Remove forced authorization for non-admin endpoints

Makefile

@@ -0,0 +1,60 @@
+all: ci
+
+.PHONY: help
+help:
+	@echo "Fallacious Rooster Makefile Help"
+	@echo "- ci-frontend		Run CI only for the frontend"
+	@echo "- ci-server		Run CI only for the server"
+	@echo "- ci			Run all CI jobs"
+	@echo "- server-fmt-fix	Apply fixes to formatting of the server"
+
+.PHONY: ci
+ci: ci-frontend ci-server
+
+.PHONY: ci-frontend
+ci-frontend: frontend-eslint
+
+.PHONY: ci-server
+ci-server: server-fmt server-clippy server-test
+
+.PHONY: server-fmt
+server-fmt: install-rustfmt
+	cd server && \
+		cargo fmt --all --check
+
+.PHONY: server-fmt-fix
+server-fmt-fix: install-rustfmt
+	cd server && \
+		cargo fmt --all
+
+.PHONY: server-clippy
+server-clippy: install-clippy
+	cd server && \
+		cargo clippy
+
+.PHONY: server-test
+server-test: install-rust
+	cd server && \
+		cargo test
+
+.PHONY: frontend-eslint
+frontend-eslint: install-frontend-modules
+	cd frontend && \
+		yarn eslint
+
+.PHONY: install-rustfmt
+install-rustfmt: install-rust
+	rustup component add rustfmt
+
+.PHONY: install-clippy
+install-clippy: install-rust
+	rustup component add clippy
+
+.PHONY: install-frontend-modules
+install-frontend-modules:
+	cd frontend && \
+		yarn
+
+.PHONY: install-rust
+install-rust:
+	rustup toolchain install stable --profile minimal

README.md

@@ -7,6 +7,16 @@ Even though login is required, the application takes upmost care to ensure user
 
 The original idea for this application was put forward in [the policy of the 10th KKB on the kbALV on 2024-05-21, section 2.2](https://files.svsticky.nl/alv_stukken/2024_05_21_kbALV/Beleidsplan%2010e%20KKB.pdf). 
 
+## CI
+Easily run CI locally with Make:
+```bash
+make
+```
+See all commands with:
+```bash
+make help
+```
+
 ## Development 
 The guide below will tell you roughly how to get started with working on fallacious-rooster.
 

frontend/src/layouts/AuthorizedMiddleware.vue → frontend/src/layouts/UnauthorizedMiddleware.vue

@@ -11,10 +11,9 @@
     </v-main>
 
     <AppBar
-      v-if="loginOk"
       :is-admin="isAdmin"
     />
-    <RouterView v-if="loginOk" />
+    <RouterView />
   </v-app>
 </template>
 
@@ -28,7 +27,6 @@ import MaterialBanner from "@/views/components/MaterialBanner.vue";
 
 interface Data {
   error: string | null,
-  loginOk: boolean,
   isAdmin: boolean,
 }
 
@@ -49,11 +47,8 @@ export default defineComponent({
           this.isAdmin = loginState.isAdmin;
 
         } else {
-          this.error = r.unwrapErr();
+          this.isAdmin = false;
         }
     },
-    methods: {
-
-    }
 })
 </script>

frontend/src/router/index.ts

@@ -3,7 +3,7 @@ import { createRouter, createWebHistory, RouteRecordRaw } from 'vue-router'
 const routes: Array<RouteRecordRaw> = [
   {
     path: '/',
-    component: () => import('@/layouts/AuthorizedMiddleware.vue'),
+    component: () => import('@/layouts/UnauthorizedMiddleware.vue'),
     children: [
       {
         path: '',

server/src/server/routes/config/confidential_advisors/list.rs

@@ -13,7 +13,7 @@ pub struct Advisor {
     email: String,
 }
 
-pub async fn list(_: Authorization<true>, storage: WStorage) -> WResult<web::Json<ListResponse>> {
+pub async fn list(_: Authorization, storage: WStorage) -> WResult<web::Json<ListResponse>> {
     Ok(web::Json(ListResponse {
         advisors: storage
             .0

server/src/server/types/authorization.rs

@@ -6,7 +6,6 @@ use cabbage::oauth::ClientConfig;
 use cabbage::KoalaApi;
 use std::future::Future;
 use std::pin::Pin;
-use std::str::FromStr;
 use thiserror::Error;
 
 pub struct Authorization<const ADMIN: bool = false> {
@@ -36,9 +35,9 @@ impl<const ADMIN: bool> FromRequest for Authorization<ADMIN> {
     fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future {
         let req = req.clone();
         Box::pin(async move {
-            #[cfg(debug_assertions)]
-            if is_debug_allow_unauthorized(&req) {
-                return Ok(Self { is_admin: true });
+            if !Self::ADMIN {
+                // We do not want authorization where admin rights aren't needed
+                return Ok(Self { is_admin: false });
             }
 
             let token = match get_token(&req) {
@@ -76,19 +75,6 @@ impl<const ADMIN: bool> FromRequest for Authorization<ADMIN> {
     }
 }
 
-/// Check if the `X-DebugAllowUnauthorized` header is present.
-/// This is useful when working on the UI using the native Linux application,
-/// which doesn't support browser redirects (obviously).
-///
-/// During devlopment ACL can be ignored this way.
-#[cfg(debug_assertions)]
-fn is_debug_allow_unauthorized(req: &HttpRequest) -> bool {
-    match header(req, "X-DebugAllowUnauthorized") {
-        Some(hv) => bool::from_str(&hv).unwrap_or(false),
-        None => false,
-    }
-}
-
 fn get_token(req: &HttpRequest) -> Option<String> {
     // Get the authorization from the Authorization header or an Authorization cookie
     let value = match header(req, "Authorization") {