Restructured auth
parent
dd51d107e3
commit
6858e9da62
GPG Key ID:
955C0660072F691F
|
|
@ -1,4 +1,3 @@
|
|||
use argon2::verify_encoded;
|
||||
use chrono::Utc;
|
||||
use diesel::{insert_into, prelude::*, PgConnection};
|
||||
use hmac::{Hmac, NewMac};
|
||||
|
|
@ -16,25 +15,6 @@ use crate::{
|
|||
schema::{refresh_tokens::dsl as refresh_tokens, users::dsl as users},
|
||||
};
|
||||
|
||||
pub fn verify_user(conn: &PgConnection, username: &str, password: &str) -> crate::Result<User>
|
||||
{
|
||||
// TODO handle non-"NotFound" Diesel errors accordingely
|
||||
let user = users::users
|
||||
.filter(users::username.eq(username))
|
||||
.first::<User>(conn)
|
||||
.map_err(|_| RbError::AuthUnknownUser)?;
|
||||
|
||||
// Check if a user is blocked
|
||||
if user.blocked {
|
||||
return Err(RbError::AuthBlockedUser);
|
||||
}
|
||||
|
||||
match verify_encoded(user.password.as_str(), password.as_bytes()) {
|
||||
Ok(true) => Ok(user),
|
||||
_ => Err(RbError::AuthInvalidPassword),
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Serialize)]
|
||||
#[serde(rename_all = "camelCase")]
|
||||
pub struct JWTResponse
|
||||
|
|
@ -96,39 +76,6 @@ pub fn generate_jwt_token(conn: &PgConnection, user: &User) -> crate::Result<JWT
|
|||
})
|
||||
}
|
||||
|
||||
pub fn hash_password(password: &str) -> crate::Result<String>
|
||||
{
|
||||
// Generate a random salt
|
||||
let mut salt = [0u8; 64];
|
||||
thread_rng().fill(&mut salt[..]);
|
||||
|
||||
// Encode the actual password
|
||||
let config = argon2::Config::default();
|
||||
argon2::hash_encoded(password.as_bytes(), &salt, &config)
|
||||
.map_err(|_| RbError::Custom("Couldn't hash password."))
|
||||
}
|
||||
|
||||
pub fn create_admin_user(conn: &PgConnection, username: &str, password: &str)
|
||||
-> crate::Result<bool>
|
||||
{
|
||||
let pass_hashed = hash_password(password)?;
|
||||
let new_user = NewUser {
|
||||
username: username.to_string(),
|
||||
password: pass_hashed,
|
||||
admin: true,
|
||||
};
|
||||
|
||||
insert_into(users::users)
|
||||
.values(&new_user)
|
||||
.on_conflict(users::username)
|
||||
.do_update()
|
||||
.set(&new_user)
|
||||
.execute(conn)
|
||||
.map_err(|_| RbError::Custom("Couldn't create admin."))?;
|
||||
|
||||
Ok(true)
|
||||
}
|
||||
|
||||
pub fn refresh_token(conn: &PgConnection, refresh_token: &str) -> crate::Result<JWTResponse>
|
||||
{
|
||||
let token_bytes =
|
||||
|
|
@ -0,0 +1,71 @@
|
|||
use ::jwt::SignWithKey;
|
||||
use argon2::verify_encoded;
|
||||
use chrono::Utc;
|
||||
use diesel::{insert_into, prelude::*, PgConnection};
|
||||
use hmac::{Hmac, NewMac};
|
||||
use rand::{thread_rng, Rng};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use sha2::Sha256;
|
||||
|
||||
use crate::{
|
||||
db::{
|
||||
tokens::{NewRefreshToken, RefreshToken},
|
||||
users::{NewUser, User},
|
||||
},
|
||||
errors::RbError,
|
||||
schema::{refresh_tokens::dsl as refresh_tokens, users::dsl as users},
|
||||
};
|
||||
|
||||
pub mod jwt;
|
||||
|
||||
pub fn verify_user(conn: &PgConnection, username: &str, password: &str) -> crate::Result<User>
|
||||
{
|
||||
// TODO handle non-"NotFound" Diesel errors accordingely
|
||||
let user = users::users
|
||||
.filter(users::username.eq(username))
|
||||
.first::<User>(conn)
|
||||
.map_err(|_| RbError::AuthUnknownUser)?;
|
||||
|
||||
// Check if a user is blocked
|
||||
if user.blocked {
|
||||
return Err(RbError::AuthBlockedUser);
|
||||
}
|
||||
|
||||
match verify_encoded(user.password.as_str(), password.as_bytes()) {
|
||||
Ok(true) => Ok(user),
|
||||
_ => Err(RbError::AuthInvalidPassword),
|
||||
}
|
||||
}
|
||||
|
||||
pub fn hash_password(password: &str) -> crate::Result<String>
|
||||
{
|
||||
// Generate a random salt
|
||||
let mut salt = [0u8; 64];
|
||||
thread_rng().fill(&mut salt[..]);
|
||||
|
||||
// Encode the actual password
|
||||
let config = argon2::Config::default();
|
||||
argon2::hash_encoded(password.as_bytes(), &salt, &config)
|
||||
.map_err(|_| RbError::Custom("Couldn't hash password."))
|
||||
}
|
||||
|
||||
pub fn create_admin_user(conn: &PgConnection, username: &str, password: &str)
|
||||
-> crate::Result<bool>
|
||||
{
|
||||
let pass_hashed = hash_password(password)?;
|
||||
let new_user = NewUser {
|
||||
username: username.to_string(),
|
||||
password: pass_hashed,
|
||||
admin: true,
|
||||
};
|
||||
|
||||
insert_into(users::users)
|
||||
.values(&new_user)
|
||||
.on_conflict(users::username)
|
||||
.do_update()
|
||||
.set(&new_user)
|
||||
.execute(conn)
|
||||
.map_err(|_| RbError::Custom("Couldn't create admin."))?;
|
||||
|
||||
Ok(true)
|
||||
}
|
||||
|
|
@ -79,6 +79,7 @@ impl<'r> Responder<'r, 'static> for RbError
|
|||
"message": self.message(),
|
||||
});
|
||||
|
||||
// TODO add status to response
|
||||
content.respond_to(req)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
use hmac::{Hmac, NewMac};
|
||||
use jwt::VerifyWithKey;
|
||||
use rb::auth::Claims;
|
||||
use rb::auth::jwt::Claims;
|
||||
use rocket::{
|
||||
http::Status,
|
||||
outcome::try_outcome,
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
use rb::auth::{generate_jwt_token, verify_user, JWTResponse};
|
||||
use rb::auth::{
|
||||
jwt::{generate_jwt_token, JWTResponse},
|
||||
verify_user,
|
||||
};
|
||||
use rocket::serde::json::Json;
|
||||
use serde::Deserialize;
|
||||
|
||||
|
|
@ -51,7 +54,7 @@ async fn refresh_token(
|
|||
let refresh_token = refresh_token_request.into_inner().refresh_token;
|
||||
|
||||
Ok(Json(
|
||||
conn.run(move |c| rb::auth::refresh_token(c, &refresh_token))
|
||||
conn.run(move |c| rb::auth::jwt::refresh_token(c, &refresh_token))
|
||||
.await?,
|
||||
))
|
||||
}
|
||||
|
|
|
|||
Reference in New Issue