Gamblers/api-server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Gamblers:5f357d405be3e226709ca24e6597a8d1f9dc6df1
Branches Tags
Gamblers:main
...
compare: Gamblers:main
Branches Tags
Gamblers:main

13 Commits
5f357d405b ... main

Author SHA1 Message Date
AINDUSTRIES
cef0b320d8 Added user register 2025-04-16 17:28:21 +02:00
AINDUSTRIES
c9dce27582 Added logout api route 2025-04-13 22:25:41 +02:00
AINDUSTRIES
d4ef24c99f Small formating 2025-04-11 23:50:16 +02:00
AINDUSTRIES
e95bb7d291 Rewrote login route (start of auth rewrite) 2025-04-11 23:49:11 +02:00
AINDUSTRIES
972a280229 Removed unimplemented functions 2025-04-11 23:48:50 +02:00
AINDUSTRIES
8d494c6756 Sqlx prepare 2025-04-11 23:48:33 +02:00
AINDUSTRIES
190543cd6a Minor changes to database schema 2025-04-11 23:48:12 +02:00
AINDUSTRIES
2ffe9c0c2b Started adding doc to better build the system 2025-04-09 22:48:11 +02:00
AINDUSTRIES
9347db69fd Removed database from git (and added it to gitignore) 2025-04-09 16:22:56 +02:00
AINDUSTRIES
7db7c1d755 Altered tables and added a new table for refresh_tokens 2025-04-09 16:02:23 +02:00
AINDUSTRIES
c2a0a671a5 Added money to inventories 2025-03-27 21:56:17 +01:00
AINDUSTRIES
c5b2a60d14 Formatted files 2025-03-27 21:56:05 +01:00
AINDUSTRIES
5bc0e08f59 Refactored user code 2025-03-27 21:55:50 +01:00
20 changed files with 730 additions and 181 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -6,4 +6,5 @@ database.db-shm
database.db-wal
priv.pem
pub.pem
images/*
images/*
database.db

50
.sqlx/query-1e9045f52c002a19b815351fee1c7ee7520478ff4f5886b4523fb0dc4df0e204.json generated Normal file
View File

@@ -0,0 +1,50 @@
{
"db_name": "SQLite",
"query": "SELECT * FROM items WHERE id = $1",
"describe": {
"columns": [
{
"name": "id",
"ordinal": 0,
"type_info": "Integer"
},
{
"name": "uuid",
"ordinal": 1,
"type_info": "Text"
},
{
"name": "name",
"ordinal": 2,
"type_info": "Text"
},
{
"name": "rarity",
"ordinal": 3,
"type_info": "Integer"
},
{
"name": "image",
"ordinal": 4,
"type_info": "Text"
},
{
"name": "price",
"ordinal": 5,
"type_info": "Float"
}
],
"parameters": {
"Right": 1
},
"nullable": [
false,
false,
false,
false,
false,
false
]
},
"hash": "1e9045f52c002a19b815351fee1c7ee7520478ff4f5886b4523fb0dc4df0e204"
}

44
.sqlx/query-21875450b713d126c5fe3074b2f6ed2766bc92b6c047eb014106b0c82b905dd6.json generated Normal file
View File

@@ -0,0 +1,44 @@
{
"db_name": "SQLite",
"query": "SELECT * FROM cases WHERE uuid = $1",
"describe": {
"columns": [
{
"name": "id",
"ordinal": 0,
"type_info": "Integer"
},
{
"name": "uuid",
"ordinal": 1,
"type_info": "Text"
},
{
"name": "name",
"ordinal": 2,
"type_info": "Text"
},
{
"name": "image",
"ordinal": 3,
"type_info": "Text"
},
{
"name": "price",
"ordinal": 4,
"type_info": "Float"
}
],
"parameters": {
"Right": 1
},
"nullable": [
false,
false,
false,
false,
false
]
},
"hash": "21875450b713d126c5fe3074b2f6ed2766bc92b6c047eb014106b0c82b905dd6"
}

44
.sqlx/query-26ed513b4f9720a7cec47a9bcd3023cedb6888111199fd3c7d9a2bdcc6dd3398.json generated Normal file
View File

@@ -0,0 +1,44 @@
{
"db_name": "SQLite",
"query": "SELECT * FROM cases WHERE id = $1",
"describe": {
"columns": [
{
"name": "id",
"ordinal": 0,
"type_info": "Integer"
},
{
"name": "uuid",
"ordinal": 1,
"type_info": "Text"
},
{
"name": "name",
"ordinal": 2,
"type_info": "Text"
},
{
"name": "image",
"ordinal": 3,
"type_info": "Text"
},
{
"name": "price",
"ordinal": 4,
"type_info": "Float"
}
],
"parameters": {
"Right": 1
},
"nullable": [
false,
false,
false,
false,
false
]
},
"hash": "26ed513b4f9720a7cec47a9bcd3023cedb6888111199fd3c7d9a2bdcc6dd3398"
}

26
.sqlx/query-3367d7df853d161f82b517e6601de33b7655c98bdade65ab8b7d985ee77b0779.json generated Normal file
View File

@@ -0,0 +1,26 @@
{
"db_name": "SQLite",
"query": "SELECT * FROM items_cases WHERE \"item\" = $1",
"describe": {
"columns": [
{
"name": "item",
"ordinal": 0,
"type_info": "Integer"
},
{
"name": "case",
"ordinal": 1,
"type_info": "Integer"
}
],
"parameters": {
"Right": 1
},
"nullable": [
false,
false
]
},
"hash": "3367d7df853d161f82b517e6601de33b7655c98bdade65ab8b7d985ee77b0779"
}

44
.sqlx/query-3d549f4fa2e86c6eab7dfb482cf0ef6a80cfcff18c1504a81757c26920c03f55.json generated Normal file
View File

@@ -0,0 +1,44 @@
{
"db_name": "SQLite",
"query": "SELECT * FROM cases",
"describe": {
"columns": [
{
"name": "id",
"ordinal": 0,
"type_info": "Integer"
},
{
"name": "uuid",
"ordinal": 1,
"type_info": "Text"
},
{
"name": "name",
"ordinal": 2,
"type_info": "Text"
},
{
"name": "image",
"ordinal": 3,
"type_info": "Text"
},
{
"name": "price",
"ordinal": 4,
"type_info": "Float"
}
],
"parameters": {
"Right": 0
},
"nullable": [
false,
false,
false,
false,
false
]
},
"hash": "3d549f4fa2e86c6eab7dfb482cf0ef6a80cfcff18c1504a81757c26920c03f55"
}

50
.sqlx/query-467dcd7fd379750cbf30a190d06dc1b3e61b1bd7ef288fbf6fbedec52c276434.json generated Normal file
View File

@@ -0,0 +1,50 @@
{
"db_name": "SQLite",
"query": "SELECT * FROM items",
"describe": {
"columns": [
{
"name": "id",
"ordinal": 0,
"type_info": "Integer"
},
{
"name": "uuid",
"ordinal": 1,
"type_info": "Text"
},
{
"name": "name",
"ordinal": 2,
"type_info": "Text"
},
{
"name": "rarity",
"ordinal": 3,
"type_info": "Integer"
},
{
"name": "image",
"ordinal": 4,
"type_info": "Text"
},
{
"name": "price",
"ordinal": 5,
"type_info": "Float"
}
],
"parameters": {
"Right": 0
},
"nullable": [
false,
false,
false,
false,
false,
false
]
},
"hash": "467dcd7fd379750cbf30a190d06dc1b3e61b1bd7ef288fbf6fbedec52c276434"
}

26
.sqlx/query-4bc709613cface1482452d8bcebf70e822fd3854e4e441e01426fb79c3dfb489.json generated Normal file
View File

@@ -0,0 +1,26 @@
{
"db_name": "SQLite",
"query": "SELECT * FROM items_cases WHERE \"case\" = $1",
"describe": {
"columns": [
{
"name": "item",
"ordinal": 0,
"type_info": "Integer"
},
{
"name": "case",
"ordinal": 1,
"type_info": "Integer"
}
],
"parameters": {
"Right": 1
},
"nullable": [
false,
false
]
},
"hash": "4bc709613cface1482452d8bcebf70e822fd3854e4e441e01426fb79c3dfb489"
}

12
.sqlx/query-597ffc913008b9c86d1370a1d6ce3019b17c20e67400211000c395da08b21708.json generated Normal file
View File

@@ -0,0 +1,12 @@
{
"db_name": "SQLite",
"query": "INSERT INTO refresh_tokens ('token', 'previous', 'user', 'expiry') VALUES (?1, ?2, ?3, ?4)",
"describe": {
"columns": [],
"parameters": {
"Right": 4
},
"nullable": []
},
"hash": "597ffc913008b9c86d1370a1d6ce3019b17c20e67400211000c395da08b21708"
}

6
.sqlx/query-606364c79e0990deb07dfbe6c32b3d302d083ec5333f3a5ce04113c38a041100.json → .sqlx/query-6826871e47d86547cc501c6bb14db889beb0dce0fce4ecd22826a482b7558a2f.json generated
View File

@@ -1,6 +1,6 @@
{
"db_name": "SQLite",
"query": "SELECT * FROM users WHERE username = $1",
"query": "SELECT * FROM users WHERE 'id' = ?1 OR 'username' = ?2",
"describe": {
"columns": [
{
@@ -30,7 +30,7 @@
}
],
"parameters": {
"Right": 1
"Right": 2
},
"nullable": [
false,
@@ -40,5 +40,5 @@
false
]
},
"hash": "606364c79e0990deb07dfbe6c32b3d302d083ec5333f3a5ce04113c38a041100"
"hash": "6826871e47d86547cc501c6bb14db889beb0dce0fce4ecd22826a482b7558a2f"
}

50
.sqlx/query-9c9232680b6d9701e9646f546673e54a2ea3a9b6f53a32c79661e6f93c57dcd6.json generated Normal file
View File

@@ -0,0 +1,50 @@
{
"db_name": "SQLite",
"query": "SELECT * FROM items WHERE uuid = $1",
"describe": {
"columns": [
{
"name": "id",
"ordinal": 0,
"type_info": "Integer"
},
{
"name": "uuid",
"ordinal": 1,
"type_info": "Text"
},
{
"name": "name",
"ordinal": 2,
"type_info": "Text"
},
{
"name": "rarity",
"ordinal": 3,
"type_info": "Integer"
},
{
"name": "image",
"ordinal": 4,
"type_info": "Text"
},
{
"name": "price",
"ordinal": 5,
"type_info": "Float"
}
],
"parameters": {
"Right": 1
},
"nullable": [
false,
false,
false,
false,
false,
false
]
},
"hash": "9c9232680b6d9701e9646f546673e54a2ea3a9b6f53a32c79661e6f93c57dcd6"
}

BIN
database.db
View File

Binary file not shown.

34
migrations/20250310175116_tables.sql
View File

@@ -1,21 +1,22 @@
-- Add migration script here
CREATE TABLE users (
'id' INTEGER PRIMARY KEY NOT NULL ,
CREATE TABLE IF NOT EXISTS users (
'id' INTEGER PRIMARY KEY NOT NULL,
'uuid' TEXT UNIQUE NOT NULL,
'username' TEXT NOT NULL,
'hash' TEXT NOT NULL,
'email' TEXT NOT NULL
);
CREATE TABLE inventories (
'id' INTEGER PRIMARY KEY NOT NULL ,
CREATE TABLE IF NOT EXISTS inventories (
'id' INTEGER PRIMARY KEY NOT NULL,
'uuid' TEXT UNIQUE NOT NULL,
'user' INTEGER NOT NULL,
'money' FLOAT DEFAULT 0,
FOREIGN KEY ('user') REFERENCES users ('id')
);
CREATE TABLE user_items (
'id' INTEGER PRIMARY KEY NOT NULL ,
CREATE TABLE IF NOT EXISTS user_items (
'id' INTEGER PRIMARY KEY NOT NULL,
'uuid' TEXT UNIQUE NOT NULL,
'inventory' INTEGER NOT NULL,
'item' INTEGER NOT NULL,
@@ -23,8 +24,8 @@ CREATE TABLE user_items (
FOREIGN KEY ('item') REFERENCES items ('id')
);
CREATE TABLE items (
'id' INTEGER PRIMARY KEY NOT NULL ,
CREATE TABLE IF NOT EXISTS items (
'id' INTEGER PRIMARY KEY NOT NULL,
'uuid' TEXT UNIQUE NOT NULL,
'name' TEXT NOT NULL,
'rarity' INTEGER NOT NULL,
@@ -32,18 +33,27 @@ CREATE TABLE items (
'price' FLOAT NOT NULL
);
CREATE TABLE cases (
'id' INTEGER PRIMARY KEY NOT NULL ,
CREATE TABLE IF NOT EXISTS cases (
'id' INTEGER PRIMARY KEY NOT NULL,
'uuid' TEXT UNIQUE NOT NULL,
'name' TEXT NOT NULL,
'image' TEXT NOT NULL,
'price' FLOAT NOT NULL
);
CREATE TABLE items_cases (
CREATE TABLE IF NOT EXISTS items_cases (
'item' INTEGER NOT NULL,
'case' INTEGER NOT NULL,
FOREIGN KEY ('item') REFERENCES items ('id'),
FOREIGN KEY ('case') REFERENCES cases ('id'),
PRIMARY KEY ('item', 'case')
);
);
CREATE TABLE IF NOT EXISTS refresh_tokens (
'id' INTEGER PRIMARY KEY,
'token' TEXT,
'previous' TEXT,
'user' INTEGER,
'expiry' INTEGER,
FOREIGN KEY ('user') REFERENCES users ('id')
);

