Compare commits
No commits in common. "d6c418a89958688c8e5bf08be31ac2d6541b1fa8" and "a97ee0586f96c562ba65d0e5c375f63da621e770" have entirely different histories.
d6c418a899
...
a97ee0586f
|
@ -1,8 +0,0 @@
|
||||||
POSTGRES_DB=fossil_postgres
|
|
||||||
POSTGRES_PASSWORD=password
|
|
||||||
|
|
||||||
ROCKET_SECRET_KEY=openssl rand -base64 32
|
|
||||||
|
|
||||||
ADMIN_USERNAME=admin
|
|
||||||
ADMIN_PASSWORD=password
|
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
/target
|
/target
|
||||||
|
docker-compose.yml
|
||||||
db/password.txt
|
db/password.txt
|
||||||
.env
|
|
||||||
|
|
10
README.md
10
README.md
|
@ -1,7 +1,9 @@
|
||||||
# login template
|
# fossil
|
||||||
|
|
||||||
this is pretty much just some shitty code that'll handle logging into and out of a website, with the default features being a blog, but it should be easy to change to something else
|
Free and Open Source Software - Library
|
||||||
|
|
||||||
setup: remove .example from `.env.example`
|
yeah yeah there's no i in the name, i just wanted the acronym to be an actual word
|
||||||
\nfill it with the correct values (for `ROCKET_SECRET_KEY`, run that command to generate it)
|
|
||||||
|
setup: remove .example from `docker-compose.yml.example` and `db/password.txt.example`
|
||||||
|
\nfill out those files with the correct values
|
||||||
\nrun `docker compose build` to build it, `docker compose run` to run, and `docker compose run -d` to run it in the background
|
\nrun `docker compose build` to build it, `docker compose run` to run, and `docker compose run -d` to run it in the background
|
||||||
|
|
|
@ -15,16 +15,14 @@ services:
|
||||||
ports:
|
ports:
|
||||||
- 8000:8000
|
- 8000:8000
|
||||||
environment:
|
environment:
|
||||||
- ROCKET_DATABASES={fossil_postgres={url="postgres://postgres:$POSTGRES_PASSWORD@db/$POSTGRES_DB", max_connections=10, connect_timeout=10}}
|
# name in main.rs db.user POSTGRES_PASSWORD POSTGRES_DB
|
||||||
|
- ROCKET_DATABASES={diesel_postgres={url="postgres://postgres:passwordpasswordpassword@db/example"}}
|
||||||
|
|
||||||
- ROCKET_ADDRESS=0.0.0.0
|
- ROCKET_ADDRESS=0.0.0.0
|
||||||
- ROCKET_PORT=$PORT
|
- ROCKET_PORT=8000
|
||||||
- RUST_LOG=debug
|
- RUST_LOG=debug
|
||||||
|
|
||||||
- ROCKET_SECRET_KEY=$ROCKET_SECRET_KEY
|
- ROCKET_SECRET_KEY=openssl rand -base64 32
|
||||||
|
|
||||||
- ADMIN_USERNAME=$ADMIN_USERNAME
|
|
||||||
- ADMIN_PASSWORD=$ADMIN_PASSWORD
|
|
||||||
volumes:
|
volumes:
|
||||||
- type: bind
|
- type: bind
|
||||||
source: ./web
|
source: ./web
|
||||||
|
@ -42,11 +40,13 @@ services:
|
||||||
image: postgres
|
image: postgres
|
||||||
restart: always
|
restart: always
|
||||||
user: postgres
|
user: postgres
|
||||||
|
secrets:
|
||||||
|
- db-password
|
||||||
volumes:
|
volumes:
|
||||||
- db-data:/var/lib/postgresql/data
|
- db-data:/var/lib/postgresql/data
|
||||||
environment:
|
environment:
|
||||||
- POSTGRES_DB=$POSTGRES_DB
|
- POSTGRES_DB=example
|
||||||
- POSTGRES_PASSWORD=$POSTGRES_PASSWORD
|
- POSTGRES_PASSWORD=passwordpasswordpassword
|
||||||
expose:
|
expose:
|
||||||
- 5432
|
- 5432
|
||||||
healthcheck:
|
healthcheck:
|
||||||
|
@ -56,3 +56,6 @@ services:
|
||||||
retries: 5
|
retries: 5
|
||||||
volumes:
|
volumes:
|
||||||
db-data:
|
db-data:
|
||||||
|
secrets:
|
||||||
|
db-password:
|
||||||
|
file: db/password.txt
|
82
src/main.rs
82
src/main.rs
|
@ -69,18 +69,34 @@ async fn createuser(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[get("/getuser/<username>")]
|
||||||
|
async fn getuser(db: Connection<Db>, username: String) -> String {
|
||||||
|
let user = User::get_by_username(db, &username).await;
|
||||||
|
match user {
|
||||||
|
Some(user) => format!(
|
||||||
|
"id: {}\nusername: {}\nhashed password: {}\ntoken: {}",
|
||||||
|
user.id,
|
||||||
|
user.username,
|
||||||
|
user.password,
|
||||||
|
match user.token {
|
||||||
|
Some(t) => t,
|
||||||
|
None => "no token".to_string()
|
||||||
|
}
|
||||||
|
),
|
||||||
|
