Compare commits
4 commits
a88467fa28
...
1d0f8ecd00
| Author | SHA1 | Date | |
|---|---|---|---|
| 1d0f8ecd00 | |||
| 4210545db4 | |||
| b4469a6317 | |||
| 91398ecd5b |
6 changed files with 104 additions and 12 deletions
12
src/api/v1/auth/mod.rs
Normal file
12
src/api/v1/auth/mod.rs
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
use actix_web::{Scope, web};
|
||||||
|
|
||||||
|
mod register;
|
||||||
|
mod login;
|
||||||
|
mod refresh;
|
||||||
|
|
||||||
|
pub fn web() -> Scope {
|
||||||
|
web::scope("/auth")
|
||||||
|
.service(register::res)
|
||||||
|
.service(login::res)
|
||||||
|
.service(refresh::res)
|
||||||
|
}
|
||||||
49
src/api/v1/auth/refresh.rs
Normal file
49
src/api/v1/auth/refresh.rs
Normal file
|
|
@ -0,0 +1,49 @@
|
||||||
|
use std::time::{SystemTime, UNIX_EPOCH};
|
||||||
|
use actix_web::{error, post, web, Error, HttpResponse};
|
||||||
|
use serde::{Deserialize, Serialize};
|
||||||
|
use futures::StreamExt;
|
||||||
|
|
||||||
|
use crate::Data;
|
||||||
|
|
||||||
|
#[derive(Deserialize)]
|
||||||
|
struct RefreshRequest {
|
||||||
|
refresh_token: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Serialize)]
|
||||||
|
struct Response {
|
||||||
|
refresh_token: Option<String>,
|
||||||
|
access_token: String,
|
||||||
|
expires_in: u64,
|
||||||
|
}
|
||||||
|
|
||||||
|
const MAX_SIZE: usize = 262_144;
|
||||||
|
|
||||||
|
#[post("/refresh")]
|
||||||
|
pub async fn res(mut payload: web::Payload, data: web::Data<Data>) -> Result<HttpResponse, Error> {
|
||||||
|
let mut body = web::BytesMut::new();
|
||||||
|
while let Some(chunk) = payload.next().await {
|
||||||
|
let chunk = chunk?;
|
||||||
|
// limit max size of in-memory payload
|
||||||
|
if (body.len() + chunk.len()) > MAX_SIZE {
|
||||||
|
return Err(error::ErrorBadRequest("overflow"));
|
||||||
|
}
|
||||||
|
body.extend_from_slice(&chunk);
|
||||||
|
}
|
||||||
|
|
||||||
|
let refresh_request = serde_json::from_slice::<RefreshRequest>(&body)?;
|
||||||
|
|
||||||
|
let current_time = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as i64;
|
||||||
|
|
||||||
|
let row: (String, i64) = sqlx::query_as("SELECT CAST(uuid as VARCHAR), created FROM refresh_tokens WHERE token = $1")
|
||||||
|
.bind(refresh_request.refresh_token)
|
||||||
|
.fetch_one(&data.pool)
|
||||||
|
.await
|
||||||
|
.unwrap();
|
||||||
|
|
||||||
|
let (uuid, created) = row;
|
||||||
|
|
||||||
|
println!("{}, {}", uuid, created);
|
||||||
|
|
||||||
|
Ok(HttpResponse::InternalServerError().finish())
|
||||||
|
}
|
||||||
|
|
@ -1,3 +1,5 @@
|
||||||
|
use std::time::{SystemTime, UNIX_EPOCH};
|
||||||
|
|
||||||
use actix_web::{error, post, web, Error, HttpResponse};
|
use actix_web::{error, post, web, Error, HttpResponse};
|
||||||
use regex::Regex;
|
use regex::Regex;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
@ -49,8 +51,6 @@ impl Default for ResponseError {
|
||||||
#[derive(Serialize)]
|
#[derive(Serialize)]
|
||||||
struct Response {
|
struct Response {
|
||||||
access_token: String,
|
access_token: String,
|
||||||
user_id: String,
|
|
||||||
expires_in: u64,
|
|
||||||
refresh_token: String,
|
refresh_token: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -110,7 +110,7 @@ pub async fn res(mut payload: web::Payload, data: web::Data<Data>) -> Result<Htt
|
||||||
|
|
||||||
if let Ok(hashed_password) = data.argon2.hash_password(account_information.password.as_bytes(), &salt) {
|
if let Ok(hashed_password) = data.argon2.hash_password(account_information.password.as_bytes(), &salt) {
|
||||||
// TODO: Check security of this implementation
|
// TODO: Check security of this implementation
|
||||||
return Ok(match sqlx::query(&format!("INSERT INTO users VALUES ( '{}', $1, NULL, $2, $3, false )", uuid))
|
return Ok(match sqlx::query(&format!("INSERT INTO users (uuid, username, password, email,) VALUES ( '{}', $1, $2, $3 )", uuid))
|
||||||
.bind(account_information.identifier)
|
.bind(account_information.identifier)
|
||||||
// FIXME: Password has no security currently, either from a client or server perspective
|
// FIXME: Password has no security currently, either from a client or server perspective
|
||||||
.bind(hashed_password.to_string())
|
.bind(hashed_password.to_string())
|
||||||
|
|
@ -118,12 +118,34 @@ pub async fn res(mut payload: web::Payload, data: web::Data<Data>) -> Result<Htt
|
||||||
.execute(&data.pool)
|
.execute(&data.pool)
|
||||||
.await {
|
.await {
|
||||||
Ok(_out) => {
|
Ok(_out) => {
|
||||||
|
let refresh_token = todo!();
|
||||||
|
let access_token = todo!();
|
||||||
|
|
||||||
|
let current_time = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as i64;
|
||||||
|
|
||||||
|
if let Err(error) = sqlx::query(&format!("INSERT INTO refresh_tokens (token, uuid, created) VALUES ($1, '{}', $2 )", uuid))
|
||||||
|
.bind(refresh_token)
|
||||||
|
.bind(current_time)
|
||||||
|
.execute(&data.pool)
|
||||||
|
.await {
|
||||||
|
eprintln!("{}", error);
|
||||||
|
return Ok(HttpResponse::InternalServerError().finish())
|
||||||
|
}
|
||||||
|
|
||||||
|
if let Err(error) = sqlx::query(&format!("INSERT INTO refresh_tokens (token, refresh_token, uuid, created) VALUES ($1, $2, '{}', $3 )", uuid))
|
||||||
|
.bind(access_token)
|
||||||
|
.bind(refresh_token)
|
||||||
|
.bind(current_time)
|
||||||
|
.execute(&data.pool)
|
||||||
|
.await {
|
||||||
|
eprintln!("{}", error);
|
||||||
|
return Ok(HttpResponse::InternalServerError().finish())
|
||||||
|
}
|
||||||
|
|
||||||
HttpResponse::Ok().json(
|
HttpResponse::Ok().json(
|
||||||
Response {
|
Response {
|
||||||
access_token: "bogus".to_string(),
|
access_token,
|
||||||
user_id: "bogus".to_string(),
|
refresh_token,
|
||||||
expires_in: 1,
|
|
||||||
refresh_token: "bogus".to_string(),
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
},
|
},
|
||||||
|
|
@ -1,12 +1,10 @@
|
||||||
use actix_web::{Scope, web};
|
use actix_web::{Scope, web};
|
||||||
|
|
||||||
mod stats;
|
mod stats;
|
||||||
mod register;
|
mod auth;
|
||||||
mod login;
|
|
||||||
|
|
||||||
pub fn web() -> Scope {
|
pub fn web() -> Scope {
|
||||||
web::scope("/v1")
|
web::scope("/v1")
|
||||||
.service(stats::res)
|
.service(stats::res)
|
||||||
.service(register::res)
|
.service(auth::web())
|
||||||
.service(login::res)
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
13
src/main.rs
13
src/main.rs
|
|
@ -44,7 +44,7 @@ async fn main() -> Result<(), Error> {
|
||||||
CREATE TABLE IF NOT EXISTS users (
|
CREATE TABLE IF NOT EXISTS users (
|
||||||
uuid uuid PRIMARY KEY UNIQUE NOT NULL,
|
uuid uuid PRIMARY KEY UNIQUE NOT NULL,
|
||||||
username varchar(32) UNIQUE NOT NULL,
|
username varchar(32) UNIQUE NOT NULL,
|
||||||
display_name varchar(64),
|
display_name varchar(64) DEFAULT NULL,
|
||||||
password varchar(512) NOT NULL,
|
password varchar(512) NOT NULL,
|
||||||
email varchar(100) UNIQUE NOT NULL,
|
email varchar(100) UNIQUE NOT NULL,
|
||||||
email_verified boolean NOT NULL DEFAULT FALSE
|
email_verified boolean NOT NULL DEFAULT FALSE
|
||||||
|
|
@ -52,6 +52,17 @@ async fn main() -> Result<(), Error> {
|
||||||
CREATE TABLE IF NOT EXISTS instance_permissions (
|
CREATE TABLE IF NOT EXISTS instance_permissions (
|
||||||
uuid uuid REFERENCES users(uuid),
|
uuid uuid REFERENCES users(uuid),
|
||||||
administrator boolean NOT NULL DEFAULT FALSE
|
administrator boolean NOT NULL DEFAULT FALSE
|
||||||
|
);
|
||||||
|
CREATE TABLE IF NOT EXISTS refresh_tokens (
|
||||||
|
token varchar(64) PRIMARY KEY UNIQUE NOT NULL,
|
||||||
|
uuid uuid REFERENCES users(uuid),
|
||||||
|
created int8 NOT NULL
|
||||||
|
);
|
||||||
|
CREATE TABLE IF NOT EXISTS access_tokens (
|
||||||
|
token varchar(32) PRIMARY KEY UNIQUE NOT NULL,
|
||||||
|
refresh_token varchar(64) UNIQUE REFERENCES refresh_tokens(token),
|
||||||
|
uuid uuid REFERENCES users(uuid),
|
||||||
|
created int8 NOT NULL
|
||||||
)
|
)
|
||||||
"#)
|
"#)
|
||||||
.execute(&pool)
|
.execute(&pool)
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue