dev: integrate tera into app data

reasons stated at the top of such mod.rs file

Cargo.toml

@@ -24,8 +24,9 @@ opt-level = 3
 debug = false
 
 [features]
-default = ["pamsock"]
+default = ["pamsock", "log"]
 pamsock = ["dep:pamsock"]
+log = ["dep:log", "dep:env_logger"]
 
 [dependencies]
 pamsock = { version = "0.2.0", git = "https://git.javalsai.tuxcord.net/tuxcord/authy-pamsock.git", features = [
@@ -38,16 +39,20 @@ anyhow = "1.0"
 clap = { version = "4.5", features = ["derive"] }
 const-macros = { git = "https://git.javalsai.tuxcord.net/rust/const-macros.git", version = "0.1.2" }
 const-str = { version = "1.1", features = ["proc"] }
+env_logger = { version = "0.11.10", optional = true }
 futures-util = "0.3"
 libc = "0.2"
+log = { version = "0.4.29", optional = true }
 magic = "0.16"
 moka = { version = "0.12", features = ["async-lock", "future"] }
 serde = { version = "1.0", features = ["derive"] }
-sha2 = "0.10"
+sha2 = "0.11"
+ssh-key = "0.6.7"
 thiserror = "2.0"
 tokio = { version = "1.49", features = ["full"] }
 toml = "1.0"
 users = "0.11"
+tera = "1.20.1"
 
 [patch.crates-io]
 # https://github.com/robo9k/rust-magic/issues/434

assets/config.toml

@@ -1,8 +1,12 @@
 # example file to show/test configuration
 
 [unix]
-groups = [ "wheel", 0, "users" ]
+groups = ["wheel", 0, "users"]
 # magic_paths = [ "/usr/share/file/misc/magic" ]
 
-# [server]
+[server]
 # listen = "127.0.0.1:8080"
+templates = "assets/templates/**/*"
+
+[render]
+title = "My Server"

assets/templates/login.html

@@ -0,0 +1,24 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>{{ title }} - Login</title>
+    <link href="css/style.css" rel="stylesheet" />
+  </head>
+  <body>
+    {% include "partials/header.html" %}
+
+    <main>
+      <form method="post">
+        <h2>Username</h2>
+        <input type="text" name="username" placeholder="username" />
+
+        <h2>Password</h2>
+        <input type="password" name="password" placeholder="password" />
+
+        <button type="submit">Login</button>
+      </form>
+    </main>
+  </body>
+</html>

assets/templates/partials/header.html

@@ -0,0 +1,3 @@
+<nav class="header">
+    <span>header</header>
+</nav>

src/conf.rs

@@ -22,11 +22,27 @@ pub struct Unix {
 #[serde(default)]
 pub struct Server {
     pub listen: SocketAddr,
+    pub templates: String,
 }
 impl Default for Server {
     fn default() -> Self {
         Self {
             listen: SocketAddr::V4(SocketAddrV4::new(Ipv4Addr::LOCALHOST, 8080)),
+            templates: String::from("/var/lib/authy-oidc/templates/**/*"),
+        }
+    }
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(default)]
+pub struct Render {
+    pub title: String,
+}
+
+impl Default for Render {
+    fn default() -> Self {
+        Self {
+            title: String::from("OpenID Connect Server"),
         }
     }
 }
@@ -36,6 +52,7 @@ impl Default for Server {
 pub struct Config {
     pub unix: Unix,
     pub server: Server,
+    pub render: Render,
 }
 
 #[derive(thiserror::Error, Debug)]

src/consts.rs

@@ -37,6 +37,11 @@ pub const USER_PFP_PATHS: &[&str] = &[
     ".face",
 ];
 
+/// Path relative to a user's home to ssh's `.authorized_keys`, used to verify user's identity when
+/// distrusted
+pub const AUTHORIZED_KEYS_PATH: &str = ".ssh/authorized_keys";
+pub const MAX_AUTHORIZED_KEYS_SIZE: u64 = 64 * 1024; // 64 KiB
+
 pub const ERROR_ASCII_ARTS: &[&str] = &[
     include_str!("../assets/lain/lain-dancing.txt"),
     include_str!("../assets/lain/lain-head.txt"),
@@ -44,6 +49,14 @@ pub const ERROR_ASCII_ARTS: &[&str] = &[
     include_str!("../assets/lain/lain-teddy.txt"),
 ];
 
+pub mod mime {
+    pub const MIME_IMAGE_PREFIX: &str = "image/";
+
+    pub const TEXT: &str = "text/plain; charset=utf-8";
+    pub const HTML: &str = "text/html; charset=utf-8";
+}
+
 pub mod web_scopes {
     pub const IMAGES: &str = "/image";
+    pub const LOGIN: &str = "/login";
 }

src/db/mod.rs

@@ -0,0 +1,33 @@
+//! Everything that interacts with DB (or generally persistent state)
+//!
+//! Currently it's all in memory or with default values until I model all the data properly and
+//! choose a DB provider.
+
+use std::collections::HashSet;
+
+use tokio::sync::RwLock;
+
+use crate::server::state::users::UID;
+
+pub struct DB {
+    enabled_users: RwLock<HashSet<UID>>,
+}
+
+impl DB {
+    #[must_use]
+    #[expect(clippy::new_without_default)]
+    pub fn new() -> Self {
+        Self {
+            enabled_users: RwLock::new(HashSet::new()),
+        }
+    }
+
+    pub async fn enable_user(&self, user: UID) {
+        self.enabled_users.write().await.insert(user);
+    }
+
+    #[must_use]
+    pub async fn user_is_enabled(&self, user: &UID) -> bool {
+        self.enabled_users.read().await.contains(user)
+    }
+}

src/main.rs

@@ -2,6 +2,7 @@
 #![feature(
     decl_macro,
     duration_constructors,
+    iterator_try_collect,
     never_type,
     once_cell_try,
     seek_stream_len
@@ -26,6 +27,34 @@
 //!
 //! I will try to keep those 3 modules as documented as possible, please feel free to open any
 //! issues/PRs regarding information in there.
+//!
+//! # Public Information
+//!
+//! To make sure this application doesn't expose any public imformation it's important to define
+//! what public information we are willing to expose. The application deals with user information
+//! so it must leak at least some information, to make sure we don't overreach, we must have clear
+//! where we draw the line.
+//!
+//! By default all information is private, but this application might leak by default:
+//!
+//! - **User system information:** Unix's UID of a given username.
+//! - **User profile pictures:** See [`consts::USER_PFP_PATHS`].
+//! - **User's `autorized_ssh_keys`:** See [`consts::AUTHORIZED_KEYS_PATH`].
+//!
+//! Note that no file information within user's home can be accessed until the user adds `o+x`
+//! permissions on their home directory. Once this is done, only state of files regarding the
+//! previous can be publicly accessible, there's no arbirtary path reading.
+//!
+//! Any user information is checked ASAP against the allowed groups (see [`conf::Unix::groups`]) to
+//! fail fast without exposing any personal information for users alien to these groups. That means
+//! that any reference to the "user", will assume its already from an allowed group, if its not a
+//! group member, it will be treated as nonexistent.
+//!
+//! Information about existance of a user alien to the configured groups might vulnerable to timing
+//! attacks though.
+//!
+//! TODO: This was clearly defined after some API was already written so these assumptions will
+//! need to be reviewed for the old code (notably pfp logic).
 
 use std::fs::File;
 
@@ -37,6 +66,7 @@ pub mod args;
 pub mod auth;
 pub mod conf;
 pub mod consts;
+pub mod db;
 pub mod ext;
 pub mod serdes;
 pub mod server;
@@ -45,6 +75,8 @@ pub mod utils;
 #[tokio::main]
 async fn main() -> anyhow::Result<()> {
     let args = args::Args::parse();
+    #[cfg(feature = "log")]
+    env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));
     let conf = if let Some(conf) = File::try_open(&args.conf) {
         conf::Config::from_toml_file(&mut conf?)?
     } else {
@@ -59,7 +91,8 @@ async fn main() -> anyhow::Result<()> {
     // (idek japanese but im vibing)
     println!("\n\x1b[1;3;4;33mConfiguration\x1b[0m: {conf:#?}\n");
 
-    server::start_app(args, conf).await?;
+    let app_state = server::state::AppState::new(args, conf, db::DB::new())?;
+    server::start_app(Box::leak(Box::new(app_state))).await?;
 
     Ok(())
 }

src/serdes/mod.rs

@@ -9,8 +9,8 @@ use serde::{Deserialize, Serialize};
 pub mod inner_helpers;
 
 #[repr(transparent)]
-#[derive(Serialize, Deserialize)]
+#[derive(Clone, Copy, Serialize, Deserialize)]
-pub struct Group(#[serde(deserialize_with = "inner_helpers::deserialize_group")] pub gid_t);
+pub struct Group(#[serde(deserialize_with = "inner_helpers::deserialize_group")] gid_t);
 
 impl Debug for Group {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
@@ -18,6 +18,13 @@ impl Debug for Group {
     }
 }
 