None => format!("User {} doesn't exist.", &username),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[get("/account")]
|
#[get("/account")]
|
||||||
async fn account(db: Connection<Db>, cookies: &CookieJar<'_>) -> String {
|
async fn account(db: Connection<Db>, cookies: &CookieJar<'_>) -> String {
|
||||||
let token = cookies.get_private("token");
|
let token = cookies.get_private("token");
|
||||||
match token {
|
match token {
|
||||||
Some(t) => {
|
Some(t) => {
|
||||||
match User::get_by_token(db, t.to_string().split('=').collect::<Vec<&str>>()[1].to_string() /*GOD I LOVE RUST*/).await {
|
let user = User::get_by_token(db, t.to_string().split("=").collect::<Vec<&str>>()[1].to_string() /*GOD I LOVE RUST*/).await;
|
||||||
Some(user) => format!("Username: {}\nAdmin: {}\nMake Posts: {}\nComment: {}", user.username, user.admin, user.make_posts, user.comment),
|
format!("Username: {}", user.username)
|
||||||
None => "User doesn't exist.".to_string()
|
|
||||||
}
|
|
||||||
},
|
},
|
||||||
None => {
|
None => {
|
||||||
"Not logged in".to_string()
|
format!("Not logged in")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -89,8 +105,12 @@ async fn account(db: Connection<Db>, cookies: &CookieJar<'_>) -> String {
|
||||||
async fn login(db: Connection<Db>, db2: Connection<Db>, info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> String {
|
async fn login(db: Connection<Db>, db2: Connection<Db>, info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> String {
|
||||||
let token = cookies.get_private("token");
|
let token = cookies.get_private("token");
|
||||||
match token {
|
match token {
|
||||||
Some(_) => {
|
Some(t) => {
|
||||||
"already logged in".to_string()
|
if User::get_by_token(db, t.to_string()).await.exists() /*god i fucking love rust, this function literally just returns true*/ {
|
||||||
|
"logged in with token".to_string()
|
||||||
|
} else {
|
||||||
|
"unknown token".to_string()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
None => {
|
None => {
|
||||||
match User::get_by_username(db, &info.username).await {
|
match User::get_by_username(db, &info.username).await {
|
||||||
|
@ -120,12 +140,12 @@ async fn login(db: Connection<Db>, db2: Connection<Db>, info: Json<LoginInfo>, c
|
||||||
}
|
}
|
||||||
#[post("/logout")]
|
#[post("/logout")]
|
||||||
async fn logout(cookies: &CookieJar<'_>) -> &'static str {
|
async fn logout(cookies: &CookieJar<'_>) -> &'static str {
|
||||||
match cookies.get_private("token") {
|
let token = cookies.get_private("token");
|
||||||
Some(_) => {
|
if token.is_some() {
|
||||||
cookies.remove_private("token");
|
cookies.remove_private("token");
|
||||||
"Logged out."
|
"logged out"
|
||||||
},
|
} else {
|
||||||
None => "Not logged in."
|
"not logged in"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -172,7 +192,7 @@ async fn migrate(rocket: Rocket<Build>) -> Rocket<Build> {
|
||||||
)",
|
)",
|
||||||
))
|
))
|
||||||
.await;
|
.await;
|
||||||
let _ = conn
|
let _2 = conn
|
||||||
.fetch_one(sqlx::query(
|
.fetch_one(sqlx::query(
|
||||||
"CREATE TABLE IF NOT EXISTS users (
|
"CREATE TABLE IF NOT EXISTS users (
|
||||||
id SERIAL PRIMARY KEY,
|
id SERIAL PRIMARY KEY,
|
||||||
|
@ -183,38 +203,6 @@ async fn migrate(rocket: Rocket<Build>) -> Rocket<Build> {
|
||||||
))
|
))
|
||||||
.await;
|
.await;
|
||||||
|
|
||||||
let _ = conn.fetch_one(sqlx::query(
|
|
||||||
"ALTER TABLE users
|
|
||||||
ADD COLUMN IF NOT EXISTS admin BOOLEAN NOT NULL DEFAULT FALSE,
|
|
||||||
ADD COLUMN IF NOT EXISTS make_posts BOOLEAN NOT NULL DEFAULT FALSE,
|
|
||||||
ADD COLUMN IF NOT EXISTS comment BOOLEAN NOT NULL DEFAULT TRUE
|
|
||||||
"
|
|
||||||
)).await;
|
|
||||||
|
|
||||||
match conn.fetch_one(sqlx::query("SELECT * from users WHERE username = $1").bind(std::env::var("ADMIN_USERNAME").expect("make ADMIN_USERNAME env var"))).await {
|
|
||||||
Ok(_) => (),
|
|
||||||
Err(_) => {
|
|
||||||
// yes, User::create() exists. no, conn isn't the right type. no, i won't even attempt
|
|
||||||
// to fix it. yes, this works just as well as that. fuck you.
|
|
||||||
let username = std::env::var("ADMIN_USERNAME").expect("make ADMIN_USERNAME env var");
|
|
||||||
let password = sha256::digest(std::env::var("ADMIN_PASSWORD").expect("make ADMIN_PASSWORD env var"));
|
|
||||||
|
|
||||||
eprintln!("{username}\n{password}");
|
|
||||||
|
|
||||||
conn.fetch_one(sqlx::query(
|
|
||||||
r#"
|
|
||||||
INSERT INTO users (username, password, admin)
|
|
||||||
VALUES ($1, $2, true);
|
|
||||||
"#,
|
|
||||||
)
|
|
||||||
.bind(username)
|
|
||||||
.bind(password)
|
|
||||||
)
|
|
||||||
.await
|
|
||||||
.expect("couldn't create admin user");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
rocket
|
rocket
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -226,7 +214,7 @@ async fn main() {
|
||||||
.attach(AdHoc::on_ignite("DB Migrations", migrate))
|
.attach(AdHoc::on_ignite("DB Migrations", migrate))
|
||||||
.mount(
|
.mount(
|
||||||
"/",
|
"/",
|
||||||
routes![hello, get_book, delay, login, logout, dbtest, dbcreate, createuser, account],
|
routes![hello, get_book, delay, login, logout, dbtest, dbcreate, createuser, getuser, account],
|
||||||
)
|
)
|
||||||
.register("/", catchers![default_catcher])
|
.register("/", catchers![default_catcher])
|
||||||
.mount("/login", FileServer::from("/srv/web"))
|
.mount("/login", FileServer::from("/srv/web"))
|
||||||
|
|
104
src/tables.rs
104
src/tables.rs
|
@ -1,4 +1,4 @@
|
||||||
use rand::{RngCore, SeedableRng};
|
use rand::{SeedableRng, RngCore};
|
||||||
use rocket_db_pools::sqlx::Executor;
|
use rocket_db_pools::sqlx::Executor;
|
||||||
use rocket_db_pools::Connection;
|
use rocket_db_pools::Connection;
|
||||||
use sqlx::FromRow;
|
use sqlx::FromRow;
|
||||||
|
@ -60,14 +60,6 @@ pub struct User {
|
||||||
pub username: String,
|
pub username: String,
|
||||||
pub password: String,
|
pub password: String,
|
||||||
pub token: Option<String>,
|
pub token: Option<String>,
|
||||||
pub admin: bool,
|
|
||||||
pub make_posts: bool,
|
|
||||||
pub comment: bool,
|
|
||||||
}
|
|
||||||
pub enum UserRole {
|
|
||||||
Admin,
|
|
||||||
MakePosts,
|
|
||||||
Comment,
|
|
||||||
}
|
}
|
||||||
impl User {
|
impl User {
|
||||||
pub async fn create(mut db: Connection<Db>, username: &String, password: &String) {
|
pub async fn create(mut db: Connection<Db>, username: &String, password: &String) {
|
||||||
|
@ -90,53 +82,42 @@ impl User {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
pub async fn get_by_id(mut db: Connection<Db>, id: i32) -> Option<User> {
|
pub async fn get_by_id(mut db: Connection<Db>, id: i32) -> User {
|
||||||
match db
|
let res = db
|
||||||
.fetch_one(sqlx::query("SELECT * FROM users WHERE id = $1;").bind(id))
|
.fetch_one(sqlx::query("SELECT * FROM users WHERE id = $1;").bind(id))
|
||||||
.await
|
.await
|
||||||
{
|
.unwrap();
|
||||||
Ok(user) => Some(User {
|
User {
|
||||||
id: user.get::<i32, _>("id"),
|
id: res.get::<i32, _>("id"),
|
||||||
username: user.get::<String, _>("username"),
|
username: res.get::<String, _>("username"),
|
||||||
password: user.get::<String, _>("password"),
|
password: res.get::<String, _>("password"),
|
||||||
token: user.get::<Option<String>, _>("token"),
|
token: res.get::<Option<String>, _>("token"),
|
||||||
admin: user.get::<bool, _>("admin"),
|
|
||||||
make_posts: user.get::<bool, _>("make_posts"),
|
|
||||||
comment: user.get::<bool, _>("comment"),
|
|
||||||
}),
|
|
||||||
Err(_) => None,
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
pub async fn get_by_token(mut db: Connection<Db>, token: String) -> Option<User> {
|
