Merge pull request #36 from piotrpdev/OKO-109-Guest-Accounts

piotrpdev · web-flow · commit 0043d1e603b4 · 2025-04-28T22:39:45.000+01:00
diff --git a/backend/fixtures/camera_permissions.sql b/backend/fixtures/camera_permissions.sql
@@ -4,4 +4,6 @@ INSERT INTO camera_permissions (permission_id, camera_id, user_id, can_view, can
     (3, 1, 2, true, true),
     (4, 2, 2, true, true),
     (5, 1, 3, true, false),
-    (6, 2, 3, false, false);
+    (6, 2, 3, false, false),
+    (7, 1, 4, false, false),
+    (8, 2, 4, false, false);
diff --git a/backend/fixtures/users.sql b/backend/fixtures/users.sql
@@ -1,4 +1,5 @@
 INSERT INTO users (user_id, username, password_hash, created_at) VALUES
     (1, 'admin', '$argon2id$v=19$m=19456,t=2,p=1$VE0e3g7DalWHgDwou3nuRA$uC6TER156UQpk0lNQ5+jHM0l5poVjPA1he/Tyn9J4Zw', '2024-10-21 17:01:23'),
     (2, 'piotrpdev', '$argon2id$v=19$m=19456,t=2,p=1$VE0e3g7DalWHgDwou3nuRA$uC6TER156UQpk0lNQ5+jHM0l5poVjPA1he/Tyn9J4Zw', '2024-10-21 17:02:18'),
-    (3, 'joedaly', '$argon2id$v=19$m=19456,t=2,p=1$VE0e3g7DalWHgDwou3nuRA$uC6TER156UQpk0lNQ5+jHM0l5poVjPA1he/Tyn9J4Zw', '2024-10-21 17:12:32');
+    (3, 'joedaly', '$argon2id$v=19$m=19456,t=2,p=1$VE0e3g7DalWHgDwou3nuRA$uC6TER156UQpk0lNQ5+jHM0l5poVjPA1he/Tyn9J4Zw', '2024-10-21 17:12:32'),
+    (4, 'guest', '$argon2id$v=19$m=19456,t=2,p=1$VE0e3g7DalWHgDwou3nuRA$uC6TER156UQpk0lNQ5+jHM0l5poVjPA1he/Tyn9J4Zw', '2024-10-21 17:15:45');
diff --git a/backend/src/db/camera_permission.rs b/backend/src/db/camera_permission.rs
@@ -148,7 +148,7 @@ mod tests {
 
         camera_permission.create_using_self(&pool).await?;
 
-        assert_eq!(camera_permission.permission_id, 7);
+        assert_eq!(camera_permission.permission_id, 9);
 
         let returned_permission =
             CameraPermission::get_using_id(&pool, camera_permission.permission_id).await?;
@@ -248,7 +248,7 @@ mod tests {
         let camera_id = 1;
 
         let returned_permissions = CameraPermission::list_for_camera(&pool, camera_id).await?;
-        assert_eq!(returned_permissions.len(), 3);
+        assert_eq!(returned_permissions.len(), 4);
 
         let permission_ids: Vec<i64> = returned_permissions
             .iter()
@@ -258,6 +258,7 @@ mod tests {
         assert!(permission_ids.contains(&1));
         assert!(permission_ids.contains(&3));
         assert!(permission_ids.contains(&5));
+        assert!(permission_ids.contains(&7));
 
         Ok(())
     }
@@ -271,7 +272,7 @@ mod tests {
 
         let returned_permissions =
             CameraPermission::list_for_camera_with_username(&pool, camera_id).await?;
-        assert_eq!(returned_permissions.len(), 3);
+        assert_eq!(returned_permissions.len(), 4);
 
         let permission_ids: Vec<i64> = returned_permissions
             .iter()
@@ -281,6 +282,7 @@ mod tests {
         assert!(permission_ids.contains(&1));
         assert!(permission_ids.contains(&3));
         assert!(permission_ids.contains(&5));
+        assert!(permission_ids.contains(&7));
 
         let usernames: Vec<&str> = returned_permissions
             .iter()
@@ -290,6 +292,7 @@ mod tests {
         assert!(usernames.contains(&"piotrpdev"));
         assert!(usernames.contains(&"joedaly"));
         assert!(usernames.contains(&"admin"));
+        assert!(usernames.contains(&"guest"));
 
         Ok(())
     }
diff --git a/backend/src/db/user.rs b/backend/src/db/user.rs
@@ -179,9 +179,9 @@ mod tests {
 
         user.create_using_self(&pool).await?;
 
