scopes

2024-11-22 12:21:18 +00:00 · 2024-11-21 12:09:37 +01:00 · 2024-11-21 12:09:37 +01:00 · 48e817bacc
commit 48e817bacc
parent 9072bb365c
1 changed files with 16 additions and 41 deletions
--- a/src/api_routes_http.rs
+++ b/src/api_routes_http.rs
@ -293,43 +293,25 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimitCell) {
      )
      // User
      .service(
-        // Account action, I don't like that it's in /user maybe /accounts
-        // Handle /user/register separately to add the register() rate limiter
-        web::resource("/account/register")
+        web::scope("/account/auth")
          .guard(guard::Post())
          .wrap(rate_limit.register())
-          .route(web::post().to(register)),
-      )
-      // User
-      .service(
-        // Handle /account/login separately to add the register() rate limiter
-        // TODO: pretty annoying way to apply rate limits for register and login, we should
-        //       group them under a common path so that rate limit is only applied once (eg under
-        // /account).
-        web::resource("/account/login")
-          .guard(guard::Post())
-          .wrap(rate_limit.register())
-          .route(web::post().to(login)),
+          .route("register", web::post().to(register))
+          .route("login", web::post().to(login))
+          .route("password_reset", web::post().to(reset_password))
+          .route("get_captcha", web::get().to(get_captcha))
+          .route(
+            "/password_change",
+            web::post().to(change_password_after_reset),
+          )
+          .route("/change_password", web::put().to(change_password))
+          .route("/totp/generate", web::post().to(generate_totp_secret))
+          .route("/totp/update", web::post().to(update_totp)),
      )
      .service(
-        web::resource("/account/password_reset")
-          .wrap(rate_limit.register())
-          .route(web::post().to(reset_password)),
-      )
-      .service(
-        // Handle captcha separately
-        web::resource("/account/get_captcha")
-          .wrap(rate_limit.post())
-          .route(web::get().to(get_captcha)),
-      )
-      .service(
-        web::resource("/account/export_settings")
-          .wrap(rate_limit.import_user_settings())
-          .route(web::get().to(export_settings)),
-      )
-      .service(
-        web::resource("/account/import_settings")
+        web::resource("/account/export")
          .wrap(rate_limit.import_user_settings())
+          .route(web::get().to(export_settings))
          .route(web::post().to(import_settings)),
      )
      .service(
@ -341,10 +323,6 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimitCell) {
          .route("/block", web::post().to(block_person))
          .route("/logout", web::post().to(logout))
          .route("/delete_account", web::post().to(delete_account))
-          .route(
-            "/password_change",
-            web::post().to(change_password_after_reset),
-          )
          .route(
            "/mention/mark_as_read",
            web::post().to(mark_person_mention_as_read),
@ -354,13 +332,9 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimitCell) {
            web::post().to(mark_all_notifications_read),
          )
          .route("/save_user_settings", web::put().to(save_user_settings))
-          .route("/change_password", web::put().to(change_password))
          .route("/report_count", web::get().to(report_count))
          .route("/unread_count", web::get().to(unread_count))
          .route("/verify_email", web::post().to(verify_email))
-          .route("/leave_admin", web::post().to(leave_admin))
-          .route("/totp/generate", web::post().to(generate_totp_secret))
-          .route("/totp/update", web::post().to(update_totp))
          .route("/list_logins", web::get().to(list_logins))
          .route("/validate_auth", web::get().to(validate_auth)),
      )
@ -408,7 +382,8 @@ pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimitCell) {
              .route("/list", web::get().to(list_taglines)),
          )
          .route("/ban", web::post().to(ban_from_site))
-          .route("/banned", web::get().to(list_banned_users)),
+          .route("/banned", web::get().to(list_banned_users))
+          .route("/leave", web::post().to(leave_admin)),
      )
      .service(
        web::scope("/custom_emoji")