pub async fn get_by_token(mut db: Connection<Db>, token: String) -> User {
|
||||||
match db
|
let res = db
|
||||||
.fetch_one(sqlx::query("SELECT * FROM users WHERE token = $1;").bind(token))
|
.fetch_one(sqlx::query("SELECT * FROM users WHERE token = $1;").bind(token))
|
||||||
.await
|
.await
|
||||||
{
|
// TODO: this errors sometimes i dont know why
|
||||||
Ok(user) => Some(User {
|
.unwrap();
|
||||||
id: user.get::<i32, _>("id"),
|
User {
|
||||||
username: user.get::<String, _>("username"),
|
id: res.get::<i32, _>("id"),
|
||||||
password: user.get::<String, _>("password"),
|
username: res.get::<String, _>("username"),
|
||||||
token: user.get::<Option<String>, _>("token"),
|
password: res.get::<String, _>("password"),
|
||||||
admin: user.get::<bool, _>("admin"),
|
token: res.get::<Option<String>, _>("token"),
|
||||||
make_posts: user.get::<bool, _>("make_posts"),
|
|
||||||
comment: user.get::<bool, _>("comment"),
|
|
||||||
}),
|
|
||||||
Err(_) => None,
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
pub async fn get_by_username(mut db: Connection<Db>, username: &String) -> Option<User> {
|
pub async fn get_by_username(mut db: Connection<Db>, username: &String) -> Option<User> {
|
||||||
match db
|
let res = db
|
||||||
.fetch_one(sqlx::query("SELECT * FROM users WHERE username = $1;").bind(username))
|
.fetch_one(sqlx::query("SELECT * FROM users WHERE username = $1;").bind(username))
|
||||||
.await
|
.await;
|
||||||
{
|
|
||||||
Ok(user) => Some(User {
|
match res {
|
||||||
id: user.get::<i32, _>("id"),
|
Ok(res) => Some(User {
|
||||||
username: user.get::<String, _>("username"),
|
id: res.get::<i32, _>("id"),
|
||||||
password: user.get::<String, _>("password"),
|
username: res.get::<String, _>("username"),
|
||||||
token: user.get::<Option<String>, _>("token"),
|
password: res.get::<String, _>("password"),
|
||||||
admin: user.get::<bool, _>("admin"),
|
token: res.get::<Option<String>, _>("token"),
|
||||||
make_posts: user.get::<bool, _>("make_posts"),
|
|
||||||
comment: user.get::<bool, _>("comment"),
|
|
||||||
}),
|
}),
|
||||||
Err(_) => None,
|
Err(_) => None,
|
||||||
}
|
}
|
||||||
|
@ -147,35 +128,14 @@ impl User {
|
||||||
|
|
||||||
let token = sha256::digest(format!("{token_start}-{token_end}"));
|
let token = sha256::digest(format!("{token_start}-{token_end}"));
|
||||||
|
|
||||||
match db
|
match db.fetch_one(sqlx::query("UPDATE users SET token = $1 WHERE id = $2").bind(&token).bind(self.id)).await {
|
||||||
.fetch_one(
|
|
||||||
sqlx::query("UPDATE users SET token = $1 WHERE id = $2")
|
|
||||||
.bind(&token)
|
|
||||||
.bind(self.id),
|
|
||||||
)
|
|
||||||
.await
|
|
||||||
{
|
|
||||||
Ok(_) => Ok(token),
|
Ok(_) => Ok(token),
|
||||||
Err(why) => Err(why.to_string()),
|
Err(why) => Err(why.to_string())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn set_role(&self, mut db: Connection<Db>, role: UserRole, value: bool) -> Result<String, String> {
|
// god i fucking love rust
|
||||||
match db
|
pub fn exists(&self) -> bool {
|
||||||
.fetch_one(
|
true
|
||||||
sqlx::query("UPDATE users SET $1 = $2 WHERE id = $3")
|
|
||||||
.bind(match role {
|
|
||||||
UserRole::Admin => "admin",
|
|
||||||
UserRole::MakePosts => "make_posts",
|
|
||||||
UserRole::Comment => "comment",
|
|
||||||
})
|
|
||||||
.bind(value)
|
|
||||||
.bind(self.id),
|
|
||||||
)
|
|
||||||
.await
|
|
||||||
{
|
|
||||||
Ok(_) => Ok("Succesfully updated role.".to_string()),
|
|
||||||
Err(why) => Err(why.to_string()),
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue