Only pass in HashSet.

Author: LawnGnome

src/auth.rs

@@ -1,4 +1,5 @@
-use crate::config::Server;
+use std::collections::HashSet;
+
 use crate::controllers;
 use crate::controllers::util::RequestPartsExt;
 use crate::middleware::log_request::RequestLogExt;
@@ -74,16 +75,16 @@ impl AuthCheck {
     pub fn check<T: RequestPartsExt>(
         &self,
         request: &T,
-        config: &Server,
+        gh_admin_user_ids: &HashSet<i32>,
         conn: &mut PgConnection,
     ) -> AppResult<Authentication> {
-        self.check_authentication(authenticate(request, conn)?, config)
+        self.check_authentication(authenticate(request, conn)?, gh_admin_user_ids)
     }
 
     fn check_authentication(
         &self,
         auth: Authentication,
-        config: &Server,
+        gh_admin_user_ids: &HashSet<i32>,
     ) -> AppResult<Authentication> {
         if let Some(token) = auth.api_token() {
             if !self.allow_token {
@@ -103,7 +104,7 @@ impl AuthCheck {
             }
         }
 
-        if self.require_admin && !config.gh_admin_user_ids.contains(&auth.user().gh_id) {
+        if self.require_admin && !gh_admin_user_ids.contains(&auth.user().gh_id) {
             let error_message = "User is unauthorized";
             return Err(internal(error_message).chain(forbidden()));
         }
@@ -374,15 +375,12 @@ mod tests {
     #[test]
     fn require_admin() {
         let auth_check = AuthCheck::default().require_admin();
-        let config = Server {
-            gh_admin_user_ids: [42, 43].into_iter().collect(),
-            ..Default::default()
-        };
+        let gh_admin_user_ids = [42, 43].into_iter().collect();
 
-        assert_ok!(auth_check.check_authentication(mock_cookie(42), &config));
-        assert_err!(auth_check.check_authentication(mock_cookie(44), &config));
-        assert_ok!(auth_check.check_authentication(mock_token(43), &config));
-        assert_err!(auth_check.check_authentication(mock_token(45), &config));
+        assert_ok!(auth_check.check_authentication(mock_cookie(42), &gh_admin_user_ids));
+        assert_err!(auth_check.check_authentication(mock_cookie(44), &gh_admin_user_ids));
+        assert_ok!(auth_check.check_authentication(mock_token(43), &gh_admin_user_ids));
+        assert_err!(auth_check.check_authentication(mock_token(45), &gh_admin_user_ids));
     }
 
     fn mock_user(gh_id: i32) -> User {

src/controllers/crate_owner_invitation.rs

@@ -19,7 +19,7 @@ use std::collections::{HashMap, HashSet};
 pub async fn list(app: AppState, req: Parts) -> AppResult<Json<Value>> {
     conduit_compat(move || {
         let conn = &mut app.db_read()?;
-        let auth = AuthCheck::only_cookie().check(&req, &app.config, conn)?;
+        let auth = AuthCheck::only_cookie().check(&req, &app.config.gh_admin_user_ids, conn)?;
         let user_id = auth.user_id();
 
         let PrivateListResponse {
@@ -59,7 +59,7 @@ pub async fn list(app: AppState, req: Parts) -> AppResult<Json<Value>> {
 pub async fn private_list(app: AppState, req: Parts) -> AppResult<Json<PrivateListResponse>> {
     conduit_compat(move || {
         let conn = &mut app.db_read()?;
-        let auth = AuthCheck::only_cookie().check(&req, &app.config, conn)?;
+        let auth = AuthCheck::only_cookie().check(&req, &app.config.gh_admin_user_ids, conn)?;
 
         let filter = if let Some(crate_name) = req.query().get("crate_name") {
             ListFilter::CrateName(crate_name.clone())
@@ -267,7 +267,7 @@ pub async fn handle_invite(state: AppState, req: BytesRequest) -> AppResult<Json
 
         let conn = &mut state.db_write()?;
 
