handle = $2, email = $3, full_name = $4, website = $5 WHERE id = $1")
|
||||||
.bind(&token_claims.sub)
|
.bind(&token_claims.sub)
|
||||||
.bind(details_update.handle)
|
.bind(details_update.handle)
|
||||||
.bind(details_update.email)
|
.bind(details_update.email)
|
||||||
.bind(details_update.full_name)
|
.bind(details_update.full_name)
|
||||||
.bind(details_update.website)
|
.bind(details_update.website)
|
||||||
.bind(details_update.picture.contents.to_vec())
|
|
||||||
.execute(&app_state.db.0)
|
.execute(&app_state.db.0)
|
||||||
.await;
|
.await;
|
||||||
|
|
||||||
let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE id = $1")
|
if !details_update.avatar.contents.is_empty() {
|
||||||
|
let user_asset = UserAsset::new(
|
||||||
|
&user,
|
||||||
|
details_update.avatar.contents.to_vec(),
|
||||||
|
details_update.avatar.metadata.content_type.expect("Expected mimetype on avatar content"),
|
||||||
|
details_update.avatar.metadata.name
|
||||||
|
);
|
||||||
|
let _update_res = sqlx::query("UPDATE users SET avatar_asset_id = $2 WHERE id = $1")
|
||||||
|
.bind(&token_claims.sub)
|
||||||
|
.bind(user_asset.id.clone())
|
||||||
|
.execute(&app_state.db.0)
|
||||||
|
.await;
|
||||||
|
// TODO: handle possible error
|
||||||
|
let _ = create_user_asset(&app_state.db, user_asset)
|
||||||
|
.await
|
||||||
|
.context("Creating user avatar asset.");
|
||||||
|
info!("Uploaded new avatar as user asset");
|
||||||
|
}
|
||||||
|
|
||||||
|
let user = sqlx::query_as::<_, User>("SELECT * FROM users WHERE id = $1")
|
||||||
.bind(&token_claims.sub)
|
.bind(&token_claims.sub)
|
||||||
.fetch_one(&app_state.db.0)
|
.fetch_one(&app_state.db.0)
|
||||||
.await
|
.await
|
||||||
|
@ -95,7 +120,7 @@ pub async fn me_perform_update_details(
|
||||||
template_path,
|
template_path,
|
||||||
context!(
|
context!(
|
||||||
success => true,
|
success => true,
|
||||||
user => user_res
|
user => user
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
},
|
},
|
||||||
|
@ -105,7 +130,7 @@ pub async fn me_perform_update_details(
|
||||||
template_path,
|
template_path,
|
||||||
context!(
|
context!(
|
||||||
error => Some("Cannot update user details.".to_string()),
|
error => Some("Cannot update user details.".to_string()),
|
||||||
user => user_res
|
user => user
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,7 +46,7 @@ pub async fn perform_register(
|
||||||
email: Some(register.email),
|
email: Some(register.email),
|
||||||
handle: register.handle,
|
handle: register.handle,
|
||||||
full_name: None,
|
full_name: None,
|
||||||
picture: None,
|
avatar_asset_id: None,
|
||||||
|
|
||||||
password_hash,
|
password_hash,
|
||||||
status: UserStatus::Active,
|
status: UserStatus::Active,
|
||||||
|
|
|
@ -47,7 +47,8 @@ pub fn build_router(server_config: &ServerConfig, app_state: AppState) -> Router
|
||||||
let api_user_routes = Router::new()
|
let api_user_routes = Router::new()
|
||||||
.route("/api/user", get(api::read_user::read_user_basic))
|
.route("/api/user", get(api::read_user::read_user_basic))
|
||||||
.layer(middleware::from_fn_with_state(app_state.clone(), app_auth::enforce_jwt_auth_middleware))
|
.layer(middleware::from_fn_with_state(app_state.clone(), app_auth::enforce_jwt_auth_middleware))
|
||||||
.route("/api", get(api::index::get_index));
|
.route("/api", get(api::index::get_index))
|
||||||
|
.route("/api/user-assets/:asset_id", get(api::public_assets::get_user_asset));
|
||||||
|
|
||||||
let well_known_routes = Router::new()
|
let well_known_routes = Router::new()
|
||||||
.route("/.well-known/openid-configuration", get(api::openid::well_known::get_well_known_openid_configuration));
|
.route("/.well-known/openid-configuration", get(api::openid::well_known::get_well_known_openid_configuration));
|
||||||
|
|
|
@ -55,10 +55,9 @@
|
||||||
/>
|
/>
|
||||||
</div>
|
</div>
|
||||||
<div class="mb-3">
|
<div class="mb-3">
|
||||||
<label for="picture">Profile picture</label>
|
<label for="avatar">Profile picture</label>
|
||||||
<!-- for now, no JPEG -->
|
|
||||||
<input
|
<input
|
||||||
id="picture" name="picture"
|
id="avatar" name="avatar"
|
||||||
type="file"
|
type="file"
|
||||||
accept="image/gif, image/png, image/jpeg"
|
accept="image/gif, image/png, image/jpeg"