+impl Group {
+    #[must_use]
+    pub const fn gid(self) -> gid_t {
+        self.0
+    }
+}
+
 #[repr(transparent)]
 #[derive(Deserialize, Default)]
 pub struct DatabasePaths(

src/server/caches/mod.rs

@@ -1,186 +0,0 @@
-use std::{ffi::OsStr, io, os::unix::fs::MetadataExt, path::Path, sync::Arc};
-
-use ::users::os::unix::UserExt as _;
-use moka::future::{Cache, CacheBuilder};
-use sha2::Digest as _;
-use tokio::{fs::File, io::AsyncReadExt};
-
-use crate::{
-    consts,
-    server::caches::{mime::Mime, users::UsersCache},
-};
-
-pub mod mime;
-pub mod users;
-
-const MIME_IMAGE_PREFIX: &str = "image/";
-
-pub struct ImageInfo {
-    pub mime: Box<str>,
-    pub bytes: Box<[u8]>,
-    pub shasum: Box<str>,
-}
-
-pub type Image = Arc<ImageInfo>;
-
-// TODO: most of the cache methods here block the executor, if we wanna commit to async we'd have
-// to consider that
-pub struct AppCache<'a> {
-    only_groups: &'a [crate::serdes::Group],
-    // FIXME: blocks
-    user_cache: UsersCache,
-    // FIXME: blocks
-    magic_mime_cookie: Mime<'a>,
-
-    /// MUST only contain users from an accepted group, we do not want to cache arbitrary usernames
-    /// and blow memory up.
-    ///
-    /// [`Option<Image>`] because users may not have a pfp.
-    pfp_cache: Cache<String, Option<Image>>,
-}
-
-impl<'a> AppCache<'a> {
-    /// # Errors
-    ///
-    /// Errors if anything failed opening the magic cookie.
-    ///
-    /// # Panics
-    ///
-    /// If weighter's usize doesn't fit in its u32
-    #[must_use]
-    pub fn new(
-        magic_dbs: &'a magic::cookie::DatabasePaths,
-        only_groups: &'a [crate::serdes::Group],
-    ) -> Self {
-        Self {
-            only_groups,
-
-            user_cache: UsersCache::new(),
-
-            magic_mime_cookie: Mime::new(magic_dbs),
-
-            pfp_cache: CacheBuilder::new(consts::MAX_PFP_CACHE_CAPACITY)
-                .time_to_live(consts::USER_CACHES_TTL)
-                .weigher(|_, v: &Option<Image>| {
-                    v.as_ref()
-                        .map_or(1, |v| v.bytes.len())
-                        .try_into()
-                        .expect("size of image to fit in weigher's size")
-                })
-                .build(),
-        }
-    }
-
-    fn is_member_groups(&self, groups: Option<impl AsRef<[::users::Group]>>) -> bool {
-        groups.is_some_and(|groups| {
-            groups.as_ref().iter().any(|group| {
-                let gid = group.gid();
-
-                self.only_groups.iter().any(|from_gr| from_gr.0 == gid)
-            })
-        })
-    }
-
-    pub async fn get_member_user_by_name<S: AsRef<OsStr> + ?Sized>(
-        &self,
-        username: &S,
-    ) -> Option<Arc<::users::User>> {
-        let user = self.user_cache.get_user_by_name(username).await?;
-
-        // FIXME: `user.groups()` is not cached and could be a DoS point. But I don't think caching
-        // if a user is member of any group is the proper way for this lmfao
-        if self.is_member_groups(user.groups()) {
-            Some(user)
-        } else {
-            None
-        }
-    }
-
-    async fn read_logo_from_home(&self, home: &Path) -> Option<Image> {
-        async fn read_limited_path<const MAXSIZE: u64>(path: &Path) -> io::Result<Vec<u8>> {
-            let f = File::open(path).await?;
-            let size = f.metadata().await?.size();
-
-            if size > MAXSIZE {
-                return Err(io::Error::new(
-                    io::ErrorKind::FileTooLarge,
-                    "filesize is bigger than MAXSIZE",
-                ));
-            }
-            let mut buf = Vec::with_capacity(size.try_into().expect("u64 to fit in usize"));
-            // `.take()` just in case an open fd happens to grow, `.metadata()` SHOULD take
-            // properties from the fd and lock the read fd until its closed but still
-            f.take(MAXSIZE).read_to_end(&mut buf).await?;
-            Ok(buf)
-        }
-
-        for subpath in consts::USER_PFP_PATHS {
-            let path = home.join(subpath);
-
-            // I'm relying too much on this condition
-            if let Ok(img_buf) = read_limited_path::<{ consts::MAX_PFP_SIZE }>(&path).await
-                && let Ok(Ok(mime)) = self.magic_mime_cookie.buffer(&img_buf) // TODO: first layer
-                                                                              // error is actually
-                                                                              // relevant
-                && mime.starts_with(MIME_IMAGE_PREFIX)
-            {
-                let shasum = sha2::Sha256::digest(&img_buf);
-                let shasum = format!(
-                    "\"{}\"",
-                    crate::utils::shasum::sha256sum_to_hex_string(&shasum)
-                );
-
-                return Some(Arc::new(ImageInfo {
-                    mime: mime.into_boxed_str(),
-                    bytes: img_buf.into_boxed_slice(),
-                    shasum: shasum.into_boxed_str(),
-                }));
-            }
-        }
-
-        None
-    }
-
-    /// Doesn't differenciate users without pfp and nonexistent ones
-    ///
-    /// So ig a feature not a bug? Less scraping? As in, scraping a user without pfp will just
-    /// default to default pfp.
-    ///
-    /// # Performance
-    ///
-    /// `T` is very generic, usually just takes the path of [`AsRef<str>`], but rarely it can take
-    /// the [`ToOwned<Owned = String>`] path. That means, if you only have access to a type like
-    /// [`str`], use it. But if by any chance you have a [`String`] of the value and it's not going
-    /// to be used anymore, that might be more performant.
-    ///
-    /// The loss is mainly just the allocation time, just a username, should be small enough but
-    /// still, just giving it flexibility. Also maybe a [`std::borrow::Cow<str>`] will work
-    /// perfectly too.
-    ///
-    /// # Security
-    ///
-    /// Images ultimately come from users home directories, so they could be anything, not only
-    /// images (though there's a MIME check, but not designed to be relied upon), make sure to
-    /// provide the mime type and `X-Content-Type-Options: nosniff` when serving it via http/s.
-    pub async fn get_pfp<T>(&self, username: T) -> Option<Image>
-    where
-        T: AsRef<str> + ToOwned<Owned = String>,
-    {
-        // If caching is done properly, it will take advantage of async.
-        if let Some(cached_pfp) = self.pfp_cache.get(username.as_ref()).await {
-            return cached_pfp;
-        }
-
-        // This blocks for now, so if we win with caching better. Non-member username requests
-        // won't cache, we win with actual user-cache and not pushing those away, but will make
-        // DDoS miss cache constantly.
-        let user = self.get_member_user_by_name(username.as_ref()).await?;
-        let img = self.read_logo_from_home(user.home_dir()).await?;
-
-        self.pfp_cache
-            .insert(username.to_owned(), Some(img.clone()))
-            .await;
-
-        Some(img)
-    }
-}

