Imbus/FrostByte
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Integrated the new authentication into Actix

Browse source
This commit is contained in:
Imbus 2023-12-22 22:00:49 +01:00
parent a7a0ea60d5
commit b34a06387f
5 changed files with 28 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
server/src/jwt.rs
View file

@ -1,12 +1,8 @@
use jsonwebtoken::{ use jsonwebtoken::{
decode, encode, errors::Result as JwtResult, DecodingKey, EncodingKey, Header, Validation, decode, encode, errors::Result as JwtResult, DecodingKey, EncodingKey, Header, Validation,
}; };
use log::*;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
const DAYS_VALID: i64 = 7;
const JWT_SECRET: &[u8] = "secret".as_bytes();
/// Claims holds the data that will be encoded into the JWT token. /// Claims holds the data that will be encoded into the JWT token.
#[derive(Debug, Serialize, Deserialize)] #[derive(Debug, Serialize, Deserialize)]
pub struct Claims { pub struct Claims {
@ -33,6 +29,7 @@ impl Claims {
/// Authentication holds the data needed to encode and decode JWT tokens. /// Authentication holds the data needed to encode and decode JWT tokens.
// This is then passed to the AuthenticationMiddleware // This is then passed to the AuthenticationMiddleware
#[derive(Clone)]
pub struct Authentication { pub struct Authentication {
encoding_key: EncodingKey, encoding_key: EncodingKey,
decoding_key: DecodingKey, decoding_key: DecodingKey,
@ -42,7 +39,7 @@ pub struct Authentication {
impl Authentication { impl Authentication {
/// Create a new Authentication struct /// Create a new Authentication struct
fn new(secret: &[u8]) -> Self { pub fn new(secret: &[u8]) -> Self {
Authentication { Authentication {
encoding_key: EncodingKey::from_secret(secret), encoding_key: EncodingKey::from_secret(secret),
decoding_key: DecodingKey::from_secret(secret), decoding_key: DecodingKey::from_secret(secret),
@ -57,58 +54,18 @@ impl Authentication {
} }
/// Wrapper for encode_raw that takes a username (sub) and creates a Claims struct /// Wrapper for encode_raw that takes a username (sub) and creates a Claims struct
fn encode(&self, sub: &str) -> JwtResult<String> { pub fn encode(&self, sub: &str) -> JwtResult<String> {
let claims = Claims::new(sub, self.days_valid); let claims = Claims::new(sub, self.days_valid);
self.encode_raw(claims) self.encode_raw(claims)
} }
/// Decode a JWT token into a Claims struct /// Decode a JWT token into a Claims struct
// If this faie, it means the token is invalid // If this faie, it means the token is invalid
fn decode(&self, token: &str) -> JwtResult<Claims> { pub fn decode(&self, token: &str) -> JwtResult<Claims> {
decode::<Claims>(token, &self.decoding_key, &self.validation).map(|data| data.claims) decode::<Claims>(token, &self.decoding_key, &self.validation).map(|data| data.claims)
} }
} }
// JwtResult is just a predefined error from the jsonwebtoken crate
pub fn token_factory(user: &str) -> JwtResult<String> {
info!("Issuing JWT token for {}", user);
let token = encode(
&Header::default(),
&Claims {
sub: user.to_string(),
iss: "frostbyte".to_string(),
iat: chrono::Utc::now().timestamp() as usize,
exp: (chrono::Utc::now() + chrono::Duration::days(DAYS_VALID)).timestamp() as usize,
},
&EncodingKey::from_secret(JWT_SECRET),
)
.unwrap();
Ok(token)
}
// JwtResult is just a predefined error from the jsonwebtoken crate
// This function is incomplete and should be expanded to check for more things
pub fn validate_token(token: &str) -> JwtResult<Claims> {
let token_data = decode::<Claims>(
token,
&DecodingKey::from_secret(JWT_SECRET),
&Validation::default(),
);
match token_data {
Ok(token_data) => {
info!("Token validated for {}", token_data.claims.sub);
Ok(token_data.claims)
}
Err(e) => {
error!("Token validation failed: {}", e);
Err(e)
}
}
}
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::*; use super::*;

5
server/src/main.rs
View file

@ -12,6 +12,7 @@ mod state;
mod types; mod types;
mod util; mod util;
use jwt::Authentication;
use routes::{get_comments, get_posts, login, new_comment, new_post, post_by_id, register}; use routes::{get_comments, get_posts, login, new_comment, new_post, post_by_id, register};
use state::CaptchaState; use state::CaptchaState;
use state::ServerState; use state::ServerState;
@ -23,6 +24,7 @@ async fn main() -> std::io::Result<()> {
let data = ServerState::new().await; let data = ServerState::new().await;
let capt_db = CaptchaState::new(); let capt_db = CaptchaState::new();
let auth = Authentication::new("secret".as_bytes());
#[cfg(debug_assertions)] #[cfg(debug_assertions)]
{ {
@ -56,7 +58,8 @@ async fn main() -> std::io::Result<()> {
.service(login) .service(login)
.service(register) .service(register)
.app_data(Data::new(data.clone())) .app_data(Data::new(data.clone()))
.app_data(Data::new(capt_db.clone())), .app_data(Data::new(capt_db.clone()))
.app_data(Data::new(auth.clone())),
) )
.service( .service(
Files::new("/", "./public") Files::new("/", "./public")

5
server/src/routes/comment.rs
View file

@ -1,5 +1,5 @@
use crate::db::{db_get_comments, db_new_comment}; use crate::db::{db_get_comments, db_new_comment};
use crate::jwt::validate_token; use crate::jwt::Authentication;
use crate::types::{CommentQueryParams, NewComment}; use crate::types::{CommentQueryParams, NewComment};
use crate::ServerState; use crate::ServerState;
@ -31,8 +31,9 @@ pub async fn get_comments(
pub async fn new_comment( pub async fn new_comment(
data: Json<NewComment>, data: Json<NewComment>,
state: Data<ServerState>, state: Data<ServerState>,
auth: Data<Authentication>,
) -> Result<impl Responder> { ) -> Result<impl Responder> {
let user_claims = validate_token(&data.user_token); let user_claims = auth.decode(&data.user_token);
// Bail if the token is invalid // Bail if the token is invalid
if let Err(e) = user_claims { if let Err(e) = user_claims {

10
server/src/routes/post.rs
View file

@ -1,5 +1,5 @@
use crate::db::{db_get_latest_posts, db_get_post, db_new_post}; use crate::db::{db_get_latest_posts, db_get_post, db_new_post};
use crate::jwt::validate_token; use crate::jwt::Authentication;
use crate::types::{NewPost, PostQueryParams}; use crate::types::{NewPost, PostQueryParams};
use crate::ServerState; use crate::ServerState;
@ -23,8 +23,12 @@ pub async fn get_posts(
/// Creates a new post, requires a token in release mode /// Creates a new post, requires a token in release mode
#[post("/posts")] #[post("/posts")]
pub async fn new_post(new_post: Json<NewPost>, state: Data<ServerState>) -> Result<impl Responder> { pub async fn new_post(
let user_claims = validate_token(&new_post.token); new_post: Json<NewPost>,
state: Data<ServerState>,
auth: Data<Authentication>,
) -> Result<impl Responder> {
let user_claims = auth.decode(&new_post.token);
if let Err(e) = user_claims { if let Err(e) = user_claims {
info!("Error validating token: {}", e); info!("Error validating token: {}", e);

14
server/src/routes/users.rs
View file

@ -1,5 +1,6 @@
use crate::db::{db_new_user, db_user_login}; use crate::db::{db_new_user, db_user_login};
use crate::jwt::token_factory; use crate::jwt::Authentication;
// use crate::jwt::token_factory;
use crate::state::CaptchaState; use crate::state::CaptchaState;
use crate::types::{AuthResponse, LoginData, RegisterData}; use crate::types::{AuthResponse, LoginData, RegisterData};
use crate::ServerState; use crate::ServerState;
@ -14,6 +15,7 @@ pub async fn register(
data: Json<RegisterData>, data: Json<RegisterData>,
state: Data<ServerState>, state: Data<ServerState>,
captcha_state: Data<CaptchaState>, captcha_state: Data<CaptchaState>,
auth: Data<Authentication>,
) -> Result<impl Responder> { ) -> Result<impl Responder> {
if !captcha_state if !captcha_state
.capthca_db .capthca_db
@ -30,7 +32,7 @@ pub async fn register(
info!("User: {} registered", &user.username); info!("User: {} registered", &user.username);
Ok(HttpResponse::Ok().json(AuthResponse { Ok(HttpResponse::Ok().json(AuthResponse {
username: user.username.clone(), username: user.username.clone(),
token: token_factory(&user.username).unwrap(), token: auth.encode(&user.username).unwrap(),
})) }))
} }
None => { None => {
@ -41,14 +43,18 @@ pub async fn register(
} }
#[post("/login")] #[post("/login")]
pub async fn login(data: Json<LoginData>, state: Data<ServerState>) -> Result<impl Responder> { pub async fn login(
data: Json<LoginData>,
state: Data<ServerState>,
auth: Data<Authentication>,
) -> Result<impl Responder> {
let result = db_user_login(data.username.clone(), data.password.clone(), &state.pool).await; let result = db_user_login(data.username.clone(), data.password.clone(), &state.pool).await;
match result { match result {
Some(_) => { Some(_) => {
return Ok(HttpResponse::Ok().json(AuthResponse { return Ok(HttpResponse::Ok().json(AuthResponse {
username: data.username.clone(), username: data.username.clone(),
token: token_factory(&data.username).unwrap(), token: auth.encode(&data.username).unwrap(),
})); }));
} }
None => { None => {