-        assert_eq!(user.user_id, 4);
+        assert_eq!(user.user_id, 5);
 
-        let returned_user = User::get_using_id(&pool, 4).await?;
+        let returned_user = User::get_using_id(&pool, 5).await?;
 
         assert_eq!(returned_user.username, user.username);
         assert_eq!(returned_user.password_hash, user.password_hash);
@@ -241,10 +241,10 @@ mod tests {
 
     #[sqlx::test(fixtures(path = "../../fixtures", scripts("users")))]
     async fn get_all(pool: SqlitePool) -> Result<(), Box<dyn std::error::Error>> {
-        let usernames = ["admin", "piotrpdev", "joedaly"];
+        let usernames = ["admin", "piotrpdev", "joedaly", "guest"];
         let returned_users = User::get_all(&pool).await?;
 
-        assert_eq!(returned_users.len(), 3);
+        assert_eq!(returned_users.len(), 4);
 
         assert!(returned_users
             .iter()
diff --git a/backend/src/web/app.rs b/backend/src/web/app.rs
@@ -58,10 +58,13 @@ use super::{ImageContainer, MdnsChannelMessage};
 
 // TODO: Maybe use `std::future::pending::<()>();` instead of sleeping forever
 
+// TODO: Change default admin and guest hashes, remember to search and update where they're hardcoded
 const SQLITE_URL: &str = "sqlite://data.db";
 const VIDEO_PATH: &str = "./videos/";
 const DEFAULT_ADMIN_USERNAME: &str = "admin";
 const DEFAULT_ADMIN_PASS_HASH: &str = "$argon2id$v=19$m=19456,t=2,p=1$VE0e3g7DalWHgDwou3nuRA$uC6TER156UQpk0lNQ5+jHM0l5poVjPA1he/Tyn9J4Zw";
+const DEFAULT_GUEST_USERNAME: &str = "guest";
+const DEFAULT_GUEST_PASS_HASH: &str = "$argon2id$v=19$m=19456,t=2,p=1$VE0e3g7DalWHgDwou3nuRA$uC6TER156UQpk0lNQ5+jHM0l5poVjPA1he/Tyn9J4Zw";
 const EXPIRED_SESSION_DELETION_INTERVAL: tokio::time::Duration =
     tokio::time::Duration::from_secs(60);
 const SESSION_DURATION: Duration = Duration::days(1);
@@ -142,6 +145,21 @@ impl App {
             admin.create_using_self(&self.db).await?;
         }
 
+        // ? Maybe make this optional just in case
+        let guest_exists = User::get_using_username(&self.db, DEFAULT_GUEST_USERNAME)
+            .await
+            .is_ok();
+        if !guest_exists {
+            let mut guest = User {
+                user_id: User::DEFAULT.user_id,
+                username: "guest".to_string(),
+                password_hash: DEFAULT_GUEST_PASS_HASH.to_owned(),
+                created_at: User::DEFAULT.created_at(),
+            };
+
+            guest.create_using_self(&self.db).await?;
+        }
+
         // Session layer.
         //
         // This uses `tower-sessions` to establish a layer that will provide the session
diff --git a/frontend/src/routes/Login.svelte b/frontend/src/routes/Login.svelte
@@ -7,8 +7,13 @@
   import { replace } from "svelte-spa-router";
   import { user } from "../lib/stores/userStore";
 
-  let username = "admin";
-  let password = "hunter42";
+  const DEFAULT_ADMIN_USERNAME = "admin";
+  const DEFAULT_ADMIN_PASSWORD = "hunter42";
+  const DEFAULT_GUEST_USERNAME = "guest";
+  const DEFAULT_GUEST_PASSWORD = "hunter42";
+
+  let username = import.meta.env.DEV ? DEFAULT_ADMIN_USERNAME : "";
+  let password = import.meta.env.DEV ? DEFAULT_ADMIN_PASSWORD : "";
 
   async function handleSubmit() {
     const response = await fetch("/api/login", {
@@ -76,8 +81,21 @@
             />
           </div>
         </Card.Content>
-        <Card.Footer>
+        <Card.Footer class="flex-col gap-4">
           <Button id="login" class="w-full" type="submit">Sign in</Button>
+          <Button
+            id="login-guest"
+            variant="outline"
+            class="w-full"
+            type="button"
+            on:click={() => {
+              username = DEFAULT_GUEST_USERNAME;
+              password = DEFAULT_GUEST_PASSWORD;
+              handleSubmit();
+            }}
+          >
+            Sign in as Guest
+          </Button>
         </Card.Footer>
       </form>
     </Card.Root>
