Projects/muscl
12
4
Fork 0
Code Issues 75 Pull Requests Actions Packages Releases Activity

core/protocol: use thiserror, use common authorization error struct

Browse Source
This commit is contained in:
Oystein Kristoffer Tveit
2025-12-15 14:25:22 +09:00
parent 1991e7bfd8
commit bf6027f507
23 changed files with 367 additions and 317 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/server/authorization.rs
View File

@@ -1,5 +1,9 @@
use crate::{
core::{common::UnixUser, protocol::CheckAuthorizationError, types::DbOrUser},
core::{
common::UnixUser,
protocol::{CheckAuthorizationError, request_validation::AuthorizationError},
types::DbOrUser,
},
server::input_sanitization::{validate_name, validate_ownership_by_unix_user},
};
@@ -10,19 +14,19 @@ pub async fn check_authorization(
let mut results = std::collections::BTreeMap::new();
for db_or_user in dbs_or_users {
if let Err(err) = validate_name(db_or_user.name()) {
results.insert(
db_or_user.clone(),
Err(CheckAuthorizationError::SanitizationError(err)),
);
if let Err(err) = validate_name(db_or_user.name())
.map_err(AuthorizationError::SanitizationError)
.map_err(CheckAuthorizationError)
{
results.insert(db_or_user.clone(), Err(err));
continue;
}
if let Err(err) = validate_ownership_by_unix_user(db_or_user.name(), unix_user) {
results.insert(
db_or_user.clone(),
Err(CheckAuthorizationError::OwnershipError(err)),
);
if let Err(err) = validate_ownership_by_unix_user(db_or_user.name(), unix_user)
.map_err(AuthorizationError::OwnershipError)
.map_err(CheckAuthorizationError)
{
results.insert(db_or_user.clone(), Err(err));
continue;
}

61
src/server/sql/database_operations.rs
View File

@@ -6,6 +6,7 @@ use sqlx::prelude::*;
use serde::{Deserialize, Serialize};
use crate::core::protocol::CompleteDatabaseNameResponse;
use crate::core::protocol::request_validation::AuthorizationError;
use crate::core::types::MySQLDatabase;
use crate::core::types::MySQLUser;
use crate::{
@@ -94,19 +95,19 @@ pub async fn create_databases(
let mut results = BTreeMap::new();
for database_name in database_names {
if let Err(err) = validate_name(&database_name) {
results.insert(
database_name.to_owned(),
Err(CreateDatabaseError::SanitizationError(err)),
);
if let Err(err) = validate_name(&database_name)
.map_err(AuthorizationError::SanitizationError)
.map_err(CreateDatabaseError::AuthorizationError)
{
results.insert(database_name.to_owned(), Err(err));
continue;
}
if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user) {
results.insert(
database_name.to_owned(),
Err(CreateDatabaseError::OwnershipError(err)),
);
if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user)
.map_err(AuthorizationError::OwnershipError)
.map_err(CreateDatabaseError::AuthorizationError)
{
results.insert(database_name.to_owned(), Err(err));
continue;
}
@@ -154,19 +155,19 @@ pub async fn drop_databases(
let mut results = BTreeMap::new();
for database_name in database_names {
if let Err(err) = validate_name(&database_name) {
results.insert(
database_name.to_owned(),
Err(DropDatabaseError::SanitizationError(err)),
);
if let Err(err) = validate_name(&database_name)
.map_err(AuthorizationError::SanitizationError)
.map_err(DropDatabaseError::AuthorizationError)
{
results.insert(database_name.to_owned(), Err(err));
continue;
}
if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user) {
results.insert(
database_name.to_owned(),
Err(DropDatabaseError::OwnershipError(err)),
);
if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user)
.map_err(AuthorizationError::OwnershipError)
.map_err(DropDatabaseError::AuthorizationError)
{
results.insert(database_name.to_owned(), Err(err));
continue;
}
@@ -257,19 +258,19 @@ pub async fn list_databases(
let mut results = BTreeMap::new();
for database_name in database_names {
if let Err(err) = validate_name(&database_name) {
results.insert(
database_name.to_owned(),
Err(ListDatabasesError::SanitizationError(err)),
);
if let Err(err) = validate_name(&database_name)
.map_err(AuthorizationError::SanitizationError)
.map_err(ListDatabasesError::AuthorizationError)
{
results.insert(database_name.to_owned(), Err(err));
continue;
}
if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user) {
results.insert(
database_name.to_owned(),
Err(ListDatabasesError::OwnershipError(err)),
);
if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user)
.map_err(AuthorizationError::OwnershipError)
.map_err(ListDatabasesError::AuthorizationError)
{
results.insert(database_name.to_owned(), Err(err));
continue;
}

