database based logins, i think the sha256 algorithm it uses for passwords isn't right but at least it's the same algorithm every time?

This commit is contained in:
SadlyNotSappho 2024-01-30 12:08:46 -08:00
parent 2dc38be1e1
commit eeac92ec91
2 changed files with 49 additions and 10 deletions

View File

@ -49,7 +49,9 @@ struct LoginInfo {
#[post("/createuser", data = "<info>")]
async fn createuser(
// this is so fucking jank but it works !!!
db: Connection<Db>,
db2: Connection<Db>,
info: Json<LoginInfo>,
cookies: &CookieJar<'_>,
) -> &'static str {
@ -57,14 +59,33 @@ async fn createuser(
match token.is_some() {
true => "You're already logged in. Log out before trying to create a new account.",
false => {
User::create(db, &info.username, &info.password).await;
"Account created."
if User::get_by_username(db, &info.username).await.is_some() {
"Username already taken. Please try again."
} else {
User::create(db2, &info.username, &info.password).await;
"Account created."
}
}
}
}
#[get("/getuser/<username>")]
async fn getuser(db: Connection<Db>, username: String) -> String {
let user = User::get_by_username(db, &username).await;
match user {
Some(user) => format!(
"{}\n{}\n{}\n{}",
user.id,
user.username,
user.password,
user.token.is_some()
),
None => format!("User {} doesn't exist.", &username),
}
}
#[post("/login", data = "<info>")]
async fn login(info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> &'static str {
async fn login(db: Connection<Db>, info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> &'static str {
let token = cookies.get_private("token");
match token {
Some(t) => {
@ -75,7 +96,12 @@ async fn login(info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> &'static str {
}
}
None => {
if info.username == "sadlynotsappho" && info.password == "thebestpasswordofalltime" {
// just to be clear this is Not A Good Implementation of this
// the same token for everyone is a Bad Fucking Idea
// but i'm just doing this to make sure that it. like. works.
// and it does!!!
let user = User::get_by_username(db, &info.username).await;
if user.is_some() && user.expect("actually how").password == sha256::digest(&info.password) {
cookies.add_private(("token", "skyetoken"));
"logged in!"
} else {
@ -142,7 +168,7 @@ async fn migrate(rocket: Rocket<Build>) -> Rocket<Build> {
.fetch_one(sqlx::query(
"CREATE TABLE IF NOT EXISTS users (
id SERIAL PRIMARY KEY,
username VARCHAR NOT NULL,
username VARCHAR NOT NULL UNIQUE,
password TEXT NOT NULL,
token TEXT
)",
@ -160,7 +186,7 @@ async fn main() {
.attach(AdHoc::on_ignite("DB Migrations", migrate))
.mount(
"/",
routes![hello, get_book, delay, login, logout, dbtest, dbcreate, createuser],
routes![hello, get_book, delay, login, logout, dbtest, dbcreate, createuser, getuser],
)
.register("/", catchers![default_catcher])
.mount("/login", FileServer::from("/srv/web"))

View File

@ -8,7 +8,7 @@ use rocket_db_pools::{
};
#[derive(Database)]
#[database("diesel_postgres")]
#[database("fossil_postgres")]
pub struct Db(PgPool);
#[derive(FromRow)]
@ -25,8 +25,7 @@ impl Post {
sqlx::query(
r#"
INSERT INTO posts (title, body, published)
VALUES ($1, $2, $3);
"#,
VALUES ($1, $2, $3); "#,
)
.bind(title)
.bind(body)
@ -53,7 +52,6 @@ impl Post {
}
}
}
#[derive(FromRow)]
pub struct User {
pub id: i32,
@ -106,4 +104,19 @@ impl User {
token: res.get::<Option<String>, _>("token"),
}
}
pub async fn get_by_username(mut db: Connection<Db>, username: &String) -> Option<User> {
let res = db
.fetch_one(sqlx::query("SELECT * FROM users WHERE username = $1;").bind(username))
.await;
match res {
Ok(res) => Some(User {
id: res.get::<i32, _>("id"),
username: res.get::<String, _>("username"),
password: res.get::<String, _>("password"),
token: res.get::<Option<String>, _>("token"),
}),
Err(_) => None,
}
}
}