Merge #234: Make sure user exist in upload torrent endpoint

a534e38 fix: [#230] make sure user exist in upload torrent endpoint (Jose Celano)
fe25778 chore: udpate rust toolchain 1.72.0-nightly (Jose Celano)

Pull request description:

  We get the user ID from the Json Web Token, but that does not mean the user actually exists. The session could be valid, but the user could have been removed from the database.

Top commit has no ACKs.

Tree-SHA512: 48052dcb59c3eaeb31777c1831966b9a239489648b193fd25e3eab8a0a24f2d79e7c29f57e41dee55cf1584e68da9086f39b8c8f785112c12dc0141eccdfb3bc

src/app.rs

@@ -28,6 +28,11 @@ pub struct Running {
     pub tracker_data_importer_handle: tokio::task::JoinHandle<()>,
 }
 
+/// Runs the application.
+///
+/// # Panics
+///
+/// It panics if there is an error connecting to the database.
 #[allow(clippy::too_many_lines)]
 pub async fn run(configuration: Configuration, api_version: &Version) -> Running {
     let log_level = configuration.settings.read().await.log_level.clone();

src/cache/image/manager.rs

@@ -19,6 +19,11 @@ pub enum Error {
 
 type UserQuotas = HashMap<i64, ImageCacheQuota>;
 
+/// Returns the current time in seconds.
+///
+/// # Panics
+///
+/// This function will panic if the current time is before the UNIX EPOCH.
 #[must_use]
 pub fn now_in_secs() -> u64 {
     SystemTime::now()
@@ -87,6 +92,11 @@ pub struct ImageCacheService {
 }
 
 impl ImageCacheService {
+    /// Create a new image cache service.
+    ///
+    /// # Panics
+    ///
+    /// This function will panic if the image cache could not be created.
     pub async fn new(cfg: Arc<Configuration>) -> Self {
         let settings = cfg.settings.read().await;
 

src/cache/mod.rs

@@ -98,7 +98,7 @@ impl BytesCache {
     pub fn total_size(&self) -> usize {
         let mut size: usize = 0;
 
-        for (_, entry) in self.bytes_table.iter() {
+        for (_, entry) in &self.bytes_table {
             size += entry.bytes.len();
         }
 

src/config.rs

@@ -362,6 +362,10 @@ impl Configuration {
     }
 
     /// Returns the save to file of this [`Configuration`].
+    ///
+    /// # Panics
+    ///
+    /// This function will panic if it can't write to the file.
     pub async fn save_to_file(&self, config_path: &str) {
         let settings = self.settings.read().await;
 

src/console/commands/import_tracker_statistics.rs

@@ -70,6 +70,11 @@ fn print_usage() {
     );
 }
 
+/// Import Tracker Statistics Command
+///
+/// # Panics
+///
+/// Panics if arguments cannot be parsed.
 pub async fn run_importer() {
     parse_args().expect("unable to parse command arguments");
     import().await;

src/databases/mysql.rs

@@ -329,7 +329,7 @@ impl Database for Mysql {
         let category_filter_query = if let Some(c) = categories {
             let mut i = 0;
             let mut category_filters = String::new();
-            for category in c.iter() {
+            for category in c {
                 // don't take user input in the db query
                 if let Ok(sanitized_category) = self.get_category_from_name(category).await {
                     let mut str = format!("tc.name = '{}'", sanitized_category.name);
@@ -352,7 +352,7 @@ impl Database for Mysql {
         let tag_filter_query = if let Some(t) = tags {
             let mut i = 0;
             let mut tag_filters = String::new();
-            for tag in t.iter() {
+            for tag in t {
                 // don't take user input in the db query
                 if let Ok(sanitized_tag) = self.get_tag_from_name(tag).await {
                     let mut str = format!("tl.tag_id = '{}'", sanitized_tag.tag_id);
@@ -479,7 +479,7 @@ impl Database for Mysql {
         } else {
             let files = torrent.info.files.as_ref().unwrap();
 
-            for file in files.iter() {
+            for file in files {
                 let path = file.path.join("/");
 
                 let _ = query("INSERT INTO torrust_torrent_files (md5sum, torrent_id, length, path) VALUES (?, ?, ?, ?)")

src/databases/sqlite.rs

@@ -319,7 +319,7 @@ impl Database for Sqlite {
         let category_filter_query = if let Some(c) = categories {
             let mut i = 0;
             let mut category_filters = String::new();
-            for category in c.iter() {
+            for category in c {
                 // don't take user input in the db query
                 if let Ok(sanitized_category) = self.get_category_from_name(category).await {
                     let mut str = format!("tc.name = '{}'", sanitized_category.name);
@@ -342,7 +342,7 @@ impl Database for Sqlite {
         let tag_filter_query = if let Some(t) = tags {
             let mut i = 0;
             let mut tag_filters = String::new();
-            for tag in t.iter() {
+            for tag in t {
                 // don't take user input in the db query
                 if let Ok(sanitized_tag) = self.get_tag_from_name(tag).await {
                     let mut str = format!("tl.tag_id = '{}'", sanitized_tag.tag_id);
@@ -469,7 +469,7 @@ impl Database for Sqlite {
         } else {
             let files = torrent.info.files.as_ref().unwrap();
 
