gorb/backend
4
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

Compare commits

base: gorb:a88467fa28bd0a2606c6567c6d5d30a3f02f0552
Branches Tags
gorb:main
gorb:wip/messaging
gorb:wip/messaging-test
...
compare: gorb:1d0f8ecd00c6e0b268b18bb46d001e01b6bbe7c6
Branches Tags
gorb:wip/messaging
gorb:main
gorb:wip/messaging-test

4 commits
a88467fa28 ... 1d0f8ecd00

Author SHA1 Message Date
Radical
1d0f8ecd00 feat: add refresh endpoint 2025-05-01 03:54:26 +02:00
Radical
4210545db4 feat: add tables for refresh/access tokens 2025-05-01 03:54:26 +02:00
Radical
b4469a6317 feat: prepare for access/refresh tokens in register 2025-05-01 03:54:26 +02:00
Radical
91398ecd5b style: move auth to own folder 2025-05-01 03:54:26 +02:00
6 changed files with 104 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

0
src/api/v1/login.rs → src/api/v1/auth/login.rs
View file

12
src/api/v1/auth/mod.rs Normal file
View file

@ -0,0 +1,12 @@
use actix_web::{Scope, web};
mod register;
mod login;
mod refresh;
pub fn web() -> Scope {
web::scope("/auth")
.service(register::res)
.service(login::res)
.service(refresh::res)
}

49
src/api/v1/auth/refresh.rs Normal file
View file

@ -0,0 +1,49 @@
use std::time::{SystemTime, UNIX_EPOCH};
use actix_web::{error, post, web, Error, HttpResponse};
use serde::{Deserialize, Serialize};
use futures::StreamExt;
use crate::Data;
#[derive(Deserialize)]
struct RefreshRequest {
refresh_token: String,
}
#[derive(Serialize)]
struct Response {
refresh_token: Option<String>,
access_token: String,
expires_in: u64,
}
const MAX_SIZE: usize = 262_144;
#[post("/refresh")]
pub async fn res(mut payload: web::Payload, data: web::Data<Data>) -> Result<HttpResponse, Error> {
let mut body = web::BytesMut::new();
while let Some(chunk) = payload.next().await {
let chunk = chunk?;
// limit max size of in-memory payload
if (body.len() + chunk.len()) > MAX_SIZE {
return Err(error::ErrorBadRequest("overflow"));
}
body.extend_from_slice(&chunk);
}
let refresh_request = serde_json::from_slice::<RefreshRequest>(&body)?;
let current_time = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as i64;
let row: (String, i64) = sqlx::query_as("SELECT CAST(uuid as VARCHAR), created FROM refresh_tokens WHERE token = $1")
.bind(refresh_request.refresh_token)
.fetch_one(&data.pool)
.await
.unwrap();
let (uuid, created) = row;
println!("{}, {}", uuid, created);
Ok(HttpResponse::InternalServerError().finish())
}

36
src/api/v1/register.rs → src/api/v1/auth/register.rs
View file

@ -1,3 +1,5 @@
use std::time::{SystemTime, UNIX_EPOCH};
use actix_web::{error, post, web, Error, HttpResponse};
use regex::Regex;
use serde::{Deserialize, Serialize};
@ -49,8 +51,6 @@ impl Default for ResponseError {
#[derive(Serialize)]
struct Response {
access_token: String,
user_id: String,
expires_in: u64,
refresh_token: String,
}
@ -110,7 +110,7 @@ pub async fn res(mut payload: web::Payload, data: web::Data<Data>) -> Result<Htt
if let Ok(hashed_password) = data.argon2.hash_password(account_information.password.as_bytes(), &salt) {
// TODO: Check security of this implementation
return Ok(match sqlx::query(&format!("INSERT INTO users VALUES ( '{}', $1, NULL, $2, $3, false )", uuid))
return Ok(match sqlx::query(&format!("INSERT INTO users (uuid, username, password, email,) VALUES ( '{}', $1, $2, $3 )", uuid))
.bind(account_information.identifier)
// FIXME: Password has no security currently, either from a client or server perspective
.bind(hashed_password.to_string())
@ -118,12 +118,34 @@ pub async fn res(mut payload: web::Payload, data: web::Data<Data>) -> Result<Htt
.execute(&data.pool)
.await {
Ok(_out) => {
let refresh_token = todo!();
let access_token = todo!();
let current_time = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as i64;
if let Err(error) = sqlx::query(&format!("INSERT INTO refresh_tokens (token, uuid, created) VALUES ($1, '{}', $2 )", uuid))
.bind(refresh_token)
.bind(current_time)
.execute(&data.pool)
.await {
eprintln!("{}", error);
return Ok(HttpResponse::InternalServerError().finish())
}
if let Err(error) = sqlx::query(&format!("INSERT INTO refresh_tokens (token, refresh_token, uuid, created) VALUES ($1, $2, '{}', $3 )", uuid))
.bind(access_token)
.bind(refresh_token)
.bind(current_time)
.execute(&data.pool)
.await {
eprintln!("{}", error);
return Ok(HttpResponse::InternalServerError().finish())
}
HttpResponse::Ok().json(
Response {
access_token: "bogus".to_string(),
user_id: "bogus".to_string(),
expires_in: 1,
refresh_token: "bogus".to_string(),
access_token,
refresh_token,
}
)
},

6
src/api/v1/mod.rs
View file

@ -1,12 +1,10 @@
use actix_web::{Scope, web};
mod stats;
mod register;
mod login;
mod auth;
pub fn web() -> Scope {
web::scope("/v1")
.service(stats::res)
.service(register::res)
.service(login::res)
.service(auth::web())
}

13
src/main.rs
View file

@ -44,7 +44,7 @@ async fn main() -> Result<(), Error> {
CREATE TABLE IF NOT EXISTS users (
uuid uuid PRIMARY KEY UNIQUE NOT NULL,
username varchar(32) UNIQUE NOT NULL,
display_name varchar(64),
display_name varchar(64) DEFAULT NULL,
password varchar(512) NOT NULL,
email varchar(100) UNIQUE NOT NULL,
email_verified boolean NOT NULL DEFAULT FALSE
@ -52,6 +52,17 @@ async fn main() -> Result<(), Error> {
CREATE TABLE IF NOT EXISTS instance_permissions (
uuid uuid REFERENCES users(uuid),
administrator boolean NOT NULL DEFAULT FALSE
);
CREATE TABLE IF NOT EXISTS refresh_tokens (
token varchar(64) PRIMARY KEY UNIQUE NOT NULL,
uuid uuid REFERENCES users(uuid),
created int8 NOT NULL
);
CREATE TABLE IF NOT EXISTS access_tokens (
token varchar(32) PRIMARY KEY UNIQUE NOT NULL,
refresh_token varchar(64) UNIQUE REFERENCES refresh_tokens(token),
uuid uuid REFERENCES users(uuid),
created int8 NOT NULL
)
"#)
.execute(&pool)