-        let auth = AuthCheck::default().check(&req, &state.config, conn)?;
+        let auth = AuthCheck::default().check(&req, &state.config.gh_admin_user_ids, conn)?;
         let user_id = auth.user_id();
 
         let config = &state.config;

src/controllers/krate/follow.rs

@@ -21,7 +21,7 @@ pub async fn follow(
     conduit_compat(move || {
         let conn = &mut *app.db_write()?;
         let user_id = AuthCheck::default()
-            .check(&req, &app.config, conn)?
+            .check(&req, &app.config.gh_admin_user_ids, conn)?
             .user_id();
         let follow = follow_target(&crate_name, conn, user_id)?;
         diesel::insert_into(follows::table)
@@ -43,7 +43,7 @@ pub async fn unfollow(
     conduit_compat(move || {
         let conn = &mut *app.db_write()?;
         let user_id = AuthCheck::default()
-            .check(&req, &app.config, conn)?
+            .check(&req, &app.config.gh_admin_user_ids, conn)?
             .user_id();
         let follow = follow_target(&crate_name, conn, user_id)?;
         diesel::delete(&follow).execute(conn)?;
@@ -64,7 +64,7 @@ pub async fn following(
 
         let conn = &mut *app.db_read_prefer_primary()?;
         let user_id = AuthCheck::only_cookie()
-            .check(&req, &app.config, conn)?
+            .check(&req, &app.config.gh_admin_user_ids, conn)?
             .user_id();
         let follow = follow_target(&crate_name, conn, user_id)?;
         let following =

src/controllers/krate/owners.rs

@@ -106,7 +106,7 @@ fn modify_owners(
     let auth = AuthCheck::default()
         .with_endpoint_scope(EndpointScope::ChangeOwners)
         .for_crate(crate_name)
-        .check(req, &app.config, conn)?;
+        .check(req, &app.config.gh_admin_user_ids, conn)?;
 
     let user = auth.user();
 

src/controllers/krate/publish.rs

@@ -94,7 +94,7 @@ pub async fn publish(app: AppState, req: BytesRequest) -> AppResult<Json<GoodCra
         let auth = AuthCheck::default()
             .with_endpoint_scope(endpoint_scope)
             .for_crate(&new_crate.name)
-            .check(&req, &app.config, conn)?;
+            .check(&req, &app.config.gh_admin_user_ids, conn)?;
 
         let api_token_id = auth.api_token_id();
         let user = auth.user();

src/controllers/krate/search.rs

@@ -191,7 +191,7 @@ pub async fn search(app: AppState, req: Parts) -> AppResult<Json<Value>> {
             supports_seek = false;
 
             let user_id = AuthCheck::default()
-                .check(&req, &app.config, conn)?
+                .check(&req, &app.config.gh_admin_user_ids, conn)?
                 .user_id();
 
             query = query.filter(

src/controllers/token.rs

@@ -13,7 +13,7 @@ use serde_json as json;
 pub async fn list(app: AppState, req: Parts) -> AppResult<Json<Value>> {
     conduit_compat(move || {
         let conn = &mut *app.db_read_prefer_primary()?;
-        let auth = AuthCheck::only_cookie().check(&req, &app.config, conn)?;
+        let auth = AuthCheck::only_cookie().check(&req, &app.config.gh_admin_user_ids, conn)?;
         let user = auth.user();
 
         let tokens: Vec<ApiToken> = ApiToken::belonging_to(user)
@@ -53,7 +53,7 @@ pub async fn new(app: AppState, req: BytesRequest) -> AppResult<Json<Value>> {
 
         let conn = &mut *app.db_write()?;
 
