gorb/backend
4
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

Compare commits

base: gorb:0f897dc0c6235d57776ee85aaeee028730273d22
Branches Tags
gorb:main
gorb:wip/messaging
gorb:wip/messaging-test
..
compare: gorb:f12f81d584982144a94db396450e2cdbe938d8a5
Branches Tags
gorb:wip/messaging
gorb:main
gorb:wip/messaging-test

No commits in common. "0f897dc0c6235d57776ee85aaeee028730273d22" and "f12f81d584982144a94db396450e2cdbe938d8a5" have entirely different histories.
0f897dc0c6 ... f12f81d584

7 changed files with 37 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/api/mod.rs
View file

@ -1,11 +1,2 @@
use actix_web::Scope; pub mod v1;
use actix_web::web; pub mod versions;
mod v1;
mod versions;
pub fn web() -> Scope {
web::scope("/api")
.service(v1::web())
.service(versions::res)
}

19
src/api/v1/auth/login.rs
View file

@ -1,17 +1,17 @@
use std::time::{SystemTime, UNIX_EPOCH}; use std::time::{SystemTime, UNIX_EPOCH};
use actix_web::{error, post, web, Error, HttpResponse}; use actix_web::{Error, HttpResponse, error, post, web};
use argon2::{PasswordHash, PasswordVerifier}; use argon2::{PasswordHash, PasswordVerifier};
use futures::StreamExt; use futures::StreamExt;
use log::error; use log::error;
use serde::Deserialize; use serde::{Deserialize, Serialize};
use crate::{ use crate::{
api::v1::auth::{EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX}, crypto::{generate_access_token, generate_refresh_token}, utils::refresh_token_cookie, Data Data,
api::v1::auth::{EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX},
crypto::{generate_access_token, generate_refresh_token},
}; };
use super::Response;
#[derive(Deserialize)] #[derive(Deserialize)]
struct LoginInformation { struct LoginInformation {
username: String, username: String,
@ -19,6 +19,12 @@ struct LoginInformation {
device_name: String, device_name: String,
} }
#[derive(Serialize)]
pub struct Response {
pub access_token: String,
pub refresh_token: String,
}
const MAX_SIZE: usize = 262_144; const MAX_SIZE: usize = 262_144;
#[post("/login")] #[post("/login")]
@ -181,7 +187,8 @@ async fn login(
return HttpResponse::InternalServerError().finish() return HttpResponse::InternalServerError().finish()
} }
HttpResponse::Ok().cookie(refresh_token_cookie(refresh_token)).json(Response { HttpResponse::Ok().json(Response {
access_token, access_token,
refresh_token,
}) })
} }

6
src/api/v1/auth/mod.rs
View file

@ -7,7 +7,6 @@ use std::{
use actix_web::{HttpResponse, Scope, web}; use actix_web::{HttpResponse, Scope, web};
use log::error; use log::error;
use regex::Regex; use regex::Regex;
use serde::Serialize;
use sqlx::Postgres; use sqlx::Postgres;
use uuid::Uuid; use uuid::Uuid;
@ -16,11 +15,6 @@ mod refresh;
mod register; mod register;
mod revoke; mod revoke;
#[derive(Serialize)]
struct Response {
access_token: String,
}
static EMAIL_REGEX: LazyLock<Regex> = LazyLock::new(|| { static EMAIL_REGEX: LazyLock<Regex> = LazyLock::new(|| {
Regex::new(r"[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+(?:\.[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+)*@(?:[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?\.)+[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?").unwrap() Regex::new(r"[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+(?:\.[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+)*@(?:[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?\.)+[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?").unwrap()
}); });

19
src/api/v1/auth/refresh.rs
View file

@ -1,22 +1,28 @@
use actix_web::{post, web, Error, HttpRequest, HttpResponse}; use actix_web::{post, web, Error, HttpRequest, HttpResponse};
use log::error; use log::error;
use serde::Serialize;
use std::time::{SystemTime, UNIX_EPOCH}; use std::time::{SystemTime, UNIX_EPOCH};
use crate::{ use crate::{
crypto::{generate_access_token, generate_refresh_token}, utils::refresh_token_cookie, Data Data,
crypto::{generate_access_token, generate_refresh_token},
}; };
use super::Response; #[derive(Serialize)]
struct Response {
refresh_token: String,
access_token: String,
}
#[post("/refresh")] #[post("/refresh")]
pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse, Error> { pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse, Error> {
let recv_refresh_token_cookie = req.cookie("refresh_token"); let refresh_token_cookie = req.cookie("refresh_token");
if let None = recv_refresh_token_cookie { if let None = refresh_token_cookie {
return Ok(HttpResponse::Unauthorized().finish()) return Ok(HttpResponse::Unauthorized().finish())
} }
let mut refresh_token = String::from(recv_refresh_token_cookie.unwrap().value()); let mut refresh_token = String::from(refresh_token_cookie.unwrap().value());
let current_time = SystemTime::now() let current_time = SystemTime::now()
.duration_since(UNIX_EPOCH) .duration_since(UNIX_EPOCH)
@ -95,7 +101,8 @@ pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
return Ok(HttpResponse::InternalServerError().finish()) return Ok(HttpResponse::InternalServerError().finish())
} }
return Ok(HttpResponse::Ok().cookie(refresh_token_cookie(refresh_token)).json(Response { return Ok(HttpResponse::Ok().json(Response {
refresh_token,
access_token, access_token,
})); }));
} }

9
src/api/v1/auth/register.rs
View file

@ -10,9 +10,11 @@ use log::error;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use uuid::Uuid; use uuid::Uuid;
use super::Response; use super::login::Response;
use crate::{ use crate::{
api::v1::auth::{EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX}, crypto::{generate_access_token, generate_refresh_token}, utils::refresh_token_cookie, Data Data,
api::v1::auth::{EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX},
crypto::{generate_access_token, generate_refresh_token},
}; };
#[derive(Deserialize)] #[derive(Deserialize)]
@ -157,8 +159,9 @@ pub async fn res(mut payload: web::Payload, data: web::Data<Data>) -> Result<Htt
return Ok(HttpResponse::InternalServerError().finish()) return Ok(HttpResponse::InternalServerError().finish())
} }
HttpResponse::Ok().cookie(refresh_token_cookie(refresh_token)).json(Response { HttpResponse::Ok().json(Response {
access_token, access_token,
refresh_token,
}) })
} }
Err(error) => { Err(error) => {

3
src/main.rs
View file

@ -89,7 +89,8 @@ async fn main() -> Result<(), Error> {
HttpServer::new(move || { HttpServer::new(move || {
App::new() App::new()
.app_data(web::Data::new(data.clone())) .app_data(web::Data::new(data.clone()))
.service(api::web()) .service(api::versions::res)
.service(api::v1::web())
}) })
.bind((web.url, web.port))? .bind((web.url, web.port))?
.run() .run()

12
src/utils.rs
View file

@ -1,4 +1,4 @@
use actix_web::{cookie::{time::Duration, Cookie, SameSite}, http::header::HeaderMap, HttpResponse}; use actix_web::{HttpResponse, http::header::HeaderMap};
pub fn get_auth_header(headers: &HeaderMap) -> Result<&str, HttpResponse> { pub fn get_auth_header(headers: &HeaderMap) -> Result<&str, HttpResponse> {
let auth_token = headers.get(actix_web::http::header::AUTHORIZATION); let auth_token = headers.get(actix_web::http::header::AUTHORIZATION);
@ -21,13 +21,3 @@ pub fn get_auth_header(headers: &HeaderMap) -> Result<&str, HttpResponse> {
Ok(auth_value.unwrap()) Ok(auth_value.unwrap())
} }
pub fn refresh_token_cookie(refresh_token: String) -> Cookie<'static> {
Cookie::build("refresh_token", refresh_token)
.http_only(true)
.secure(true)
.same_site(SameSite::None)
.path("/api")
.max_age(Duration::days(30))
.finish()
}