From a89d705239895ccdcab7f6dc112a9b0d5a5363dd Mon Sep 17 00:00:00 2001 From: Radical Date: Thu, 1 May 2025 20:19:18 +0200 Subject: [PATCH] feat: use device_name in refresh_tokens table --- src/api/v1/auth/login.rs | 11 ++++++----- src/api/v1/auth/register.rs | 3 ++- src/main.rs | 3 ++- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/api/v1/auth/login.rs b/src/api/v1/auth/login.rs index 54d163b..25ce5ae 100644 --- a/src/api/v1/auth/login.rs +++ b/src/api/v1/auth/login.rs @@ -52,14 +52,14 @@ pub async fn response(mut payload: web::Payload, data: web::Data) -> Resul if email_regex.is_match(&login_information.username) { if let Ok(row) = sqlx::query_as("SELECT CAST(uuid as VARCHAR), password FROM users WHERE email = $1").bind(login_information.username).fetch_one(&data.pool).await { let (uuid, password): (String, String) = row; - return Ok(login(data.clone(), uuid, login_information.password, password).await) + return Ok(login(data.clone(), uuid, login_information.password, password, login_information.device_name).await) } return Ok(HttpResponse::Unauthorized().finish()) } else if username_regex.is_match(&login_information.username) { if let Ok(row) = sqlx::query_as("SELECT CAST(uuid as VARCHAR), password FROM users WHERE username = $1").bind(login_information.username).fetch_one(&data.pool).await { let (uuid, password): (String, String) = row; - return Ok(login(data.clone(), uuid, login_information.password, password).await) + return Ok(login(data.clone(), uuid, login_information.password, password, login_information.device_name).await) } return Ok(HttpResponse::Unauthorized().finish()) @@ -68,7 +68,7 @@ pub async fn response(mut payload: web::Payload, data: web::Data) -> Resul Ok(HttpResponse::Unauthorized().finish()) } -async fn login(data: actix_web::web::Data, uuid: String, request_password: String, database_password: String) -> HttpResponse { +async fn login(data: actix_web::web::Data, uuid: String, request_password: String, database_password: String, device_name: String) -> HttpResponse { if let Ok(parsed_hash) = PasswordHash::new(&database_password) { if data.argon2.verify_password(request_password.as_bytes(), &parsed_hash).is_ok() { let refresh_token = generate_refresh_token(); @@ -90,16 +90,17 @@ async fn login(data: actix_web::web::Data, uuid: String, request_password: let current_time = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as i64; - if let Err(error) = sqlx::query(&format!("INSERT INTO refresh_tokens (token, uuid, created) VALUES ($1, '{}', $2 )", uuid)) + if let Err(error) = sqlx::query(&format!("INSERT INTO refresh_tokens (token, uuid, created, device_name) VALUES ($1, '{}', $2, $3 )", uuid)) .bind(&refresh_token) .bind(current_time) + .bind(device_name) .execute(&data.pool) .await { eprintln!("{}", error); return HttpResponse::InternalServerError().finish() } - if let Err(error) = sqlx::query(&format!("INSERT INTO refresh_tokens (token, refresh_token, uuid, created) VALUES ($1, $2, '{}', $3 )", uuid)) + if let Err(error) = sqlx::query(&format!("INSERT INTO access_tokens (token, refresh_token, uuid, created) VALUES ($1, $2, '{}', $3 )", uuid)) .bind(&access_token) .bind(&refresh_token) .bind(current_time) diff --git a/src/api/v1/auth/register.rs b/src/api/v1/auth/register.rs index 24ea0bf..0617a25 100644 --- a/src/api/v1/auth/register.rs +++ b/src/api/v1/auth/register.rs @@ -132,9 +132,10 @@ pub async fn res(mut payload: web::Payload, data: web::Data) -> Result Result<(), Error> { CREATE TABLE IF NOT EXISTS refresh_tokens ( token varchar(64) PRIMARY KEY UNIQUE NOT NULL, uuid uuid NOT NULL REFERENCES users(uuid), - created int8 NOT NULL + created int8 NOT NULL, + device_name varchar(16) NOT NULL ); CREATE TABLE IF NOT EXISTS access_tokens ( token varchar(32) PRIMARY KEY UNIQUE NOT NULL,