src/server/mod.rs

@@ -1,47 +1,31 @@
 use std::io;
 
-use actix_web::{App, HttpServer, web};
+use actix_web::{App, HttpServer, middleware, web};
 
-pub mod caches;
 pub mod services;
+pub mod state;
 pub mod static_app_data;
 
-pub struct AppState {
-    pub args: crate::args::Args,
-    pub config: &'static crate::conf::Config,
-    pub cache: caches::AppCache<'static>,
-}
-
-/// Type alias to be used just as `data: AppData,` extractor in [`actix_web`] request handlers.
-pub type AppData = static_app_data::StaticAppDataExtractor<&'static AppState>;
-
 /// Leaks memory for the sake of not atomic'ing all over.
 #[expect(clippy::missing_errors_doc)]
-pub async fn start_app(args: crate::args::Args, config: crate::conf::Config) -> io::Result<()> {
+pub async fn start_app(state: &'static state::AppState) -> io::Result<()> {
     use crate::consts::web_scopes as ws;
 
-    let config = Box::leak(Box::new(config));
-
-    let cache = caches::AppCache::new(&config.unix.magic_paths, &config.unix.groups);
-
-    let app: &AppState = Box::leak(Box::new(AppState {
-        args,
-        config,
-        cache,
-    }));
-
     println!(
         "\x1b[34mINF\x1b[0m: Trying to listen on \x1b[35m{:?}\x1b[0m",
-        app.config.server.listen
+        state.config.server.listen
     );
 
     HttpServer::new(move || {
         App::new()
-            .app_data(app)
+            .app_data(state)
+            .wrap(middleware::Logger::new("%a (%{r}a) %r -> %s, %b B in %T s"))
+            .wrap(middleware::NormalizePath::trim())
             .service(services::images::make_scope(ws::IMAGES))
+            .service(services::login::make_scope(ws::LOGIN))
             .default_service(web::to(services::not_found::not_found))
     })
-    .bind(&app.config.server.listen)?
+    .bind(&state.config.server.listen)?
     .run()
     .await
 }

src/server/services/images.rs

@@ -13,7 +13,7 @@ use actix_web::{
 
 use crate::{
     consts::{self, web_scopes as ws},
-    server::AppData,
+    server::state::DataExtractor,
 };
 
 #[must_use]
@@ -40,10 +40,10 @@ async fn get_default_image() -> HttpResponse {
 
 #[get("/user/{username}")]
 async fn get_image(
-    data: AppData,
+    data: DataExtractor,
     username: web::Path<String>,
 ) -> web::Either<Redirect, HttpResponse> {
-    let cached_pfp = data.cache.get_pfp(username.to_string()).await;
+    let cached_pfp = data.get_pfp(username.to_string()).await;
 
     cached_pfp.as_ref().map_or_else(
         || {

src/server/services/login.rs

@@ -0,0 +1,72 @@
+use actix_web::{
+    HttpResponse, get, post,
+    web::{self, Path},
+};
+
+use crate::{consts, server::state::DataExtractor};
+
+#[must_use]
+pub fn make_scope(path: &str) -> actix_web::Scope {
+    web::scope(path)
+        .service(login)
+        .service(login_post)
+        .service(activate)
+}
+
+#[get("")]
+pub async fn login(data: DataExtractor) -> HttpResponse {
+    let ctx = data.make_default_tera_ctx();
+
+    let Ok(rendered) = data.tera.render("login.html", &ctx) else {
+        return HttpResponse::InternalServerError()
+            .content_type(consts::mime::TEXT)
+            .body("Internal server error, please report");
+    };
+
+    HttpResponse::Ok()
+        .content_type(consts::mime::HTML)
+        .body(rendered)
+}
+
+#[derive(serde::Deserialize)]
+pub struct LoginForm {
+    pub username: String,
+    pub password: String,
+}
+
+/// Expects a form's post data in the form of [`LoginForm`]
+#[post("")]
+pub async fn login_post(data: DataExtractor, form: web::Form<LoginForm>) -> HttpResponse {
+    let Some(user) = data.get_user_by_name(&form.username).await else {
+        return HttpResponse::BadRequest()
+            .content_type(consts::mime::TEXT)
+            .body("user does not exist");
+    };
+    let user_can_login = data.is_user_enabled(&user.uid()).await;
+
+    HttpResponse::NotImplemented()
+        .content_type(consts::mime::HTML)
+        .body(format!(
+            "<html><body>\
+            <h1>TODO, can you login? ({user_can_login})</h1>\
+            </body></html>",
+        ))
+}
+
+#[get("/activate/{username}")]
+pub async fn activate(data: DataExtractor, username: Path<String>) -> HttpResponse {
+    let keys = data.get_authorized_ssh_keys(&username).await;
+
+    match keys {
+        Ok(keys) => HttpResponse::Ok()
+            .content_type(consts::mime::TEXT)
+            .body(format!("{keys:#?}")),
+        Err(err) => HttpResponse::BadRequest()
+            .content_type(consts::mime::TEXT)
+            .body(if let Some(recommendation) = err.recommendation() {
+                format!("{err}\n\nsuggestion: {recommendation}")
+            } else {
+                err.to_string()
+            }),
+    }
+}

src/server/services/mod.rs

@@ -1,2 +1,3 @@
 pub mod images;
 pub mod not_found;
+pub mod login;

src/server/services/not_found.rs

@@ -42,7 +42,7 @@ pub async fn not_found(req: HttpRequest) -> HttpResponse {
     let url = req.path();
 
     HttpResponse::NotFound()
-        .content_type("text/plain; charset=utf-8")
+        .content_type(consts::mime::TEXT)
         .streaming(stream::iter([
             Ok::<_, !>(web::Bytes::from(format!(
                 "> {method} '{url}'\n404 NOT FOUND\nLet's all love lain\n\n"

src/server/state/db.rs

@@ -0,0 +1,13 @@
+use crate::server::state::users::UID;
+
+use super::AppState;
+
+impl AppState {
+    pub fn enable_user(&self, user: UID) -> impl Future<Output = ()> {
+        self.db.enable_user(user)
+    }
+
+    pub fn is_user_enabled(&self, user: &UID) -> impl Future<Output = bool> {
+        self.db.user_is_enabled(user)
+    }
+}

src/server/state/magic.rs

@@ -6,6 +6,8 @@ use std::cell::OnceCell;
 
 use magic::{Cookie, cookie};
 
+use super::AppState;
+
 #[derive(Debug, thiserror::Error)]
 pub enum NewCookieError {
     #[error(transparent)]
@@ -16,23 +18,19 @@ pub enum NewCookieError {
     // MimeDBPath(#[from] magic::cookie::InvalidDatabasePathError),
 }
 
-pub struct Mime<'a> {
+impl AppState {
-    magic_dbs: &'a magic::cookie::DatabasePaths,
-}
-
-impl<'a> Mime<'a> {
     thread_local! {
-        static COOKIE_CELL: OnceCell<Cookie<cookie::Load>> = const { OnceCell::new() };
+        static MAGIC_COOKIE_CELL: OnceCell<Cookie<cookie::Load>> = const { OnceCell::new() };
     }
 
