chore: more progress

Signed-off-by: Henry Gressmann <mail@henrygressmann.de>

Author: explodingcamera

Cargo.lock

@@ -32,31 +32,44 @@ async-compression={version="0.4", default-features=false, features=["gzip", "tok
 tokio-tar={package="astral-tokio-tar", version="0.5"}
 sha3={version="0.10"}
 argon2={version="0.5", features=["rand"]}
+password-hash={version="0.5", features=["rand_core", "getrandom"]}
 zstd={version="0.13", default-features=false}
 uuid={version="1.19", features=["v4"]}
 
 # general
 argh={version="0.1", default-features=false, features=["help"]}
 anyhow={version="1.0"}
 rand={version="0.9", default-features=false, features=["std", "thread_rng"]}
-chrono={version="0.4", default-features=false, features=["std", "now"]}
+chrono={version="0.4", default-features=false, features=["std", "now", "serde"]}
 figment={version="0.10", features=["toml", "env"]}
 tracing={version="0.1", default-features=false, features=["std"]}
 tracing-subscriber={version="0.3", features=["env-filter"]}
 ahash="0.8"
 
 # web
 axum="0.8"
-axum-extra={version="0.12", default-features=false, features=["cookie"]}
+axum-extra={version="0.12", default-features=false, features=["cookie", "typed-header"]}
 http="1.4"
-tower={version="0.5", default-features=false, features=["limit"]}
+headers="0.4"
+tower={version="0.5", default-features=false}
 tower-http={version="0.6", default-features=false, features=[
     "cors",
     "compression-zstd",
     "set-header",
 ]}
-aide={version="0.15", default-features=false, features=["axum"]}
-schemars={version="1.2", features=["derive"]}
+tower_governor={version="0.8", default-features=false, features=["axum"]}
+aide={version="0.16.0-alpha.1", default-features=false, features=[
+    "axum",
+    "axum-json",
+    "axum-query",
+    "axum-matched-path",
+    "axum-tokio",
+    "axum-extra",
+    "axum-extra-cookie",
+    "axum-extra-headers",
+    "macros",
+]}
+schemars={version="1.2", features=["derive", "chrono04"]}
 
 ua-parser="0.2"
 rust-embed={version="8.9", features=["mime-guess"]}

Cargo.toml

@@ -195,7 +195,7 @@ fn get_file_meta(path: &PathBuf) -> Option<(u64, u64, u64, i64)> {
     #[cfg(unix)]
     {
         use std::os::unix::fs::MetadataExt;
-        return Some((md.dev(), md.ino(), md.size(), md.mtime()));
+        Some((md.dev(), md.ino(), md.size(), md.mtime()))
     }
 
     #[cfg(windows)]

src/app/core/geoip.rs

@@ -6,11 +6,12 @@ use crate::utils::duckdb::{ParamVec, repeat_vars};
 use anyhow::{Result, bail};
 use chrono::{DateTime, Utc};
 use duckdb::params_from_iter;
-use poem_openapi::{Enum, Object};
+use schemars::JsonSchema;
+use serde::{Deserialize, Serialize};
 
 pub use super::reports_cached::*;
 
-#[derive(Object, Debug, Clone, Hash, PartialEq, Eq)]
+#[derive(Serialize, Deserialize, JsonSchema, Debug, Clone, Hash, PartialEq, Eq)]
 pub struct DateRange {
     pub start: DateTime<Utc>,
     pub end: DateTime<Utc>,
@@ -37,7 +38,7 @@ impl Display for DateRange {
     }
 }
 
-#[derive(Debug, Enum, Clone, Copy, PartialEq, Eq, Hash)]
+#[derive(Debug, Serialize, Deserialize, JsonSchema, Clone, Copy, PartialEq, Eq, Hash)]
 #[serde(rename_all = "snake_case")]
 pub enum Metric {
     Views,
@@ -46,7 +47,7 @@ pub enum Metric {
     AvgTimeOnSite,
 }
 
-#[derive(Debug, Enum, Clone, Copy, Hash, Eq, PartialEq, PartialOrd, Ord)]
+#[derive(Debug, Serialize, Deserialize, JsonSchema, Clone, Copy, Hash, Eq, PartialEq, PartialOrd, Ord)]
 #[serde(rename_all = "snake_case")]
 pub enum Dimension {
     Url,
@@ -65,7 +66,7 @@ pub enum Dimension {
     UtmTerm,
 }
 
-#[derive(Enum, Debug, Clone, Copy, Hash, Eq, PartialEq, PartialOrd, Ord)]
+#[derive(Serialize, Deserialize, JsonSchema, Debug, Clone, Copy, Hash, Eq, PartialEq, PartialOrd, Ord)]
 #[serde(rename_all = "snake_case")]
 pub enum FilterType {
     // Generic filters
@@ -85,7 +86,7 @@ pub enum FilterType {
 pub type ReportGraph = Vec<f64>;
 pub type ReportTable = BTreeMap<String, f64>;
 
-#[derive(Object, Clone, Debug, Default)]
+#[derive(Serialize, Deserialize, JsonSchema, Clone, Debug, Default)]
 #[serde(rename_all = "camelCase")]
 pub struct ReportStats {
     pub total_views: u64,
@@ -94,7 +95,7 @@ pub struct ReportStats {
     pub avg_time_on_site: f64,
 }
 
-#[derive(Object, Debug, Clone, Hash, Eq, PartialEq, PartialOrd, Ord)]
+#[derive(Serialize, Deserialize, JsonSchema, Debug, Clone, Hash, Eq, PartialEq, PartialOrd, Ord)]
 #[serde(rename_all = "camelCase")]
 pub struct DimensionFilter {
     /// The dimension to filter by

src/app/core/reports.rs

@@ -4,12 +4,11 @@ use argon2::password_hash::{PasswordHasher, SaltString, rand_core};
 
 use anyhow::Result;
 use rand::RngCore;
-use rand::rngs::OsRng;
 use sha3::Digest;
 use std::net::IpAddr;
 
 pub fn hash_password(password: &str) -> Result<String> {
-    let salt = SaltString::generate(&mut OsRng);
+    let salt = SaltString::generate(&mut rand_core::OsRng);
     let hash = Argon2::default()
         .hash_password(password.as_bytes(), &salt)
         .map_err(|_| anyhow::anyhow!("Failed to hash password"))?;
@@ -23,7 +22,7 @@ pub fn verify_password(password: &str, hash: &str) -> Result<()> {
 }
 
 pub fn generate_salt() -> String {
-    SaltString::generate(&mut OsRng).to_string()
+    SaltString::generate(&mut rand_core::OsRng).to_string()
 }
 
 pub fn hash_ip(ip: &IpAddr, user_agent: &str, daily_salt: &str, entity_id: &str) -> String {

src/utils/hash.rs

@@ -13,10 +13,7 @@ impl SqliteConnectionManager {
     }
 
     pub fn memory() -> Self {
-        Self {
-            source: format!("file:{}?mode=memory&cache=shared", Uuid::new_v4().to_string()).into(),
-            flags: OpenFlags::default(),
-        }
+        Self { source: format!("file:{}?mode=memory&cache=shared", Uuid::new_v4()).into(), flags: OpenFlags::default() }
     }
 
     pub fn with_flags(self, flags: OpenFlags) -> Self {

src/utils/r2d2_sqlite.rs

@@ -7,10 +7,11 @@ use std::ops::Deref;
 use std::sync::{Arc, mpsc::Sender};
 
 use anyhow::{Context, Result};
+use axum::handler::{Handler, HandlerWithoutStateExt};
 use rust_embed::RustEmbed;
 
 use aide::{axum::ApiRouter, openapi};
-use http::{Method, header};
+use http::{HeaderValue, Method, header};
 use tower_http::{
     compression::CompressionLayer,
     cors::{Any, CorsLayer},
@@ -19,12 +20,12 @@ use tower_http::{
 
 use crate::app::{Liwan, models::Event};
 
-pub use session::SessionUser;
+pub use session::{MaybeExtract, SessionId, SessionUser};
 use webext::StaticFile;
 
 #[derive(RustEmbed, Clone)]
 #[folder = "./web/dist"]
-struct Files;
+struct _Files;
 
 #[derive(RustEmbed, Clone)]
 #[folder = "./tracker"]
@@ -45,18 +46,32 @@ impl Deref for RouterState {
 }
 
 pub async fn start_webserver(app: Arc<Liwan>, events: Sender<Event>) -> Result<()> {
+    let mut api = openapi::OpenApi {
+        info: openapi::Info { title: "Liwan API".to_string(), ..Default::default() },
+        ..openapi::OpenApi::default()
+    };
+
     let event_cors = CorsLayer::new().allow_methods([Method::POST]).allow_origin(Any).allow_credentials(false);
     let script_cors = CorsLayer::new().allow_methods([Method::GET]).allow_origin(Any).allow_credentials(false);
 
