From 9f28840c777183db34d32f5c2547765329b58d9e Mon Sep 17 00:00:00 2001 From: Ethan O'Brien <77750390+ethanaobrien@users.noreply.github.com> Date: Mon, 26 Feb 2024 20:38:08 -0600 Subject: [PATCH] Implement "real" authentication --- src/router/login.rs | 5 +- src/router/userdata/mod.rs | 97 ++++++++++++++++++++++++-------------- 2 files changed, 64 insertions(+), 38 deletions(-) diff --git a/src/router/login.rs b/src/router/login.rs index fea93cd..8c1a3b6 100644 --- a/src/router/login.rs +++ b/src/router/login.rs @@ -10,9 +10,10 @@ pub fn dummy(req: HttpRequest, _body: String) -> HttpResponse { //let body = json::parse(&encryption::decrypt_packet(&body).unwrap()).unwrap(); let blank_header = HeaderValue::from_static(""); let key = req.headers().get("a6573cbe").unwrap_or(&blank_header).to_str().unwrap_or(""); - let user = userdata::get_acc(key, ""); + let uid = req.headers().get("aoharu-user-id").unwrap_or(&blank_header).to_str().unwrap_or(""); + let user = userdata::get_acc(key, uid); - println!("new uid: {}", user["user"]["id"].clone()); + println!("Signin from uid: {}", user["user"]["id"].clone()); let resp = object!{ "code": 0, "server_time": global::timestamp(), diff --git a/src/router/userdata/mod.rs b/src/router/userdata/mod.rs index d6565b2..d5f0a11 100644 --- a/src/router/userdata/mod.rs +++ b/src/router/userdata/mod.rs @@ -2,7 +2,7 @@ use rusqlite::{Connection, params}; use std::sync::{Mutex, MutexGuard}; use lazy_static::lazy_static; use json::{JsonValue, array, object}; -//use base64::{Engine as _, engine::general_purpose}; +use base64::{Engine as _, engine::general_purpose}; lazy_static! { pub static ref ENGINE: Mutex> = Mutex::new(None); @@ -14,6 +14,21 @@ fn init(engine: &mut MutexGuard<'_, Option>) { engine.replace(conn); } +fn create_token_store(conn: &Connection) { + match conn.prepare("SELECT jsondata FROM tokens") { + Ok(_) => {} + Err(_) => { + conn.execute( + "CREATE TABLE tokens ( + jsondata TEXT NOT NULL + )", + (), // empty list of parameters. + ).unwrap(); + init_data(conn, "tokens", array![{}]); + } + } + //store_data(conn, "tokens", array![{}]); +} fn create_uid_store(conn: &Connection) { match conn.prepare("SELECT jsondata FROM uids") { Ok(_) => {} @@ -27,7 +42,7 @@ fn create_uid_store(conn: &Connection) { init_data(conn, "uids", array![]); } } - store_data(conn, "uids", array![]); + //store_data(conn, "uids", array![]); } fn acc_exists(conn: &Connection, key: i64) -> bool { conn.prepare(&format!("SELECT jsondata FROM _{}_", key)).is_ok() @@ -51,6 +66,11 @@ fn get_uids(conn: &Connection) -> JsonValue { let result: Result = stmt.query_row([], |row| row.get(0)); json::parse(&result.unwrap()).unwrap() } +fn get_tokens(conn: &Connection) -> JsonValue { + let mut stmt = conn.prepare("SELECT jsondata FROM tokens").unwrap(); + let result: Result = stmt.query_row([], |row| row.get(0)); + json::parse(&result.unwrap()).unwrap() +} fn generate_uid(conn: &Connection) -> i64 { create_uid_store(conn); @@ -67,7 +87,7 @@ fn generate_uid(conn: &Connection) -> i64 { random_number } -fn create_acc(conn: &Connection, uid: i64) { +fn create_acc(conn: &Connection, uid: i64, login: &str) { let key = &uid.to_string(); conn.execute( &format!("CREATE TABLE _{}_ ( @@ -82,12 +102,29 @@ fn create_acc(conn: &Connection, uid: i64) { data["userdata"]["user"]["id"] = uid.into(); init_data(conn, &format!