1berry/modrinth-code
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: 1berry:3e6a05cd045e1661b52b83d0c65533b57c5a0c3f
Branches Tags
1berry:main
1berry:alex/ci-workflow-revamp
1berry:josiah/secured-file-hosting
1berry:cal/dev-64-allow-switching-between-different-billing-intervals
1berry:fix/reports-list-segmented
1berry:shared-instances
1berry:cal/dev-46-servers-scheduling-frontend
1berry:alex/random-projects-route-speed-up
1berry:new-loaders-handling
1berry:fix-random-route
1berry:alex/fix-instance-hooks
1berry:alex/surveys
1berry:alex/environment-loader-field
1berry:alex/fix-app-non-utf8-mc-launch-and-import
1berry:cal/dev-19
1berry:deduplicate-components
1berry:cal/feat-servers-upload-progress
1berry:prod
1berry:fetch/include-region-in-subscription-metadata
1berry:add-charity-payouts
1berry:alex/tentative-billing-period-update-fix
1berry:improve-insufficient_funds-error
1berry:alex/labrinth-quarterly-billing-support
1berry:alex/minor-labrinth-refactors
1berry:fix-email_description
1berry:fix-failed-payment-resub
1berry:fail-outstanding-payouts
1berry:auto-cancel-old-servers
1berry:dead-servers-code
1berry:more-labrinth-db-improvements
1berry:skins-frontend
1berry:alex/skin-selector-backend
1berry:alex/auth-profile-extensions
1berry:labrinth-version-updates
1berry:smaller-fixes
1berry:labrinth-env-example
1berry:0.9.4-fixes
1berry:chore/posthog-ingestion
1berry:app-users-orgs-and-more
1berry:launcher-logs-stdout
1berry:cache-alias-fix
1berry:blog-migration
1berry:app-skin-manager
1berry:servers-admin-billing-link
1berry:self-hosted-runner
1berry:ntex
1berry:shared-instance
1berry:issue-template-fixes
1berry:plus-theme
1berry:shared-profiles-backend
1berry:home-refresh
1berry:v0.9.5
1berry:v0.9.4
1berry:v0.9.3
1berry:v0.9.2
1berry:v0.9.1
1berry:v0.9.0
1berry:v0.8.8
1berry:v0.8.9
1berry:v0.8.7
1berry:pre-monorepo
1berry:v0.7.1
1berry:v0.7.0
1berry:v0.6.3
1berry:v0.6.2
1berry:v0.6.1
1berry:v0.6.0
1berry:v0.5.4
1berry:v0.5.2
1berry:v0.5.1
1berry:v0.4.0
...
compare: 1berry:e8cb2abec085d7fdac871e9e62e1f8926c9ed4ca
Branches Tags
1berry:alex/ci-workflow-revamp
1berry:josiah/secured-file-hosting
1berry:main
1berry:cal/dev-64-allow-switching-between-different-billing-intervals
1berry:fix/reports-list-segmented
1berry:shared-instances
1berry:cal/dev-46-servers-scheduling-frontend
1berry:alex/random-projects-route-speed-up
1berry:new-loaders-handling
1berry:fix-random-route
1berry:alex/fix-instance-hooks
1berry:alex/surveys
1berry:alex/environment-loader-field
1berry:alex/fix-app-non-utf8-mc-launch-and-import
1berry:cal/dev-19
1berry:deduplicate-components
1berry:cal/feat-servers-upload-progress
1berry:prod
1berry:fetch/include-region-in-subscription-metadata
1berry:add-charity-payouts
1berry:alex/tentative-billing-period-update-fix
1berry:improve-insufficient_funds-error
1berry:alex/labrinth-quarterly-billing-support
1berry:alex/minor-labrinth-refactors
1berry:fix-email_description
1berry:fix-failed-payment-resub
1berry:fail-outstanding-payouts
1berry:auto-cancel-old-servers
1berry:dead-servers-code
1berry:more-labrinth-db-improvements
1berry:skins-frontend
1berry:alex/skin-selector-backend
1berry:alex/auth-profile-extensions
1berry:labrinth-version-updates
1berry:smaller-fixes
1berry:labrinth-env-example
1berry:0.9.4-fixes
1berry:chore/posthog-ingestion
1berry:app-users-orgs-and-more
1berry:launcher-logs-stdout
1berry:cache-alias-fix
1berry:blog-migration
1berry:app-skin-manager
1berry:servers-admin-billing-link
1berry:self-hosted-runner
1berry:ntex
1berry:shared-instance
1berry:issue-template-fixes
1berry:plus-theme
1berry:shared-profiles-backend
1berry:home-refresh
1berry:v0.9.5
1berry:v0.9.4
1berry:v0.9.3
1berry:v0.9.2
1berry:v0.9.1
1berry:v0.9.0
1berry:v0.8.8
1berry:v0.8.9
1berry:v0.8.7
1berry:pre-monorepo
1berry:v0.7.1
1berry:v0.7.0
1berry:v0.6.3
1berry:v0.6.2
1berry:v0.6.1
1berry:v0.6.0
1berry:v0.5.4
1berry:v0.5.2
1berry:v0.5.1
1berry:v0.4.0

4 Commits
3e6a05cd04 ... e8cb2abec0

Author SHA1 Message Date
Josiah Glosson
e8cb2abec0 Use private bucket for shared instance versions 2025-06-12 15:44:11 -05:00
Josiah Glosson
26364f65d6 Remove url field from shared instance routes 2025-06-12 12:59:08 -05:00
Josiah Glosson
b76d0fdcc3 Remove url field from shared instance routes 2025-06-12 12:58:39 -05:00
Josiah Glosson
9e1f613aae Add (untested) get_url_for_private_file 2025-06-12 12:42:17 -05:00
8 changed files with 123 additions and 75 deletions
Show Stats Expand all files Collapse all files

8
apps/labrinth/src/auth/oauth/errors.rs
View File

@ -9,7 +9,7 @@ use ariadne::ids::DecodingError;
#[error("{}", .error_type)]
pub struct OAuthError {
#[source]
pub error_type: OAuthErrorType,
pub error_type: Box<OAuthErrorType>,
pub state: Option<String>,
pub valid_redirect_uri: Option<ValidatedRedirectUri>,
@ -32,7 +32,7 @@ impl OAuthError {
/// See: IETF RFC 6749 4.1.2.1 (https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1)
pub fn error(error_type: impl Into<OAuthErrorType>) -> Self {
Self {
error_type: error_type.into(),
error_type: Box::new(error_type.into()),
valid_redirect_uri: None,
state: None,
}
@ -48,7 +48,7 @@ impl OAuthError {
valid_redirect_uri: &ValidatedRedirectUri,
) -> Self {
Self {
error_type: err.into(),
error_type: Box::new(err.into()),
state: state.clone(),
valid_redirect_uri: Some(valid_redirect_uri.clone()),
}
@ -57,7 +57,7 @@ impl OAuthError {
impl actix_web::ResponseError for OAuthError {
fn status_code(&self) -> StatusCode {
match self.error_type {
match *self.error_type {
OAuthErrorType::AuthenticationError(_)
| OAuthErrorType::FailedScopeParse(_)
| OAuthErrorType::ScopesTooBroad

2
apps/labrinth/src/auth/oauth/uris.rs
View File

@ -101,7 +101,7 @@ mod tests {
);
assert!(validated.is_err_and(|e| matches!(
e.error_type,
*e.error_type,
OAuthErrorType::RedirectUriNotConfigured(_)
)));
}

9
apps/labrinth/src/file_hosting/mock.rs
View File

@ -47,6 +47,15 @@ impl FileHost for MockHost {
})
}
async fn get_url_for_private_file(
&self,
file_name: &str,
_expiry_secs: u32,
) -> Result<String, FileHostingError> {
let cdn_url = dotenvy::var("CDN_URL").unwrap();
Ok(format!("{cdn_url}/private/{file_name}"))
}
async fn delete_file(
&self,
file_name: &str,

10
apps/labrinth/src/file_hosting/mod.rs
View File

@ -10,8 +10,8 @@ pub use s3_host::S3Host;
#[derive(Error, Debug)]
pub enum FileHostingError {
#[error("S3 error: {0}")]
S3Error(String),
#[error("S3 error when {0}: {1}")]
S3Error(&'static str, s3::error::S3Error),
#[error("File system error in file hosting: {0}")]
FileSystemError(#[from] std::io::Error),
#[error("Invalid Filename")]
@ -51,6 +51,12 @@ pub trait FileHost {
file_bytes: Bytes,
) -> Result<UploadFileData, FileHostingError>;
async fn get_url_for_private_file(
&self,
file_name: &str,
expiry_secs: u32,
) -> Result<String, FileHostingError>;
async fn delete_file(
&self,
file_name: &str,

39
apps/labrinth/src/file_hosting/s3_host.rs
View File

@ -46,16 +46,12 @@ impl S3Host {
None,
None,
)
.map_err(|_| {
FileHostingError::S3Error(
"Error while creating credentials".to_string(),
)
.map_err(|e| {
FileHostingError::S3Error("creating credentials", e.into())
})?,
)
.map_err(|_| {
FileHostingError::S3Error(
"Error while creating Bucket instance".to_string(),
)
.map_err(|e| {
FileHostingError::S3Error("creating Bucket instance", e)
})?;
if bucket_uses_path_style {
@ -100,11 +96,7 @@ impl FileHost for S3Host {
content_type,
)
.await
.map_err(|err| {
FileHostingError::S3Error(format!(
"Error while uploading file {file_name} to S3: {err}"
))
})?;
.map_err(|e| FileHostingError::S3Error("uploading file", e))?;
Ok(UploadFileData {
file_name: file_name.to_string(),
@ -118,6 +110,21 @@ impl FileHost for S3Host {
})
}
async fn get_url_for_private_file(
&self,
file_name: &str,
expiry_secs: u32,
) -> Result<String, FileHostingError> {
let url = self
.private_bucket
.presign_get(format!("/{file_name}"), expiry_secs, None)
.await
.map_err(|e| {
FileHostingError::S3Error("generating presigned URL", e)
})?;
Ok(url)
}
async fn delete_file(
&self,
file_name: &str,
@ -126,11 +133,7 @@ impl FileHost for S3Host {
self.get_bucket(file_publicity)
.delete_object(format!("/{file_name}"))
.await
.map_err(|err| {
FileHostingError::S3Error(format!(
"Error while deleting file {file_name} to S3: {err}"
))
})?;
.map_err(|e| FileHostingError::S3Error("deleting file", e))?;
Ok(DeleteFileData {
file_name: file_name.to_string(),

22
apps/labrinth/src/models/v3/shared_instances.rs
View File

@ -25,15 +25,13 @@ impl SharedInstance {
instance: DBSharedInstance,
users: Option<Vec<DBSharedInstanceUser>>,
current_version: Option<DBSharedInstanceVersion>,
cdn_url: &str,
) -> Self {
SharedInstance {
id: instance.id.into(),
title: instance.title,
owner: instance.owner_id.into(),
public: instance.public,
current_version: current_version
.map(|x| SharedInstanceVersion::from_db(x, cdn_url)),
current_version: current_version.map(Into::into),
additional_users: users
.map(|x| x.into_iter().map(Into::into).collect()),
}
@ -46,23 +44,19 @@ pub struct SharedInstanceVersion {
pub shared_instance: SharedInstanceId,
pub size: u64,
pub sha512: String,
pub url: String,
pub created: DateTime<Utc>,
}
impl SharedInstanceVersion {
pub fn from_db(version: DBSharedInstanceVersion, cdn_url: &str) -> Self {
let version_id = version.id.into();
let shared_instance_id = version.shared_instance_id.into();
impl From<DBSharedInstanceVersion> for SharedInstanceVersion {
fn from(value: DBSharedInstanceVersion) -> Self {
let version_id = value.id.into();
let shared_instance_id = value.shared_instance_id.into();
SharedInstanceVersion {
id: version_id,
shared_instance: shared_instance_id,
size: version.size,
sha512: version.sha512.encode_hex(),
created: version.created,
url: format!(
"{cdn_url}/shared_instance/{shared_instance_id}/{version_id}.mrpack"
),
size: value.size,
sha512: value.sha512.encode_hex(),
created: value.created,
}
}
}