     let set_headers = tower::ServiceBuilder::new()
-        .layer(SetResponseHeaderLayer::if_not_present(header::X_FRAME_OPTIONS, "DENY"))
-        .layer(SetResponseHeaderLayer::if_not_present(header::X_CONTENT_TYPE_OPTIONS, "nosniff"))
-        .layer(SetResponseHeaderLayer::if_not_present(header::X_XSS_PROTECTION, "1; mode=block"))
+        .layer(SetResponseHeaderLayer::if_not_present(header::X_FRAME_OPTIONS, HeaderValue::from_static("DENY")))
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::X_CONTENT_TYPE_OPTIONS,
+            HeaderValue::from_static("nosniff"),
+        ))
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::X_XSS_PROTECTION,
+            HeaderValue::from_static("1; mode=block"),
+        ))
         .layer(SetResponseHeaderLayer::if_not_present(
             header::CONTENT_SECURITY_POLICY,
-            "default-src 'self' data: 'unsafe-inline'; img-src 'self' data: https://*",
+            HeaderValue::from_static("default-src 'self' data: 'unsafe-inline'; img-src 'self' data: https://*"),
         ))
-        .layer(SetResponseHeaderLayer::if_not_present(header::REFERRER_POLICY, "same-origin"));
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::REFERRER_POLICY,
+            HeaderValue::from_static("same-origin"),
+        ));
 
     let dashboard = ApiRouter::new()
         .merge(routes::admin::router())
@@ -66,10 +81,13 @@ pub async fn start_webserver(app: Arc<Liwan>, events: Sender<Event>) -> Result<(
     let router = ApiRouter::new()
         .nest("/api", routes::event::router().layer(event_cors))
         .nest("/api/dashboard", dashboard)
-        .route_service("/script.js", StaticFile::<Script>::new("script.min.js").layer(script_cors))
+        .route_service("/script.js", StaticFile::<Script>::new("script.min.js").layer(script_cors).into_service())
         .layer(CompressionLayer::new())
         .layer(set_headers)
-        .with_state(RouterState { app: app.clone(), events });
+        .with_state(RouterState { app: app.clone(), events })
+        .finish_api(&mut api);
+
+    // todo: serve files with webext::call
 
     match app.onboarding.token()? {
         Some(onboarding) => {
@@ -83,10 +101,7 @@ pub async fn start_webserver(app: Arc<Liwan>, events: Sender<Event>) -> Result<(
         }
     }
 
-    let mut api = openapi::OpenApi::default();
-    api.info = openapi::Info { description: Some("an example API".to_string()), ..openapi::Info::default() };
-
     let listener = tokio::net::TcpListener::bind(("0.0.0.0", app.config.port)).await.unwrap();
-    let server = router.finish_api(&mut api).into_make_service_with_connect_info::<SocketAddr>();
-    axum::serve(listener, server).await.context("server exited unexpectedly")
+    let service = router.into_make_service_with_connect_info::<SocketAddr>();
+    axum::serve(listener, service).await.context("server exited unexpectedly")
 }

src/web/mod.rs

@@ -11,7 +11,7 @@ use crate::{
     app::models::{Entity, Project, UserRole},
     utils::validate::can_access_project,
     web::{
-        RouterState, SessionUser,
+        MaybeExtract, RouterState, SessionUser,
         webext::{ApiResult, AxumErrExt, empty_response, http_bail},
     },
 };
@@ -164,10 +164,10 @@ async fn get_users(app: State<RouterState>, SessionUser(user): SessionUser) -> A
 }
 
 async fn update_user(
-    Path(username): Path<String>,
-    user: Json<UpdateUserRequest>,
     app: State<RouterState>,
+    Path(username): Path<String>,
     SessionUser(session_user): SessionUser,
+    user: Json<UpdateUserRequest>,
 ) -> ApiResult<impl IntoApiResponse> {
     if session_user.role != UserRole::Admin {
         http_bail!(StatusCode::FORBIDDEN, "Forbidden")
@@ -185,10 +185,10 @@ async fn update_user(
 }
 
 async fn update_user_password(
-    Path(username): Path<String>,
-    password: Json<UpdatePasswordRequest>,
     app: State<RouterState>,
+    Path(username): Path<String>,
     SessionUser(session_user): SessionUser,
+    password: Json<UpdatePasswordRequest>,
 ) -> ApiResult<impl IntoApiResponse> {
     if session_user.role != UserRole::Admin || username != session_user.username {
         http_bail!(StatusCode::FORBIDDEN, "Forbidden")
@@ -202,8 +202,8 @@ async fn update_user_password(
 }
 
 async fn remove_user(
-    Path(username): Path<String>,
     app: State<RouterState>,
+    Path(username): Path<String>,
     SessionUser(session_user): SessionUser,
 ) -> ApiResult<impl IntoApiResponse> {
     if session_user.role != UserRole::Admin {
@@ -220,9 +220,9 @@ async fn remove_user(
 }
 
