fix logging in
This commit is contained in:
parent
e46360eaa7
commit
a97ee0586f
|
@ -517,6 +517,8 @@ dependencies = [
|
|||
name = "fossil"
|
||||
version = "0.1.0"
|
||||
dependencies = [
|
||||
"rand",
|
||||
"rand_hc",
|
||||
"rocket",
|
||||
"rocket_db_pools",
|
||||
"sha256",
|
||||
|
@ -1341,6 +1343,15 @@ dependencies = [
|
|||
"getrandom",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rand_hc"
|
||||
version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7b363d4f6370f88d62bf586c80405657bde0f0e1b8945d47d2ad59b906cb4f54"
|
||||
dependencies = [
|
||||
"rand_core",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "redox_syscall"
|
||||
version = "0.4.1"
|
||||
|
|
|
@ -6,6 +6,8 @@ edition = "2021"
|
|||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||
|
||||
[dependencies]
|
||||
rand = "0.8.5"
|
||||
rand_hc = "0.3.2"
|
||||
rocket = {version="0.5.0",features=["secrets","json"]}
|
||||
rocket_db_pools = {version="0.1.0",features=["sqlx_postgres"]}
|
||||
sha256 = "1.5.0"
|
||||
|
|
64
src/main.rs
64
src/main.rs
|
@ -74,38 +74,66 @@ async fn getuser(db: Connection<Db>, username: String) -> String {
|
|||
let user = User::get_by_username(db, &username).await;
|
||||
match user {
|
||||
Some(user) => format!(
|
||||
"{}\n{}\n{}\n{}",
|
||||
"id: {}\nusername: {}\nhashed password: {}\ntoken: {}",
|
||||
user.id,
|
||||
user.username,
|
||||
user.password,
|
||||
user.token.is_some()
|
||||
match user.token {
|
||||
Some(t) => t,
|
||||
None => "no token".to_string()
|
||||
}
|
||||
),
|
||||
None => format!("User {} doesn't exist.", &username),
|
||||
}
|
||||
}
|
||||
|
||||
#[post("/login", data = "<info>")]
|
||||
async fn login(db: Connection<Db>, info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> &'static str {
|
||||
#[get("/account")]
|
||||
async fn account(db: Connection<Db>, cookies: &CookieJar<'_>) -> String {
|
||||
let token = cookies.get_private("token");
|
||||
match token {
|
||||
Some(t) => {
|
||||
if t.value_trimmed() == "skyetoken" {
|
||||
"logged in with token"
|
||||
let user = User::get_by_token(db, t.to_string().split("=").collect::<Vec<&str>>()[1].to_string() /*GOD I LOVE RUST*/).await;
|
||||
format!("Username: {}", user.username)
|
||||
},
|
||||
None => {
|
||||
format!("Not logged in")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[post("/login", data = "<info>")]
|
||||
async fn login(db: Connection<Db>, db2: Connection<Db>, info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> String {
|
||||
let token = cookies.get_private("token");
|
||||
match token {
|
||||
Some(t) => {
|
||||
if User::get_by_token(db, t.to_string()).await.exists() /*god i fucking love rust, this function literally just returns true*/ {
|
||||
"logged in with token".to_string()
|
||||
} else {
|
||||
"unknown token"
|
||||
"unknown token".to_string()
|
||||
}
|
||||
}
|
||||
None => {
|
||||
// just to be clear this is Not A Good Implementation of this
|
||||
// the same token for everyone is a Bad Fucking Idea
|
||||
// but i'm just doing this to make sure that it. like. works.
|
||||
// and it does!!!
|
||||
let user = User::get_by_username(db, &info.username).await;
|
||||
if user.is_some() && user.expect("actually how").password == sha256::digest(&info.password) {
|
||||
cookies.add_private(("token", "skyetoken"));
|
||||
"logged in!"
|
||||
} else {
|
||||
"invalid login info :("
|
||||
match User::get_by_username(db, &info.username).await {
|
||||
Some(user) => {
|
||||
if user.password == sha256::digest(&info.password) {
|
||||
match user.token {
|
||||
Some(t) => {cookies.add_private(("token", t)); "Logged in".to_string()},
|
||||
None => {
|
||||
match user.set_new_token(db2).await {
|
||||
Ok(t) => {
|
||||
cookies.add_private(("token", t));
|
||||
"logged in".to_string()
|
||||
},
|
||||
Err(why) => why,
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
String::from("Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)")
|
||||
}
|
||||
}
|
||||
None =>
|
||||
String::from("Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)"),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -186,7 +214,7 @@ async fn main() {
|
|||
.attach(AdHoc::on_ignite("DB Migrations", migrate))
|
||||
.mount(
|
||||
"/",
|
||||
routes![hello, get_book, delay, login, logout, dbtest, dbcreate, createuser, getuser],
|
||||
routes![hello, get_book, delay, login, logout, dbtest, dbcreate, createuser, getuser, account],
|
||||
)
|
||||
.register("/", catchers![default_catcher])
|
||||
.mount("/login", FileServer::from("/srv/web"))
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
use rand::{SeedableRng, RngCore};
|
||||
use rocket_db_pools::sqlx::Executor;
|
||||
use rocket_db_pools::Connection;
|
||||
use sqlx::FromRow;
|
||||
|
@ -97,6 +98,7 @@ impl User {
|
|||
let res = db
|
||||
.fetch_one(sqlx::query("SELECT * FROM users WHERE token = $1;").bind(token))
|
||||
.await
|
||||
// TODO: this errors sometimes i dont know why
|
||||
.unwrap();
|
||||
User {
|
||||
id: res.get::<i32, _>("id"),
|
||||
|
@ -120,4 +122,20 @@ impl User {
|
|||
Err(_) => None,
|
||||
}
|
||||
}
|
||||
pub async fn set_new_token(&self, mut db: Connection<Db>) -> Result<String, String> {
|
||||
let token_end = rand_hc::Hc128Rng::from_entropy().next_u64();
|
||||
let token_start = sha256::digest(&self.username);
|
||||
|
||||
let token = sha256::digest(format!("{token_start}-{token_end}"));
|
||||
|
||||
match db.fetch_one(sqlx::query("UPDATE users SET token = $1 WHERE id = $2").bind(&token).bind(self.id)).await {
|
||||
Ok(_) => Ok(token),
|
||||
Err(why) => Err(why.to_string())
|
||||
}
|
||||
}
|
||||
|
||||
// god i fucking love rust
|
||||
pub fn exists(&self) -> bool {
|
||||
true
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue