forked from Chewing_Bever/rusty-bever
				
			Further split guards
							parent
							
								
									dab90bc4a9
								
							
						
					
					
						commit
						89851a2018
					
				|  | @ -47,8 +47,8 @@ pub struct Claims { | |||
| 
 | ||||
| pub fn generate_jwt_token(conn: &PgConnection, user: &User) -> crate::Result<JWTResponse> { | ||||
|     let secret = std::env::var("JWT_KEY").map_err(|_| RBError::MissingJWTKey)?; | ||||
|     let key: Hmac<Sha256> = Hmac::new_from_slice(secret.as_bytes()) | ||||
|         .map_err(|_| RBError::JWTCreationError)?; | ||||
|     let key: Hmac<Sha256> = | ||||
|         Hmac::new_from_slice(secret.as_bytes()).map_err(|_| RBError::JWTCreationError)?; | ||||
| 
 | ||||
|     let current_time = Utc::now(); | ||||
| 
 | ||||
|  |  | |||
|  | @ -1,23 +1,25 @@ | |||
| use crate::guards::User; | ||||
| use crate::RbDbConn; | ||||
| use rb::auth::{generate_jwt_token, verify_user, JWTResponse}; | ||||
| use rocket::serde::json::Json; | ||||
| use serde::Deserialize; | ||||
| use crate::guards::User; | ||||
| 
 | ||||
| pub(crate) fn routes() -> Vec<rocket::Route> { | ||||
|     routes![login, me] | ||||
|     routes![login, already_logged_in, me] | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| #[derive(Deserialize)] | ||||
| struct Credentials { | ||||
|     username: String, | ||||
|     password: String, | ||||
| } | ||||
| 
 | ||||
| // TODO add catch for when user immediately requests new JWT token (they could totally spam this)
 | ||||
| #[post("/login")] | ||||
| async fn already_logged_in(_user: User) -> String { | ||||
|     String::from("You're already logged in!") | ||||
| } | ||||
| 
 | ||||
| #[post("/login", data = "<credentials>")] | ||||
| #[post("/login", data = "<credentials>", rank = 2)] | ||||
| async fn login(conn: RbDbConn, credentials: Json<Credentials>) -> rb::Result<Json<JWTResponse>> { | ||||
|     let credentials = credentials.into_inner(); | ||||
| 
 | ||||
|  |  | |||
|  | @ -1,17 +1,18 @@ | |||
| use rocket::{ | ||||
|     http::Status, | ||||
|     outcome::try_outcome, | ||||
|     request::{FromRequest, Outcome, Request} | ||||
| }; | ||||
| use hmac::{Hmac, NewMac}; | ||||
| use jwt::VerifyWithKey; | ||||
| use rb::auth::Claims; | ||||
| use rocket::{ | ||||
|     http::Status, | ||||
|     outcome::try_outcome, | ||||
|     request::{FromRequest, Outcome, Request}, | ||||
| }; | ||||
| use sha2::Sha256; | ||||
| 
 | ||||
| pub struct JWT(String); | ||||
| /// Extracts a "Authorization: Bearer" string from the headers.
 | ||||
| pub struct Bearer(String); | ||||
| 
 | ||||
| #[rocket::async_trait] | ||||
| impl<'r> FromRequest<'r> for JWT { | ||||
| impl<'r> FromRequest<'r> for Bearer { | ||||
|     type Error = rb::errors::RBError; | ||||
| 
 | ||||
|     async fn from_request(req: &'r Request<'_>) -> Outcome<Self, Self::Error> { | ||||
|  | @ -26,23 +27,24 @@ impl<'r> FromRequest<'r> for JWT { | |||
|         } | ||||
| 
 | ||||
|         // Extract the jwt token from the header
 | ||||
|         let jwt_token = match header.get(7..) { | ||||
|             Some(token) => token, | ||||
|         let auth_string = match header.get(7..) { | ||||
|             Some(s) => s, | ||||
|             None => return Outcome::Forward(()), | ||||
|         }; | ||||
| 
 | ||||
|         Outcome::Success(Self(jwt_token.to_string())) | ||||
|         Outcome::Success(Self(auth_string.to_string())) | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| pub struct User(Claims); | ||||
| /// Verifies the provided JWT is valid.
 | ||||
| pub struct JWT(Claims); | ||||
| 
 | ||||
| #[rocket::async_trait] | ||||
| impl<'r> FromRequest<'r> for User { | ||||
| impl<'r> FromRequest<'r> for JWT { | ||||
|     type Error = rb::errors::RBError; | ||||
| 
 | ||||
|     async fn from_request(req: &'r Request<'_>) -> Outcome<Self, Self::Error> { | ||||
|         let jwt_token = try_outcome!(req.guard::<JWT>().await).0; | ||||
|         let bearer = try_outcome!(req.guard::<Bearer>().await).0; | ||||
| 
 | ||||
|         // Get secret & key
 | ||||
|         let secret = match std::env::var("JWT_KEY") { | ||||
|  | @ -57,22 +59,36 @@ impl<'r> FromRequest<'r> for User { | |||
|                 return Outcome::Failure((Status::InternalServerError, Self::Error::JWTError)) | ||||
|             } | ||||
|         }; | ||||
| 
 | ||||
|         // Verify token using key
 | ||||
|         let claims: Claims = match jwt_token.verify_with_key(&key) { | ||||
|         let claims: Claims = match bearer.verify_with_key(&key) { | ||||
|             Ok(claims) => claims, | ||||
|             Err(_) => return Outcome::Failure((Status::Unauthorized, Self::Error::Unauthorized)), | ||||
|         }; | ||||
| 
 | ||||
|         Outcome::Success(Self(claims)) | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| /// Verifies the JWT has not expired.
 | ||||
| pub struct User(Claims); | ||||
| 
 | ||||
| #[rocket::async_trait] | ||||
| impl<'r> FromRequest<'r> for User { | ||||
|     type Error = rb::errors::RBError; | ||||
| 
 | ||||
|     async fn from_request(req: &'r Request<'_>) -> Outcome<Self, Self::Error> { | ||||
|         let claims = try_outcome!(req.guard::<JWT>().await).0; | ||||
| 
 | ||||
|         // Verify key hasn't yet expired
 | ||||
|         if chrono::Utc::now().timestamp() > claims.exp { | ||||
|             return Outcome::Failure((Status::Unauthorized, Self::Error::Unauthorized)); | ||||
|             return Outcome::Failure((Status::Forbidden, Self::Error::TokenExpired)); | ||||
|         } | ||||
| 
 | ||||
|         Outcome::Success(Self(claims)) | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| /// Verifies the JWT belongs to an admin.
 | ||||
| pub struct Admin(Claims); | ||||
| 
 | ||||
| #[rocket::async_trait] | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue