Clippy fixes

devenv.lock

@@ -31,10 +31,31 @@
         "type": "github"
       }
     },
+    "git-hooks": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1737465171,
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
     "gitignore": {
       "inputs": {
         "nixpkgs": [
-          "pre-commit-hooks",
+          "git-hooks",
           "nixpkgs"
         ]
       },
@@ -66,32 +87,14 @@
         "type": "github"
       }
     },
-    "pre-commit-hooks": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "gitignore": "gitignore",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1735882644,
-        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
-        "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
-        "type": "github"
-      }
-    },
     "root": {
       "inputs": {
         "devenv": "devenv",
+        "git-hooks": "git-hooks",
         "nixpkgs": "nixpkgs",
-        "pre-commit-hooks": "pre-commit-hooks"
+        "pre-commit-hooks": [
+          "git-hooks"
+        ]
       }
     }
   },

server/Cargo.lock

@@ -47,6 +47,56 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "anstream"
+version = "0.6.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8acc5369981196006228e28809f761875c0327210a891e941f4c683b3a99529b"
+dependencies = [
+ "anstyle",
+ "anstyle-parse",
+ "anstyle-query",
+ "anstyle-wincon",
+ "colorchoice",
+ "is_terminal_polyfill",
+ "utf8parse",
+]
+
+[[package]]
+name = "anstyle"
+version = "1.0.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9"
+
+[[package]]
+name = "anstyle-parse"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3b2d16507662817a6a20a9ea92df6652ee4f94f914589377d69f3b21bc5798a9"
+dependencies = [
+ "utf8parse",
+]
+
+[[package]]
+name = "anstyle-query"
+version = "1.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "79947af37f4177cfead1110013d678905c37501914fba0efea834c3fe9a8d60c"
+dependencies = [
+ "windows-sys 0.59.0",
+]
+
+[[package]]
+name = "anstyle-wincon"
+version = "3.0.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ca3534e77181a9cc07539ad51f2141fe32f6c3ffd4df76db8ad92346b003ae4e"
+dependencies = [
+ "anstyle",
+ "once_cell",
+ "windows-sys 0.59.0",
+]
+
 [[package]]
 name = "argon2"
 version = "0.5.3"
@@ -266,10 +316,57 @@ dependencies = [
  "iana-time-zone",
  "js-sys",
  "num-traits",
+ "serde",
  "wasm-bindgen",
  "windows-targets 0.52.6",
 ]
 
+[[package]]
+name = "clap"
+version = "4.5.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "027bb0d98429ae334a8698531da7077bdf906419543a35a55c2cb1b66437d767"
+dependencies = [
+ "clap_builder",
+ "clap_derive",
+]
+
+[[package]]
+name = "clap_builder"
+version = "4.5.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5589e0cba072e0f3d23791efac0fd8627b49c829c196a492e88168e6a669d863"
+dependencies = [
+ "anstream",
+ "anstyle",
+ "clap_lex",
+ "strsim",
+]
+
+[[package]]
+name = "clap_derive"
+version = "4.5.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bf4ced95c6f4a675af3da73304b9ac4ed991640c36374e4b46795c49e17cf1ed"
+dependencies = [
+ "heck",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "clap_lex"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6"
+
+[[package]]
+name = "colorchoice"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990"
+
 [[package]]
 name = "concurrent-queue"
 version = "2.5.0"
@@ -994,6 +1091,12 @@ dependencies = [
  "hashbrown",
 ]
 
+[[package]]
+name = "is_terminal_polyfill"
+version = "1.70.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf"
+
 [[package]]
 name = "itertools"
 version = "0.14.0"
@@ -2195,6 +2298,12 @@ version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
 
+[[package]]
+name = "utf8parse"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
+
 [[package]]
 name = "uuid"
 version = "1.12.0"
@@ -2203,6 +2312,7 @@ checksum = "744018581f9a3454a9e15beb8a33b017183f1e7c0cd170232a2d1453b23a51c4"
 dependencies = [
  "getrandom 0.2.15",
  "rand 0.8.5",
+ "serde",
 ]
 
 [[package]]
@@ -2539,6 +2649,7 @@ dependencies = [
  "axum-extra",
  "bitflags",
  "chrono",
+ "clap",
  "csv",
  "dotenvy",
  "itertools",

server/Cargo.toml

@@ -17,13 +17,14 @@ dotenvy = "0.15.7"
 validator = { version = "0.19.0", features = [ "derive" ] }
 argon2 = "0.5"
 bitflags = { version = "2.8", features = [ "serde" ] }
+clap = { version = "4.5.31", features = ["derive"] }
 
 
 # Tertiary crates
 tracing = "0.1"
 tracing-subscriber = "0.3"
-chrono = "0.4"
+chrono = { version = "0.4", features = ["serde"] }
-uuid = { version = "1.12", features = ["v4", "fast-rng"] }
+uuid = { version = "1.12", features = ["v4", "fast-rng", "serde"] }
 serde_json = "1.0.137"
 rand = "0.9"
 rand_chacha = "0.9"

server/migrations/001_create_members.sql

@@ -1,10 +1,10 @@
-CREATE TABLE "members" (
+CREATE TABLE IF NOT EXISTS "members" (
   member_id           varchar(7)  NOT NULL PRIMARY KEY,
   first_name          text        NOT NULL,
   full_name           text        NOT NULL,
   registration_token  text        NOT NULL UNIQUE,
   diploma             text,
-  swim_groups         bigint      NOT NULL,
+  groups              bigint      NOT NULL,
-  groups              bigint      NOT NULL
+  roles               bigint      NOT NULL
 );
 

server/migrations/002_create_users.sql

@@ -1,4 +1,4 @@
-CREATE TABLE "users" (
+CREATE TABLE IF NOT EXISTS "users" (
   user_id   uuid     NOT NULL PRIMARY KEY,
   email     text     NOT NULL UNIQUE,
   password  text     NOT NULL,

server/migrations/003_create_sessions.sql

@@ -1,4 +1,4 @@
-CREATE TABLE "sessions" (
+CREATE TABLE IF NOT EXISTS "sessions" (
     session_id  uuid      NOT NULL PRIMARY KEY,
     user_id     uuid      NOT NULL REFERENCES users (user_id) ON UPDATE cascade ON DELETE cascade,
     token       text      NOT NULL UNIQUE,

server/migrations/004_unique_users_members.sql

@@ -0,0 +1,2 @@
+ALTER TABLE users_members
+    ADD UNIQUE (user_id, member_id);

server/migrations/005_create_news.sql

@@ -0,0 +1,20 @@
+CREATE TYPE message_status AS ENUM ('pending', 'sent', 'canceled');
+
+CREATE TABLE IF NOT EXISTS messages (
+    message_id    uuid            NOT NULL PRIMARY KEY,
+    created_at    timestamptz     NOT NULL,
+    scheduled_at  timestamptz,
+    status        message_status  NOT NULL,
+    title         text            NOT NULL,
+    content       text            NOT NULL,
+    channel       bigint          NOT NULL,
+    thumbnail_url text
+);
+
+CREATE TABLE IF NOT EXISTS messages_users (
+    message_id  uuid    NOT NULL REFERENCES users (user_id) ON UPDATE cascade ON DELETE cascade,
+    user_id     uuid    NOT NULL REFERENCES users (user_id) ON UPDATE cascade ON DELETE cascade,
+    is_read     boolean NOT NULL,
+
+    CONSTRAINT messages_users_pkey PRIMARY KEY (message_id, user_id)
+);

server/migrations/006_alter_messages.sql

@@ -0,0 +1,3 @@
+ALTER TABLE messages
+    ADD COLUMN member_groups bigint NOT NULL,
+    ADD COLUMN member_roles bigint NOT NULL;

server/migrations/007_alter_messages.sql

@@ -0,0 +1 @@
+ALTER TYPE message_status ADD VALUE 'draft';

server/src/auth.rs

@@ -1,81 +1,54 @@
-use std::collections::HashSet;
-
 use argon2::{
     password_hash::{rand_core::OsRng, PasswordHasher, SaltString},
     Argon2, PasswordHash, PasswordVerifier,
 };
-use axum::{
+use axum::http::{header, HeaderMap};
-    extract::FromRequestParts,
+use chrono::Utc;
-    http::{request::Parts, StatusCode},
-    RequestPartsExt,
-};
-use axum_extra::{
-    extract::cookie::{Cookie, CookieJar},
-    headers::{authorization::Bearer, Authorization},
-    typed_header::TypedHeaderRejectionReason,
-    TypedHeader,
-};
-use bearer::verify_bearer;
 pub use error::AuthError;
 use rand::distr::Alphanumeric;
 use rand::prelude::*;
 use rand_chacha::ChaCha20Rng;
+use sqlx::PgPool;
 use tokio::task;
 