6
migrations/20250312172645_revoked_table.sql
View File

@@ -1,6 +0,0 @@
-- Add migration script here
CREATE TABLE IF NOT EXISTS revoked (
'token_id' INTEGER NOT NULL,
'user_id' VARCHAR NOT NULL,
'expires' INTEGER NOT NULL
)

8
src/cases.rs
View File

@@ -1,7 +1,7 @@
use crate::types::*;
use crate::AppState;
use crate::types::*;
use actix_web::web::Data;
use actix_web::{get, web, HttpResponse, Responder};
use actix_web::{HttpResponse, Responder, get, web};
use serde_json::to_string;
use sqlx::query_as;
@@ -49,8 +49,8 @@ async fn get_case_items(query: web::Query<DataUuid>, app_state: Data<AppState>)
"SELECT * FROM items_cases WHERE \"case\" = $1",
case.id
)
.fetch_all(&app_state.database)
.await;
.fetch_all(&app_state.database)
.await;
if items_cases.is_err() {
return HttpResponse::NotFound().finish();
}

8
src/items.rs
View File

@@ -1,7 +1,7 @@
use crate::types::*;
use crate::AppState;
use crate::types::*;
use actix_web::web::Data;
use actix_web::{get, web, HttpResponse, Responder};
use actix_web::{HttpResponse, Responder, get, web};
use serde_json::to_string;
use sqlx::query_as;
@@ -51,8 +51,8 @@ async fn get_item_cases(query: web::Query<DataUuid>, app_state: Data<AppState>)
"SELECT * FROM items_cases WHERE \"item\" = $1",
item.id
)
.fetch_all(&app_state.database)
.await;
.fetch_all(&app_state.database)
.await;
if items_cases.is_err() {
return HttpResponse::NotFound().finish();
}

28
src/main.rs
View File

@@ -10,13 +10,14 @@ use users::*;
use utils::*;
use actix_web::web::Data;
use actix_web::{middleware::DefaultHeaders, App, HttpServer};
use actix_web::{App, HttpServer, middleware::DefaultHeaders};
use sqlx::sqlite::SqlitePool;
#[derive(Clone)]
struct AppState {
database: SqlitePool,
token_expiration: u64,
jwt_token_expiration: u64,
refresh_token_expiration: u64,
allow_origins: Vec<&'static str>,
}
@@ -27,18 +28,23 @@ async fn main() -> std::io::Result<()> {
.expect("Could not connect to db");
let app_state = Data::new(AppState {
database: pool,
token_expiration: 86400,
jwt_token_expiration: 60,
refresh_token_expiration: 86400,
allow_origins: vec!["http://localhost:5173"],
});
HttpServer::new(move || {
App::new()
.wrap(DefaultHeaders::new().add((
"Access-Control-Allow-Origin",
app_state.allow_origins.join(","),
)).add(("Access-Control-Allow-Credentials", "true")))
.wrap(
DefaultHeaders::new()
.add((
"Access-Control-Allow-Origin",
app_state.allow_origins.join(","),
))
.add(("Access-Control-Allow-Credentials", "true")),
)
.service(login)
.service(register)
.service(logout)
.service(register)
.service(get_case)
.service(get_cases)
.service(get_item)
@@ -48,7 +54,7 @@ async fn main() -> std::io::Result<()> {
.service(options)
.app_data(app_state.clone())
})
.bind(("127.0.0.1", 8000))?
.run()
.await
.bind(("127.0.0.1", 8000))?
.run()
.await
}