-    fn use_cookie<F, T>(&self, f: F) -> Result<T, NewCookieError>
+    fn use_magic_cookie<F, T>(&self, f: F) -> Result<T, NewCookieError>
     where
         F: FnOnce(&Cookie<cookie::Load>) -> T,
     {
-        Self::COOKIE_CELL.with(|cookie| {
+        Self::MAGIC_COOKIE_CELL.with(|cookie| {
             let may_cookie = cookie.get_or_try_init::<_, NewCookieError>(move || {
                 let cookie = magic::Cookie::open(magic::cookie::Flags::MIME)?;
-                Ok(cookie.load(self.magic_dbs)?)
+                Ok(cookie.load(&self.config.unix.magic_paths)?)
             });
 
             match may_cookie {
@@ -42,11 +40,6 @@ impl<'a> Mime<'a> {
         })
     }
 
-    #[must_use]
-    pub const fn new(magic_dbs: &'a magic::cookie::DatabasePaths) -> Self {
-        Self { magic_dbs }
-    }
-
     /// Cookie initialization is delayed, so each call might be the creation of the cookie if its
     /// the first use of the cookie in this thread.
     ///
@@ -54,11 +47,11 @@ impl<'a> Mime<'a> {
     ///
     /// First layer error fails if new cookie creation failed. Second layer error represents if the
     /// mime search was successful.
-    pub fn buffer(
+    pub fn magic_from_buffer(
         &self,
         buffer: &[u8],
     ) -> Result<Result<String, magic::cookie::Error>, NewCookieError> {
-        self.use_cookie(|c| c.buffer(buffer))
+        self.use_magic_cookie(|c| c.buffer(buffer))
     }
 }
 

src/server/state/mod.rs

@@ -0,0 +1,103 @@
+//! Here down is a little mess but it aims to be a monolithic app state.
+//!
+//! This was decided to avoid complicated self-references between all structs and instead method
+//! names are carefully selected for higene, with separate submodules that include the extra types
+//! and implement themselves on the general app state, having access to DB, cache, configuration or
+//! anything.
+
+use std::{ffi::OsStr, sync::Arc};
+
+use moka::future::{Cache, CacheBuilder};
+
+use crate::{
+    consts, serdes,
+    server::{state::users::UsersCache, static_app_data},
+};
+
+pub mod db;
+pub mod magic;
+pub mod pfp;
+pub mod ssh;
+pub mod tera;
+pub mod users;
+
+pub struct AppState {
+    pub args: crate::args::Args,
+    pub config: crate::conf::Config,
+
+    // `db.rs`
+    db: crate::db::DB,
+
+    // `tera.rs`
+    pub tera: ::tera::Tera,
+
+    // `users.rs`
+    user_cache: UsersCache,
+
+    // `pfp.rs`
+    /// MUST only contain users from an accepted group, we do not want to cache arbitrary usernames
+    /// and blow memory up.
+    ///
+    /// [`Option<Image>`] because users may not have a pfp.
+    pfp_cache: Cache<String, Option<pfp::Image>>,
+}
+
+impl AppState {
+    /// # Errors
+    ///
+    /// If [`tera`] failed to load templates path.
+    pub fn new(
+        args: crate::args::Args,
+        config: crate::conf::Config,
+        db: crate::db::DB,
+    ) -> Result<Self, ::tera::Error> {
+        let tera = ::tera::Tera::new(&config.server.templates)?;
+
+        Ok(Self {
+            args,
+            config,
+            db,
+            tera,
+
+            // `users.rs`
+            user_cache: UsersCache::new(),
+
+            // `pfp.rs`
+            pfp_cache: CacheBuilder::new(consts::MAX_PFP_CACHE_CAPACITY)
+                .time_to_live(consts::USER_CACHES_TTL)
+                .weigher(pfp::weigther)
+                .build(),
+        })
+    }
+
+    /// Only gets users from valid groups, de-facto method to access this information as it does
+    /// the appropiate checks.
+    pub async fn get_user_by_name<S: AsRef<OsStr> + ?Sized>(
+        &self,
+        username: &S,
+    ) -> Option<Arc<::users::User>> {
+        fn is_member_groups(
+            only_groups: &[serdes::Group],
+            groups: Option<impl AsRef<[::users::Group]>>,
+        ) -> bool {
+            groups.is_some_and(|groups| {
+                groups.as_ref().iter().any(|group| {
+                    let gid = group.gid();
+
+                    only_groups.iter().any(|from_gr| from_gr.gid() == gid)
+                })
+            })
+        }
+
+        let user = self.user_cache.get_user_by_name(username).await?;
+
+        if is_member_groups(&self.config.unix.groups, user.groups()) {
+            Some(user)
+        } else {
+            None
+        }
+    }
+}
+
+/// Type alias to be used just as `data: AppData,` extractor in [`actix_web`] request handlers.
+pub type DataExtractor = static_app_data::StaticAppDataExtractor<&'static AppState>;

src/server/state/pfp.rs

@@ -0,0 +1,100 @@
+use std::{path::Path, sync::Arc};
+
+use sha2::Digest as _;
+use users::os::unix::UserExt as _;
+
+use crate::{consts, utils::fs::read_limited_path};
+
+use super::AppState;
+
+pub struct ImageInfo {
+    pub mime: Box<str>,
+    pub bytes: Box<[u8]>,
+    pub shasum: Box<str>,
+}
+
+pub type Image = Arc<ImageInfo>;
+
+/// # Panics
+///
+/// If file's image size doesn't fit in the weighter's size.
+#[must_use]
+pub fn weigther(_: &String, v: &Option<Image>) -> u32 {
+    v.as_ref()
+        .map_or(1, |v| v.bytes.len())
+        .try_into()
+        .expect("size of image to fit in weigher's size")
+}
+
+impl AppState {
+    async fn read_pfp_from_home(&self, home: &Path) -> Option<Image> {
+        for subpath in consts::USER_PFP_PATHS {
+            let path = home.join(subpath);
+
+            // I'm relying too much on this condition
+            if let Ok(img_buf) = read_limited_path::<{ consts::MAX_PFP_SIZE }>(&path).await
+                && let Ok(Ok(mime)) = self.magic_from_buffer(&img_buf) // TODO: first layer
+                                                                       // error is actually
+                                                                       // relevant
+                && mime.starts_with(consts::mime::MIME_IMAGE_PREFIX)
+            {
+                let shasum = sha2::Sha256::digest(&img_buf);
+                let shasum = format!(
+                    "\"{}\"",
+                    crate::utils::shasum::sha256sum_to_hex_string(&shasum)
+                );
+
+                return Some(Arc::new(ImageInfo {
+                    mime: mime.into_boxed_str(),
+                    bytes: img_buf.into_boxed_slice(),
+                    shasum: shasum.into_boxed_str(),
+                }));
+            }
+        }
+
+        None
+    }
+
+    /// Doesn't differenciate users without pfp and nonexistent ones
+    ///
+    /// So ig a feature not a bug? Less scraping? As in, scraping a user without pfp will just
+    /// default to default pfp.
+    ///
+    /// # Performance
+    ///
+    /// `T` is very generic, usually just takes the path of [`AsRef<str>`], but rarely it can take
+    /// the [`ToOwned<Owned = String>`] path. That means, if you only have access to a type like
+    /// [`str`], use it. But if by any chance you have a [`String`] of the value and it's not going
+    /// to be used anymore, that might be more performant.
+    ///
+    /// The loss is mainly just the allocation time, just a username, should be small enough but
+    /// still, just giving it flexibility. Also maybe a [`std::borrow::Cow<str>`] will work
+    /// perfectly too.
+    ///
+    /// # Security
+    ///
+    /// Images ultimately come from users home directories, so they could be anything, not only
+    /// images (though there's a MIME check, but not designed to be relied upon), make sure to
+    /// provide the mime type and `X-Content-Type-Options: nosniff` when serving it via http/s.
+    pub async fn get_pfp<T>(&self, username: T) -> Option<Image>
+    where
+        T: AsRef<str> + ToOwned<Owned = String>,
+    {
+        // If caching is done properly, it will take advantage of async.
+        if let Some(cached_pfp) = self.pfp_cache.get(username.as_ref()).await {
+            return cached_pfp;
+        }
+
+        // This blocks for now, so if we win with caching better. Non-member username requests
+        // won't cache, we win with actual user-cache and not pushing those away, but will make
+        // DDoS miss cache constantly.
+        let user = self.get_user_by_name(username.as_ref()).await?;
+        let img = self.read_pfp_from_home(user.home_dir()).await?;
+
+        self.pfp_cache
+            .insert(username.to_owned(), Some(img.clone()))
+            .await;
+
+        Some(img)
+    }
+}

src/server/state/ssh.rs

@@ -0,0 +1,63 @@
+use std::{io, path::Path};
+
+use ssh_key::PublicKey;
+use users::os::unix::UserExt as _;
+
+use crate::{consts, utils::fs::read_limited_path_str};
+
+use super::AppState;
+
+#[derive(Debug, thiserror::Error)]
+pub enum GetKeysError {
+    #[error("said user was not found")]
+    UserNotFound,
+    #[error("failure reading ssh file: {0}")]
+    ReadSshFile(io::Error),
+    #[error("error parsing ssh key: {0}")]
+    ParseError(#[from] ssh_key::Error),
+}
+
+impl GetKeysError {
+    // TODO: make the &str a beautiful html once we have a type from the template engine
+    #[must_use]
+    #[expect(clippy::missing_const_for_fn)]
+    pub fn recommendation(&self) -> Option<&str> {
+        match self {
+            Self::ReadSshFile(_) => Some("consider running `chmod o+r` if you haven't already"),
+            _ => None,
+        }
+    }
+}
+
+impl AppState {
+    /// Gets [`consts::AUTHORIZED_KEYS_PATH`] from user's home.
+    ///
+    /// # Errors
+    ///
+    /// In any of [`GetAuthorizedKeysError`]
+    pub async fn get_authorized_ssh_keys(
+        &self,
+        username: &str,
+    ) -> Result<Box<[PublicKey]>, GetKeysError> {
+        async fn read_users_authorized_keys(
+            home_dir: &Path,
+        ) -> Result<Vec<PublicKey>, GetKeysError> {
+            let buf = read_limited_path_str::<{ consts::MAX_AUTHORIZED_KEYS_SIZE }>(
+                &home_dir.join(consts::AUTHORIZED_KEYS_PATH),
+            )
+            .await
+            .map_err(GetKeysError::ReadSshFile)?;
+
+            Ok(buf.lines().map(PublicKey::from_openssh).try_collect()?)
+        }
+
+        let user = self
+            .get_user_by_name(username)
+            .await
+            .ok_or(GetKeysError::UserNotFound)?;
+
+        Ok(read_users_authorized_keys(user.home_dir())
+            .await?
+            .into_boxed_slice())
+    }
+}

src/server/state/tera.rs

@@ -0,0 +1,19 @@
+//! File that contains most logic for render logic.
+//!
+//! Notable stuff:
+//! - [`AppState::make_default_tera_ctx`]
+
+use super::AppState;
+
+impl AppState {
+    /// Makes the default context for the template engine, read source to know which tera variables
+    /// should be available by default.
+    ///
+    /// For a guide on how to write tera templates: <https://keats.github.io/tera/docs>
+    pub fn make_default_tera_ctx(&self) -> tera::Context {
+        let mut ctx = tera::Context::new();
+        ctx.insert("title", &self.config.render.title);
+
+        ctx
+    }
+}

src/server/state/users.rs

@@ -5,6 +5,8 @@ use std::{ffi::OsStr, sync::Arc};
 use tokio::sync::Mutex;
 use users::Users as _;
 
+pub type UID = u32;
+
 pub struct UsersCache {
     cache: Mutex<users::UsersCache>,
 }

src/utils.rs

@@ -62,4 +62,78 @@ pub mod shasum {
 
         out
     }
+
+    #[cfg(test)]
+    mod test {
+        use crate::utils::shasum::sha256sum_to_hex_string;
+
+        #[test]
+        fn sha256sum_string() {
+            let null_sha = sha256sum_to_hex_string(&[0; 32]);
+            let full_sha = sha256sum_to_hex_string(&[0xff; 32]);
+
+            assert_eq!(
+                null_sha,
+                "0000000000000000000000000000000000000000000000000000000000000000"
+            );
+            assert_eq!(
+                full_sha,
+                "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+            );
+        }
+    }
+}
+
+pub mod fs {
+    use std::{io, os::unix::fs::MetadataExt as _, path::Path};
+
+    use tokio::{fs::File, io::AsyncReadExt};
+
+    /// # Errors
+    ///
+    /// On any underlaying file i/o error.
+    ///
+    /// # Panics
+    ///
+    /// If a file's [`u64`] doesn't fit in memory.
+    pub async fn read_limited_path<const MAXSIZE: u64>(path: &Path) -> io::Result<Vec<u8>> {
+        let f = File::open(path).await?;
+        let size = f.metadata().await?.size();
+
+        if size > MAXSIZE {
+            return Err(io::Error::new(
+                io::ErrorKind::FileTooLarge,
+                "filesize is bigger than MAXSIZE",
+            ));
+        }
+        let mut buf = Vec::with_capacity(size.try_into().expect("u64 to fit in usize"));
+        // `.take()` just in case an open fd happens to grow, `.metadata()` SHOULD take
+        // properties from the fd and lock the read fd until its closed but still
+        f.take(MAXSIZE).read_to_end(&mut buf).await?;
+        Ok(buf)
+    }
+
+    /// # Errors
+    ///
+    /// On any underlaying file i/o error.
+    ///
+    /// # Panics
+    ///
+    /// If a file's [`u64`] doesn't fit in memory.
+    pub async fn read_limited_path_str<const MAXSIZE: u64>(path: &Path) -> io::Result<String> {
+        let f = File::open(path).await?;
+        let size = f.metadata().await?.size();
+
+        if size > MAXSIZE {
+            return Err(io::Error::new(
+                io::ErrorKind::FileTooLarge,
+                "filesize is bigger than MAXSIZE",
+            ));
+        }
+        let mut buf = String::with_capacity(size.try_into().expect("u64 to fit in usize"));
+        // `.take()` just in case an open fd happens to grow, `.metadata()` SHOULD take
+        // properties from the fd and lock the read fd until its closed but still
+        f.take(MAXSIZE).read_to_string(&mut buf).await?;
+        Ok(buf)
+    }
 }