-use crate::database::model::User;
+use crate::{database::model::Session, model::User};
 
-mod bearer;
 mod error;
-mod scopes;
 
-#[derive(Debug)]
+pub async fn get_user_from_header(pool: &PgPool, headers: &HeaderMap) -> Result<User, AuthError> {
-pub struct Permissions<'a>(pub HashSet<&'a str>);
+    let token = get_token_from_headers(headers)?;
 
-// Middleware for getting permissions
+    let session = match Session::from_token(pool, &token).await {
-impl<S> FromRequestParts<S> for Permissions<'_>
+        Ok(s) => s,
-where
+        Err(_) => return Err(AuthError::InvalidToken),
-    S: Send + Sync,
+    };
-{
-    type Rejection = crate::Error;
 
-    async fn from_request_parts(parts: &mut Parts, _state: &S) -> Result<Self, Self::Rejection> {
+    if session.expires_at < Utc::now() {
-        // First check if the request has a beaerer token to authenticate
+        return Err(AuthError::InvalidToken);
-        match parts.extract::<TypedHeader<Authorization<Bearer>>>().await {
+    }
-            Ok(bearer) => {
-                verify_bearer(bearer.token().to_string()).map_err(|_| AuthError::InvalidToken)?;
 
-                let permissions = Permissions {
+    let db_user = match crate::database::model::User::get(pool, session.user_id).await {
-                    0: HashSet::from(["root"]),
+        Ok(u) => u,
-                };
+        Err(_) => return Err(AuthError::InvalidToken),
+    };
 
-                return Ok(permissions);
+    Ok(db_user.into())
-            }
+}
-            Err(err) => match err.reason() {
-                TypedHeaderRejectionReason::Missing => (),
-                TypedHeaderRejectionReason::Error(_err) => {
-                    return Err(AuthError::InvalidToken.into())
-                }
-                _ => return Err(AuthError::Unexpected.into()),
-            },
-        };
 
-        match parts.extract::<CookieJar>().await {
+pub fn get_token_from_headers(headers: &HeaderMap) -> Result<String, AuthError> {
-            Ok(jar) => {
+    let bearer = headers.get(header::AUTHORIZATION);
-                if let Some(session_token) = jar.get("session_token") {
+    let bearer = bearer
-                    // TODO: Implement function to retrieve user permissions
+        .ok_or(AuthError::InvalidToken)?
-                    tracing::info!("{session_token:?}")
+        .to_str()
-                }
+        .map_err(|_| AuthError::InvalidToken)?;
-            }
-            Err(_) => (),
-        }
 
-        Err(AuthError::Unauthorized.into())
+    match bearer.strip_prefix("Bearer ") {
+        Some(token) => Ok(token.to_string()),
+        None => Err(AuthError::InvalidToken),
     }
 }
 
-pub async fn generate_password_hash(
+pub async fn generate_password_hash(password: String) -> Result<String, AuthError> {
-    password: String,
-) -> Result<String, argon2::password_hash::Error> {
     let password_hash: Result<String, argon2::password_hash::Error> =
         task::spawn_blocking(move || {
             let salt = SaltString::generate(&mut OsRng);
@@ -91,25 +64,22 @@ pub async fn generate_password_hash(
         .await
         .unwrap();
 
-    Ok(password_hash?)
+    password_hash.map_err(|e| e.into())
 }
 
-pub async fn verify_password_hash(
+pub async fn verify_password_hash(password: &str, hash: &str) -> Result<(), AuthError> {
-    password: &str,
-    hash: &str,
-) -> Result<(), argon2::password_hash::Error> {
     let parsed_hash = PasswordHash::new(hash)?;
-    Argon2::default().verify_password(password.as_bytes(), &parsed_hash)?;
+    Argon2::default()
+        .verify_password(password.as_bytes(), &parsed_hash)
+        .map_err(|_| AuthError::InvalidPassword)?;
 
     Ok(())
 }
 
 pub fn generate_session_token() -> String {
-    let session = ChaCha20Rng::from_os_rng()
+    ChaCha20Rng::from_os_rng()
         .sample_iter(&Alphanumeric)
         .take(60)
         .map(char::from)
-        .collect::<String>();
+        .collect::<String>()
-
-    session
 }

server/src/auth/bearer.rs

@@ -1,8 +0,0 @@
-pub fn verify_bearer(token: String) -> Result<(), ()> {
-    let env_api_token = dotenvy::var("API_TOKEN").map_err(|_| ())?;
-
-    match env_api_token == token {
-        true => Ok(()),
-        false => Err(()),
-    }
-}

server/src/auth/error.rs

@@ -7,18 +7,26 @@ pub enum AuthError {
     Unexpected,
     InvalidPassword,
     Unauthorized,
+    HashingFailed(String),
 }
 
 impl Display for AuthError {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         match self {
-            Self::NoPermssions => write!(f, "{}", "No permissions"),
+            Self::NoPermssions => write!(f, "No permissions"),
-            Self::InvalidToken => write!(f, "{}", "Invalid token"),
+            Self::InvalidToken => write!(f, "Invalid token"),
-            Self::Unexpected => write!(f, "{}", "Unexpected error"),
+            Self::Unexpected => write!(f, "Unexpected error"),
-            Self::InvalidPassword => write!(f, "{}", "Password is incorrect"),
+            Self::InvalidPassword => write!(f, "Password is incorrect"),
-            Self::Unauthorized => write!(f, "{}", "Authentication is required"),
+            Self::Unauthorized => write!(f, "Authentication is required"),
+            Self::HashingFailed(msg) => write!(f, "Password hashing failed: {}", msg),
         }
     }
 }
 
 impl std::error::Error for AuthError {}
+
+impl From<argon2::password_hash::Error> for AuthError {
+    fn from(value: argon2::password_hash::Error) -> Self {
+        AuthError::HashingFailed(value.to_string())
+    }
+}

server/src/auth/scopes.rs

@@ -1,19 +0,0 @@
-use crate::bitflags_serde_impl;
-use bitflags::bitflags;
-use serde::Deserialize;
-
-bitflags! {
-    #[derive(Clone, Copy, Debug)]
-    pub struct Scopes: u64 {
-        const USER_READ = 1 << 0;
-        const USER_WRITE = 1 << 1;
-        const USER_DELETE = 1 << 2;
-
-        const MEMBER_CREATE = 1 << 3;
-        const MEMBER_READ = 1 << 4;
-        const MEMBER_WRITE = 1 << 5;
-        const MEMBER_DELETE = 1 << 6;
-    }
-}
-
-bitflags_serde_impl!(Scopes, u64);

server/src/database/model.rs

@@ -1,8 +1,10 @@
 pub mod member;
+pub mod message;
 pub mod session;
 pub mod user;
 
 pub use member::Member;
+pub use message::Message;
 pub use session::Session;
 pub use user::User;
 pub use user::UserMember;

server/src/database/model/member.rs

@@ -2,7 +2,7 @@ use rand::distr::{Alphanumeric, SampleString};
 use sqlx::{PgPool, Postgres, QueryBuilder};
 use validator::Validate;
 
-use crate::model::member::{Groups, SwimGroups};
+use crate::model::member::{Groups, Roles};
 
