Arrelin/family_budget
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

пароль на семьи

Browse Source
This commit is contained in:
arrelin
2025-12-15 16:51:09 +03:00
parent 1e393c79b5
commit 27d8d8ff4c
12 changed files with 330 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
backend/src/lib.rs
View File

@@ -22,7 +22,7 @@ pub mod auth;
pub mod middleware;
pub use auth::AuthBackend;
pub use middleware::require_admin;
pub use middleware::{require_admin, require_family_access};
#[derive(OpenApi)]
#[openapi(
@@ -101,16 +101,16 @@ pub async fn create_app(db: DatabaseConnection) -> Result<Router, DbErr> {
let session_layer = SessionManagerLayer::new(session_store)
.with_secure(false)
.with_expiry(Expiry::OnInactivity(Duration::days(1)));
.with_expiry(Expiry::OnInactivity(Duration::days(7)));
let backend = auth::AuthBackend { db: db.clone() };
let auth_layer = AuthManagerLayerBuilder::new(backend, session_layer).build();
let auth_layer = AuthManagerLayerBuilder::new(backend, session_layer.clone()).build();
let admin_family_routes = Router::new()
.route("/families", post(routes::family::create_family))
.route("/families/:id", delete(routes::family::delete_family))
.layer(auth_layer.clone())
.route_layer(axum_middleware::from_fn(middleware::require_admin))
.layer(auth_layer.clone())
.with_state(db.clone());
let auth_routes = Router::new()
@@ -119,10 +119,7 @@ pub async fn create_app(db: DatabaseConnection) -> Result<Router, DbErr> {
.layer(auth_layer)
.with_state(db.clone());
let public_routes = Router::new()
.route("/families", get(routes::family::get_all_families))
.route("/families/:id", get(routes::family::get_family))
.route("/families/:id", put(routes::family::update_family))
let family_protected_routes = Router::new()
.route("/families/:family_id/categories", post(routes::category::create_category))
.route("/families/:family_id/categories", get(routes::category::get_categories_by_family))
.route("/families/:family_id/categories/:category_id", get(routes::category::get_category))
@@ -134,11 +131,22 @@ pub async fn create_app(db: DatabaseConnection) -> Result<Router, DbErr> {
.route("/families/:family_id/categories/:category_id/expenses/:expense_id", put(routes::expense::update_expense))
.route("/families/:family_id/categories/:category_id/expenses/:expense_id", delete(routes::expense::delete_expense))
.route("/families/:family_id/categories/:category_id/remaining", get(routes::expense::get_remaining_limit))
.route_layer(axum_middleware::from_fn(middleware::require_family_access))
.layer(session_layer.clone())
.with_state(db.clone());
let public_routes = Router::new()
.route("/families", get(routes::family::get_all_families))
.route("/families/:id", get(routes::family::get_family))
.route("/families/:id", put(routes::family::update_family))
.route("/families/:id/verify", post(routes::family::verify_family_password))
.layer(session_layer)
.with_state(db);
let api_routes = Router::new()
.merge(admin_family_routes)
.merge(auth_routes)
.merge(family_protected_routes)
.merge(public_routes);
let swagger_ui = SwaggerUi::new("/swagger-ui")
@@ -148,6 +156,8 @@ pub async fn create_app(db: DatabaseConnection) -> Result<Router, DbErr> {
.allow_origin([
"http://localhost:3000".parse::<HeaderValue>().unwrap(),
"http://localhost:5173".parse::<HeaderValue>().unwrap(),
"http://localhost:5174".parse::<HeaderValue>().unwrap(),
"http://localhost:5175".parse::<HeaderValue>().unwrap(),
"http://localhost:8080".parse::<HeaderValue>().unwrap(),
])
.allow_methods([Method::GET, Method::POST, Method::PUT, Method::DELETE, Method::OPTIONS])

36
backend/src/middleware.rs
View File

@@ -5,6 +5,7 @@ use axum::{
response::Response,
};
use axum_login::AuthSession;
use tower_sessions::Session;
use crate::auth::AuthBackend;
@@ -21,3 +22,38 @@ pub async fn require_admin(
Ok(next.run(request).await)
}
pub async fn require_family_access(
session: Session,
request: Request,
next: Next,
) -> Result<Response, StatusCode> {
let path = request.uri().path();
let family_id = extract_family_id_from_path(path)
.ok_or(StatusCode::BAD_REQUEST)?;
let authorized_families: Vec<i32> = session
.get("authorized_families")
.await
.unwrap_or(None)
.unwrap_or_default();
if !authorized_families.contains(&family_id) {
return Err(StatusCode::FORBIDDEN);
}
Ok(next.run(request).await)
}
fn extract_family_id_from_path(path: &str) -> Option<i32> {
let segments: Vec<&str> = path.split('/').collect();
if let Some(families_idx) = segments.iter().position(|&s| s == "families") {
if families_idx + 1 < segments.len() {
return segments[families_idx + 1].parse::<i32>().ok();
}
}
None
}

40
backend/src/migration/m20241215_000001_add_family_password.rs Normal file
View File

@@ -0,0 +1,40 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.alter_table(
Table::alter()
.table(Family::Table)
.add_column(
ColumnDef::new(Family::PasswordHash)
.string()
.not_null()
.default("")
)
.to_owned(),
)
.await
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.alter_table(
Table::alter()
.table(Family::Table)
.drop_column(Family::PasswordHash)
.to_owned(),
)
.await
}
}
#[derive(DeriveIden)]
enum Family {
Table,
PasswordHash,
}

2
backend/src/migration/mod.rs
View File

@@ -3,6 +3,7 @@ pub use sea_orm_migration::prelude::*;
mod m20241209_000001_create_tables;
mod m20241209_000002_create_users;
mod m20241209_000003_seed_admin;
mod m20241215_000001_add_family_password;
pub struct Migrator;
@@ -13,6 +14,7 @@ impl MigratorTrait for Migrator {
Box::new(m20241209_000001_create_tables::Migration),
Box::new(m20241209_000002_create_users::Migration),
Box::new(m20241209_000003_seed_admin::Migration),
Box::new(m20241215_000001_add_family_password::Migration),
]
}
}

2
backend/src/models/family.rs
View File

@@ -8,6 +8,8 @@ pub struct Model {
#[sea_orm(primary_key)]
pub id: i32,
pub name: String,
#[serde(skip_serializing)]
pub password_hash: String,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]

65
backend/src/routes/family.rs
View File

@@ -4,16 +4,30 @@ use axum::{
Json,
};
use sea_orm::DatabaseConnection;
use serde::Deserialize;
use serde::{Deserialize, Serialize};
use utoipa::ToSchema;
use tower_sessions::Session;
use crate::models::family::Model as FamilyModel;
use crate::services::FamilyService;
#[derive(Debug, Deserialize, ToSchema)]
#[schema(example = json!({"name": "Smith Family"}))]
#[schema(example = json!({"name": "Smith Family", "password": "secret123"}))]
pub struct CreateFamilyRequest {
pub name: String,
pub password: String,
}
#[derive(Debug, Deserialize, ToSchema)]
#[schema(example = json!({"password": "secret123"}))]
pub struct VerifyFamilyPasswordRequest {
pub password: String,
}
#[derive(Debug, Serialize, ToSchema)]
#[schema(example = json!({"valid": true}))]
pub struct VerifyFamilyPasswordResponse {
pub valid: bool,
}
#[derive(Debug, Deserialize, ToSchema)]
@@ -36,7 +50,7 @@ pub async fn create_family(
State(db): State<DatabaseConnection>,
Json(payload): Json<CreateFamilyRequest>,
) -> Result<Json<FamilyModel>, StatusCode> {
FamilyService::create(&db, payload.name)
FamilyService::create(&db, payload.name, payload.password)
.await
.map(Json)
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)
@@ -129,3 +143,48 @@ pub async fn delete_family(
.map(|_| StatusCode::NO_CONTENT)
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)
}
#[utoipa::path(
post,
path = "/families/{id}/verify",
tag = "families",
params(
("id" = i32, Path, description = "Family ID")
),
request_body = VerifyFamilyPasswordRequest,
responses(
(status = 200, description = "Password verified", body = VerifyFamilyPasswordResponse),
(status = 401, description = "Invalid password"),
(status = 500, description = "Internal server error")
)
)]
pub async fn verify_family_password(
State(db): State<DatabaseConnection>,
Path(id): Path<i32>,
session: Session,
Json(payload): Json<VerifyFamilyPasswordRequest>,
) -> Result<Json<VerifyFamilyPasswordResponse>, StatusCode> {
let valid = FamilyService::verify_password(&db, id, payload.password)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
if valid {
let mut authorized_families: Vec<i32> = session
.get("authorized_families")
.await
.unwrap_or(None)
.unwrap_or_default();
if !authorized_families.contains(&id) {
authorized_families.push(id);
session
.insert("authorized_families", authorized_families)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
}
Ok(Json(VerifyFamilyPasswordResponse { valid: true }))
} else {
Err(StatusCode::UNAUTHORIZED)
}
}

28
backend/src/services/family_service.rs
View File

@@ -1,18 +1,44 @@
use sea_orm::*;
use argon2::{
password_hash::{rand_core::OsRng, PasswordHasher, SaltString, PasswordVerifier, PasswordHash},
Argon2,
};
use crate::models::family::{self, Entity as Family, Model as FamilyModel};
pub struct FamilyService;
impl FamilyService {
pub async fn create(db: &DatabaseConnection, name: String) -> Result<FamilyModel, DbErr> {
pub async fn create(db: &DatabaseConnection, name: String, password: String) -> Result<FamilyModel, DbErr> {
let salt = SaltString::generate(&mut OsRng);
let argon2 = Argon2::default();
let password_hash = argon2
.hash_password(password.as_bytes(), &salt)
.map_err(|_| DbErr::Custom("Failed to hash password".to_string()))?
.to_string();
let family = family::ActiveModel {
name: Set(name),
password_hash: Set(password_hash),
..Default::default()
};
family.insert(db).await
}
pub async fn verify_password(db: &DatabaseConnection, id: i32, password: String) -> Result<bool, DbErr> {
let family = Family::find_by_id(id)
.one(db)
.await?
.ok_or(DbErr::RecordNotFound("Family not found".to_string()))?;
let parsed_hash = PasswordHash::new(&family.password_hash)
.map_err(|_| DbErr::Custom("Invalid password hash".to_string()))?;
Ok(Argon2::default()
.verify_password(password.as_bytes(), &parsed_hash)
.is_ok())
}
pub async fn find_by_id(db: &DatabaseConnection, id: i32) -> Result<Option<FamilyModel>, DbErr> {
Family::find_by_id(id).one(db).await
}