Merge pull request 'Fix Album Artists Displayed Wrong' (#165) from 164-album-artists-displayed-wrong into main

Reviewed-on: LibreTunes/LibreTunes#165
Reviewed-by: Ethan Girouard <ethan@girouard.com>

.env.example

@@ -18,3 +18,4 @@ DATABASE_URL=postgresql://libretunes:password@localhost:5432/libretunes
 
 LIBRETUNES_AUDIO_PATH=assets/audio
 LIBRETUNES_IMAGE_PATH=assets/images
+LIBRETUNES_DISABLE_SIGNUP=true

Dockerfile

@@ -1,4 +1,4 @@
-FROM rust:slim as builder
+FROM rust:slim AS builder
 
 WORKDIR /app
 

docker-compose.yml

@@ -15,6 +15,7 @@ services:
       POSTGRES_DB: ${POSTGRES_DB}
       LIBRETUNES_AUDIO_PATH: /assets/audio
       LIBRETUNES_IMAGE_PATH: /assets/images
+      LIBRETUNES_DISABLE_SIGNUP: "true"
     volumes:
       - libretunes-audio:/assets/audio
       - libretunes-images:/assets/images

src/auth.rs

@@ -19,6 +19,11 @@ use crate::users::UserCredentials;
 /// Returns a Result with the error message if the user could not be created
 #[server(endpoint = "signup")]
 pub async fn signup(new_user: User) -> Result<(), ServerFnError> {
+	// Check LIBRETUNES_DISABLE_SIGNUP env var
+	if std::env::var("LIBRETUNES_DISABLE_SIGNUP").is_ok_and(|v| v == "true") {
+		return Err(ServerFnError::<NoCustomError>::ServerError("Signup is disabled".to_string()));
+	}
+
 	use crate::users::create_user;
 
 	// Ensure the user has no id, and is not a self-proclaimed admin

src/main.rs

@@ -14,10 +14,11 @@ extern crate diesel_migrations;
 #[cfg(feature = "ssr")]
 #[tokio::main]
 async fn main() {
-    use axum::{routing::get, Router, extract::Path};
+    use axum::{routing::get, Router, extract::Path, middleware::from_fn};
     use leptos::*;
     use leptos_axum::{generate_route_list, LeptosRoutes};
     use libretunes::app::*;
+    use libretunes::util::require_auth::require_auth_middleware;
     use libretunes::fileserv::{file_and_error_handler, get_asset_file, get_static_file, AssetType};
     use axum_login::tower_sessions::SessionManagerLayer;
     use tower_sessions_redis_store::{fred::prelude::*, RedisStore};
@@ -63,6 +64,7 @@ async fn main() {
         .route("/assets/audio/:song", get(|Path(song) : Path<String>| get_asset_file(song, AssetType::Audio)))
         .route("/assets/images/:image", get(|Path(image) : Path<String>| get_asset_file(image, AssetType::Image)))
         .route("/assets/*uri", get(|uri| get_static_file(uri, "")))
+        .layer(from_fn(require_auth_middleware))
         .layer(auth_layer)
         .fallback(file_and_error_handler)
         .with_state(leptos_options);

src/models.rs

@@ -542,24 +542,14 @@ impl Album {
 	pub fn get_album_data(album_id: i32, conn: &mut PgPooledConn) -> Result<AlbumData, Box<dyn Error>> {
 		use crate::schema::*;
 
-		let album: Vec<(Album, std::option::Option<Artist>)> = albums::table
-			.find(album_id)
-			.left_join(songs::table.on(albums::id.nullable().eq(songs::album_id)))
-			.left_join(song_artists::table.inner_join(artists::table).on(songs::id.eq(song_artists::song_id)))
-			.select((
-				albums::all_columns,
-				artists::all_columns.nullable()
-			))
-			.distinct()
+		let artist_list: Vec<Artist> = album_artists::table
+			.filter(album_artists::album_id.eq(album_id))
+			.inner_join(artists::table.on(album_artists::artist_id.eq(artists::id)))
+			.select(
+				artists::all_columns
+			)
 			.load(conn)?;
 
-		let mut artist_list: Vec<Artist> = Vec::new();
-
-		for (_, artist) in album {
-			if let Some(artist) = artist {
-				artist_list.push(artist);
-			}
-		}
 		// Get info of album
 		let albuminfo = albums::table
 			.filter(albums::id.eq(album_id))
@@ -671,7 +661,7 @@ impl Album {
 		
 		// Sort the songs by date
 		let mut songdata: Vec<SongData> = album_songs.into_values().collect();
-		songdata.sort_by(|a, b| b.track.cmp(&a.track));
+		songdata.sort_by(|a, b| a.track.cmp(&b.track));
 		Ok(songdata)
 	}
 }

src/pages/login.rs

@@ -16,10 +16,9 @@ pub fn Login() -> impl IntoView {
     let loading = create_rw_signal(false);
     let error_msg = create_rw_signal(None);
 
-    let toggle_password = move |ev: leptos::ev::MouseEvent| {
-        ev.prevent_default();
+    let toggle_password = move |_| {
         set_show_password.update(|show_password| *show_password = !*show_password);
-        log!("Password visibility toggled");
+        log!("showing password");
     };
 
     let on_submit = move |ev: leptos::ev::SubmitEvent| {
@@ -95,17 +94,17 @@ pub fn Login() -> impl IntoView {
                         />
                         <span>Password</span>
                         <i></i>
-                        <Show when=move || { show_password() == false }
-                            fallback=move || view! {
-                                <button on:click=toggle_password class="login-password-visibility">
-                                    <Icon icon=icondata::AiEyeInvisibleFilled />
-                                </button>
-                            }
+                        <Show
+                            when=move || {show_password() == false}
+                            fallback=move || view!{ <button on:click=toggle_password class="login-password-visibility">
+                                                  <Icon icon=icondata::AiEyeInvisibleFilled />
+                                               </button> /> }
                         >
-                        <button on:click=toggle_password class="login-password-visibility">
-                            <Icon icon=icondata::AiEyeFilled />
-                        </button>
-                    </Show>
+                            <button on:click=toggle_password class="login-password-visibility">
+                                <Icon icon=icondata::AiEyeFilled />
+                            </button>
+
+                        </Show>
                     </div>
                     <a href="" class="forgot-pw">Forgot Password?</a>
                     <div class="error-msg" >{ move || error_msg.get() }</div>

src/util/mod.rs

@@ -3,6 +3,7 @@ use cfg_if::cfg_if;
 cfg_if! {
 	if #[cfg(feature = "ssr")] {
 		pub mod audio;
+		pub mod require_auth;
 	}
 }
 

src/util/require_auth.rs

@@ -0,0 +1,46 @@
+use axum::extract::Request;
+use axum::response::Response;
+use axum::body::Body;
+use axum::middleware::Next;
+use axum_login::AuthSession;
+use http::StatusCode;
+
+use crate::auth_backend::AuthBackend;
+
+use axum::extract::FromRequestParts;
+
+// Things in pkg/ are allowed automatically. This includes the CSS/JS/WASM files
+const ALLOWED_PATHS: [&str; 5] = ["/login", "/signup", "/api/login", "/api/signup", "/favicon.ico"];
+
+/**
+ * Middleware to require authentication for all paths except those in ALLOWED_PATHS
+ * 
+ * If a user is not authenticated, they will be redirected to the login page
+ */
+pub async fn require_auth_middleware(req: Request, next: Next) -> Result<Response<Body>, (StatusCode, &'static str)> {
+	let path = req.uri().path();
+
+	if !ALLOWED_PATHS.iter().any(|&x| x == path) {
+		let (mut parts, body) = req.into_parts();
+
+		let auth_session = AuthSession::<AuthBackend>::from_request_parts(&mut parts, &())
+			.await?;
+
+		if auth_session.user.is_none() {
+			let response = Response::builder()
+				.status(StatusCode::TEMPORARY_REDIRECT)
+				.header("Location", "/login")
+				.body(Body::empty())
+				.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "Failed to build response"))?;
+
+			return Ok(response);
+		}
+
+		let req = Request::from_parts(parts, body);
+		let response = next.run(req).await;
+		Ok(response)
+	} else {
+		let response = next.run(req).await;
+		Ok(response)
+	}
+}