 #[derive(Debug, Validate, sqlx::FromRow)]
 pub struct Member {
@@ -12,8 +12,8 @@ pub struct Member {
     pub full_name: String,
     pub registration_token: Option<String>,
     pub diploma: Option<String>,
-    pub swim_groups: SwimGroups,
     pub groups: Groups,
+    pub roles: Roles,
 }
 
 impl Member {
@@ -32,10 +32,6 @@ impl Member {
         Ok(members)
     }
 
-    pub async fn get_many(transaction: &PgPool, members: Vec<Self>) -> Result<(), sqlx::Error> {
-        Ok(())
-    }
-
     pub async fn get_all(pool: &PgPool) -> Result<Vec<Self>, sqlx::Error> {
         let members = sqlx::query_as!(Member, "SELECT * FROM members;",)
             .fetch_all(pool)
@@ -48,12 +44,12 @@ impl Member {
         transaction: &mut sqlx::Transaction<'_, Postgres>,
         members: Vec<Self>,
     ) -> Result<(), sqlx::Error> {
-        if members.len() == 0 {
+        if members.is_empty() {
             return Ok(());
         }
 
         let mut query_builder = QueryBuilder::new(
-            "INSERT INTO members(member_id, first_name, full_name, registration_token, diploma, swim_groups, groups) "
+            "INSERT INTO members(member_id, first_name, full_name, registration_token, diploma, groups, roles) "
         );
 
         query_builder.push_values(members.into_iter(), |mut b, member| {
@@ -64,8 +60,8 @@ impl Member {
             b.push_bind(member.full_name);
             b.push_bind(registration_token);
             b.push_bind(member.diploma);
-            b.push_bind(member.swim_groups.bits() as i64);
             b.push_bind(member.groups.bits() as i64);
+            b.push_bind(member.roles.bits() as i64);
         });
 
         let query = query_builder.build();
@@ -78,7 +74,7 @@ impl Member {
         transaction: &mut sqlx::Transaction<'_, Postgres>,
         members: Vec<Self>,
     ) -> Result<(), sqlx::Error> {
-        if members.len() == 0 {
+        if members.is_empty() {
             return Ok(());
         }
 
@@ -86,14 +82,14 @@ impl Member {
             sqlx::query!(
                 "
                     UPDATE ONLY members
-                    SET first_name = $1, full_name = $2, diploma = $3, swim_groups = $4, groups = $5
+                    SET first_name = $1, full_name = $2, diploma = $3, groups = $4, roles = $5
                     WHERE member_id = $6
                 ",
                 member.first_name,
                 member.full_name,
                 member.diploma,
-                member.swim_groups.bits() as i64,
                 member.groups.bits() as i64,
+                member.roles.bits() as i64,
                 member.member_id
             )
             .execute(&mut **transaction)

server/src/database/model/message.rs

@@ -0,0 +1,108 @@
+use chrono::{DateTime, Utc};
+use sqlx::{PgPool, Postgres};
+
+use crate::model::{
+    member::{Groups, Roles},
+    message::{Channel, MessageStatus},
+};
+
+#[derive(Debug)]
+pub struct Message {
+    pub message_id: uuid::Uuid,
+    pub created_at: DateTime<Utc>,
+    pub scheduled_at: Option<DateTime<Utc>>,
+    pub status: MessageStatus,
+    pub title: String,
+    pub content: String,
+    pub channel: Channel,
+    pub member_groups: Groups,
+    pub member_roles: Roles,
+    pub thumbnail_url: Option<String>,
+}
+
+impl Message {
+    pub async fn insert(
+        &self,
+        transaction: &mut sqlx::Transaction<'_, Postgres>,
+    ) -> Result<(), sqlx::Error> {
+        sqlx::query!(
+            "
+                INSERT INTO messages (
+                    message_id,
+                    created_at, scheduled_at,
+                    status,
+                    title, content,
+                    channel,
+                    member_groups, member_roles,
+                    thumbnail_url
+                ) VALUES (
+                    $1,
+                    $2, $3,
+                    $4,
+                    $5, $6,
+                    $7,
+                    $8, $9,
+                    $10
+                )
+            ",
+            self.message_id,
+            self.created_at,
+            self.scheduled_at,
+            self.status as MessageStatus,
+            self.title,
+            self.content,
+            self.channel.bits() as i64,
+            self.member_groups.bits() as i64,
+            self.member_roles.bits() as i64,
+            self.thumbnail_url,
+        )
+        .execute(&mut **transaction)
+        .await?;
+
+        Ok(())
+    }
+
+    pub async fn get(
+        pool: &PgPool,
+        channel: Channel,
+        member_roles: Roles,
+        member_groups: Groups,
+    ) -> Result<Vec<Self>, sqlx::Error> {
+        let messages = sqlx::query_as!(
+            Self,
+            "
+                SELECT message_id, created_at, scheduled_at, status as \"status:MessageStatus\", title, content, channel, member_groups, member_roles, thumbnail_url FROM messages
+                WHERE status = 'sent'
+                    AND (channel & $1) > 0
+                    AND ((member_roles & $2) > 0 AND (member_groups & $3) > 0);
+            ",
+            channel.bits() as i64,
+            member_roles.bits() as i64,
+            member_groups.bits() as i64,
+        )
+        .fetch_all(pool)
+        .await?;
+
+        Ok(messages)
+    }
+
+    pub async fn update_status(
+        transaction: &mut sqlx::Transaction<'_, Postgres>,
+        message_id: &uuid::Uuid,
+        status: MessageStatus,
+    ) -> Result<(), sqlx::Error> {
+        sqlx::query!(
+            "
+                UPDATE ONLY messages
+                SET status = $1
+                WHERE message_id = $2
+            ",
+            status as MessageStatus,
+            message_id,
+        )
+        .execute(&mut **transaction)
+        .await?;
+
+        Ok(())
+    }
+}

server/src/database/model/session.rs

@@ -1,6 +1,7 @@
 use chrono::{DateTime, Utc};
 use sqlx::{PgPool, Postgres};
 
+#[derive(Debug)]
 pub struct Session {
     pub session_id: uuid::Uuid,
     pub user_id: uuid::Uuid,
@@ -35,11 +36,61 @@ impl Session {
         Ok(())
     }
 
-    pub async fn from_token(transaction: &PgPool, token: &str) -> Result<Self, sqlx::Error> {
+    pub async fn from_token(pool: &PgPool, token: &str) -> Result<Self, sqlx::Error> {
         let session = sqlx::query_as!(Self, "SELECT * FROM sessions WHERE token = $1;", token)
-            .fetch_one(transaction)
+            .fetch_one(pool)
             .await?;
 
         Ok(session)
     }
+
+    pub async fn remove_many(
+        session_ids: &[uuid::Uuid],
+        transaction: &mut sqlx::Transaction<'_, Postgres>,
+    ) -> Result<(), sqlx::Error> {
+        let deleted_count = sqlx::query_scalar!(
+            "
+                WITH deleted AS (
+                    DELETE FROM sessions
+                    WHERE session_id = ANY($1)
+                    RETURNING 1
+                )
+                SELECT COUNT(*) FROM deleted
+            ",
+            session_ids
+        )
+        .fetch_one(&mut **transaction)
+        .await?;
+
+        if !deleted_count.is_some_and(|c| c >= 1) {
+            return Err(sqlx::Error::RowNotFound);
+        }
+
+        Ok(())
+    }
+
+    pub async fn remove_many_from_token(
+        transaction: &mut sqlx::Transaction<'_, Postgres>,
+        session_tokens: &[String],
+    ) -> Result<(), sqlx::Error> {
+        let deleted_count = sqlx::query_scalar!(
+            "
+                WITH deleted AS (
+                    DELETE FROM sessions
+                    WHERE token = ANY($1)
+                    RETURNING 1
+                )
+                SELECT COUNT(*) FROM deleted
+            ",
+            session_tokens
+        )
+        .fetch_one(&mut **transaction)
+        .await?;
+
+        if !deleted_count.is_some_and(|c| c >= 1) {
+            return Err(sqlx::Error::RowNotFound);
+        }
+
+        Ok(())
+    }
 }

server/src/database/model/user.rs

@@ -1,14 +1,25 @@
 use sqlx::{PgPool, Postgres};
 
