Chewing_Bever
/
rusty-bever
Archived
1
0
Fork 1
Code Issues 41 Pull Requests 1 Projects Releases Activity

Compare commits

base: Chewing_Bever:27b904b3f5b2724729b7d553b77b7e6304f715bf
Branches Tags
Chewing_Bever:microservice-split
Chewing_Bever:develop
Chewing_Bever:sections-backend
Chewing_Bever:main
..
compare: Chewing_Bever:dd51d107e3ef0d412634f9b3ce9521cff28c8c52
Branches Tags
Chewing_Bever:microservice-split
Chewing_Bever:develop
Chewing_Bever:sections-backend
Chewing_Bever:main

No commits in common. "27b904b3f5b2724729b7d553b77b7e6304f715bf" and "dd51d107e3ef0d412634f9b3ce9521cff28c8c52" have entirely different histories.
27b904b3f5 ... dd51d107e3

6 changed files with 62 additions and 76 deletions
Show Stats Expand all files Collapse all files

55
src/auth/jwt.rs → src/auth.rs
View File

@ -1,3 +1,4 @@
use argon2::verify_encoded;
use chrono::Utc; use chrono::Utc;
use diesel::{insert_into, prelude::*, PgConnection}; use diesel::{insert_into, prelude::*, PgConnection};
use hmac::{Hmac, NewMac}; use hmac::{Hmac, NewMac};
@ -9,12 +10,31 @@ use sha2::Sha256;
use crate::{ use crate::{
db::{ db::{
tokens::{NewRefreshToken, RefreshToken}, tokens::{NewRefreshToken, RefreshToken},
users::User, users::{NewUser, User},
}, },
errors::RbError, errors::RbError,
schema::{refresh_tokens::dsl as refresh_tokens, users::dsl as users}, schema::{refresh_tokens::dsl as refresh_tokens, users::dsl as users},
}; };
pub fn verify_user(conn: &PgConnection, username: &str, password: &str) -> crate::Result<User>
{
// TODO handle non-"NotFound" Diesel errors accordingely
let user = users::users
.filter(users::username.eq(username))
.first::<User>(conn)
.map_err(|_| RbError::AuthUnknownUser)?;
// Check if a user is blocked
if user.blocked {
return Err(RbError::AuthBlockedUser);
}
match verify_encoded(user.password.as_str(), password.as_bytes()) {
Ok(true) => Ok(user),
_ => Err(RbError::AuthInvalidPassword),
}
}
#[derive(Serialize)] #[derive(Serialize)]
#[serde(rename_all = "camelCase")] #[serde(rename_all = "camelCase")]
pub struct JWTResponse pub struct JWTResponse
@ -76,6 +96,39 @@ pub fn generate_jwt_token(conn: &PgConnection, user: &User) -> crate::Result<JWT
}) })
} }
pub fn hash_password(password: &str) -> crate::Result<String>
{
// Generate a random salt
let mut salt = [0u8; 64];
thread_rng().fill(&mut salt[..]);
// Encode the actual password
let config = argon2::Config::default();
argon2::hash_encoded(password.as_bytes(), &salt, &config)
.map_err(|_| RbError::Custom("Couldn't hash password."))
}
pub fn create_admin_user(conn: &PgConnection, username: &str, password: &str)
-> crate::Result<bool>
{
let pass_hashed = hash_password(password)?;
let new_user = NewUser {
username: username.to_string(),
password: pass_hashed,
admin: true,
};
insert_into(users::users)
.values(&new_user)
.on_conflict(users::username)
.do_update()
.set(&new_user)
.execute(conn)
.map_err(|_| RbError::Custom("Couldn't create admin."))?;
Ok(true)
}
pub fn refresh_token(conn: &PgConnection, refresh_token: &str) -> crate::Result<JWTResponse> pub fn refresh_token(conn: &PgConnection, refresh_token: &str) -> crate::Result<JWTResponse>
{ {
let token_bytes = let token_bytes =

