various: simplify code; work on security and performance

Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: I9a5114addcab5fbff430ab2b919b83466a6a6964
2026-02-02 17:32:11 +03:00 · 2026-02-02 17:32:11 +03:00 · c4adc4e3e0
commit c4adc4e3e0
parent 016841b200
75 changed files with 12921 additions and 358 deletions
--- a/crates/pinakes-server/src/auth.rs
+++ b/crates/pinakes-server/src/auth.rs
@ -85,6 +85,7 @@ pub async fn require_auth(
            if expected_key.is_empty() {
                // Empty key means no auth required
                request.extensions_mut().insert(UserRole::Admin);
+                request.extensions_mut().insert("admin".to_string());
                return next.run(request).await;
            }

@ -110,6 +111,7 @@ pub async fn require_auth(
        }
        // When no api_key is configured, or key matches, grant admin
        request.extensions_mut().insert(UserRole::Admin);
+        request.extensions_mut().insert("admin".to_string());
    }

    next.run(request).await
@ -143,6 +145,24 @@ pub async fn require_admin(request: Request, next: Next) -> Response {
    }
 }

+/// Resolve the authenticated username (from request extensions) to a UserId.
+///
+/// Returns an error if the user cannot be found.
+pub async fn resolve_user_id(
+    storage: &pinakes_core::storage::DynStorageBackend,
+    username: &str,
+) -> Result<pinakes_core::users::UserId, crate::error::ApiError> {
+    match storage.get_user_by_username(username).await {
+        Ok(user) => Ok(user.id),
+        Err(e) => {
+            tracing::warn!(username = %username, error = ?e, "failed to resolve user");
+            Err(crate::error::ApiError(
+                pinakes_core::error::PinakesError::Authentication("user not found".into()),
+            ))
+        }
+    }
+}
+
 fn unauthorized(message: &str) -> Response {
    let body = format!(r#"{{"error":"{message}"}}"#);
    (