+use crate::model::member::{Groups, Roles};
+
+use super::Member as DbMember;
+
 #[derive(validator::Validate)]
 pub struct User {
     pub user_id: uuid::Uuid,
     #[validate(email)]
     pub email: String,
-    pub password: String,
+    pub password: Option<String>,
     pub admin: bool,
 }
 
+#[derive(Debug)]
+pub struct UpdateUser {
+    pub email: Option<String>,
+    pub password: Option<String>,
+    pub admin: Option<bool>,
+}
+
 impl User {
     pub async fn insert(
         transaction: &mut sqlx::Transaction<'_, Postgres>,
@@ -44,6 +55,49 @@ impl User {
 
         Ok(user)
     }
+
+    pub async fn get(transaction: &PgPool, user_id: uuid::Uuid) -> Result<Self, sqlx::Error> {
+        let user = sqlx::query_as!(Self, "SELECT * FROM users WHERE user_id = $1", user_id)
+            .fetch_one(transaction)
+            .await?;
+
+        Ok(user)
+    }
+
+    pub async fn get_password(&self, pool: &PgPool) -> Result<String, sqlx::Error> {
+        let password = sqlx::query_scalar!(
+            "
+                SELECT password FROM users WHERE user_id = $1
+            ",
+            self.user_id,
+        )
+        .fetch_one(pool)
+        .await?;
+
+        Ok(password)
+    }
+
+    pub async fn update(
+        &self,
+        transaction: &mut sqlx::Transaction<'_, Postgres>,
+        update_user: UpdateUser,
+    ) -> Result<(), sqlx::Error> {
+        sqlx::query!(
+            "
+                UPDATE users
+                SET email = coalesce($1, email),
+                    password = coalesce($2, password)
+                WHERE user_id = $3;
+            ",
+            update_user.email,
+            update_user.password,
+            self.user_id
+        )
+        .execute(&mut **transaction)
+        .await?;
+
+        Ok(())
+    }
 }
 
 #[derive(Debug)]
@@ -55,8 +109,8 @@ pub struct UserMember {
 impl UserMember {
     pub async fn insert_many(
         transaction: &mut sqlx::Transaction<'_, Postgres>,
-        user_ids: &Vec<uuid::Uuid>,
+        user_ids: &[uuid::Uuid],
-        member_ids: &Vec<String>,
+        member_ids: &[String],
     ) -> Result<(), sqlx::Error> {
         sqlx::query!(
             "
@@ -73,4 +127,91 @@ impl UserMember {
 
         Ok(())
     }
+
+    pub async fn get_roles(pool: &PgPool, user_id: &uuid::Uuid) -> Result<Roles, sqlx::Error> {
+        let roles = sqlx::query_scalar!(
+            "
+                SELECT roles FROM users_members INNER JOIN members ON users_members.member_id = members.member_id AND users_members.user_id = $1;
+            ",
+            user_id
+        ).fetch_all(pool).await?;
+
+        let roles: Vec<Roles> = roles.into_iter().map(|r| r.into()).collect();
+        let roles = roles
+            .into_iter()
+            .fold(Roles::empty(), |acc, flag| acc | flag);
+
+        Ok(roles)
+    }
+
+    pub async fn get_roles_groups(
+        pool: &PgPool,
+        user_id: &uuid::Uuid,
+    ) -> Result<(Roles, Groups), sqlx::Error> {
+        struct RolesGroups {
+            roles: i64,
+            groups: i64,
+        }
+
+        let result = sqlx::query_as!(
+            RolesGroups,
+            "
+                SELECT roles, groups
+                FROM users_members
+                INNER JOIN members ON users_members.member_id = members.member_id
+                AND users_members.user_id = $1;
+            ",
+            user_id,
+        )
+        .fetch_all(pool)
+        .await?;
+
+        let (roles, groups) = result.into_iter().fold(
+            (Roles::empty(), Groups::empty()),
+            |(acc_roles, acc_groups), r| (acc_roles | r.roles.into(), acc_groups | r.groups.into()),
+        );
+
+        Ok((roles, groups))
+    }
+
+    pub async fn get_members_from_user(
+        pool: &PgPool,
+        user_id: &uuid::Uuid,
+    ) -> Result<Vec<DbMember>, sqlx::Error> {
+        let members = sqlx::query_as!(DbMember,
+            "
+                SELECT members.* FROM users_members INNER JOIN members ON users_members.member_id = members.member_id AND users_members.user_id = $1;
+            ",
+            user_id
+        ).fetch_all(pool).await?;
+
+        Ok(members)
+    }
+
+    pub async fn remove_many(
+        transaction: &mut sqlx::Transaction<'_, Postgres>,
+        user_ids: &[uuid::Uuid],
+        member_ids: &[String],
+    ) -> Result<(), sqlx::Error> {
+        let deleted_count = sqlx::query_scalar!(
+            "
+                WITH deleted AS (
+                    DELETE FROM users_members
+                    WHERE user_id = ANY($1) AND member_id = ANY($2)
+                    RETURNING 1
+                )
+                SELECT COUNT(*) FROM deleted
+            ",
+            &user_ids[..],
+            &member_ids[..]
+        )
+        .fetch_one(&mut **transaction)
+        .await?;
+
+        if !deleted_count.is_some_and(|c| c >= 1) {
+            return Err(sqlx::Error::RowNotFound);
+        }
+
+        Ok(())
+    }
 }

server/src/main.rs

@@ -1,13 +1,7 @@
-use std::sync::Arc;
-
-use axum::Router;
-use tokio::{net::TcpListener, sync::Mutex};
 use tracing::Level;
 use tracing_subscriber::FmtSubscriber;
 
-use wrbapp_server::routes::member::migrate::MigrationStore;
+use wrbapp_server::database;
-use wrbapp_server::routes::routes;
-use wrbapp_server::{database, AppState};
 
 #[tokio::main]
 async fn main() {
@@ -30,23 +24,5 @@ async fn main() {
         .await
         .expect("Database connection failed");
 
-    let migration_store = Arc::new(Mutex::new(MigrationStore::default()));
+    wrbapp_server::util::cli::parse(pool).await;
-
-    let app_state = AppState {
-        pool,
-        migration_store,
-    };
-
-    // Serve app
-    let app = Router::new().nest("/v1", routes()).with_state(app_state);
-
-    let listener = TcpListener::bind("127.0.0.1:3000")
-        .await
-        .expect("Error while initializing listener");
-
-    tracing::info!("Listening on {}", listener.local_addr().unwrap());
-
-    axum::serve(listener, app)
-        .await
-        .expect("Error while serving axum application");
 }

server/src/model.rs

@@ -1,6 +1,8 @@
 pub mod member;
+pub mod message;
 pub mod session;
 pub mod user;
 
 pub use member::Member;
+pub use message::Message;
 pub use user::User;

server/src/model/member.rs

@@ -1,33 +1,35 @@
 use bitflags::bitflags;
 use serde::{Deserialize, Serialize};
 
-#[derive(Debug, Clone, Serialize)]
+#[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct Name {
     pub first: String,
     pub full: String,
 }
 
-#[derive(Debug, Clone, Serialize)]
+#[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct Member {
     pub id: String,
     pub name: Name,
     pub registration_token: Option<String>,
     pub diploma: Option<String>,
-    pub swim_groups: SwimGroups,
     pub groups: Groups,
+    pub roles: Roles,
 }
 
 bitflags! {
     #[derive(Clone, Copy, Debug, Serialize, Deserialize)]
-    pub struct Groups: u64 {
+    pub struct Roles: u64 {
-        const NONE = 1 << 0;
+        const MEMBER = 1 << 0;
         const KADER = 1 << 1;
         const ZWEMZAKEN = 1 << 2;
         const WEDSTRIJDEN = 1 << 3;
+        const ADMIN = 1 << 4;
+        const MESSAGES = 1 << 5;
     }
 
     #[derive(Clone, Copy, Debug, Serialize, Deserialize)]
-    pub struct SwimGroups: u64 {
+    pub struct Groups: u64 {
         const NONE = 1 << 0;
 
         const A1 = 1 << 1;
@@ -76,15 +78,53 @@ bitflags! {
     }
 }
 
-impl From<i64> for SwimGroups {
+impl From<i64> for Groups {
     fn from(value: i64) -> Self {
-        Self::from_bits(value as u64).unwrap_or(SwimGroups::NONE)
+        Self::from_bits(value as u64).unwrap_or(Groups::empty())
     }
 }
 
-impl From<i64> for Groups {
+impl From<Option<Groups>> for Groups {
+    fn from(value: Option<Groups>) -> Self {
+        match value {
+            Some(groups) => groups,
+            None => Self::empty(),
+        }
+    }
+}
+
+impl Groups {
+    pub fn to_option(self) -> Option<Self> {
+        if self.is_empty() {
+            None
+        } else {
+            Some(self)
+        }
+    }
+}
+
+impl From<i64> for Roles {
     fn from(value: i64) -> Self {
-        Self::from_bits(value as u64).unwrap_or(Groups::NONE)
+        Self::from_bits(value as u64).unwrap_or(Roles::empty())
+    }
+}
+
+impl From<Option<Roles>> for Roles {
+    fn from(value: Option<Roles>) -> Self {
+        match value {
+            Some(roles) => roles,
+            None => Self::empty(),
+        }
+    }
+}
+
+impl Roles {
+    pub fn to_option(self) -> Option<Self> {
+        if self.is_empty() {
+            None
+        } else {
+            Some(self)
+        }
     }
 }
 
@@ -99,8 +139,8 @@ impl From<DbMember> for Member {
             },
             registration_token: value.registration_token,
             diploma: value.diploma,
-            swim_groups: value.swim_groups,
             groups: value.groups,
+            roles: value.roles,
         }
     }
 }
@@ -113,8 +153,8 @@ impl From<Member> for DbMember {
             full_name: value.name.full,
             registration_token: None,
             diploma: value.diploma,
-            swim_groups: value.swim_groups,
             groups: value.groups,
+            roles: value.roles,
         }
     }
 }

server/src/model/message.rs

@@ -0,0 +1,136 @@
+use bitflags::bitflags;
+use chrono::{DateTime, Utc};
+use serde::Serialize;
+
+#[derive(Debug, Serialize)]
+pub struct Message {
+    pub message_id: uuid::Uuid,
+    pub created_at: DateTime<Utc>,
+    pub scheduled_at: Option<DateTime<Utc>>,
+    pub status: MessageStatus,
+    pub title: String,
+    pub content: String,
+    pub channel: Channel,
+    pub member_groups: Groups,
+    pub member_roles: Roles,
+    pub thumbnail_url: Option<String>,
+}
+
+#[derive(Debug, Clone, Copy, sqlx::Type, Serialize)]
+#[sqlx(type_name = "message_status", rename_all = "lowercase")]
+pub enum MessageStatus {
+    Pending,
+    Sent,
+    Canceled,
+    Draft,
+}
+
+bitflags! {
+    #[derive(Clone, Copy, Debug, Serialize)]
+    pub struct Channel: u16 {
+        const ALGEMEEN = 1 << 0;
+        const BELANGRIJK = 1 << 1;
+        const WEDSTRIJDEN = 1 << 2;
+    }
+}
+
+impl From<i64> for Channel {
+    fn from(value: i64) -> Self {
+        Self::from_bits(value as u16).unwrap_or(Channel::empty())
+    }
+}
+
+pub struct MessageCreate {
+    pub scheduled_at: Option<DateTime<Utc>>,
+    pub title: String,
+    pub content: String,
+    pub channel: String,
+    pub member_groups: String,
+    pub member_roles: String,
+    pub thumbnail_url: Option<String>,
+}
+
+impl Message {
+    pub fn new(message_create: MessageCreate) -> Result<Self, crate::Error> {
+        let message_id = uuid::Uuid::new_v4();
+
+        let created_at = Utc::now();
+
+        let channel: Channel =
+            bitflags::parser::from_str_strict(&message_create.channel).map_err(|_| {
+                crate::Error::BadRequest {
+                    expected: String::from("Error while parsing channel"),
+                }
+            })?;
+
+        let member_groups = if message_create.member_groups.is_empty() {
+            Ok(Groups::all())
+        } else {
+            bitflags::parser::from_str_strict(&message_create.member_groups).map_err(|_| {
+                crate::Error::BadRequest {
+                    expected: "Error while parsing groups".to_string(),
+                }
+            })
+        }?;
+
+        let member_roles = if message_create.member_roles.is_empty() {
+            Ok(Roles::all())
+        } else {
+            bitflags::parser::from_str_strict(&message_create.member_roles).map_err(|_| {
+                crate::Error::BadRequest {
+                    expected: "Error while parsing groups".to_string(),
+                }
+            })
+        }?;
+
+        Ok(Self {
+            message_id,
+            created_at,
+            scheduled_at: message_create.scheduled_at,
+            title: message_create.title,
+            content: message_create.content,
+            channel,
+            thumbnail_url: message_create.thumbnail_url,
+            member_groups,
+            member_roles,
+            status: MessageStatus::Draft,
+        })
+    }
+}
+
+use crate::database::model::Message as DbMessage;
+
+use super::member::{Groups, Roles};
+impl From<DbMessage> for Message {
+    fn from(value: DbMessage) -> Self {
+        Self {
+            message_id: value.message_id,
+            created_at: value.created_at,
+            scheduled_at: value.scheduled_at,
+            status: value.status,
+            title: value.title,
+            content: value.content,
+            channel: value.channel,
+            member_groups: value.member_groups,
+            member_roles: value.member_roles,
+            thumbnail_url: value.thumbnail_url,
+        }
+    }
+}
+
+impl From<Message> for DbMessage {
+    fn from(value: Message) -> Self {
+        Self {
+            message_id: value.message_id,
+            created_at: value.created_at,
+            scheduled_at: value.scheduled_at,
+            status: value.status,
+            title: value.title,
+            content: value.content,
+            channel: value.channel,
+            member_groups: value.member_groups,
+            member_roles: value.member_roles,
+            thumbnail_url: value.thumbnail_url,
+        }
+    }
+}

server/src/model/session.rs

@@ -2,6 +2,7 @@ use chrono::{DateTime, Duration, Utc};
 
 use crate::auth::generate_session_token;
 
+#[derive(Debug)]
 pub struct Session {
     pub session_id: uuid::Uuid,
     pub user_id: uuid::Uuid,
@@ -18,13 +19,13 @@ impl Session {
         let created_at = Utc::now();
         let expires_at = Utc::now() + Duration::days(7);
 
-        return Self {
+        Self {
             session_id,
             user_id,
             token,
             expires_at,
             created_at,
-        };
+        }
     }
 }
 

server/src/model/user.rs

@@ -1,5 +1,80 @@
+use serde::Serialize;
+use sqlx::PgPool;
+
+#[derive(Serialize)]
 pub struct User {
     pub id: uuid::Uuid,
     pub email: String,
     pub admin: bool,
 }
+
+use crate::auth::AuthError;
+use crate::database::model::User as DbUser;
+use crate::database::model::UserMember as DbUserMember;
+use crate::util::convert_vec;
+
+use super::member::Groups;
+use super::member::Roles;
+use super::Member;
+impl From<DbUser> for User {
+    fn from(db_user: DbUser) -> Self {
+        Self {
+            id: db_user.user_id,
+            email: db_user.email,
+            admin: db_user.admin,
+        }
+    }
+}
+
+impl From<User> for DbUser {
+    fn from(user: User) -> Self {
+        Self {
+            user_id: user.id,
+            email: user.email,
+            admin: user.admin,
+            password: None,
+        }
+    }
+}
+
+impl User {
+    pub async fn members(&self, pool: &PgPool) -> Result<Vec<Member>, sqlx::Error> {
+        let related_members = DbUserMember::get_members_from_user(pool, &self.id).await?;
+
+        Ok(convert_vec(related_members))
+    }
+
+    pub async fn authorize(
+        &self,
+        pool: &PgPool,
+        required_roles: Option<Roles>,
+        requested_user_id: Option<String>,
+    ) -> Result<(), AuthError> {
+        if let Some(user_id) = requested_user_id {
+            let user_uuid = uuid::Uuid::parse_str(&user_id).map_err(|_| AuthError::NoPermssions)?;
+
+            if self.id != user_uuid {
+                return Err(AuthError::NoPermssions);
+            }
+
+            return Ok(());
+        }
+
+        if let Some(roles) = required_roles {
+            let user_roles = DbUserMember::get_roles(pool, &self.id)
+                .await
+                .unwrap_or(Roles::MEMBER);
+            if !user_roles.intersects(roles) {
+                return Err(AuthError::NoPermssions);
+            }
+
+            return Ok(());
+        }
+
+        Ok(())
+    }
+
+    pub async fn get_roles_groups(&self, pool: &PgPool) -> Result<(Roles, Groups), sqlx::Error> {
+        DbUserMember::get_roles_groups(pool, &self.id).await
+    }
+}

server/src/routes.rs

@@ -1,23 +1,25 @@
-use crate::{auth::Permissions, AppState};
+use crate::{auth::get_user_from_header, model::User, AppState};
-use axum::{extract::State, http::StatusCode, routing::get, Router};
+use axum::{extract::State, http::HeaderMap, routing::get, Json, Router};
 
 pub mod auth;
 pub mod member;
+pub mod message;
 pub mod user;
 
 pub fn routes() -> Router<AppState> {
     Router::new()
         .route("/", get(root))
-        // .route("/member/:id", get())
         .merge(member::routes())
         .merge(auth::routes())
+        .merge(user::routes())
+        .merge(message::routes())
 }
 
 async fn root(
-    State(_state): State<AppState>,
+    State(state): State<AppState>,
-    permissions: Permissions<'_>,
+    headers: HeaderMap,
-) -> Result<String, (StatusCode, String)> {
+) -> Result<Json<User>, crate::Error> {
-    tracing::info!("{:?}", permissions);
+    let user = get_user_from_header(&state.pool, &headers).await?;
 
-    Ok("Hello world".to_string())
+    Ok(Json(user))
 }

server/src/routes/auth.rs

@@ -1,6 +1,14 @@
-use axum::{extract::State, routing::post, Json, Router};
+use axum::http::HeaderMap;
+use axum::{
+    extract::State,
+    routing::{get, post},
+    Json, Router,
+};
+use serde::Deserialize;
 
-use crate::auth::verify_password_hash;
+use crate::auth::{get_token_from_headers, verify_password_hash};
+use crate::auth::{get_user_from_header, AuthError};
+use crate::database::model::user::UpdateUser;
 use crate::database::model::Member as DbMember;
 use crate::database::model::Session as DbSession;
 use crate::database::model::User as DbUser;
@@ -12,24 +20,28 @@ pub fn routes() -> Router<AppState> {
     Router::new()
         .route("/auth/login", post(login))
         .route("/auth/register", post(register))
+        .route("/auth/logout", get(logout))
+        .route("/auth/change_password", post(change_password))
+        .route("/auth/change_email", post(change_email))
 }
 
-#[derive(serde::Deserialize)]
+#[derive(Deserialize)]
 pub struct LoginRequest {
     email: String,
     password: String,
 }
 
-pub async fn login<'a>(
+pub async fn login(
     State(state): State<AppState>,
     Json(login_request): Json<LoginRequest>,
 ) -> Result<String, crate::Error> {
     let db_user = DbUser::get_from_email(&state.pool, login_request.email).await?;
 
-    match verify_password_hash(&login_request.password, &db_user.password).await {
+    if let Some(pass) = db_user.password {
-        Ok(_) => (),
+        verify_password_hash(&login_request.password, &pass).await?;
-        Err(_err) => return Err(crate::Error::Auth(crate::auth::AuthError::InvalidPassword)),
+    } else {
-    };
+        return Err(AuthError::Unexpected.into());
+    }
 
     // Create session
     let mut transaction = state.pool.begin().await?;
@@ -42,14 +54,14 @@ pub async fn login<'a>(
     Ok(db_session.token)
 }
 
-#[derive(serde::Deserialize)]
+#[derive(Deserialize)]
 pub struct RegisterRequest {
     email: String,
     password: String,
     registration_tokens: Vec<String>,
 }
 
-pub async fn register<'a>(
+pub async fn register(
     State(state): State<AppState>,
     Json(auth_request): Json<RegisterRequest>,
 ) -> Result<String, crate::Error> {
@@ -61,10 +73,7 @@ pub async fn register<'a>(
     let member_ids: Vec<String> = members.into_iter().map(|m| m.member_id).collect();
 
     // Hash password
-    let password_hash = match generate_password_hash(auth_request.password).await {
+    let password_hash = generate_password_hash(auth_request.password).await?;
-        Ok(hash) => hash,
-        Err(_err) => return Err(crate::Error::Auth(crate::auth::AuthError::InvalidToken)),
-    };
 
     let mut transaction = state.pool.begin().await?;
 
@@ -83,3 +92,90 @@ pub async fn register<'a>(
 
     Ok(db_session.token)
 }
+
+pub async fn logout(State(state): State<AppState>, headers: HeaderMap) -> Result<(), crate::Error> {
+    let registration_token = get_token_from_headers(&headers)?;
+
+    let mut transaction = state.pool.begin().await?;
+
+    DbSession::remove_many_from_token(&mut transaction, &[registration_token]).await?;
+
+    transaction.commit().await?;
+
+    Ok(())
+}
+
+#[derive(Debug, Deserialize)]
+pub struct ChangePasswordRequest {
+    pub old_password: String,
+    pub new_password: String,
+}
+
+pub async fn change_password(
+    State(state): State<AppState>,
+    headers: HeaderMap,
+    Json(request): Json<ChangePasswordRequest>,
+) -> Result<(), crate::Error> {
+    let user = get_user_from_header(&state.pool, &headers).await?;
+
+    // Verify that password is correct
+    let db_user: DbUser = user.into();
+    let old_password_hash = db_user.get_password(&state.pool).await?;
+    verify_password_hash(&request.old_password, &old_password_hash).await?;
+
+    // Generate password hash for new password
+    let new_password_hash = generate_password_hash(request.new_password).await?;
+
+    let mut transaction = state.pool.begin().await?;
+
+    db_user
+        .update(
+            &mut transaction,
+            UpdateUser {
+                email: None,
+                password: Some(new_password_hash),
+                admin: None,
+            },
+        )
+        .await?;
+
+    transaction.commit().await?;
+
+    Ok(())
+}
+
+#[derive(Debug, Deserialize)]
+pub struct ChangeEmailRequest {
+    pub password: String,
+    pub new_email: String,
+}
+
+pub async fn change_email(
+    State(state): State<AppState>,
+    headers: HeaderMap,
+    Json(request): Json<ChangeEmailRequest>,
+) -> Result<(), crate::Error> {
+    let user = get_user_from_header(&state.pool, &headers).await?;
+
+    // Verify that password is correct
+    let db_user: DbUser = user.into();
+    let password_hash = db_user.get_password(&state.pool).await?;
+    verify_password_hash(&request.password, &password_hash).await?;
+
+    let mut transaction = state.pool.begin().await?;
+
+    db_user
+        .update(
+            &mut transaction,
+            UpdateUser {
+                email: Some(request.new_email),
+                password: None,
+                admin: None,
+            },
+        )
+        .await?;
+
+    transaction.commit().await?;
+
+    Ok(())
+}

server/src/routes/member.rs

@@ -1,6 +1,11 @@
-use axum::{extract::State, routing::post, Router};
+use axum::{
+    extract::State,
+    http::HeaderMap,
+    routing::{get, post},
+    Json, Router,
+};
 
-use crate::{auth::Permissions, AppState};
+use crate::{auth::get_user_from_header, model::Member, AppState};
 
 pub mod migrate;
 
@@ -8,12 +13,16 @@ pub fn routes() -> Router<AppState> {
     Router::new()
         .route("/members/migrate_request", post(migrate::migrate_request))
         .route("/members/migrate_confirm", post(migrate::migrate_confirm))
+        .route("/member", get(get_current_members))
 }
 
-pub async fn get_members<'a>(
+pub async fn get_current_members(
     State(state): State<AppState>,
-    permissions: Permissions<'a>,
+    headers: HeaderMap,
-    body: String,
+) -> Result<Json<Vec<Member>>, crate::Error> {
-) -> Result<(), crate::Error> {
+    let user = get_user_from_header(&state.pool, &headers).await?;
-    Ok(())
+
+    let members = user.members(&state.pool).await?;
+
+    Ok(Json(members))
 }

server/src/routes/member/migrate.rs

@@ -1,31 +1,28 @@
 use std::collections::HashMap;
 
-use axum::{
+use axum::{extract::State, http::HeaderMap, Json};
-    extract::{FromRef, State},
-    Json,
-};
-use itertools::Itertools;
 use sqlx::PgPool;
 
 use crate::{
-    auth::{AuthError, Permissions},
+    auth::get_user_from_header,
     database::model::Member as DbMember,
     model::{
-        member::{Groups, Name, SwimGroups},
+        member::{Groups, Name, Roles},
         Member,
     },
     util::convert_vec,
     AppState,
 };
 
-pub async fn migrate_request<'a>(
+pub async fn migrate_request(
     State(state): State<AppState>,
-    permissions: Permissions<'a>,
+    headers: HeaderMap,
     body: String,
 ) -> Result<Json<MigrationResponse>, crate::Error> {
-    if !permissions.0.contains("root") {
+    let user = get_user_from_header(&state.pool, &headers).await?;
-        return Err(AuthError::NoPermssions.into());
+
-    }
+    user.authorize(&state.pool, Some(Roles::ADMIN), None)
+        .await?;
 
     tracing::info!("Migration is requested");
 
@@ -48,14 +45,14 @@ pub async fn migrate_request<'a>(
     Ok(Json(MigrationResponse::from((count, members_diff))))
 }
 
-pub async fn migrate_confirm<'a>(
+pub async fn migrate_confirm(
     State(state): State<AppState>,
-    permissions: Permissions<'a>,
+    headers: HeaderMap,
     body: String,
 ) -> Result<(), crate::Error> {
-    if !permissions.0.contains("root") {
+    let user = get_user_from_header(&state.pool, &headers).await?;
-        return Err(AuthError::NoPermssions.into());
+    user.authorize(&state.pool, Some(Roles::ADMIN), None)
-    }
+        .await?;
 
     tracing::info!("Migration is confirmed");
 
@@ -119,7 +116,7 @@ struct Row {
     #[serde(rename = "E-mail")]
     email: String,
     #[serde(rename = "Verenigingssporten")]
-    swim_groups: String,
+    groups: String,
     #[serde(rename = "Diploma dropdown 1")]
     diploma: Option<String>,
 }
@@ -139,20 +136,12 @@ pub struct MigrationResponse {
     remove: Vec<(String, Name)>,
 }
 
+#[derive(Default)]
 pub struct MigrationStore {
     pub store: HashMap<u32, MembersDiff>,
     pub count: u32,
 }
 
-impl Default for MigrationStore {
-    fn default() -> Self {
-        Self {
-            count: 0,
-            store: HashMap::new(),
-        }
-    }
-}
-
 impl Row {
     fn from_csv_many(input: &str) -> Result<Vec<Self>, csv::Error> {
         let mut rdr = csv::ReaderBuilder::new()
@@ -164,45 +153,45 @@ impl Row {
         members
     }
 
-    fn swim_groups_parsed(&self) -> SwimGroups {
+    fn groups_parsed(&self) -> Groups {
-        let mut swim_groups: Vec<String> = Vec::new();
+        let mut groups: Vec<String> = Vec::new();
 
-        let group_parts: Vec<&str> = self.swim_groups.split(", ").collect();
+        let group_parts: Vec<&str> = self.groups.split(", ").collect();
 
         for group in group_parts {
             let hour_parts: Vec<&str> = group.split(" - ").collect();
 
             if let Some(group) = hour_parts.get(1) {
-                swim_groups.push(group.to_uppercase())
+                groups.push(group.to_uppercase())
             }
         }
 
-        let swim_groups_string = swim_groups.join("|");
+        let groups_string = groups.join("|");
 
-        bitflags::parser::from_str(&swim_groups_string).unwrap_or(SwimGroups::empty())
+        bitflags::parser::from_str(&groups_string).unwrap_or(Groups::empty())
     }
 }
 
-impl Into<Name> for Row {
+impl From<Row> for Name {
-    fn into(self) -> Name {
+    fn from(val: Row) -> Self {
         Name {
-            first: self.first_name,
+            first: val.first_name,
             full: "Temporarely full name".to_string(),
         }
     }
 }
 
-impl Into<Member> for Row {
+impl From<Row> for Member {
-    fn into(self) -> Member {
+    fn from(val: Row) -> Self {
-        let name: Name = self.clone().into();
+        let name: Name = val.clone().into();
 
         Member {
-            id: self.id.clone(),
+            id: val.id.clone(),
             name,
             registration_token: None,
-            diploma: self.diploma.clone(),
+            diploma: val.diploma.clone(),
-            swim_groups: self.swim_groups_parsed(),
+            groups: val.groups_parsed(),
-            groups: Groups::empty(),
+            roles: Roles::MEMBER,
         }
     }
 }
@@ -264,8 +253,8 @@ fn generate_diff(members_new: Vec<Member>, members_old: Vec<Member>) -> MembersD
                 name: new_member.name.clone(),
                 registration_token: old_member.registration_token,
                 diploma: new_member.diploma.clone(),
-                swim_groups: new_member.swim_groups.clone(),
+                groups: new_member.groups,
-                groups: old_member.groups,
+                roles: old_member.roles,
             })
         } else {
             members_remove.push(old_member);

server/src/routes/message.rs

@@ -0,0 +1,87 @@
+use axum::{
+    extract::{Path, State},
+    http::HeaderMap,
+    routing::post,
+    Json, Router,
+};
+use serde::Deserialize;
+
+use crate::{
+    auth::get_user_from_header,
+    database::model::Message as DbMessage,
+    model::{
+        member::Roles,
+        message::{MessageCreate, MessageStatus},
+        Message,
+    },
+    AppState,
+};
+
+pub fn routes() -> Router<AppState> {
+    Router::new()
+        .route("/messages", post(message_create))
+        .route("/messages/{message_id}/send", post(message_send))
+}
+
+#[derive(Debug, Deserialize)]
+pub struct MessageCreateRequest {
+    title: String,
+    content: String,
+    channel: String,
+    member_groups: String,
+    member_roles: String,
+}
+
+pub async fn message_create(
+    State(state): State<AppState>,
+    headers: HeaderMap,
+    Json(request): Json<MessageCreateRequest>,
+) -> Result<String, crate::Error> {
+    let user = get_user_from_header(&state.pool, &headers).await?;
+
+    user.authorize(&state.pool, Some(Roles::ADMIN | Roles::MESSAGES), None)
+        .await?;
+
+    let db_message: DbMessage = Message::new(MessageCreate {
+        title: request.title,
+        content: request.content,
+        channel: request.channel,
+        member_groups: request.member_groups,
+        member_roles: request.member_roles,
+        scheduled_at: None,
+        thumbnail_url: None,
+    })?
+    .into();
+
+    let mut transaction = state.pool.begin().await?;
+
+    db_message.insert(&mut transaction).await?;
+
+    transaction.commit().await?;
+
+    Ok(db_message.message_id.to_string())
+}
+
+pub async fn message_send(
+    State(state): State<AppState>,
+    headers: HeaderMap,
+    Path(message_id): Path<String>,
+) -> Result<(), crate::Error> {
+    let user = get_user_from_header(&state.pool, &headers).await?;
+
+    user.authorize(&state.pool, Some(Roles::ADMIN | Roles::MESSAGES), None)
+        .await?;
+
+    let message_id: uuid::Uuid =
+        uuid::Uuid::parse_str(&message_id).map_err(|_| crate::Error::BadRequest {
+            expected: "Could not convert message id to uuid".to_string(),
+        })?;
+
+    let mut transaction = state.pool.begin().await?;
+
+    DbMessage::update_status(&mut transaction, &message_id, MessageStatus::Sent).await?;
+
+    transaction.commit().await?;
+
+    Ok(())
+}

server/src/routes/user.rs

@@ -1 +1,91 @@
+use axum::{
+    extract::{Path, State},
+    http::HeaderMap,
+    routing::{delete, get, post},
+    Json, Router,
+};
 