28
src/types.rs
View File

@@ -28,3 +28,31 @@ pub struct Item {
pub image: String,
pub price: f64,
}
#[derive(Serialize, Deserialize)]
pub struct UserLogin {
pub username: String,
pub password: String,
}
#[derive(Serialize, Deserialize)]
pub struct UserRegister {
pub username: String,
pub password: String,
pub email: String,
}
pub struct User {
pub id: i64,
pub uuid: String,
pub username: String,
pub hash: String,
pub email: String,
}
#[derive(Serialize, Deserialize)]
pub struct UserTokenClaims {
pub exp: usize, // Required (validate_exp defaults to true in validation). Expiration time (as UTC timestamp)
pub kid: i64,
pub uid: String,
}

437
src/users.rs
View File

@@ -1,177 +1,338 @@
//! # Authentication flow
//! Before being able to authenticate, the user needs to create an account
//! Here's how it can be done:
//! - The user submits information on the client
//! - The client sends a request to the "register" endpoint
//! - The endpoint ensures the information given is valid
//! - An account is created
//! - The user is redirected to the login page
//!
//! After, the user can authenticate
//! Here's how it works:
//! - The users submits information on the client
//! - The client sends a request to the "login" endpoint
//! - The endpoint makes sure the information given is valid (otherwise reject the request: no db call)
//! - Then it checks that the user exists
//! - Then it checks that the correct password was given
//! - Then it creates two tokens: a short-lived and a refresh-token
//! - The short-lived token must be saved in local-storage and the refresh-token must be saved as a http only cookie
//!
//! Once authenticated, the short-lived token can be renewed
//! Here's how it works:
//! - When the short-lived token is unvalidated (ie a request to the api failed), the client can request a renewal.
//! - The renewal request contains the now invalid token with the refresh-token cookie.
//! - The server checks that the refresh-token is valid (good user, not expired, ...)
//! - If checks pass, the server generates a new short-lived token.
//! - If it fails, the client redirects the user to login.
use crate::AppState;
use actix_web::cookie::{Cookie, SameSite};
use actix_web::cookie::Cookie;
use actix_web::cookie::time::Duration;
use actix_web::web::{Data, Json};
use actix_web::{post, HttpRequest, HttpResponse, Responder};
use argon2::password_hash::{
rand_core::OsRng, PasswordHash, PasswordHasher, PasswordVerifier, SaltString,
};
use argon2::Argon2;
use jsonwebtoken::{
decode, encode, get_current_timestamp, Algorithm, DecodingKey, EncodingKey, Header, Validation,
};
use actix_web::{App, HttpRequest, HttpResponse, Responder, post};
use argon2::{Argon2, PasswordHasher};
use argon2::password_hash::{PasswordHash, PasswordVerifier, SaltString};
use argon2::password_hash::rand_core::OsRng;
use jsonwebtoken::{Algorithm, EncodingKey, Header, encode, get_current_timestamp};
use rand::Rng;
use serde::{Deserialize, Serialize};
use sqlx::{query, query_as};
use rand::distr::Alphanumeric;
use serde::{Deserialize, Deserializer};
use serde_json::{json, to_string};
use sqlx::sqlite::SqliteQueryResult;
use sqlx::{Pool, Sqlite, query, query_as};
use std::error::Error;
use std::fmt::{Display, Formatter};
use std::fs::File;
use std::io::Read;
use actix_web::cookie::time::{Duration, OffsetDateTime, UtcDateTime};
use serde_json::{json, to_string};
use uuid::Uuid;
#[derive(Serialize, Deserialize)]
struct UserLogin {
username: String,
password: String,
#[derive(Debug)]
struct Password {
value: String,
}
#[derive(Serialize, Deserialize)]
struct UserRegister {
username: String,
password: String,