-            for file in files.iter() {
+            for file in files {
                 let path = file.path.join("/");
 
                 let _ = query("INSERT INTO torrust_torrent_files (md5sum, torrent_id, length, path) VALUES (?, ?, ?, ?)")

src/mailer.rs

@@ -58,11 +58,15 @@ impl Service {
         }
     }
 
-    /// Send Verification Email
+    /// Send Verification Email.
     ///
     /// # Errors
     ///
     /// This function will return an error if unable to send an email.
+    ///
+    /// # Panics
+    ///
+    /// This function will panic if the multipart builder had an error.
     pub async fn send_verification_mail(
         &self,
         to: &str,

src/models/torrent_file.rs

@@ -50,6 +50,12 @@ impl TorrentInfo {
         }
     }
 
+    /// It returns the root hash as a `i64` value.
+    ///
+    /// # Panics
+    ///
+    /// This function will panic if the root hash cannot be converted into a
+    /// `i64` value.
     #[must_use]
     pub fn get_root_hash_as_i64(&self) -> i64 {
         match &self.root_hash {
@@ -96,6 +102,11 @@ pub struct Torrent {
 }
 
 impl Torrent {
+    /// It hydrates a `Torrent` struct from the database data.
+    ///
+    /// # Panics
+    ///
+    /// This function will panic if the `torrent_info.pieces` is not a valid hex string.
     #[must_use]
     pub fn from_db_info_files_and_announce_urls(
         torrent_info: DbTorrentInfo,
@@ -180,6 +191,11 @@ impl Torrent {
         }
     }
 
+    /// It calculates the info hash of the torrent file.
+    ///
+    /// # Panics
+    ///
+    /// This function will panic if the `info` part of the torrent file cannot be serialized.
     #[must_use]
     pub fn calculate_info_hash_as_bytes(&self) -> [u8; 20] {
         let info_bencoded = ser::to_bytes(&self.info).expect("variable `info` was not able to be serialized.");
@@ -204,7 +220,7 @@ impl Torrent {
                 None => 0,
                 Some(files) => {
                     let mut file_size = 0;
-                    for file in files.iter() {
+                    for file in files {
                         file_size += file.length;
                     }
                     file_size
@@ -213,6 +229,11 @@ impl Torrent {
         }
     }
 
+    /// It returns the announce urls of the torrent file.
+    ///
+    /// # Panics
+    ///
+    /// This function will panic if both the `announce_list` and the `announce` are `None`.
     #[must_use]
     pub fn announce_urls(&self) -> Vec<String> {
         match &self.announce_list {

src/services/authentication.rs

@@ -120,6 +120,11 @@ impl JsonWebToken {
     }
 
     /// Create Json Web Token.
+    ///
+    /// # Panics
+    ///
+    /// This function will panic if the default encoding algorithm does not ç
+    /// match the encoding key.
     pub async fn sign(&self, user: UserCompact) -> String {
         let settings = self.cfg.settings.read().await;
 

src/services/torrent.rs

@@ -99,6 +99,8 @@ impl Index {
     /// * Unable to insert the torrent into the database.
     /// * Unable to add the torrent to the whitelist.
     pub async fn add_torrent(&self, mut torrent_request: AddTorrentRequest, user_id: UserId) -> Result<TorrentId, ServiceError> {
+        let _user = self.user_repository.get_compact(&user_id).await?;
+
         torrent_request.torrent.set_announce_urls(&self.configuration).await;
 
         let category = self

src/services/user.rs

@@ -61,6 +61,10 @@ impl RegistrationService {
     /// * `ServiceError::FailedToSendVerificationEmail` if unable to send the required verification email.
     /// * An error if unable to successfully hash the password.
     /// * An error if unable to insert user into the database.
+    ///
+    /// # Panics
+    ///
+    /// This function will panic if the email is required, but missing.
     pub async fn register_user(&self, registration_form: &RegistrationForm, api_base_url: &str) -> Result<UserId, ServiceError> {
         info!("registering user: {}", registration_form.username);
 
@@ -328,6 +332,11 @@ impl DbBannedUserList {
     /// # Errors
     ///
     /// It returns an error if there is a database error.
+    ///
+    /// # Panics
+    ///
+    /// It panics if the expiration date cannot be parsed. It should never
+    /// happen as the date is hardcoded for now.
     pub async fn add(&self, user_id: &UserId) -> Result<(), Error> {
         // todo: add reason and `date_expiry` parameters to request.
 