|
||||||
class="form-control"
|
class="form-control"
|
||||||
|
|
|
@ -5,9 +5,12 @@
|
||||||
<a href="/me/details-form">Update details.</a>
|
<a href="/me/details-form">Update details.</a>
|
||||||
<a href="/me/authorizations">Manage authorizations.</a>
|
<a href="/me/authorizations">Manage authorizations.</a>
|
||||||
|
|
||||||
<p>
|
{% if user.avatar_asset_id %}
|
||||||
{% if user.picture %}
|
<div class="my-3">
|
||||||
<img src="data:image/*;base64,{{ encode_b64str(user.picture) }}" style="width: 150px; height: 150px; object-fit: contain">
|
<img
|
||||||
|
src="http://localhost:8085/api/user-assets/{{ user.avatar_asset_id }}"
|
||||||
|
style="width: 150px; height: 150px; object-fit: contain">
|
||||||
|
</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
|
@ -18,6 +18,8 @@ chrono = { workspace = true }
|
||||||
toml = { workspace = true }
|
toml = { workspace = true }
|
||||||
sqlx = { workspace = true }
|
sqlx = { workspace = true }
|
||||||
dotenvy = { workspace = true }
|
dotenvy = { workspace = true }
|
||||||
|
sha2 = { workspace = true }
|
||||||
|
hex-literal = { workspace = true }
|
||||||
|
|
||||||
uuid = { workspace = true }
|
uuid = { workspace = true }
|
||||||
url = { workspace = true }
|
url = { workspace = true }
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
pub mod config;
|
pub mod config;
|
||||||
pub mod user;
|
pub mod user;
|
||||||
|
pub mod user_asset;
|
||||||
pub mod authorization;
|
pub mod authorization;
|
||||||
|
|
|
@ -23,7 +23,7 @@ struct User {
|
||||||
full_name: Option<String>,
|
full_name: Option<String>,
|
||||||
email: Option<String>,
|
email: Option<String>,
|
||||||
website: Option<String>,
|
website: Option<String>,
|
||||||
picture: Option<Vec<u8>>, // embeded blob to store profile pic
|
avatar_asset_id: Option<String>,
|
||||||
password_hash: Option<String>, // argon2 password hash
|
password_hash: Option<String>, // argon2 password hash
|
||||||
status: UserStatus,
|
status: UserStatus,
|
||||||
roles: Json<Vec<String>>,
|
roles: Json<Vec<String>>,
|
||||||
|
@ -43,7 +43,7 @@ impl User {
|
||||||
full_name: None,
|
full_name: None,
|
||||||
email: None,
|
email: None,
|
||||||
website: None,
|
website: None,
|
||||||
picture: None,
|
avatar_asset_id: None,
|
||||||
password_hash: None,
|
password_hash: None,
|
||||||
status: UserStatus::Disabled,
|
status: UserStatus::Disabled,
|
||||||
roles: Json(Vec::new()),
|
roles: Json(Vec::new()),
|
||||||
|
|
41
lib/kernel/src/models/user_asset.rs
Normal file
41
lib/kernel/src/models/user_asset.rs
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
use fully_pub::fully_pub;
|
||||||
|
use chrono::{DateTime, Utc};
|
||||||
|
use serde::{Deserialize, Serialize};
|
||||||
|
use uuid::Uuid;
|
||||||
|
use sha2::{Sha256, Digest};
|
||||||
|
|
||||||
|
use super::user::User;
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(sqlx::FromRow, Deserialize, Serialize, Debug)]
|
||||||
|
#[fully_pub]
|
||||||
|
struct UserAsset {
|
||||||
|
/// uuid
|
||||||
|
id: String,
|
||||||
|
user_id: String,
|
||||||
|
mime_type: String,
|
||||||
|
fingerprint: String,
|
||||||
|
name: Option<String>,
|
||||||
|
content: Vec<u8>,
|
||||||
|
created_at: DateTime<Utc>
|
||||||
|
}
|
||||||
|
|
||||||
|
impl UserAsset {
|
||||||
|
pub fn new(
|
||||||
|
user: &User,
|
||||||
|
content: Vec<u8>,
|
||||||
|
mime_type: String,
|
||||||
|
name: Option<String>
|
||||||
|
) -> UserAsset {
|
||||||
|
let digest = Sha256::digest(&content);
|
||||||
|
UserAsset {
|
||||||
|
id: Uuid::new_v4().to_string(),
|
||||||
|
user_id: user.id.clone(),
|
||||||
|
fingerprint: format!("{:x}", digest),
|
||||||
|
mime_type,
|
||||||
|
content,
|
||||||
|
name,
|
||||||
|
created_at: Utc::now()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,6 +1,6 @@
|
||||||
// user repositories
|
// user repositories
|
||||||
|
|
||||||
use crate::models::user::User;
|
use crate::models::{user::User, user_asset::UserAsset};
|
||||||
|
|
||||||
use super::storage::Storage;
|
use super::storage::Storage;
|
||||||
use anyhow::{Result, Context};
|
use anyhow::{Result, Context};
|
||||||
|
@ -19,3 +19,30 @@ pub async fn get_users(storage: &Storage) -> Result<Vec<User>> {
|
||||||
.await
|
.await
|
||||||
.context("To get users.")