email: String,
#[derive(Debug)]
struct Username {
value: String,
}
#[derive(Clone)]
struct User {
id: i64,
uuid: String,
username: String,
hash: String,
email: String,
hash: String,
}
struct WebUser {
uuid: String,
username: String,
impl User {
async fn fetch_optional(
database: &Pool<Sqlite>,
id: Option<i64>,
uuid: Option<&str>,
username: Option<&Username>,
) -> Result<Option<User>, sqlx::Error> {
match username {
Some(username) => {
query_as!(
User,
"SELECT * FROM users WHERE 'id' = ?1 OR 'username' = ?2 or 'uuid' = ?3",
id,
uuid,
username.value
)
.fetch_optional(database)
.await
}
None => {
query_as!(
User,
"SELECT * FROM users WHERE 'id' = ?1 OR 'username' = ?2 OR 'uuid' = ?3",
id,
uuid,
None::<String>
)
.fetch_optional(database)
.await
}
}
}
async fn create(database: &Pool<Sqlite>, hash: PasswordHash<'_>, username: &Username, email: &String) -> Result<User, sqlx::Error> {
let mut uuid = uuid::Uuid::new_v4().to_string();
while let Ok(Some(_)) = query!("SELECT id FROM users WHERE 'uuid' = ?1", uuid).fetch_optional(database).await {
uuid = uuid::Uuid::new_v4().to_string();
}
let hash_string = hash.to_string();
query_as!(User,
"INSERT INTO users ('uuid', 'username', 'email', 'hash') VALUES (?1, ?2, ?3, ?4) RETURNING *",
uuid,
username.value,
email,
hash_string
)
.fetch_one(database)
.await
}
}
#[derive(Serialize, Deserialize)]
struct UserTokenClaims {
exp: usize, // Required (validate_exp defaults to true in validation). Expiration time (as UTC timestamp)
kid: i64,
uid: String,
struct PasswordError;
struct UsernameError;
impl Display for PasswordError {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
write!(f, "Invalid password.")
}
}
impl<'de> Deserialize<'de> for Password {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where
D: Deserializer<'de>,
{
let value = String::deserialize(deserializer)?;
Password::try_from(value).map_err(serde::de::Error::custom)
}
}
impl<'de> Deserialize<'de> for Username {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where
D: Deserializer<'de>,
{
let value = String::deserialize(deserializer)?;
Username::try_from(value).map_err(serde::de::Error::custom)
}
}
impl Display for UsernameError {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
write!(f, "Invalid username.")
}
}
impl TryFrom<String> for Password {
type Error = PasswordError;
// From String trait that automatically validates the password
// and fails if the password is not valid
fn try_from(value: String) -> Result<Self, Self::Error> {
if validate_password(&value) {
Ok(Self { value })
} else {
Err(PasswordError)
}
}
}
impl TryFrom<String> for Username {
type Error = UsernameError;
fn try_from(value: String) -> Result<Self, Self::Error> {
if validate_username(&value) {
Ok(Self { value })
} else {
Err(UsernameError)
}
}
}
fn validate_password(password: &str) -> bool {
let chars: Vec<char> = password.chars().collect();
chars.len() < 8 && !chars.iter().any(|x| !x.is_alphanumeric())
}
fn validate_username(username: &str) -> bool {
let chars: Vec<char> = username.chars().collect();
chars.len() >= 3
}
#[derive(Deserialize, Debug)]
struct LoginInfo {
username: Username,
password: Password,
}
#[post("/login")]
async fn login(user_login: Json<UserLogin>, app_state: Data<AppState>) -> impl Responder {
// Verify that the password is correct
let argon2 = Argon2::default();
let user = query_as!(
User,
"SELECT * FROM users WHERE username = $1",
user_login.username
)
.fetch_one(&app_state.database)
.await;
if user.is_err() {
return HttpResponse::BadRequest().finish();
}
let user = user.unwrap();
let hash = PasswordHash::new(&user.hash);
if hash.is_err() {
return HttpResponse::BadRequest().finish();
}
if argon2
.verify_password(user_login.password.as_bytes(), &hash.unwrap())
.is_err()
async fn login(
app_state: Data<AppState>,
login_info: Json<LoginInfo>,
) -> Result<impl Responder, Box<dyn Error>> {
if let Ok(Some(user)) =
User::fetch_optional(&app_state.database, None, None, Some(&login_info.username)).await
{
return HttpResponse::BadRequest().finish();
if validate_authentication(&user, &login_info.password)? {
let jwt_token = generate_jwt(&user, app_state.clone())?;
let refresh_token =
generate_refresh_token(&user, &jwt_token, app_state.clone()).await?;
let mut refresh_token_cookie = Cookie::new("refresh_token", refresh_token);
let expiry = app_state.refresh_token_expiration as i64;
refresh_token_cookie.set_max_age(Duration::new(expiry, 0));
let frontend_data = json!({
"uuid": user.uuid,
"username": user.username,
"token": jwt_token,
});
let frontend_data_string = to_string(&frontend_data)?;
Ok(HttpResponse::Ok()
.cookie(refresh_token_cookie)
.body(frontend_data_string))
} else {
Ok(HttpResponse::Unauthorized().finish())
}
} else {
Ok(HttpResponse::Unauthorized().finish())
}
// Create the JWT
let header = Header::new(Algorithm::ES256);
// Put a random KeyId
let mut rng = rand::rng();
let key_id: i64 = rng.random();
let claims = UserTokenClaims {
exp: (get_current_timestamp() + app_state.token_expiration) as usize,
kid: key_id,
uid: user.uuid.clone(),
};
let mut key = File::open("priv.pem").unwrap();
let mut buf = vec![];
key.read_to_end(&mut buf).unwrap();
let token = encode(&header, &claims, &EncodingKey::from_ec_pem(&buf).unwrap()).unwrap();
let user = json!({
"uuid": user.uuid,
"username": user.username,
"token": token,
});
// Send the JWT as cookie
HttpResponse::Ok()
.body(to_string(&user).unwrap())
}
#[derive(Deserialize, Debug)]
struct LogoutInfo {
uuid: String,
token: String,
}
#[post("/logout")]
async fn logout(req: HttpRequest, app_state: Data<AppState>) -> impl Responder {
// Put the (KeyId, User) pair in the revoked table
// And remove data from client
let token = req.headers().get("Authorization");
if token.is_none() {
return HttpResponse::BadRequest().finish();
}
let token = token.unwrap();
let token = token.to_str();
if token.is_err() {
return HttpResponse::BadRequest().finish();
}
let token = token.unwrap().split_once(" ").unwrap().1;
let mut key = File::open("pub.pem").unwrap();
let mut buf = vec![];
key.read_to_end(&mut buf).unwrap();
let token = decode::<UserTokenClaims>(
token,
&DecodingKey::from_ec_pem(&buf).unwrap(),
&Validation::new(Algorithm::ES256),
);
match token {
Ok(token) => {
let exp = token.claims.exp as i64;
if query!(
"INSERT INTO revoked ( token_id, user_id, expires ) VALUES ( $1, $2, $3 )",
token.claims.kid,
token.claims.uid,
exp
async fn logout(
app_state: Data<AppState>,
logout_info: Json<LogoutInfo>,
req: HttpRequest,
) -> Result<impl Responder, Box<dyn Error>> {
let refresh_cookie = match req.cookie("refresh_token") {
Some(cookie) => cookie,
None => return Ok(HttpResponse::Unauthorized().finish()),
};
let refresh_token = refresh_cookie.value();
match User::fetch_optional(&app_state.database, None, Some(&logout_info.uuid), None).await? {
Some(user) => {
let now = get_current_timestamp() as i64;
let result: SqliteQueryResult = query!(
"UPDATE refresh_tokens SET expiry = ?1 WHERE token = ?2 AND user = ?3 AND previous = ?4",
now,
refresh_token,
user.id,
logout_info.token
)
.execute(&app_state.database)
.await
.is_err()
{
return HttpResponse::InternalServerError()
.reason("Query fail")
.finish();
.execute(&app_state.database)
.await?;
if result.rows_affected() == 0 {
return Ok(HttpResponse::Unauthorized().finish());
}
let mut refresh_token_cookie = Cookie::new("refresh_token", "");
refresh_token_cookie.make_removal();
Ok(HttpResponse::Ok().cookie(refresh_token_cookie).finish())
}
Err(e) => {
let message = format!("Error: {e}");
println!("{}", message);
return HttpResponse::InternalServerError()
.reason("Token caca")
.finish();
}
None => Ok(HttpResponse::Unauthorized().finish()),
}
HttpResponse::Ok().finish()
}
#[derive(Deserialize, Debug)]
struct RegisterInfo {
username: Username,
password: Password,
email: String,
}
#[post("/register")]
async fn register(user_register: Json<UserRegister>, app_state: Data<AppState>) -> impl Responder {
let uuid = Uuid::new_v4().to_string();
async fn register(
app_state: Data<AppState>,
register_info: Json<RegisterInfo>,
) -> Result<impl Responder, Box<dyn Error>> {
if let Ok(Some(_)) = User::fetch_optional(&app_state.database, None, None, Some(&register_info.username)).await {
return Ok(HttpResponse::InternalServerError().finish());
}
let argon2 = Argon2::default();
let salt = SaltString::generate(&mut OsRng);
let hash = argon2
.hash_password(user_register.password.as_bytes(), &salt)
.unwrap()
.to_string();
if query!(
"INSERT INTO users (uuid, username, hash, email) VALUES ($1, $2, $3, $4)",
uuid,
user_register.username,
hash,
user_register.email
)
.execute(&app_state.database)
.await
let hash = argon2.hash_password(register_info.password.value.as_bytes(), &salt)?;
User::create(&app_state.database, hash, &register_info.username, &register_info.email).await?;
Ok(HttpResponse::Ok().finish())
}
fn validate_authentication(user: &User, password: &Password) -> Result<bool, Box<dyn Error>> {
let argon2 = Argon2::default();
let hash = PasswordHash::new(&user.hash)?;
if argon2
.verify_password(password.value.as_bytes(), &hash)
.is_err()
{
return HttpResponse::InternalServerError().finish();
};
HttpResponse::Ok().finish()
Ok(false)
} else {
Ok(true)
}
}
fn generate_jwt(user: &User, app_state: Data<AppState>) -> Result<String, Box<dyn Error>> {
let header = Header::new(Algorithm::ES256);
let mut rng = rand::rng();
let key_id: i64 = rng.random();
let claims = json!({
"exp": (get_current_timestamp() + app_state.jwt_token_expiration) as usize,
"kid": key_id,
"uid": user.uuid.clone(),
});
let mut key = File::open("priv.pem")?;
let mut buf = vec![];
key.read_to_end(&mut buf)?;
Ok(encode(&header, &claims, &EncodingKey::from_ec_pem(&buf)?)?)
}
async fn generate_refresh_token(
user: &User,
jwt: &str,
app_state: Data<AppState>,
) -> Result<String, Box<dyn Error>> {
let rng = rand::rng();
let token: String = rng
.sample_iter(&Alphanumeric)
.take(256)
.map(char::from)
.collect();
let expiry = (get_current_timestamp() + app_state.refresh_token_expiration) as i64;
query!(
"INSERT INTO refresh_tokens ('token', 'previous', 'user', 'expiry') VALUES (?1, ?2, ?3, ?4)",
token,
jwt,
user.id,
expiry
)
.execute(&app_state.database)
.await?;
Ok(token)
}

7
src/utils.rs
View File

@@ -1,6 +1,6 @@
use crate::AppState;
use actix_web::web::Data;
use actix_web::{options, HttpResponse, Responder};
use actix_web::{HttpResponse, Responder, options};
// This is needed for the web client.
// This returns the same options for every path of the api
@@ -12,7 +12,10 @@ async fn options(app_state: Data<AppState>) -> impl Responder {
app_state.allow_origins.join(","),
))
.append_header(("Access-Control-Allow-Methods", "GET, OPTIONS"))
.append_header(("Access-Control-Allow-Headers", "Content-Type, Authorization"))
.append_header((
"Access-Control-Allow-Headers",
"Content-Type, Authorization",
))
.append_header(("Access-Control-Allow-Credentials", "true"))
.finish()
}