fix: conductor: load bearer auth token

.woodpecker.yml

@@ -10,6 +10,7 @@ pipeline:
       - rustup component add clippy
         # rewrite conducotr configuration
       - sed -i 's%url = "http:\/\/localhost:5000"%url = "http:\/\/librepages-conductor:5000"%' config/default.toml
+      - sed -i 's%url = "http:\/\/localhost:6000"%url = "http:\/\/librepages-forms:6000"%' config/default.toml
       - make dev-env
       - make migrate
       - make lint
@@ -84,7 +85,7 @@ services:
       - LPFORMS_DASH_API_KEY="longrandomlygeneratedpassword"
       - LPFORMS_DATABASE_POOL=2
       - PORT=6000
-      - DATABASE_URL=postgres://postgres:password@forms-postgres:5433/postgres \
+      - DATABASE_URL=postgres://postgres:password@forms-postgres:5432/postgres
 
   librepages-conductor:
     image: realaravinth/librepages-conductor
@@ -99,6 +100,5 @@ services:
       - LPCONDUCTOR_SERVER_PROXY_HAS_TLS=false
       - LPCONDUCTOR_SERVER_PORT=7000
       - LPCONDUCTOR_SOURCE_CODE=https://example.org
-      - LPCONDUCTOR_CREDS_USERNAME="librepages_api"
-      - LPCONDUCTOR_CREDS_PASSWORD="longrandomlygeneratedpassword"
+      - LPCONDUCTOR_CREDS_TOKEN="longrandomlygeneratedpassword"
       - PORT=5000

Cargo.lock

@@ -1418,6 +1418,15 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "libforms"
+version = "0.1.0"
+source = "git+https://git.batsense.net/librepages/forms/#7e50f9be0db184b1b9c551912137ad63106d64ce"
+dependencies = [
+ "serde",
+ "serde_json",
+]
+
 [[package]]
 name = "libgit2-sys"
 version = "0.13.4+1.4.2"
@@ -1454,6 +1463,7 @@ dependencies = [
  "lazy_static",
  "libconductor",
  "libconfig",
+ "libforms",
  "mime",
  "mime_guess",
  "mktemp",

Cargo.toml

@@ -23,6 +23,7 @@ sqlx = { version = "0.6.2", features = ["runtime-actix-rustls", "postgres", "tim
 clap = { version = "3.2.20", features = ["derive"]}
 libconfig = { version = "0.1.0", git = "https://git.batsense.net/librepages/libconfig" }
 libconductor = { version = "0.1.0", git = "https://git.batsense.net/librepages/conductor/" }
+libforms = { version = "0.1.0", git = "https://git.batsense.net/librepages/forms/" }
 
 config = "0.13"
 git2 = "0.14.2"

config/default.toml

@@ -4,7 +4,7 @@ allow_registration = true
 source_code = "https://git.batsense.net/LibrePages/pages"
 support_email = "support@librepages.example.org"
 conductors = [
-{ username = "librepages_api", api_key = "longrandomlygeneratedpassword", url = "http://localhost:5000"}
+{ api_key = "longrandomlygeneratedpassword", url = "http://localhost:5000"}
 ]
 
 [server]
@@ -38,3 +38,7 @@ password = "password"
 name = "postgres"
 pool = 4
 database_type="postgres" # "postgres"
+
+[form]
+api_key = "longrandomlygeneratedpassword"
+url = "http://localhost:6000"

scripts/conductor.sh

@@ -15,8 +15,7 @@ docker create --name $NAME -p 5000:5000 \
 	-e LPCONDUCTOR_SERVER_PROXY_HAS_TLS="false" \
 	-e LPCONDUCTOR_SERVER_PORT=7000 \
 	-e LPCONDUCTOR_SOURCE_CODE="https://example.org" \
-    -e LPCONDUCTOR_CREDS_USERNAME=$LPCONDUCTOR_CREDS_USERNAME \
-	-e LPCONDUCTOR_CREDS_PASSWORD=$LPCONDUCTOR_CREDS_PASSWORD \
+	-e LPCONDUCTOR_CREDS_TOKEN=$LPCONDUCTOR_CREDS_PASSWORD \
     -e PORT="5000"\
 	realaravinth/librepages-conductor conductor serve
 

src/api/v1/forms.rs

@@ -0,0 +1,175 @@
+/*
+ * Copyright (C) 2022  Aravinth Manivannan <realaravinth@batsense.net>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+use actix_identity::Identity;
+use actix_web::{web, HttpResponse, Responder};
+use libforms::Table;
+use serde::{Deserialize, Serialize};
+
+use super::get_auth_middleware;
+use crate::{errors::*, AppCtx};
+
+pub mod routes {
+
+    pub struct Forms {
+        pub list_submissions: &'static str,
+        pub delete_submission: &'static str,
+    }
+
+    impl Forms {
+        pub const fn new() -> Self {
+            Self {
+                list_submissions: "/api/v1/forms/list",
+                delete_submission: "/api/v1/forms/delete/{id}",
+            }
+        }
+
+        pub fn get_list(&self, page: usize) -> String {
+            format!("{}?page={}", self.list_submissions, page)
+        }
+
+        pub fn get_delete(&self, id: usize, host: &str, path: &str) -> String {
+            let del = self.delete_submission.replace("{id}", &id.to_string());
+            format!("{}?host={}&path={}", del, host, path)
+        }
+    }
+}
+
+#[derive(Serialize, Deserialize, Clone, Debug, Default)]
+pub struct Page {
+    page: usize,
+}
+
+#[actix_web_codegen_const_routes::post(
+    path = "crate::V1_API_ROUTES.forms.list_submissions",
+    wrap = "get_auth_middleware()"
+)]
+#[tracing::instrument(name = "List form submission" skip(id, ctx, payload))]
+async fn list_submission(
+    ctx: AppCtx,
+    id: Identity,
+    page: web::Query<Page>,
+    payload: web::Json<Table>,
+) -> ServiceResult<impl Responder> {
+    let owner = id.identity().unwrap();
+    let resp = ctx
+        .get_all_form_submission(&owner, page.page, &payload)
+        .await?;
+    Ok(HttpResponse::Ok().json(resp))
+}
+
+#[actix_web_codegen_const_routes::post(
+    path = "crate::V1_API_ROUTES.forms.delete_submission",
+    wrap = "get_auth_middleware()"
+)]
+#[tracing::instrument(name = "Delete form submission" skip(id, ctx))]
+async fn delete_form_submission(
+    ctx: AppCtx,
+    id: Identity,
+    sub_id: web::Path<usize>,
+    payload: web::Json<Table>,
+) -> ServiceResult<impl Responder> {
+    let owner = id.identity().unwrap();
+    ctx.delete_form_submission(&owner, *sub_id, &payload)
+        .await?;
+    Ok(HttpResponse::Ok())
+}
+
+pub fn services(cfg: &mut web::ServiceConfig) {
+    cfg.service(list_submission);
+    cfg.service(delete_form_submission);
+}
+
+#[cfg(test)]
+mod tests {
+    use actix_web::{http::StatusCode, test};
+
+    use crate::tests;
+    use crate::*;
+
+    use libforms::*;
+
+    #[actix_rt::test]
+    async fn test_api_forms() {
+        const NAME: &str = "testapiformuser";
+        const PASSWORD: &str = "longpasswordasdfa2";
+        const EMAIL: &str = "testapiformuser@a.com";
+
+        let (_dir, ctx) = tests::get_ctx().await;
+        let _ = ctx.delete_user(NAME, PASSWORD).await;
+        let (_, signin_resp) = ctx.register_and_signin(NAME, EMAIL, PASSWORD).await;
+        let page = ctx.add_test_site(NAME.into()).await;
+        let cookies = get_cookie!(signin_resp);
+        let app = get_app!(ctx).await;
+
+        let site_info = Table {
+            host: page.domain.clone(),
+            path: format!("/foo/{NAME}"),
+        };
+
+        if let Ok(subs) = ctx.get_all_form_submission(NAME, 0, &site_info).await {
+            for s in subs.iter() {
+                let _ = ctx.delete_form_submission(NAME, s.id, &site_info).await;
+            }
+        }
+        ctx.add_form_submission(NAME, &site_info, &serde_json::to_value(&site_info).unwrap())
+            .await
+            .unwrap();
+
+        // list subs using REST API
+        let list_form_submissions = test::call_service(
+            &app,
+            post_request!(&site_info, &V1_API_ROUTES.forms.get_list(0))
+                .cookie(cookies.clone())
+                .to_request(),
+        )
+        .await;
+        assert_eq!(list_form_submissions.status(), StatusCode::OK);
+        let subs: Vec<FormSubmissionResp> = test::read_body_json(list_form_submissions).await;
+        assert_eq!(subs.len(), 1);
+        assert_eq!(
+            subs[0].value,
+            Some(serde_json::to_value(&site_info).unwrap())
+        );
+
+        // delete form submission
+        let delete_form_submission_resp = test::call_service(
+            &app,
+            post_request!(
+                &site_info,
+                &V1_API_ROUTES
+                    .forms
+                    .get_delete(subs[0].id, &site_info.host, &site_info.path)
+            )
+            .cookie(cookies.clone())
+            .to_request(),
+        )
+        .await;
+        assert_eq!(delete_form_submission_resp.status(), StatusCode::OK);
+
+        // list subs using REST API post deletion. Len = 0
+        let list_form_submissions = test::call_service(
+            &app,
+            post_request!(&site_info, &V1_API_ROUTES.forms.get_list(0))
+                .cookie(cookies.clone())
+                .to_request(),
+        )
+        .await;
+        assert_eq!(list_form_submissions.status(), StatusCode::OK);
+        let subs: Vec<FormSubmissionResp> = test::read_body_json(list_form_submissions).await;
+        assert!(subs.is_empty());
+    }
+}