src/upgrades/from_v1_0_0_to_v2_0_0/databases/mod.rs

@@ -21,6 +21,11 @@ pub async fn migrate_target_database(target_database: Arc<SqliteDatabaseV2_0_0>)
     target_database.migrate().await;
 }
 
+/// It truncates all tables in the target database.
+///
+/// # Panics
+///
+/// It panics if it cannot truncate the tables.
 pub async fn truncate_target_database(target_database: Arc<SqliteDatabaseV2_0_0>) {
     println!("Truncating all tables in target database ...");
     target_database

src/upgrades/from_v1_0_0_to_v2_0_0/databases/sqlite_v1_0_0.rs

@@ -58,6 +58,11 @@ pub struct SqliteDatabaseV1_0_0 {
 }
 
 impl SqliteDatabaseV1_0_0 {
+    /// It creates a new instance of the `SqliteDatabaseV1_0_0`.
+    ///
+    /// # Panics
+    ///
+    /// This function will panic if it is unable to create the database pool.
     pub async fn new(database_url: &str) -> Self {
         let db = SqlitePoolOptions::new()
             .connect(database_url)

src/upgrades/from_v1_0_0_to_v2_0_0/databases/sqlite_v2_0_0.rs

@@ -49,6 +49,11 @@ impl TorrentRecordV2 {
     }
 }
 
+/// It converts a timestamp in seconds to a datetime string.
+///
+/// # Panics
+///
+/// It panics if the timestamp is too big and it overflows i64. Very future!
 #[must_use]
 pub fn convert_timestamp_to_datetime(timestamp: i64) -> String {
     // The expected format in database is: 2022-11-04 09:53:57
@@ -66,6 +71,11 @@ pub struct SqliteDatabaseV2_0_0 {
 }
 
 impl SqliteDatabaseV2_0_0 {
+    /// Creates a new instance of the database.
+    ///
+    /// # Panics
+    ///
+    /// It panics if it cannot create the database pool.
     pub async fn new(database_url: &str) -> Self {
         let db = SqlitePoolOptions::new()
             .connect(database_url)
@@ -74,6 +84,11 @@ impl SqliteDatabaseV2_0_0 {
         Self { pool: db }
     }
 
+    /// It migrates the database to the latest version.
+    ///
+    /// # Panics
+    ///
+    /// It panics if it cannot run the migrations.
     pub async fn migrate(&self) {
         sqlx::migrate!("migrations/sqlite3")
             .run(&self.pool)

src/upgrades/from_v1_0_0_to_v2_0_0/transferrers/torrent_transferrer.rs

@@ -96,7 +96,7 @@ pub async fn transfer_torrents(
             // Multiple files are being shared
             let files = torrent_from_file.info.files.as_ref().unwrap();
 
-            for file in files.iter() {
+            for file in files {
                 println!(
                     "[v2][torrust_torrent_files][multiple-file-torrent] adding torrent file: {:?} ...",
                     &file

src/utils/clock.rs

@@ -1,3 +1,9 @@
+/// Returns the current timestamp in seconds.
+///
+/// # Panics
+///
+/// This function should never panic unless the current timestamp from the
+/// time library is negative, which should never happen.
 #[must_use]
 pub fn now() -> u64 {
     u64::try_from(chrono::prelude::Utc::now().timestamp()).expect("timestamp should be positive")

src/utils/regex.rs

@@ -1,5 +1,10 @@
 use regex::Regex;
 
+/// Validates an email address.
+///
+/// # Panics
+///
+/// It panics if the regex fails to compile.
 #[must_use]
 pub fn validate_email_address(email_address_to_be_checked: &str) -> bool {
     let email_regex = Regex::new(r"^([a-z\d_+]([a-z\d_+.]*[a-z\d_+])?)@([a-z\d]+([\-.][a-z\d]+)*\.[a-z]{2,6})")

src/web/api/v1/auth.rs

@@ -142,6 +142,10 @@ impl Authentication {
 }
 
 /// Parses the token from the `Authorization` header.
+///
+/// # Panics
+///
+/// This function will panic if the `Authorization` header is not a valid `String`.
 pub fn parse_token(authorization: &HeaderValue) -> String {
     let split: Vec<&str> = authorization
         .to_str()

src/web/api/v1/contexts/proxy/handlers.rs

@@ -22,7 +22,9 @@ pub async fn get_proxy_image_handler(
         return png_image(map_error_to_image(&Error::Unauthenticated));
     }
 
-    let Ok(user_id) = app_data.auth.get_user_id_from_bearer_token(&maybe_bearer_token).await else { return png_image(map_error_to_image(&Error::Unauthenticated)) };
+    let Ok(user_id) = app_data.auth.get_user_id_from_bearer_token(&maybe_bearer_token).await else {
+        return png_image(map_error_to_image(&Error::Unauthenticated));
+    };
 
     // code-review: Handling status codes in the frontend other tan OK is quite a pain.
     // Return OK for now.