|
.context("To get users.")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub async fn create_user_asset(storage: &Storage, asset: UserAsset) -> Result<()> {
|
||||||
|
sqlx::query("INSERT INTO user_assets
|
||||||
|
(id, user_id, mime_type, fingerprint, content, created_at)
|
||||||
|
VALUES ($1, $2, $3, $4, $5, $6)
|
||||||
|
")
|
||||||
|
.bind(&asset.id)
|
||||||
|
.bind(&asset.user_id)
|
||||||
|
.bind(&asset.mime_type)
|
||||||
|
.bind(&asset.fingerprint)
|
||||||
|
.bind(&asset.content)
|
||||||
|
.bind(&asset.created_at)
|
||||||
|
.execute(&storage.0)
|
||||||
|
.await
|
||||||
|
.context("While inserting user asset.")?;
|
||||||
|
// .bind(details_update.avatar.contents.to_vec())
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn get_user_asset_by_id(storage: &Storage, id: &str) -> Result<UserAsset> {
|
||||||
|
sqlx::query_as("SELECT * FROM user_assets WHERE id = $1")
|
||||||
|
.bind(id)
|
||||||
|
.fetch_one(&storage.0)
|
||||||
|
.await
|
||||||
|
.context("To get user asset by id.")
|
||||||
|
}
|
||||||
|
|
||||||
|
|
|
@ -5,8 +5,8 @@ CREATE TABLE users (
|
||||||
full_name TEXT,
|
full_name TEXT,
|
||||||
email TEXT UNIQUE,
|
email TEXT UNIQUE,
|
||||||
website TEXT,
|
website TEXT,
|
||||||
picture BLOB,
|
|
||||||
roles TEXT NOT NULL, -- json array of user roles
|
roles TEXT NOT NULL, -- json array of user roles
|
||||||
|
avatar_asset_id TEXT,
|
||||||
|
|
||||||
status TEXT CHECK(status IN ('Invited', 'Active', 'Disabled')) NOT NULL DEFAULT 'Disabled',
|
status TEXT CHECK(status IN ('Invited', 'Active', 'Disabled')) NOT NULL DEFAULT 'Disabled',
|
||||||
password_hash TEXT,
|
password_hash TEXT,
|
||||||
|
@ -15,6 +15,17 @@ CREATE TABLE users (
|
||||||
created_at DATETIME NOT NULL
|
created_at DATETIME NOT NULL
|
||||||
);
|
);
|
||||||
|
|
||||||
|
DROP TABLE IF EXISTS user_assets;
|
||||||
|
CREATE TABLE user_assets (
|
||||||
|
id TEXT PRIMARY KEY,
|
||||||
|
user_id TEXT NOT NULL,
|
||||||
|
mime_type TEXT NOT NULL,
|
||||||
|
fingerprint TEXT NOT NULL,
|
||||||
|
name TEXT, -- file name
|
||||||
|
content BLOB NOT NULL,
|
||||||
|
created_at DATETIME NOT NULL
|
||||||
|
);
|
||||||
|
|
||||||
DROP TABLE IF EXISTS authorizations;
|
DROP TABLE IF EXISTS authorizations;
|
||||||
CREATE TABLE authorizations (
|
CREATE TABLE authorizations (
|
||||||
id TEXT PRIMARY KEY,
|
id TEXT PRIMARY KEY,
|
||||||
|
|
Loading…
Reference in a new issue