66
src/server/sql/database_privilege_operations.rs
View File

@@ -31,14 +31,14 @@ use crate::{
DiffDoesNotApplyError, GetAllDatabasesPrivilegeDataError,
GetDatabasesPrivilegeDataError, ListAllPrivilegesResponse, ListPrivilegesResponse,
ModifyDatabasePrivilegesError, ModifyPrivilegesResponse,
request_validation::AuthorizationError,
},
types::{MySQLDatabase, MySQLUser},
},
server::{
common::{create_user_group_matching_regex, try_get_with_binary_fallback},
input_sanitization::{quote_identifier, validate_name, validate_ownership_by_unix_user},
sql::database_operations::unsafe_database_exists,
sql::user_operations::unsafe_user_exists,
sql::{database_operations::unsafe_database_exists, user_operations::unsafe_user_exists},
},
};
@@ -145,19 +145,19 @@ pub async fn get_databases_privilege_data(
let mut results = BTreeMap::new();
for database_name in database_names.iter() {
if let Err(err) = validate_name(database_name) {
results.insert(
database_name.to_owned(),
Err(GetDatabasesPrivilegeDataError::SanitizationError(err)),
);
if let Err(err) = validate_name(database_name)
.map_err(AuthorizationError::SanitizationError)
.map_err(GetDatabasesPrivilegeDataError::AuthorizationError)
{
results.insert(database_name.to_owned(), Err(err));
continue;
}
if let Err(err) = validate_ownership_by_unix_user(database_name, unix_user) {
results.insert(
database_name.to_owned(),
Err(GetDatabasesPrivilegeDataError::OwnershipError(err)),
);
if let Err(err) = validate_ownership_by_unix_user(database_name, unix_user)
.map_err(AuthorizationError::OwnershipError)
.map_err(GetDatabasesPrivilegeDataError::AuthorizationError)
{
results.insert(database_name.to_owned(), Err(err));
continue;
}
@@ -411,37 +411,35 @@ pub async fn apply_privilege_diffs(
diff.get_database_name().to_owned(),
diff.get_user_name().to_owned(),
);
if let Err(err) = validate_name(diff.get_database_name()) {
results.insert(
key,
Err(ModifyDatabasePrivilegesError::DatabaseSanitizationError(
err,
)),
);
if let Err(err) = validate_name(diff.get_database_name())
.map_err(AuthorizationError::SanitizationError)
.map_err(ModifyDatabasePrivilegesError::DatabaseAuthorizationError)
{
results.insert(key, Err(err));
continue;
}
if let Err(err) = validate_ownership_by_unix_user(diff.get_database_name(), unix_user) {
results.insert(
key,
Err(ModifyDatabasePrivilegesError::DatabaseOwnershipError(err)),
);
if let Err(err) = validate_ownership_by_unix_user(diff.get_database_name(), unix_user)
.map_err(AuthorizationError::OwnershipError)
.map_err(ModifyDatabasePrivilegesError::DatabaseAuthorizationError)
{
results.insert(key, Err(err));
continue;
}
if let Err(err) = validate_name(diff.get_user_name()) {
results.insert(
key,
Err(ModifyDatabasePrivilegesError::UserSanitizationError(err)),
);
if let Err(err) = validate_name(diff.get_user_name())
.map_err(AuthorizationError::SanitizationError)
.map_err(ModifyDatabasePrivilegesError::UserAuthorizationError)
{
results.insert(key, Err(err));
continue;
}
if let Err(err) = validate_ownership_by_unix_user(diff.get_user_name(), unix_user) {
results.insert(
key,
Err(ModifyDatabasePrivilegesError::UserOwnershipError(err)),
);
if let Err(err) = validate_ownership_by_unix_user(diff.get_user_name(), unix_user)
.map_err(AuthorizationError::OwnershipError)
.map_err(ModifyDatabasePrivilegesError::UserAuthorizationError)
{
results.insert(key, Err(err));
continue;
}