13
apps/labrinth/src/routes/v3/shared_instance_version_creation.rs
View File

@ -45,7 +45,7 @@ pub async fn shared_instance_version_create(
web::Header(ContentLength(content_length)): web::Header<ContentLength>,
redis: Data<RedisPool>,
file_host: Data<Arc<dyn FileHost + Send + Sync>>,
info: web::Path<(crate::models::ids::SharedInstanceId,)>,
info: web::Path<(SharedInstanceId,)>,
session_queue: Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
if content_length > MAX_FILE_SIZE {
@ -103,8 +103,6 @@ async fn shared_instance_version_create_inner(
transaction: &mut Transaction<'_, Postgres>,
uploaded_files: &mut Vec<UploadedFile>,
) -> Result<HttpResponse, ApiError> {
let cdn_url = dotenvy::var("CDN_URL")?;
let user = get_user_from_headers(
&req,
pool,
@ -160,8 +158,7 @@ async fn shared_instance_version_create_inner(
let file_data = file_data.freeze();
let file_path = format!(
"shared_instance/{}/{}.mrpack",
SharedInstanceId::from(instance_id),
"shared_instance/{}.mrpack",
SharedInstanceVersionId::from(version_id),
);
@ -169,7 +166,7 @@ async fn shared_instance_version_create_inner(
.upload_file(
MRPACK_MIME_TYPE,
&file_path,
FileHostPublicity::Public, // TODO
FileHostPublicity::Private,
file_data,
)
.await?;
@ -198,6 +195,6 @@ async fn shared_instance_version_create_inner(
.execute(&mut **transaction)
.await?;
Ok(HttpResponse::Created()
.json(SharedInstanceVersion::from_db(new_version, &cdn_url)))
let version: SharedInstanceVersion = new_version.into();
Ok(HttpResponse::Created().json(version))
}