+use crate::{
+    auth::get_user_from_header,
+    database::model::{Member as DbMember, Message as DbMessage, UserMember as DbUserMember},
+    model::{member::Roles, message::Channel, Member, Message, User},
+    util::convert_vec,
+    AppState,
+};
+
+pub fn routes() -> Router<AppState> {
+    Router::new()
+        .route("/user", get(get_current_user))
+        .route("/user/{user_id}/members", post(members_insert))
+        .route("/user/{user_id}/members", delete(members_remove))
+        .route("/user/{user_id}/messages", get(get_messages))
+}
+
+pub async fn get_current_user(
+    State(state): State<AppState>,
+    headers: HeaderMap,
+) -> Result<Json<User>, crate::Error> {
+    let user = get_user_from_header(&state.pool, &headers).await?;
+    Ok(Json(user))
+}
+
+pub async fn members_insert(
+    State(state): State<AppState>,
+    Path(user_id): Path<String>,
+    headers: HeaderMap,
+    Json(registration_tokens): Json<Vec<String>>,
+) -> Result<Json<Vec<Member>>, crate::Error> {
+    let user = get_user_from_header(&state.pool, &headers).await?;
+    user.authorize(&state.pool, Some(Roles::ADMIN), Some(user_id))
+        .await?;
+
+    let members =
+        DbMember::get_many_from_registration_tokens(&state.pool, registration_tokens).await?;
+
+    let member_ids: Vec<String> = members.iter().map(|m| m.member_id.to_owned()).collect();
+
+    let mut transaction = state.pool.begin().await?;
+
+    // Link the user to the members
+    let user_ids: Vec<uuid::Uuid> = vec![user.id; member_ids.len()];
+    DbUserMember::insert_many(&mut transaction, &user_ids, &member_ids).await?;
+
+    transaction.commit().await?;
+
+    Ok(Json(convert_vec(members)))
+}
+
+pub async fn members_remove(
+    State(state): State<AppState>,
+    Path(user_id): Path<String>,
+    headers: HeaderMap,
+    Json(member_ids): Json<Vec<String>>,
+) -> Result<(), crate::Error> {
+    let user = get_user_from_header(&state.pool, &headers).await?;
+    user.authorize(&state.pool, Some(Roles::ADMIN), Some(user_id))
+        .await?;
+
+    let mut transaction = state.pool.begin().await?;
+
+    // Link the user to the members
+    DbUserMember::remove_many(&mut transaction, &[user.id], &member_ids).await?;
+
+    transaction.commit().await?;
+
+    Ok(())
+}
+
+pub async fn get_messages(
+    State(state): State<AppState>,
+    Path(user_id): Path<String>,
+    headers: HeaderMap,
+) -> Result<Json<Vec<Message>>, crate::Error> {
+    let user = get_user_from_header(&state.pool, &headers).await?;
+    user.authorize(&state.pool, None, Some(user_id)).await?;
+
+    let (roles, groups) = user.get_roles_groups(&state.pool).await?;
+
+    let messages = DbMessage::get(&state.pool, Channel::ALGEMEEN, roles, groups).await?;
+
+    Ok(Json(convert_vec(messages)))
+}

server/src/util.rs

@@ -1,5 +1,7 @@
 mod bitflags;
+pub mod cli;
 pub mod error;
 mod helpers;
+pub mod serve;
 
 pub use helpers::convert_vec;

server/src/util/cli.rs

@@ -0,0 +1,73 @@
+use clap::{Parser, Subcommand};
+use sqlx::{Acquire, PgPool};
+
+use crate::model::member::{Groups, Roles};
+
+#[derive(Parser)]
+#[command(version, about, long_about = None)]
+struct Cli {
+    #[command(subcommand)]
+    command: Option<Commands>,
+}
+
+#[derive(Subcommand)]
+enum Commands {
+    Serve,
+    CreateAdminMember,
+    SetMemberAdmin { relatiecode: String },
+}
+
+pub async fn parse(pool: PgPool) {
+    let cli = Cli::parse();
+
+    match &cli.command {
+        Some(Commands::Serve) => {
+            crate::util::serve::serve(pool).await;
+        }
+        Some(Commands::CreateAdminMember) => {
+            create_admin_member(&pool).await.unwrap();
+        }
+        Some(Commands::SetMemberAdmin {
+            relatiecode: member_id,
+        }) => {
+            set_member_admin(&pool, member_id).await.unwrap();
+        }
+        None => {}
+    }
+}
+
+pub async fn create_admin_member(pool: &PgPool) -> Result<(), sqlx::Error> {
+    use crate::database::model::Member as DbMember;
+
+    let member = DbMember {
+        member_id: "D000000".to_string(),
+        first_name: "Admin".to_string(),
+        full_name: "Admin Admin".to_string(),
+        registration_token: None,
+        diploma: None,
+        groups: Groups::empty(),
+        roles: Roles::ADMIN,
+    };
+
+    let mut transaction = pool.begin().await?;
+
+    DbMember::insert_many(&mut transaction, vec![member]).await?;
+
+    transaction.commit().await?;
+
+    Ok(())
+}
+
+pub async fn set_member_admin(pool: &PgPool, id: &str) -> Result<(), sqlx::Error> {
+    sqlx::query!(
+        "
+            UPDATE ONLY members SET roles = $1 WHERE member_id = $2
+        ",
+        Roles::ADMIN.bits() as i64,
+        id
+    )
+    .execute(pool)
+    .await?;
+
+    Ok(())
+}

server/src/util/error.rs

@@ -1,4 +1,3 @@
-use crate::auth::AuthError;
 use axum::{
     http::StatusCode,
     response::{IntoResponse, Response},
@@ -40,6 +39,12 @@ impl IntoResponse for Error {
         let (status_code, code) = match self {
             Self::Sqlx(ref err_kind) => match err_kind {
                 sqlx::Error::RowNotFound => (StatusCode::NOT_FOUND, "DATABASE_ROW_NOT_FOUND"),
+                sqlx::Error::Database(db_err) => match db_err.kind() {
+                    sqlx::error::ErrorKind::UniqueViolation => {
+                        (StatusCode::INTERNAL_SERVER_ERROR, "DATABASE_DUPLICATE")
+                    }
+                    _ => (StatusCode::INTERNAL_SERVER_ERROR, "DATABASE_ERROR"),
+                },
                 _ => (StatusCode::INTERNAL_SERVER_ERROR, "DATABASE_ERROR"),
             },
 

server/src/util/serve.rs

@@ -0,0 +1,31 @@
+use std::sync::Arc;
+
+use axum::Router;
+use sqlx::PgPool;
+use tokio::{net::TcpListener, sync::Mutex};
+
+use crate::routes::member::migrate::MigrationStore;
+use crate::routes::routes;
+use crate::AppState;
+
+pub async fn serve(pool: PgPool) {
+    let migration_store = Arc::new(Mutex::new(MigrationStore::default()));
+
+    let app_state = AppState {
+        pool,
+        migration_store,
+    };
+
+    // Serve app
+    let app = Router::new().nest("/v1", routes()).with_state(app_state);
+
+    let listener = TcpListener::bind("127.0.0.1:3000")
+        .await
+        .expect("Error while initializing listener");
+
+    tracing::info!("Listening on {}", listener.local_addr().unwrap());
+
+    axum::serve(listener, app)
+        .await
+        .expect("Error while serving axum application");
+}