83
src/server/sql/user_operations.rs
View File

@@ -7,6 +7,7 @@ use serde::{Deserialize, Serialize};
use sqlx::MySqlConnection;
use sqlx::prelude::*;
use crate::core::protocol::request_validation::AuthorizationError;
use crate::{
core::{
common::UnixUser,
@@ -99,13 +100,19 @@ pub async fn create_database_users(
let mut results = BTreeMap::new();
for db_user in db_users {
if let Err(err) = validate_name(&db_user) {
results.insert(db_user, Err(CreateUserError::SanitizationError(err)));
if let Err(err) = validate_name(&db_user)
.map_err(AuthorizationError::SanitizationError)
.map_err(CreateUserError::AuthorizationError)
{
results.insert(db_user, Err(err));
continue;
}
if let Err(err) = validate_ownership_by_unix_user(&db_user, unix_user) {
results.insert(db_user, Err(CreateUserError::OwnershipError(err)));
if let Err(err) = validate_ownership_by_unix_user(&db_user, unix_user)
.map_err(AuthorizationError::OwnershipError)
.map_err(CreateUserError::AuthorizationError)
{
results.insert(db_user, Err(err));
continue;
}
@@ -146,13 +153,19 @@ pub async fn drop_database_users(
let mut results = BTreeMap::new();
for db_user in db_users {
if let Err(err) = validate_name(&db_user) {
results.insert(db_user, Err(DropUserError::SanitizationError(err)));
if let Err(err) = validate_name(&db_user)
.map_err(AuthorizationError::SanitizationError)
.map_err(DropUserError::AuthorizationError)
{
results.insert(db_user, Err(err));
continue;
}
if let Err(err) = validate_ownership_by_unix_user(&db_user, unix_user) {
results.insert(db_user, Err(DropUserError::OwnershipError(err)));
if let Err(err) = validate_ownership_by_unix_user(&db_user, unix_user)
.map_err(AuthorizationError::OwnershipError)
.map_err(DropUserError::AuthorizationError)
{
results.insert(db_user, Err(err));
continue;
}
@@ -191,13 +204,13 @@ pub async fn set_password_for_database_user(
connection: &mut MySqlConnection,
_db_is_mariadb: bool,
) -> SetUserPasswordResponse {
if let Err(err) = validate_name(db_user) {
return Err(SetPasswordError::SanitizationError(err));
}
validate_name(db_user)
.map_err(AuthorizationError::SanitizationError)
.map_err(SetPasswordError::AuthorizationError)?;
if let Err(err) = validate_ownership_by_unix_user(db_user, unix_user) {
return Err(SetPasswordError::OwnershipError(err));
}
validate_ownership_by_unix_user(db_user, unix_user)
.map_err(AuthorizationError::OwnershipError)
.map_err(SetPasswordError::AuthorizationError)?;
match unsafe_user_exists(db_user, &mut *connection).await {
Ok(false) => return Err(SetPasswordError::UserDoesNotExist),
@@ -282,13 +295,19 @@ pub async fn lock_database_users(
let mut results = BTreeMap::new();
for db_user in db_users {
if let Err(err) = validate_name(&db_user) {
results.insert(db_user, Err(LockUserError::SanitizationError(err)));
if let Err(err) = validate_name(&db_user)
.map_err(AuthorizationError::SanitizationError)
.map_err(LockUserError::AuthorizationError)
{
results.insert(db_user, Err(err));
continue;
}
if let Err(err) = validate_ownership_by_unix_user(&db_user, unix_user) {
results.insert(db_user, Err(LockUserError::OwnershipError(err)));
if let Err(err) = validate_ownership_by_unix_user(&db_user, unix_user)
.map_err(AuthorizationError::OwnershipError)
.map_err(LockUserError::AuthorizationError)
{
results.insert(db_user, Err(err));
continue;
}
@@ -343,13 +362,19 @@ pub async fn unlock_database_users(
let mut results = BTreeMap::new();
for db_user in db_users {
if let Err(err) = validate_name(&db_user) {
results.insert(db_user, Err(UnlockUserError::SanitizationError(err)));
if let Err(err) = validate_name(&db_user)
.map_err(AuthorizationError::SanitizationError)
.map_err(UnlockUserError::AuthorizationError)
{
results.insert(db_user, Err(err));
continue;
}
if let Err(err) = validate_ownership_by_unix_user(&db_user, unix_user) {
results.insert(db_user, Err(UnlockUserError::OwnershipError(err)));
if let Err(err) = validate_ownership_by_unix_user(&db_user, unix_user)
.map_err(AuthorizationError::OwnershipError)
.map_err(UnlockUserError::AuthorizationError)
{
results.insert(db_user, Err(err));
continue;
}
@@ -452,13 +477,19 @@ pub async fn list_database_users(
let mut results = BTreeMap::new();
for db_user in db_users {
if let Err(err) = validate_name(&db_user) {
results.insert(db_user, Err(ListUsersError::SanitizationError(err)));
if let Err(err) = validate_name(&db_user)
.map_err(AuthorizationError::SanitizationError)
.map_err(ListUsersError::AuthorizationError)
{
results.insert(db_user, Err(err));
continue;
}
if let Err(err) = validate_ownership_by_unix_user(&db_user, unix_user) {
results.insert(db_user, Err(ListUsersError::OwnershipError(err)));
if let Err(err) = validate_ownership_by_unix_user(&db_user, unix_user)
.map_err(AuthorizationError::OwnershipError)
.map_err(ListUsersError::AuthorizationError)
{
results.insert(db_user, Err(err));
continue;
}