("_{}_", key), data); + + create_token_store(conn); + let mut tokens = get_tokens(conn); + let parts: Vec<&str> = login.split('-').collect(); + let token = parts[1..parts.len() - 1].join("-"); + tokens[0][token] = uid.into(); + store_data(conn, "tokens", tokens); } -//a6573cbe is the name of the header - todo - more secure than just uid -fn get_data(_a6573cbe: &str, uid: &str) -> JsonValue { - //let decoded = general_purpose::STANDARD.decode(a6573cbe).unwrap(); - //let header = String::from_utf8_lossy(&decoded); +fn get_uid(conn: &Connection, uid: &str) -> i64 { + create_token_store(conn); + let parts: Vec<&str> = uid.split('-').collect(); + let token = parts[1..parts.len() - 1].join("-"); + let tokens = get_tokens(conn); + if tokens[0][token.clone()].is_null() { + return 0; + } + return tokens[0][token].as_i64().unwrap(); +} + +fn get_data(a6573cbe: &str) -> JsonValue { + let decoded = general_purpose::STANDARD.decode(a6573cbe).unwrap(); + let a6573cbe = String::from_utf8_lossy(&decoded); loop { match ENGINE.lock() { @@ -96,24 +133,18 @@ fn get_data(_a6573cbe: &str, uid: &str) -> JsonValue { init(&mut result); } let conn = result.as_ref().unwrap(); + let uid = get_uid(conn, &a6573cbe); let key: i64; - /* - if header.starts_with("0") { + if uid == 0 { key = generate_uid(conn); - create_acc(conn, key); + create_acc(conn, key, &a6573cbe); } else { - key = header[..15].parse::().unwrap();//.unwrap_or(generate_uid(conn)); - }*/ - if uid == "" { - key = generate_uid(conn); - create_acc(conn, key); - } else { - key = uid.parse::().unwrap(); + key = uid; } if !acc_exists(conn, key) { - create_acc(conn, key); + create_acc(conn, key, &a6573cbe); } let mut stmt = conn.prepare(&format!("SELECT jsondata FROM _{}_", key)).unwrap(); let result: Result = stmt.query_row([], |row| row.get(0)); @@ -129,17 +160,17 @@ fn get_data(_a6573cbe: &str, uid: &str) -> JsonValue { } } -pub fn get_acc(_a6573cbe: &str, uid: &str) -> JsonValue { - return get_data(_a6573cbe, uid)["userdata"].clone(); +pub fn get_acc(a6573cbe: &str, _uid: &str) -> JsonValue { + return get_data(a6573cbe)["userdata"].clone(); } -pub fn get_acc_home(_a6573cbe: &str, uid: &str) -> JsonValue { - return get_data(_a6573cbe, uid)["home"].clone(); +pub fn get_acc_home(a6573cbe: &str, _uid: &str) -> JsonValue { + return get_data(a6573cbe)["home"].clone(); } -pub fn save_acc(_a6573cbe: &str, uid: &str, data: JsonValue) { - //let decoded = general_purpose::STANDARD.decode(a6573cbe).unwrap(); - //let header = String::from_utf8_lossy(&decoded); +pub fn save_acc(a6573cbe: &str, _uid: &str, data: JsonValue) { + let decoded = general_purpose::STANDARD.decode(a6573cbe).unwrap(); + let a6573cbe = String::from_utf8_lossy(&decoded); loop { match ENGINE.lock() { @@ -148,24 +179,18 @@ pub fn save_acc(_a6573cbe: &str, uid: &str, data: JsonValue) { init(&mut result); } let conn = result.as_ref().unwrap(); + let uid = get_uid(conn, &a6573cbe); let key: i64; - /* - if header.starts_with("0") { + if uid == 0 { key = generate_uid(conn); - create_acc(conn, key); + create_acc(conn, key, &a6573cbe); } else { - key = header[..15].parse::().unwrap();//.unwrap_or(generate_uid(conn)); - }*/ - if uid == "" { - key = generate_uid(conn); - create_acc(conn, key); - } else { - key = uid.parse::().unwrap(); + key = uid; } if !acc_exists(conn, key) { - create_acc(conn, key); + create_acc(conn, key, &a6573cbe); } let mut stmt = conn.prepare(&format!("SELECT jsondata FROM _{}_", key)).unwrap(); let result: Result = stmt.query_row([], |row| row.get(0));