src/api/v1/mod.rs

@@ -21,6 +21,7 @@ use serde::Deserialize;
 pub mod account;
 pub mod auth;
 pub mod forgejo;
+pub mod forms;
 pub mod meta;
 pub mod pages;
 pub mod routes;
@@ -32,6 +33,7 @@ pub fn services(cfg: &mut ServiceConfig) {
     account::services(cfg);
     meta::services(cfg);
     forgejo::services(cfg);
+    forms::services(cfg);
     pages::services(cfg);
 }
 

src/api/v1/routes.rs

@@ -20,6 +20,7 @@ use actix_auth_middleware::GetLoginRoute;
 use crate::serve::routes::Serve;
 
 use super::forgejo::routes::Forgejo;
+use super::forms::routes::Forms;
 use super::meta::routes::Meta;
 use super::pages::routes::Deploy;
 
@@ -94,6 +95,7 @@ pub struct Routes {
     /// Meta routes
     pub meta: Meta,
     pub forgejo: Forgejo,
+    pub forms: Forms,
     pub deploy: Deploy,
     pub serve: Serve,
 }
@@ -106,6 +108,7 @@ impl Routes {
             account: Account::new(),
             meta: Meta::new(),
             forgejo: Forgejo::new(),
+            forms: Forms::new(),
             deploy: Deploy::new(),
             serve: Serve::new(),
         }

src/conductor.rs

@@ -45,7 +45,7 @@ impl Conductor {
             event_url.set_path("/api/v1/events/new");
             self.client
                 .post(event_url)
-                .basic_auth(&c.username, Some(&c.api_key))
+                .bearer_auth(&c.api_key)
                 .json(e)
                 .send()
                 .await

