Allow Clubs and Socs to have accounts again #49
2 changed files with 18 additions and 65 deletions
18
flake.nix
18
flake.nix
|
@ -54,12 +54,13 @@
|
||||||
SSH_ROOT = "skynet_old";
|
SSH_ROOT = "skynet_old";
|
||||||
|
|
||||||
# special categories of users
|
# special categories of users
|
||||||
USERS_ADMIN = lib.strings.concatStringsSep "," cfg.users.admin;
|
USERS_ADMIN = lib.strings.concatStringsSep "," cfg.users.admin;
|
||||||
USERS_COMMITTEE = lib.strings.concatStringsSep "," cfg.users.committee;
|
USERS_COMMITTEE = lib.strings.concatStringsSep "," cfg.users.committee;
|
||||||
USERS_TRAINEE = lib.strings.concatStringsSep "," cfg.users.trainee;
|
USERS_TRAINEE = lib.strings.concatStringsSep "," cfg.users.trainee;
|
||||||
USERS_LIFETIME = lib.strings.concatStringsSep "," cfg.users.lifetime;
|
USERS_LIFETIME = lib.strings.concatStringsSep "," cfg.users.lifetime;
|
||||||
USERS_BANNED = lib.strings.concatStringsSep "," cfg.users.banned;
|
USERS_BANNED = lib.strings.concatStringsSep "," cfg.users.banned;
|
||||||
USERS_RESTRICTED = lib.strings.concatStringsSep "," cfg.users.restricted;
|
USERS_RESTRICTED = lib.strings.concatStringsSep "," cfg.users.restricted;
|
||||||
|
USERS_CLUBS_SOCIETIES = lib.strings.concatStringsSep "," cfg.users.clubs_societies;
|
||||||
};
|
};
|
||||||
|
|
||||||
service_name = script: lib.strings.sanitizeDerivationName("${cfg.user}@${script}");
|
service_name = script: lib.strings.sanitizeDerivationName("${cfg.user}@${script}");
|
||||||
|
@ -162,6 +163,11 @@
|
||||||
default = [];
|
default = [];
|
||||||
description = "array of restricted user accounts";
|
description = "array of restricted user accounts";
|
||||||
};
|
};
|
||||||
|
clubs_societies = mkOption rec {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [];
|
||||||
|
description = "array of accounts for Clubs and Societies";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
host_port = mkOption rec {
|
host_port = mkOption rec {
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
use skynet_ldap_backend::{db_init, get_config, get_now_iso, get_wolves, update_group, Accounts, Config};
|
use skynet_ldap_backend::{db_init, get_config, update_group, Accounts, Config};
|
||||||
use sqlx::{Pool, Sqlite};
|
use sqlx::{Pool, Sqlite};
|
||||||
use std::{collections::HashSet, env, error::Error};
|
use std::{collections::HashSet, env};
|
||||||
|
|
||||||
#[async_std::main]
|
#[async_std::main]
|
||||||
async fn main() -> tide::Result<()> {
|
async fn main() -> tide::Result<()> {
|
||||||
|
@ -26,9 +26,10 @@ async fn update(config: &Config) -> tide::Result<()> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// pull from wolves csv
|
if let Ok(x) = env::var("USERS_CLUBS_SOCIETIES") {
|
||||||
for user in from_csv(&db).await.unwrap_or_default() {
|
for user in x.split(',').collect::<Vec<&str>>() {
|
||||||
users_tmp.insert(user);
|
users_tmp.insert(user.to_string());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
get_from_env(&mut users_tmp, &mut admins_tmp, "USERS_ADMIN");
|
get_from_env(&mut users_tmp, &mut admins_tmp, "USERS_ADMIN");
|
||||||
|
@ -67,60 +68,6 @@ fn get_from_env(users: &mut HashSet<String>, other: &mut HashSet<String>, key: &
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn from_csv(db: &Pool<Sqlite>) -> Result<HashSet<String>, Box<dyn Error>> {
|
|
||||||
let mut uids = HashSet::new();
|
|
||||||
|
|
||||||
for record in get_wolves(db).await {
|
|
||||||
// only import users if it is actually active.
|
|
||||||
if record.expiry < get_now_iso(true) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
if let Some(uid) = account_mail_get_uid(db, &record.email).await {
|
|
||||||
uids.insert(uid);
|
|
||||||
} else if let Some(id_student) = record.id_student {
|
|
||||||
if let Some(uid) = account_id_get_uid(db, &id_student).await {
|
|
||||||
uids.insert(uid);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(uids)
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn account_mail_get_uid(db: &Pool<Sqlite>, mail: &str) -> Option<String> {
|
|
||||||
match sqlx::query_as::<_, Accounts>(
|
|
||||||
r#"
|
|
||||||
SELECT *
|
|
||||||
FROM accounts
|
|
||||||
WHERE mail == ?
|
|
||||||
"#,
|
|
||||||
)
|
|
||||||
.bind(mail)
|
|
||||||
.fetch_one(db)
|
|
||||||
.await
|
|
||||||
{
|
|
||||||
Ok(res) => Some(res.user.to_owned()),
|
|
||||||
Err(_) => None,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn account_id_get_uid(db: &Pool<Sqlite>, id: &str) -> Option<String> {
|
|
||||||
match sqlx::query_as::<_, Accounts>(
|
|
||||||
r#"
|
|
||||||
SELECT *
|
|
||||||
FROM accounts
|
|
||||||
WHERE student_id == ?
|
|
||||||
"#,
|
|
||||||
)
|
|
||||||
.bind(id)
|
|
||||||
.fetch_one(db)
|
|
||||||
.await
|
|
||||||
{
|
|
||||||
Ok(res) => Some(res.student_id.to_owned()),
|
|
||||||
Err(_) => None,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
struct AccountsSecure {
|
struct AccountsSecure {
|
||||||
users: Vec<String>,
|
users: Vec<String>,
|
||||||
admins: Vec<String>,
|
admins: Vec<String>,
|
||||||
|
|
Loading…
Reference in a new issue