 async fn create_user(
-    user: Json<CreateUserRequest>,
     app: State<RouterState>,
     SessionUser(session_user): SessionUser,
+    user: Json<CreateUserRequest>,
 ) -> ApiResult<impl IntoApiResponse> {
     if session_user.role != UserRole::Admin {
         http_bail!(StatusCode::FORBIDDEN, "Forbidden")
@@ -239,9 +239,9 @@ async fn create_user(
 
 async fn project_create_handler(
     app: State<RouterState>,
-    Json(project): Json<CreateProjectRequest>,
     Path(project_id): Path<String>,
     SessionUser(user): SessionUser,
+    Json(project): Json<CreateProjectRequest>,
 ) -> ApiResult<impl IntoApiResponse> {
     if user.role != UserRole::Admin {
         http_bail!(StatusCode::FORBIDDEN, "Forbidden")
@@ -264,9 +264,9 @@ async fn project_create_handler(
 
 async fn project_update_handler(
     app: State<RouterState>,
-    Json(req): Json<UpdateProjectRequest>,
     Path(project_id): Path<String>,
     SessionUser(user): SessionUser,
+    Json(req): Json<UpdateProjectRequest>,
 ) -> ApiResult<impl IntoApiResponse> {
     if user.role != UserRole::Admin {
         http_bail!(StatusCode::FORBIDDEN, "Forbidden")
@@ -292,7 +292,10 @@ async fn project_update_handler(
     Ok(empty_response())
 }
 
-async fn projects_handler(app: State<RouterState>, user: Option<SessionUser>) -> ApiResult<impl IntoApiResponse> {
+async fn projects_handler(
+    app: State<RouterState>,
+    MaybeExtract(user): MaybeExtract<SessionUser>,
+) -> ApiResult<impl IntoApiResponse> {
     let projects = app.projects.all().http_err("Failed to get projects", StatusCode::INTERNAL_SERVER_ERROR)?;
     let projects: Vec<Project> = projects.into_iter().filter(|p| can_access_project(p, user.as_ref())).collect();
 
@@ -316,9 +319,9 @@ async fn projects_handler(app: State<RouterState>, user: Option<SessionUser>) ->
 }
 
 async fn project_handler(
-    Path(project_id): Path<String>,
     app: State<RouterState>,
-    user: Option<SessionUser>,
+    MaybeExtract(user): MaybeExtract<SessionUser>,
+    Path(project_id): Path<String>,
 ) -> ApiResult<impl IntoApiResponse> {
     let project = app.projects.get(&project_id).http_status(StatusCode::NOT_FOUND)?;
     if !can_access_project(&project, user.as_ref()) {
@@ -342,8 +345,8 @@ async fn project_handler(
 }
 
 async fn project_delete_handler(
-    Path(project_id): Path<String>,
     app: State<RouterState>,
+    Path(project_id): Path<String>,
     SessionUser(user): SessionUser,
 ) -> ApiResult<impl IntoApiResponse> {
     let project = app.projects.get(&project_id).http_status(StatusCode::NOT_FOUND)?;
@@ -386,8 +389,8 @@ async fn entities_handler(app: State<RouterState>, SessionUser(user): SessionUse
 
 async fn entity_create_handler(
     app: State<RouterState>,
-    Json(entity): Json<CreateEntityRequest>,
     SessionUser(user): SessionUser,
+    Json(entity): Json<CreateEntityRequest>,
 ) -> ApiResult<Json<EntityResponse>> {
     if user.role != UserRole::Admin {
         http_bail!(StatusCode::FORBIDDEN, "Forbidden")
@@ -405,9 +408,9 @@ async fn entity_create_handler(
 
 async fn entity_update_handler(
     app: State<RouterState>,
-    Json(entity): Json<UpdateEntityRequest>,
     Path(entity_id): Path<String>,
     SessionUser(user): SessionUser,
+    Json(entity): Json<UpdateEntityRequest>,
 ) -> ApiResult<impl IntoApiResponse> {
     if user.role != UserRole::Admin {
         http_bail!(StatusCode::FORBIDDEN, "Forbidden")
@@ -429,8 +432,8 @@ async fn entity_update_handler(
 }
 
 async fn entity_delete_handler(
-    Path(entity_id): Path<String>,
     app: State<RouterState>,
+    Path(entity_id): Path<String>,
     SessionUser(user): SessionUser,
 ) -> ApiResult<impl IntoApiResponse> {
     if user.role != UserRole::Admin {