From eeac92ec9136480bfa6e61c0a444d0c3087ea849 Mon Sep 17 00:00:00 2001 From: SadlyNotSappho Date: Tue, 30 Jan 2024 12:08:46 -0800 Subject: [PATCH] database based logins, i think the sha256 algorithm it uses for passwords isn't right but at least it's the same algorithm every time? --- src/main.rs | 38 ++++++++++++++++++++++++++++++++------ src/tables.rs | 21 +++++++++++++++++---- 2 files changed, 49 insertions(+), 10 deletions(-) diff --git a/src/main.rs b/src/main.rs index f7e401b..bbfb6a0 100644 --- a/src/main.rs +++ b/src/main.rs @@ -49,7 +49,9 @@ struct LoginInfo { #[post("/createuser", data = "")] async fn createuser( + // this is so fucking jank but it works !!! db: Connection, + db2: Connection, info: Json, cookies: &CookieJar<'_>, ) -> &'static str { @@ -57,14 +59,33 @@ async fn createuser( match token.is_some() { true => "You're already logged in. Log out before trying to create a new account.", false => { - User::create(db, &info.username, &info.password).await; - "Account created." + if User::get_by_username(db, &info.username).await.is_some() { + "Username already taken. Please try again." + } else { + User::create(db2, &info.username, &info.password).await; + "Account created." + } } } } +#[get("/getuser/")] +async fn getuser(db: Connection, username: String) -> String { + let user = User::get_by_username(db, &username).await; + match user { + Some(user) => format!( + "{}\n{}\n{}\n{}", + user.id, + user.username, + user.password, + user.token.is_some() + ), + None => format!("User {} doesn't exist.", &username), + } +} + #[post("/login", data = "")] -async fn login(info: Json, cookies: &CookieJar<'_>) -> &'static str { +async fn login(db: Connection, info: Json, cookies: &CookieJar<'_>) -> &'static str { let token = cookies.get_private("token"); match token { Some(t) => { @@ -75,7 +96,12 @@ async fn login(info: Json, cookies: &CookieJar<'_>) -> &'static str { } } None => { - if info.username == "sadlynotsappho" && info.password == "thebestpasswordofalltime" { + // just to be clear this is Not A Good Implementation of this + // the same token for everyone is a Bad Fucking Idea + // but i'm just doing this to make sure that it. like. works. + // and it does!!! + let user = User::get_by_username(db, &info.username).await; + if user.is_some() && user.expect("actually how").password == sha256::digest(&info.password) { cookies.add_private(("token", "skyetoken")); "logged in!" } else { @@ -142,7 +168,7 @@ async fn migrate(rocket: Rocket) -> Rocket { .fetch_one(sqlx::query( "CREATE TABLE IF NOT EXISTS users ( id SERIAL PRIMARY KEY, - username VARCHAR NOT NULL, + username VARCHAR NOT NULL UNIQUE, password TEXT NOT NULL, token TEXT )", @@ -160,7 +186,7 @@ async fn main() { .attach(AdHoc::on_ignite("DB Migrations", migrate)) .mount( "/", - routes![hello, get_book, delay, login, logout, dbtest, dbcreate, createuser], + routes![hello, get_book, delay, login, logout, dbtest, dbcreate, createuser, getuser], ) .register("/", catchers![default_catcher]) .mount("/login", FileServer::from("/srv/web")) diff --git a/src/tables.rs b/src/tables.rs index 491e39e..e95e12b 100644 --- a/src/tables.rs +++ b/src/tables.rs @@ -8,7 +8,7 @@ use rocket_db_pools::{ }; #[derive(Database)] -#[database("diesel_postgres")] +#[database("fossil_postgres")] pub struct Db(PgPool); #[derive(FromRow)] @@ -25,8 +25,7 @@ impl Post { sqlx::query( r#" INSERT INTO posts (title, body, published) - VALUES ($1, $2, $3); - "#, + VALUES ($1, $2, $3); "#, ) .bind(title) .bind(body) @@ -53,7 +52,6 @@ impl Post { } } } - #[derive(FromRow)] pub struct User { pub id: i32, @@ -106,4 +104,19 @@ impl User { token: res.get::, _>("token"), } } + pub async fn get_by_username(mut db: Connection, username: &String) -> Option { + let res = db + .fetch_one(sqlx::query("SELECT * FROM users WHERE username = $1;").bind(username)) + .await; + + match res { + Ok(res) => Some(User { + id: res.get::("id"), + username: res.get::("username"), + password: res.get::("password"), + token: res.get::, _>("token"), + }), + Err(_) => None, + } + } }