forked from TWS/kalkutago
Add login+sign_up routes and auth guard
This commit is contained in:
parent
a8a23ff740
commit
88b58bb19d
73
server/src/api/auth.rs
Normal file
73
server/src/api/auth.rs
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
use log::warn;
|
||||||
|
use rocket::{
|
||||||
|
http::{Cookie, CookieJar, Status},
|
||||||
|
outcome::IntoOutcome,
|
||||||
|
request::{self, FromRequest},
|
||||||
|
serde::json::Json,
|
||||||
|
Request, State,
|
||||||
|
};
|
||||||
|
use sea_orm::{prelude::*, DatabaseConnection};
|
||||||
|
use serde::Deserialize;
|
||||||
|
|
||||||
|
use crate::{
|
||||||
|
api::error::ApiResult,
|
||||||
|
entities::{prelude::*, *},
|
||||||
|
error::Error,
|
||||||
|
};
|
||||||
|
|
||||||
|
#[derive(Clone, Deserialize)]
|
||||||
|
pub(super) struct LoginData {
|
||||||
|
name: String,
|
||||||
|
password: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[put("/", data = "<user_data>", format = "application/json")]
|
||||||
|
pub(super) async fn login(
|
||||||
|
db: &State<DatabaseConnection>,
|
||||||
|
user_data: Json<LoginData>,
|
||||||
|
cookies: &CookieJar<'_>,
|
||||||
|
) -> ApiResult<Status> {
|
||||||
|
let users = User::find()
|
||||||
|
.filter(user::Column::Name.eq(&user_data.name))
|
||||||
|
.all(db as &DatabaseConnection)
|
||||||
|
.await
|
||||||
|
.map_err(Error::from)?;
|
||||||
|
if users.len() > 1 {
|
||||||
|
warn!(count = users.len(), name = &user_data.name; "multiple entries found in database for user");
|
||||||
|
}
|
||||||
|
let Some(user) = users.get(0) else {
|
||||||
|
return Ok(Status::Unauthorized);
|
||||||
|
};
|
||||||
|
cookies.add_private(Cookie::new("user_id", user.id.to_string()));
|
||||||
|
Ok(Status::Ok)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[post("/", data = "<user_data>", format = "application/json")]
|
||||||
|
pub(super) async fn sign_up(
|
||||||
|
db: &State<DatabaseConnection>,
|
||||||
|
user_data: Json<LoginData>,
|
||||||
|
cookies: &CookieJar<'_>,
|
||||||
|
) -> ApiResult<()> {
|
||||||
|
let user_data = user::ActiveModel::new(&user_data.name, &user_data.password)?
|
||||||
|
.insert(db as &DatabaseConnection)
|
||||||
|
.await
|
||||||
|
.map_err(Error::from)?;
|
||||||
|
cookies.add_private(Cookie::new("user_id", user_data.id.to_string()));
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Authentication guard
|
||||||
|
struct Auth(i32);
|
||||||
|
|
||||||
|
#[rocket::async_trait]
|
||||||
|
impl<'r> FromRequest<'r> for Auth {
|
||||||
|
type Error = ();
|
||||||
|
async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
|
||||||
|
request
|
||||||
|
.cookies()
|
||||||
|
.get_private("user_id")
|
||||||
|
.and_then(|val| val.value().parse().ok())
|
||||||
|
.map(|id| Auth(id))
|
||||||
|
.into_outcome((Status::Unauthorized, ()))
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,3 +1,4 @@
|
||||||
|
mod auth;
|
||||||
mod error;
|
mod error;
|
||||||
mod groups;
|
mod groups;
|
||||||
#[cfg(feature = "unsafe_import")]
|
#[cfg(feature = "unsafe_import")]
|
||||||
|
@ -111,6 +112,7 @@ pub(crate) fn start_server(db: DatabaseConnection) -> Rocket<Build> {
|
||||||
"/api/v1/groups",
|
"/api/v1/groups",
|
||||||
routes![all_groups, group, insert_group, update_group, delete_group],
|
routes![all_groups, group, insert_group, update_group, delete_group],
|
||||||
)
|
)
|
||||||
|
.mount("/api/v1/auth", routes![auth::login, auth::sign_up])
|
||||||
.mount("/", FileServer::from("/src/public"));
|
.mount("/", FileServer::from("/src/public"));
|
||||||
|
|
||||||
#[cfg(feature = "unsafe_import")]
|
#[cfg(feature = "unsafe_import")]
|
||||||
|
|
|
@ -3,19 +3,22 @@
|
||||||
use std::default::default;
|
use std::default::default;
|
||||||
|
|
||||||
use bcrypt::*;
|
use bcrypt::*;
|
||||||
|
// TODO Add option for argon2 https://docs.rs/argon2/latest/argon2/
|
||||||
use either::Either::{self, Left, Right};
|
use either::Either::{self, Left, Right};
|
||||||
use rocket::response::status::Unauthorized;
|
use rocket::response::status::Unauthorized;
|
||||||
use sea_orm::entity::prelude::*;
|
use sea_orm::entity::prelude::*;
|
||||||
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
api::ErrorResponder,
|
api::ErrorResponder,
|
||||||
error::{self, Error},
|
error::{self, Error},
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq)]
|
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
|
||||||
#[sea_orm(table_name = "user")]
|
#[sea_orm(table_name = "user")]
|
||||||
pub struct Model {
|
pub struct Model {
|
||||||
#[sea_orm(primary_key)]
|
#[sea_orm(primary_key)]
|
||||||
|
#[serde(skip_deserializing)]
|
||||||
pub id: i32,
|
pub id: i32,
|
||||||
pub name: String,
|
pub name: String,
|
||||||
pub password_hash: String,
|
pub password_hash: String,
|
||||||
|
@ -27,10 +30,10 @@ pub enum Relation {}
|
||||||
impl ActiveModelBehavior for ActiveModel {}
|
impl ActiveModelBehavior for ActiveModel {}
|
||||||
|
|
||||||
impl ActiveModel {
|
impl ActiveModel {
|
||||||
pub fn new(name: String, password: String) -> error::Result<Self> {
|
pub fn new(name: impl AsRef<str>, password: impl AsRef<str>) -> error::Result<Self> {
|
||||||
use sea_orm::ActiveValue::Set;
|
use sea_orm::ActiveValue::Set;
|
||||||
let name = Set(name);
|
let name = Set(name.as_ref().to_string());
|
||||||
let password_hash = Set(hash(password, DEFAULT_COST + 2)?);
|
let password_hash = Set(hash(password.as_ref(), DEFAULT_COST + 2)?);
|
||||||
Ok(Self {
|
Ok(Self {
|
||||||
name,
|
name,
|
||||||
password_hash,
|
password_hash,
|
||||||
|
|
Loading…
Reference in a new issue