database based logins, i think the sha256 algorithm it uses for passwords isn't right but at least it's the same algorithm every time?

This commit is contained in:
SadlyNotSappho 2024-01-30 12:08:46 -08:00
parent 2dc38be1e1
commit eeac92ec91
2 changed files with 49 additions and 10 deletions

View File

@ -49,7 +49,9 @@ struct LoginInfo {
#[post("/createuser", data = "<info>")] #[post("/createuser", data = "<info>")]
async fn createuser( async fn createuser(
// this is so fucking jank but it works !!!
db: Connection<Db>, db: Connection<Db>,
db2: Connection<Db>,
info: Json<LoginInfo>, info: Json<LoginInfo>,
cookies: &CookieJar<'_>, cookies: &CookieJar<'_>,
) -> &'static str { ) -> &'static str {
@ -57,14 +59,33 @@ async fn createuser(
match token.is_some() { match token.is_some() {
true => "You're already logged in. Log out before trying to create a new account.", true => "You're already logged in. Log out before trying to create a new account.",
false => { false => {
User::create(db, &info.username, &info.password).await; if User::get_by_username(db, &info.username).await.is_some() {
"Username already taken. Please try again."
} else {
User::create(db2, &info.username, &info.password).await;
"Account created." "Account created."
} }
} }
}
}
#[get("/getuser/<username>")]
async fn getuser(db: Connection<Db>, username: String) -> String {
let user = User::get_by_username(db, &username).await;
match user {
Some(user) => format!(
"{}\n{}\n{}\n{}",
user.id,
user.username,
user.password,
user.token.is_some()
),
None => format!("User {} doesn't exist.", &username),
}
} }
#[post("/login", data = "<info>")] #[post("/login", data = "<info>")]
async fn login(info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> &'static str { async fn login(db: Connection<Db>, info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> &'static str {
let token = cookies.get_private("token"); let token = cookies.get_private("token");
match token { match token {
Some(t) => { Some(t) => {
@ -75,7 +96,12 @@ async fn login(info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> &'static str {
} }
} }
None => { None => {
if info.username == "sadlynotsappho" && info.password == "thebestpasswordofalltime" { // just to be clear this is Not A Good Implementation of this
// the same token for everyone is a Bad Fucking Idea
// but i'm just doing this to make sure that it. like. works.
// and it does!!!
let user = User::get_by_username(db, &info.username).await;
if user.is_some() && user.expect("actually how").password == sha256::digest(&info.password) {
cookies.add_private(("token", "skyetoken")); cookies.add_private(("token", "skyetoken"));
"logged in!" "logged in!"
} else { } else {
@ -142,7 +168,7 @@ async fn migrate(rocket: Rocket<Build>) -> Rocket<Build> {
.fetch_one(sqlx::query( .fetch_one(sqlx::query(
"CREATE TABLE IF NOT EXISTS users ( "CREATE TABLE IF NOT EXISTS users (
id SERIAL PRIMARY KEY, id SERIAL PRIMARY KEY,
username VARCHAR NOT NULL, username VARCHAR NOT NULL UNIQUE,
password TEXT NOT NULL, password TEXT NOT NULL,
token TEXT token TEXT
)", )",
@ -160,7 +186,7 @@ async fn main() {
.attach(AdHoc::on_ignite("DB Migrations", migrate)) .attach(AdHoc::on_ignite("DB Migrations", migrate))
.mount( .mount(
"/", "/",
routes![hello, get_book, delay, login, logout, dbtest, dbcreate, createuser], routes![hello, get_book, delay, login, logout, dbtest, dbcreate, createuser, getuser],
) )
.register("/", catchers![default_catcher]) .register("/", catchers![default_catcher])
.mount("/login", FileServer::from("/srv/web")) .mount("/login", FileServer::from("/srv/web"))

View File

@ -8,7 +8,7 @@ use rocket_db_pools::{
}; };
#[derive(Database)] #[derive(Database)]
#[database("diesel_postgres")] #[database("fossil_postgres")]
pub struct Db(PgPool); pub struct Db(PgPool);
#[derive(FromRow)] #[derive(FromRow)]
@ -25,8 +25,7 @@ impl Post {
sqlx::query( sqlx::query(
r#" r#"
INSERT INTO posts (title, body, published) INSERT INTO posts (title, body, published)
VALUES ($1, $2, $3); VALUES ($1, $2, $3); "#,
"#,
) )
.bind(title) .bind(title)
.bind(body) .bind(body)
@ -53,7 +52,6 @@ impl Post {
} }
} }
} }
#[derive(FromRow)] #[derive(FromRow)]
pub struct User { pub struct User {
pub id: i32, pub id: i32,
@ -106,4 +104,19 @@ impl User {
token: res.get::<Option<String>, _>("token"), token: res.get::<Option<String>, _>("token"),
} }
} }
pub async fn get_by_username(mut db: Connection<Db>, username: &String) -> Option<User> {
let res = db
.fetch_one(sqlx::query("SELECT * FROM users WHERE username = $1;").bind(username))
.await;
match res {
Ok(res) => Some(User {
id: res.get::<i32, _>("id"),
username: res.get::<String, _>("username"),
password: res.get::<String, _>("password"),
token: res.get::<Option<String>, _>("token"),
}),
Err(_) => None,
}
}
} }