database based logins, i think the sha256 algorithm it uses for passwords isn't right but at least it's the same algorithm every time?
This commit is contained in:
SadlyNotSappho
parent
2dc38be1e1
commit
eeac92ec91
36
src/main.rs
36
src/main.rs
|
|
@ -49,7 +49,9 @@ struct LoginInfo {
|
||||||
|
|
||||||
#[post("/createuser", data = "<info>")]
|
#[post("/createuser", data = "<info>")]
|
||||||
async fn createuser(
|
async fn createuser(
|
||||||
|
// this is so fucking jank but it works !!!
|
||||||
db: Connection<Db>,
|
db: Connection<Db>,
|
||||||
|
db2: Connection<Db>,
|
||||||
info: Json<LoginInfo>,
|
info: Json<LoginInfo>,
|
||||||
cookies: &CookieJar<'_>,
|
cookies: &CookieJar<'_>,
|
||||||
) -> &'static str {
|
) -> &'static str {
|
||||||
|
|
@ -57,14 +59,33 @@ async fn createuser(
|
||||||
match token.is_some() {
|
match token.is_some() {
|
||||||
true => "You're already logged in. Log out before trying to create a new account.",
|
true => "You're already logged in. Log out before trying to create a new account.",
|
||||||
false => {
|
false => {
|
||||||
User::create(db, &info.username, &info.password).await;
|
if User::get_by_username(db, &info.username).await.is_some() {
|
||||||
|
"Username already taken. Please try again."
|
||||||
|
} else {
|
||||||
|
User::create(db2, &info.username, &info.password).await;
|
||||||
"Account created."
|
"Account created."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[get("/getuser/<username>")]
|
||||||
|
async fn getuser(db: Connection<Db>, username: String) -> String {
|
||||||
|
let user = User::get_by_username(db, &username).await;
|
||||||
|
match user {
|
||||||
|
Some(user) => format!(
|
||||||
|
"{}\n{}\n{}\n{}",
|
||||||
|
user.id,
|
||||||
|
user.username,
|
||||||
|
user.password,
|
||||||
|
user.token.is_some()
|
||||||
|
),
|
||||||
|
None => format!("User {} doesn't exist.", &username),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[post("/login", data = "<info>")]
|
#[post("/login", data = "<info>")]
|
||||||
async fn login(info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> &'static str {
|
async fn login(db: Connection<Db>, info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> &'static str {
|
||||||
let token = cookies.get_private("token");
|
let token = cookies.get_private("token");
|
||||||
match token {
|
match token {
|
||||||
Some(t) => {
|
Some(t) => {
|
||||||
|
|
@ -75,7 +96,12 @@ async fn login(info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> &'static str {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
None => {
|
None => {
|
||||||
if info.username == "sadlynotsappho" && info.password == "thebestpasswordofalltime" {
|
// just to be clear this is Not A Good Implementation of this
|
||||||
|
// the same token for everyone is a Bad Fucking Idea
|
||||||
|
// but i'm just doing this to make sure that it. like. works.
|
||||||
|
// and it does!!!
|
||||||
|
let user = User::get_by_username(db, &info.username).await;
|
||||||
|
if user.is_some() && user.expect("actually how").password == sha256::digest(&info.password) {
|
||||||
cookies.add_private(("token", "skyetoken"));
|
cookies.add_private(("token", "skyetoken"));
|
||||||
"logged in!"
|
"logged in!"
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -142,7 +168,7 @@ async fn migrate(rocket: Rocket<Build>) -> Rocket<Build> {
|
||||||
.fetch_one(sqlx::query(
|
.fetch_one(sqlx::query(
|
||||||
"CREATE TABLE IF NOT EXISTS users (
|
"CREATE TABLE IF NOT EXISTS users (
|
||||||
id SERIAL PRIMARY KEY,
|
id SERIAL PRIMARY KEY,
|
||||||
username VARCHAR NOT NULL,
|
username VARCHAR NOT NULL UNIQUE,
|
||||||
password TEXT NOT NULL,
|
password TEXT NOT NULL,
|
||||||
token TEXT
|
token TEXT
|
||||||
)",
|
)",
|
||||||
|
|
@ -160,7 +186,7 @@ async fn main() {
|
||||||
.attach(AdHoc::on_ignite("DB Migrations", migrate))
|
.attach(AdHoc::on_ignite("DB Migrations", migrate))
|
||||||
.mount(
|
.mount(
|
||||||
"/",
|
"/",
|
||||||
routes![hello, get_book, delay, login, logout, dbtest, dbcreate, createuser],
|
routes![hello, get_book, delay, login, logout, dbtest, dbcreate, createuser, getuser],
|
||||||
)
|
)
|
||||||
.register("/", catchers![default_catcher])
|
.register("/", catchers![default_catcher])
|
||||||
.mount("/login", FileServer::from("/srv/web"))
|
.mount("/login", FileServer::from("/srv/web"))
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ use rocket_db_pools::{
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Database)]
|
#[derive(Database)]
|
||||||
#[database("diesel_postgres")]
|
#[database("fossil_postgres")]
|
||||||
pub struct Db(PgPool);
|
pub struct Db(PgPool);
|
||||||
|
|
||||||
#[derive(FromRow)]
|
#[derive(FromRow)]
|
||||||
|
|
@ -25,8 +25,7 @@ impl Post {
|
||||||
sqlx::query(
|
sqlx::query(
|
||||||
r#"
|
r#"
|
||||||
INSERT INTO posts (title, body, published)
|
INSERT INTO posts (title, body, published)
|
||||||
VALUES ($1, $2, $3);
|
VALUES ($1, $2, $3); "#,
|
||||||
"#,
|
|
||||||
)
|
)
|
||||||
.bind(title)
|
.bind(title)
|
||||||
.bind(body)
|
.bind(body)
|
||||||
|
|
@ -53,7 +52,6 @@ impl Post {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(FromRow)]
|
#[derive(FromRow)]
|
||||||
pub struct User {
|
pub struct User {
|
||||||
pub id: i32,
|
pub id: i32,
|
||||||
|
|
@ -106,4 +104,19 @@ impl User {
|
||||||
token: res.get::<Option<String>, _>("token"),
|
token: res.get::<Option<String>, _>("token"),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
pub async fn get_by_username(mut db: Connection<Db>, username: &String) -> Option<User> {
|
||||||
|
let res = db
|
||||||
|
.fetch_one(sqlx::query("SELECT * FROM users WHERE username = $1;").bind(username))
|
||||||
|
.await;
|
||||||
|
|
||||||
|
match res {
|
||||||
|
Ok(res) => Some(User {
|
||||||
|
id: res.get::<i32, _>("id"),
|
||||||
|
username: res.get::<String, _>("username"),
|
||||||
|
password: res.get::<String, _>("password"),
|
||||||
|
token: res.get::<Option<String>, _>("token"),
|
||||||
|
}),
|
||||||
|
Err(_) => None,
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue