From 8edb279f4e025a2ae5e32851bd4bf7c0d92bea17 Mon Sep 17 00:00:00 2001
From: Christine Dodrill <me@christine.website>
Date: Fri, 30 Oct 2020 20:24:05 -0400
Subject: [PATCH] lock this to tulpa.dev admins

---
 shell.nix    |  4 ++--
 src/gitea.rs | 14 ++++++++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/shell.nix b/shell.nix
index b7b86f4..5222d60 100644
--- a/shell.nix
+++ b/shell.nix
@@ -15,8 +15,8 @@ in pkgs.mkShell rec {
 
   B2_CREDFILE = "./var/secret/b2-creds.txt";
   B2_MODULE_BUCKET_NAME = "wasmcloud-modules";
-  RUST_LOG = "info,wasmcloud=debug";
   DATABASE_URL = "postgresql://postgres:hunter2@localhost:5432/wasmcloud";
-  ROCKET_DATABASES = ''{ main_data = { url = "${DATABASE_URL}" } }'';
   JWT_SECRET = "hunter2";
+  ROCKET_DATABASES = ''{ main_data = { url = "${DATABASE_URL}" } }'';
+  RUST_LOG = "info,wasmcloud=debug";
 }
diff --git a/src/gitea.rs b/src/gitea.rs
index 769ffed..c1e88e4 100644
--- a/src/gitea.rs
+++ b/src/gitea.rs
@@ -1,4 +1,8 @@
-use crate::{api, jwt, models, schema, Gitea, MainDatabase};
+use crate::{
+    api::{self, Error, Result},
+    jwt, models, schema, Gitea, MainDatabase,
+};
+use color_eyre::eyre::eyre;
 use diesel::prelude::*;
 use rocket::{
     http::{Cookie, Cookies, SameSite},
@@ -46,13 +50,19 @@ pub fn callback(
     conn: MainDatabase,
     token: TokenResponse<Gitea>,
     mut cookies: Cookies<'_>,
-) -> api::Result<String> {
+) -> Result<String> {
     let tok = token.access_token().to_string();
     let refresh = token.refresh_token().unwrap().to_string();
 
     let gitea_user =
         user(tok.clone()).map_err(|why| api::Error::ExternalDependencyFailed(why.into()))?;
 
+    if !gitea_user.is_admin {
+        return Err(Error::InternalServerError(eyre!(
+            "wasmcloud is not ready for general use yet sorry"
+        )));
+    }
+
     use schema::{
         gitea_tokens, tokens,
         users::{