Moved some JWT db commands to db
parent
1378219fe5
commit
02011e04ce
|
@ -1,5 +1,5 @@
|
||||||
use chrono::Utc;
|
use chrono::Utc;
|
||||||
use diesel::{insert_into, prelude::*, PgConnection};
|
use diesel::{prelude::*, PgConnection};
|
||||||
use hmac::{Hmac, NewMac};
|
use hmac::{Hmac, NewMac};
|
||||||
use jwt::SignWithKey;
|
use jwt::SignWithKey;
|
||||||
use rand::{thread_rng, Rng};
|
use rand::{thread_rng, Rng};
|
||||||
|
@ -7,10 +7,8 @@ use serde::{Deserialize, Serialize};
|
||||||
use sha2::Sha256;
|
use sha2::Sha256;
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
db::{
|
db,
|
||||||
tokens::{NewRefreshToken, RefreshToken},
|
db::{tokens::NewRefreshToken, users::User},
|
||||||
users::User,
|
|
||||||
},
|
|
||||||
errors::{RbError, RbResult},
|
errors::{RbError, RbResult},
|
||||||
schema::{refresh_tokens::dsl as refresh_tokens, users::dsl as users},
|
schema::{refresh_tokens::dsl as refresh_tokens, users::dsl as users},
|
||||||
};
|
};
|
||||||
|
@ -61,14 +59,14 @@ pub fn generate_jwt_token(conn: &PgConnection, user: &User) -> RbResult<JWTRespo
|
||||||
(current_time + chrono::Duration::seconds(crate::REFRESH_TOKEN_EXP_SECONDS)).naive_utc();
|
(current_time + chrono::Duration::seconds(crate::REFRESH_TOKEN_EXP_SECONDS)).naive_utc();
|
||||||
|
|
||||||
// Store refresh token in database
|
// Store refresh token in database
|
||||||
insert_into(refresh_tokens::refresh_tokens)
|
db::tokens::create(
|
||||||
.values(NewRefreshToken {
|
conn,
|
||||||
|
&NewRefreshToken {
|
||||||
token: refresh_token.to_vec(),
|
token: refresh_token.to_vec(),
|
||||||
user_id: user.id,
|
user_id: user.id,
|
||||||
expires_at: refresh_expire,
|
expires_at: refresh_expire,
|
||||||
})
|
},
|
||||||
.execute(conn)
|
)?;
|
||||||
.map_err(|_| RbError::Custom("Couldn't insert refresh token."))?;
|
|
||||||
|
|
||||||
Ok(JWTResponse {
|
Ok(JWTResponse {
|
||||||
token,
|
token,
|
||||||
|
@ -82,11 +80,8 @@ pub fn refresh_token(conn: &PgConnection, refresh_token: &str) -> RbResult<JWTRe
|
||||||
base64::decode(refresh_token).map_err(|_| RbError::AuthInvalidRefreshToken)?;
|
base64::decode(refresh_token).map_err(|_| RbError::AuthInvalidRefreshToken)?;
|
||||||
|
|
||||||
// First, we request the token from the database to see if it's really a valid token
|
// First, we request the token from the database to see if it's really a valid token
|
||||||
let (token_entry, user) = refresh_tokens::refresh_tokens
|
let (token_entry, user) =
|
||||||
.inner_join(users::users)
|
db::tokens::find_with_user(conn, &token_bytes).ok_or(RbError::AuthInvalidRefreshToken)?;
|
||||||
.filter(refresh_tokens::token.eq(token_bytes))
|
|
||||||
.first::<(RefreshToken, User)>(conn)
|
|
||||||
.map_err(|_| RbError::AuthInvalidRefreshToken)?;
|
|
||||||
|
|
||||||
// If we see that the token has already been used before, we block the user.
|
// If we see that the token has already been used before, we block the user.
|
||||||
if token_entry.last_used_at.is_some() {
|
if token_entry.last_used_at.is_some() {
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
use argon2::verify_encoded;
|
use argon2::verify_encoded;
|
||||||
use diesel::{insert_into, prelude::*, PgConnection};
|
use diesel::{prelude::*, PgConnection};
|
||||||
use rand::{thread_rng, Rng};
|
use rand::{thread_rng, Rng};
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
db::users::{NewUser, User},
|
db::users::User,
|
||||||
errors::{RbError, RbResult},
|
errors::{RbError, RbResult},
|
||||||
schema::users::dsl as users,
|
schema::users::dsl as users,
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
use diesel::{Insertable, Queryable};
|
use diesel::{insert_into, prelude::*, Insertable, PgConnection, Queryable};
|
||||||
use uuid::Uuid;
|
use uuid::Uuid;
|
||||||
|
|
||||||
use crate::schema::refresh_tokens;
|
use crate::{
|
||||||
|
errors::{RbError, RbResult},
|
||||||
|
schema::{refresh_tokens, refresh_tokens::dsl::*},
|
||||||
|
};
|
||||||
|
|
||||||
#[derive(Queryable)]
|
#[derive(Queryable)]
|
||||||
pub struct RefreshToken
|
pub struct RefreshToken
|
||||||
|
@ -20,3 +23,36 @@ pub struct NewRefreshToken
|
||||||
pub user_id: Uuid,
|
pub user_id: Uuid,
|
||||||
pub expires_at: chrono::NaiveDateTime,
|
pub expires_at: chrono::NaiveDateTime,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn all(conn: &PgConnection) -> RbResult<Vec<RefreshToken>>
|
||||||
|
{
|
||||||
|
refresh_tokens
|
||||||
|
.load::<RefreshToken>(conn)
|
||||||
|
.map_err(|_| RbError::DbError("Couldn't get all refresh tokens."))
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn create(conn: &PgConnection, new_refresh_token: &NewRefreshToken) -> RbResult<()>
|
||||||
|
{
|
||||||
|
insert_into(refresh_tokens)
|
||||||
|
.values(new_refresh_token)
|
||||||
|
.execute(conn)
|
||||||
|
.map_err(|_| RbError::Custom("Couldn't insert refresh token."))?;
|
||||||
|
|
||||||
|
// TODO check for conflict?
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn find_with_user(
|
||||||
|
conn: &PgConnection,
|
||||||
|
token_val: &[u8],
|
||||||
|
) -> Option<(RefreshToken, super::users::User)>
|
||||||
|
{
|
||||||
|
// TODO actually check for errors here
|
||||||
|
refresh_tokens
|
||||||
|
.inner_join(crate::schema::users::dsl::users)
|
||||||
|
.filter(token.eq(token_val))
|
||||||
|
.first::<(RefreshToken, super::users::User)>(conn)
|
||||||
|
.map_err(|_| RbError::Custom("Couldn't get refresh token & user."))
|
||||||
|
.ok()
|
||||||
|
}
|
||||||
|
|
Reference in New Issue