Imbus/FrostByte
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Registration endpoint fixing

Browse source
This commit is contained in:
Imbus 2023-11-15 16:05:07 +01:00
parent f8dc9cfd29
commit dea4ac1fb3
8 changed files with 109 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

80
server/src/routes/users.rs
View file

@ -5,8 +5,6 @@ use crate::ServerState;
use actix_web::web::Data;
use actix_web::{post, web::Json, HttpResponse, Responder, Result};
use argon2::password_hash::rand_core::RngCore;
use argon2::password_hash::*;
use biosvg::BiosvgBuilder;
use log::*;
use serde::{Deserialize, Serialize};
@ -18,7 +16,7 @@ pub struct LoginData {
}
#[derive(Debug, Serialize, Deserialize)]
pub struct LoginResponse {
pub struct AuthResponse {
username: String,
token: String,
}
@ -34,10 +32,31 @@ pub struct RegisterData {
pub async fn register(
data: Json<RegisterData>,
state: Data<ServerState>,
captcha_state: Data<CaptchaState>,
) -> Result<impl Responder> {
db_new_user(data.username.clone(), data.password.clone(), &state.pool).await;
info!("User: {} registered", data.username);
Ok(HttpResponse::Ok().json("User registered"))
if !captcha_state
.capthca_db
.lock()
.unwrap()
.remove(&data.captcha)
{
info!("User failed to register, captcha was wrong");
return Ok(HttpResponse::BadRequest().json("Error"));
}
match db_new_user(data.username.clone(), data.password.clone(), &state.pool).await {
Some(user) => {
info!("User: {} registered", &user.username);
Ok(HttpResponse::Ok().json(AuthResponse {
username: user.username.clone(),
token: token_factory(&user.username).unwrap(),
}))
}
None => {
info!("User \"{}\" already exists", data.username);
return Ok(HttpResponse::BadRequest().json("Error"));
}
}
}
#[post("/login")]
@ -46,7 +65,7 @@ pub async fn login(data: Json<LoginData>, state: Data<ServerState>) -> Result<im
match result {
Some(_) => {
return Ok(HttpResponse::Ok().json(LoginResponse {
return Ok(HttpResponse::Ok().json(AuthResponse {
username: data.username.clone(),
token: token_factory(&data.username).unwrap(),
}));
@ -67,35 +86,38 @@ pub struct CaptchaResponse {
/// Request a captcha from the captcha service
#[post("/captcha")]
pub async fn captcha_request(cstate: Data<CaptchaState>) -> Result<impl Responder> {
unimplemented!("Captcha is currently disabled");
return Ok(HttpResponse::InternalServerError().json("Error"));
// This might block the thread a bit too long
let (answer, svg) = get_captcha();
// let (answer, svg) = get_captcha();
let id = rand_core::OsRng.next_u32() as i32;
// let id = rand_core::OsRng.next_u32() as i32;
let cresponse = CaptchaResponse {
captcha_svg: svg.clone(),
captcha_id: id,
};
// let cresponse = CaptchaResponse {
// captcha_svg: svg.clone(),
// captcha_id: id,
// };
// This is bad in about every way i can think of
// It might just be better to hit the database every time, and let the database
// handle rng and maybe set a trigger to delete old captchas
match cstate.capthca_db.lock() {
Ok(mut db) => {
if (db.len() as i32) > 100 {
// To prevent the database from growing too large
// Replace with a proper LRU cache or circular buffer
db.remove(&(id % 100)); // This is terrible
}
db.insert(id, answer.clone()); // We do not care about collisions
return Ok(HttpResponse::Ok().json(cresponse));
}
Err(_) => {
// This shouldnt happen
error!("Failed to lock captcha database");
return Ok(HttpResponse::InternalServerError().json("Error"));
}
}
// match cstate.capthca_db.lock() {
// Ok(mut db) => {
// if (db.len() as i32) > 100 {
// // To prevent the database from growing too large
// // Replace with a proper LRU cache or circular buffer
// db.remove(&(id % 100)); // This is terrible
// }
// db.insert(id, answer.clone()); // We do not care about collisions
// return Ok(HttpResponse::Ok().json(cresponse));
// }
// Err(_) => {
// // This shouldnt happen
// error!("Failed to lock captcha database");
// return Ok(HttpResponse::InternalServerError().json("Error"));
// }
// }
}
/// Returns a new captcha in the form of a tuple (answer, svg)