-        let auth = AuthCheck::default().check(&req, &app.config, conn)?;
+        let auth = AuthCheck::default().check(&req, &app.config.gh_admin_user_ids, conn)?;
         if auth.api_token_id().is_some() {
             return Err(bad_request(
                 "cannot use an API token to create a new API token",
@@ -107,7 +107,7 @@ pub async fn new(app: AppState, req: BytesRequest) -> AppResult<Json<Value>> {
 pub async fn revoke(app: AppState, Path(id): Path<i32>, req: Parts) -> AppResult<Json<Value>> {
     conduit_compat(move || {
         let conn = &mut *app.db_write()?;
-        let auth = AuthCheck::default().check(&req, &app.config, conn)?;
+        let auth = AuthCheck::default().check(&req, &app.config.gh_admin_user_ids, conn)?;
         let user = auth.user();
         diesel::update(ApiToken::belonging_to(user).find(id))
             .set(api_tokens::revoked.eq(true))
@@ -122,7 +122,7 @@ pub async fn revoke(app: AppState, Path(id): Path<i32>, req: Parts) -> AppResult
 pub async fn revoke_current(app: AppState, req: Parts) -> AppResult<Response> {
     conduit_compat(move || {
         let conn = &mut *app.db_write()?;
-        let auth = AuthCheck::default().check(&req, &app.config, conn)?;
+        let auth = AuthCheck::default().check(&req, &app.config.gh_admin_user_ids, conn)?;
         let api_token_id = auth
             .api_token_id()
             .ok_or_else(|| bad_request("token not provided"))?;

src/controllers/user/me.rs

@@ -17,7 +17,7 @@ pub async fn me(app: AppState, req: Parts) -> AppResult<Json<EncodableMe>> {
     conduit_compat(move || {
         let conn = &mut *app.db_read_prefer_primary()?;
         let user_id = AuthCheck::only_cookie()
-            .check(&req, &app.config, conn)?
+            .check(&req, &app.config.gh_admin_user_ids, conn)?
             .user_id();
 
         let (user, verified, email, verification_sent): (User, Option<bool>, Option<String>, bool) =
@@ -60,7 +60,7 @@ pub async fn me(app: AppState, req: Parts) -> AppResult<Json<EncodableMe>> {
 pub async fn updates(app: AppState, req: Parts) -> AppResult<Json<Value>> {
     conduit_compat(move || {
         let conn = &mut app.db_read_prefer_primary()?;
-        let auth = AuthCheck::only_cookie().check(&req, &app.config, conn)?;
+        let auth = AuthCheck::only_cookie().check(&req, &app.config.gh_admin_user_ids, conn)?;
         let user = auth.user();
 
         let followed_crates = Follow::belonging_to(user).select(follows::crate_id);
@@ -111,7 +111,7 @@ pub async fn update_user(
         let state = app.clone();
         let conn = &mut state.db_write()?;
 
-        let auth = AuthCheck::default().check(&req, &app.config, conn)?;
+        let auth = AuthCheck::default().check(&req, &app.config.gh_admin_user_ids, conn)?;
         let user = auth.user();
 
         // need to check if current user matches user to be updated
@@ -204,7 +204,7 @@ pub async fn regenerate_token_and_send(
 
         let conn = &mut state.db_write()?;
 
-        let auth = AuthCheck::default().check(&req, &state.config, conn)?;
+        let auth = AuthCheck::default().check(&req, &state.config.gh_admin_user_ids, conn)?;
         let user = auth.user();
 
         // need to check if current user matches user to be updated
@@ -249,7 +249,7 @@ pub async fn update_email_notifications(app: AppState, req: BytesRequest) -> App
 
         let conn = &mut *app.db_write()?;
         let user_id = AuthCheck::default()
-            .check(&req, &app.config, conn)?
+            .check(&req, &app.config.gh_admin_user_ids, conn)?
             .user_id();
 
         // Build inserts from existing crates belonging to the current user

src/controllers/version/yank.rs

@@ -56,7 +56,7 @@ fn modify_yank(
     let auth = AuthCheck::default()
         .with_endpoint_scope(EndpointScope::Yank)
         .for_crate(crate_name)
-        .check(req, &state.config, conn)?;
+        .check(req, &state.config.gh_admin_user_ids, conn)?;
 
     let (version, krate) = version_and_crate(conn, crate_name, version)?;
     let api_token_id = auth.api_token_id();