63
src/auth/mod.rs
View File

@ -1,63 +0,0 @@
use argon2::verify_encoded;
use diesel::{insert_into, prelude::*, PgConnection};
use rand::{thread_rng, Rng};
use crate::{
db::users::{NewUser, User},
errors::RbError,
schema::users::dsl as users,
};
pub mod jwt;
pub fn verify_user(conn: &PgConnection, username: &str, password: &str) -> crate::Result<User>
{
// TODO handle non-"NotFound" Diesel errors accordingely
let user = users::users
.filter(users::username.eq(username))
.first::<User>(conn)
.map_err(|_| RbError::AuthUnknownUser)?;
// Check if a user is blocked
if user.blocked {
return Err(RbError::AuthBlockedUser);
}
match verify_encoded(user.password.as_str(), password.as_bytes()) {
Ok(true) => Ok(user),
_ => Err(RbError::AuthInvalidPassword),
}
}
pub fn hash_password(password: &str) -> crate::Result<String>
{
// Generate a random salt
let mut salt = [0u8; 64];
thread_rng().fill(&mut salt[..]);
// Encode the actual password
let config = argon2::Config::default();
argon2::hash_encoded(password.as_bytes(), &salt, &config)
.map_err(|_| RbError::Custom("Couldn't hash password."))
}
pub fn create_admin_user(conn: &PgConnection, username: &str, password: &str)
-> crate::Result<bool>
{
let pass_hashed = hash_password(password)?;
let new_user = NewUser {
username: username.to_string(),
password: pass_hashed,
admin: true,
};
insert_into(users::users)
.values(&new_user)
.on_conflict(users::username)
.do_update()
.set(&new_user)
.execute(conn)
.map_err(|_| RbError::Custom("Couldn't create admin."))?;
Ok(true)
}

1
src/errors.rs
View File

@ -79,7 +79,6 @@ impl<'r> Responder<'r, 'static> for RbError
"message": self.message(), "message": self.message(),
}); });
// TODO add status to response
content.respond_to(req) content.respond_to(req)
} }
} }

8
src/guards.rs
View File

@ -1,6 +1,6 @@
use hmac::{Hmac, NewMac}; use hmac::{Hmac, NewMac};
use jwt::VerifyWithKey; use jwt::VerifyWithKey;
use rb::auth::jwt::Claims; use rb::auth::Claims;
use rocket::{ use rocket::{
http::Status, http::Status,
outcome::try_outcome, outcome::try_outcome,
@ -39,10 +39,10 @@ impl<'r> FromRequest<'r> for Bearer<'r>
} }
/// Verifies the provided JWT is valid. /// Verifies the provided JWT is valid.
pub struct Jwt(Claims); pub struct JWT(Claims);
#[rocket::async_trait] #[rocket::async_trait]
impl<'r> FromRequest<'r> for Jwt impl<'r> FromRequest<'r> for JWT
{ {
type Error = rb::errors::RbError; type Error = rb::errors::RbError;
@ -91,7 +91,7 @@ impl<'r> FromRequest<'r> for User
async fn from_request(req: &'r Request<'_>) -> Outcome<Self, Self::Error> async fn from_request(req: &'r Request<'_>) -> Outcome<Self, Self::Error>
{ {
let claims = try_outcome!(req.guard::<Jwt>().await).0; let claims = try_outcome!(req.guard::<JWT>().await).0;
// Verify key hasn't yet expired // Verify key hasn't yet expired
if chrono::Utc::now().timestamp() > claims.exp { if chrono::Utc::now().timestamp() > claims.exp {

4
src/routes/admin.rs
View File

@ -10,13 +10,13 @@ pub fn routes() -> Vec<rocket::Route>
} }
#[get("/users")] #[get("/users")]
async fn get_users(_admin: Admin, conn: RbDbConn) -> rb::Result<Json<Vec<db::User>>> async fn get_users(admin: Admin, conn: RbDbConn) -> rb::Result<Json<Vec<db::User>>>
{ {
Ok(Json(conn.run(|c| db::users::all(c)).await?)) Ok(Json(conn.run(|c| db::users::all(c)).await?))
} }
#[post("/users", data = "<user>")] #[post("/users", data = "<user>")]
async fn create_user(_admin: Admin, conn: RbDbConn, user: Json<db::NewUser>) -> rb::Result<()> async fn create_user(admin: Admin, conn: RbDbConn, user: Json<db::NewUser>) -> rb::Result<()>
{ {
Ok(conn Ok(conn
.run(move |c| db::users::create(c, &user.into_inner())) .run(move |c| db::users::create(c, &user.into_inner()))

7
src/routes/auth.rs
View File

@ -1,7 +1,4 @@
use rb::auth::{ use rb::auth::{generate_jwt_token, verify_user, JWTResponse};
jwt::{generate_jwt_token, JWTResponse},
verify_user,
};
use rocket::serde::json::Json; use rocket::serde::json::Json;
use serde::Deserialize; use serde::Deserialize;
@ -54,7 +51,7 @@ async fn refresh_token(
let refresh_token = refresh_token_request.into_inner().refresh_token; let refresh_token = refresh_token_request.into_inner().refresh_token;
Ok(Json( Ok(Json(
conn.run(move |c| rb::auth::jwt::refresh_token(c, &refresh_token)) conn.run(move |c| rb::auth::refresh_token(c, &refresh_token))
.await?, .await?,
)) ))
} }