95
apps/labrinth/src/routes/v3/shared_instances.rs
View File

@ -7,6 +7,7 @@ use crate::database::models::{
DBSharedInstanceId, DBSharedInstanceVersionId, generate_shared_instance_id,
};
use crate::database::redis::RedisPool;
use crate::file_hosting::FileHost;
use crate::models::ids::{SharedInstanceId, SharedInstanceVersionId};
use crate::models::pats::Scopes;
use crate::models::shared_instances::{
@ -16,11 +17,12 @@ use crate::models::users::User;
use crate::queue::session::AuthQueue;
use crate::routes::ApiError;
use crate::util::routes::read_typed_from_payload;
use actix_web::web::Data;
use actix_web::web::{Data, Redirect};
use actix_web::{HttpRequest, HttpResponse, web};
use futures_util::future::try_join_all;
use serde::Deserialize;
use sqlx::PgPool;
use std::sync::Arc;
use validator::Validate;
pub fn config(cfg: &mut web::ServiceConfig) {
@ -36,7 +38,11 @@ pub fn config(cfg: &mut web::ServiceConfig) {
cfg.service(
web::scope("shared-instance-version")
.route("{id}", web::get().to(shared_instance_version_get))
.route("{id}", web::delete().to(shared_instance_version_delete)),
.route("{id}", web::delete().to(shared_instance_version_delete))
.route(
"{id}/download",
web::get().to(shared_instance_version_download),
),
);
}
@ -102,8 +108,6 @@ pub async fn shared_instance_list(
redis: Data<RedisPool>,
session_queue: Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let cdn_url = dotenvy::var("CDN_URL")?;
let user = get_user_from_headers(
&req,
&**pool,
@ -137,7 +141,6 @@ pub async fn shared_instance_list(
.await?,
),
version,
&cdn_url,
))
},
))
@ -185,12 +188,10 @@ pub async fn shared_instance_get(
} else {
None
};
let cdn_url = dotenvy::var("CDN_URL")?;
let shared_instance = SharedInstance::from_db(
shared_instance,
privately_accessible.then_some(users),
current_version,
&cdn_url,
);
Ok(HttpResponse::Ok().json(shared_instance))
@ -362,7 +363,6 @@ pub async fn shared_instance_version_list(
info: web::Path<(SharedInstanceId,)>,
session_queue: Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let cdn_url = dotenvy::var("CDN_URL")?;
let id = info.into_inner().0.into();
let user = get_maybe_user_from_headers(
@ -393,8 +393,8 @@ pub async fn shared_instance_version_list(
DBSharedInstanceVersion::get_for_instance(id, &**pool).await?;
let versions = versions
.into_iter()
.map(|version| SharedInstanceVersion::from_db(version, &cdn_url))
.collect::<Vec<_>>();
.map(Into::into)
.collect::<Vec<SharedInstanceVersion>>();
Ok(HttpResponse::Ok().json(versions))
} else {
@ -409,7 +409,6 @@ pub async fn shared_instance_version_get(
info: web::Path<(SharedInstanceVersionId,)>,
session_queue: Data<AuthQueue>,
) -> Result<HttpResponse, ApiError> {
let cdn_url = dotenvy::var("CDN_URL")?;
let version_id = info.into_inner().0.into();
let user = get_maybe_user_from_headers(
@ -422,31 +421,21 @@ pub async fn shared_instance_version_get(
.await?
.map(|(_, user)| user);
let shared_instance_version =
DBSharedInstanceVersion::get(version_id, &**pool).await?;
let version = DBSharedInstanceVersion::get(version_id, &**pool).await?;
if let Some(shared_instance_version) = shared_instance_version {
let shared_instance = DBSharedInstance::get(
shared_instance_version.shared_instance_id,
&**pool,
)
.await?;
if let Some(shared_instance) = shared_instance {
if let Some(version) = version {
let instance =
DBSharedInstance::get(version.shared_instance_id, &**pool).await?;
if let Some(instance) = instance {
if !can_access_instance_as_maybe_user(
&pool,
&redis,
&shared_instance,
user,
&pool, &redis, &instance, user,
)
.await?
{
return Err(ApiError::NotFound);
}
let version = SharedInstanceVersion::from_db(
shared_instance_version,
&cdn_url,
);
let version: SharedInstanceVersion = version.into();
Ok(HttpResponse::Ok().json(version))
} else {
Err(ApiError::NotFound)
@ -571,3 +560,53 @@ async fn delete_instance_version(
transaction.commit().await?;
Ok(())
}
pub async fn shared_instance_version_download(
req: HttpRequest,
pool: Data<PgPool>,
redis: Data<RedisPool>,
file_host: Data<Arc<dyn FileHost + Send + Sync>>,
info: web::Path<(SharedInstanceVersionId,)>,
session_queue: Data<AuthQueue>,
) -> Result<Redirect, ApiError> {
let version_id = info.into_inner().0.into();
let user = get_maybe_user_from_headers(
&req,
&**pool,
&redis,
&session_queue,
Scopes::SHARED_INSTANCE_VERSION_READ,
)
.await?
.map(|(_, user)| user);
let version = DBSharedInstanceVersion::get(version_id, &**pool).await?;
if let Some(version) = version {
let instance =
DBSharedInstance::get(version.shared_instance_id, &**pool).await?;
if let Some(instance) = instance {
if !can_access_instance_as_maybe_user(
&pool, &redis, &instance, user,
)
.await?
{
return Err(ApiError::NotFound);
}
let file_name = format!(
"shared_instance/{}.mrpack",
SharedInstanceVersionId::from(version_id)
);
let url =
file_host.get_url_for_private_file(&file_name, 60).await?;
Ok(Redirect::to(url).see_other())
} else {
Err(ApiError::NotFound)
}
} else {
Err(ApiError::NotFound)
}
}