src/ctx/api/v1/forms.rs

@@ -0,0 +1,144 @@
+/*
+ * Copyright (C) 2022  Aravinth Manivannan <realaravinth@batsense.net>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+//! Account management utility datastructures and methods
+use libforms::*;
+
+pub use super::auth;
+use crate::ctx::Ctx;
+use crate::errors::*;
+
+impl Ctx {
+    /// Delete form submission
+    pub async fn delete_form_submission(
+        &self,
+        owner: &str,
+        sub_id: usize,
+        payload: &Table,
+    ) -> ServiceResult<()> {
+        let _site = self.db.get_site(owner, &payload.host).await?;
+        let mut form_url = self.settings.form.url.clone();
+        form_url.set_path(&format!("/api/v1/forms/delete/{sub_id}"));
+        self.client
+            .post(form_url)
+            .bearer_auth(&self.settings.form.api_key)
+            .json(payload)
+            .send()
+            .await
+            .unwrap();
+        Ok(())
+    }
+
+    /// Delete form submission
+    pub async fn get_all_form_submission(
+        &self,
+        owner: &str,
+        page: usize,
+        payload: &Table,
+    ) -> ServiceResult<Vec<FormSubmissionResp>> {
+        let _site = self.db.get_site(owner, &payload.host).await?;
+        let mut form_url = self.settings.form.url.clone();
+        form_url.set_path("/api/v1/forms/list");
+        form_url.set_query(Some(&format!("page={}", page)));
+
+        let res = self
+            .client
+            .post(form_url)
+            .bearer_auth(&self.settings.form.api_key)
+            .json(payload)
+            .send()
+            .await
+            .unwrap()
+            .json()
+            .await
+            .unwrap();
+        Ok(res)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use crate::tests;
+
+    use super::*;
+
+    impl Ctx {
+        /// Delete form submission
+        pub async fn add_form_submission(
+            &self,
+            owner: &str,
+            site_info: &Table,
+            payload: &serde_json::Value,
+        ) -> ServiceResult<()> {
+            let _site = self.db.get_site(owner, &site_info.host).await?;
+            let mut form_url = self.settings.form.url.clone();
+            form_url.set_path("/api/v1/forms/submit");
+            form_url.set_query(Some(&format!(
+                "host={}&path={}",
+                site_info.host, site_info.path
+            )));
+            self.client
+                .post(form_url)
+                .json(payload)
+                .send()
+                .await
+                .unwrap();
+            Ok(())
+        }
+    }
+
+    #[actix_rt::test]
+    async fn test_ctx_forms_work() {
+        const NAME: &str = "testctxformswork";
+        const PASSWORD: &str = "longpasswordasdfa2";
+        const EMAIL: &str = "testctxformswork@a.com";
+
+        let (_dir, ctx) = tests::get_ctx().await;
+        let _ = ctx.delete_user(NAME, PASSWORD).await;
+        let (_, _signin_resp) = ctx.register_and_signin(NAME, EMAIL, PASSWORD).await;
+        let page = ctx.add_test_site(NAME.into()).await;
+        let site_info = Table {
+            host: page.domain.clone(),
+            path: format!("/foo/{NAME}"),
+        };
+
+        if let Ok(subs) = ctx.get_all_form_submission(NAME, 0, &site_info).await {
+            for s in subs.iter() {
+                let _ = ctx.delete_form_submission(NAME, s.id, &site_info).await;
+            }
+        }
+        ctx.add_form_submission(NAME, &site_info, &serde_json::to_value(&site_info).unwrap())
+            .await
+            .unwrap();
+        let subs = ctx
+            .get_all_form_submission(NAME, 0, &site_info)
+            .await
+            .unwrap();
+        assert_eq!(subs.len(), 1);
+        assert_eq!(
+            subs[0].value,
+            Some(serde_json::to_value(&site_info).unwrap())
+        );
+        ctx.delete_form_submission(NAME, subs[0].id, &site_info)
+            .await
+            .unwrap();
+        let subs = ctx
+            .get_all_form_submission(NAME, 0, &site_info)
+            .await
+            .unwrap();
+        assert!(subs.is_empty());
+    }
+}

src/ctx/api/v1/mod.rs

@@ -17,6 +17,7 @@
 pub mod account;
 pub mod auth;
 pub mod forgejo;
+pub mod forms;
 pub mod pages;
 
 #[cfg(test)]

src/settings.rs

@@ -83,11 +83,17 @@ pub struct Settings {
     pub database: Database,
     pub page: PageConfig,
     pub conductors: Vec<Conductor>,
+    pub form: Forms,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct Conductor {
-    pub username: String,
+    pub api_key: String,
+    pub url: Url,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct Forms {
     pub api_key: String,
     pub url: Url,
 }