From e1b9daa93163c6b9482b30ad37f57678f08b7356 Mon Sep 17 00:00:00 2001 From: fernando Date: Thu, 15 Feb 2024 14:40:05 -0500 Subject: [PATCH] Validate User guard --- Cargo.lock | 40 ++++++++++++++++++++++++++++++++++++++++ Cargo.toml | 3 +++ Rocket.toml | 3 +++ src/auth/mod.rs | 12 ++++++------ src/auth/session.rs | 4 ++-- src/controller/mod.rs | 15 ++++++++++++--- src/main.rs | 2 +- src/view/login.rs | 2 +- 8 files changed, 68 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c7e50b3..be1cf91 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -471,6 +471,9 @@ name = "eeg_internal" version = "0.1.0" dependencies = [ "argon2", + "dotenvy", + "env_logger", + "log", "maud", "rocket", "rocket_db_pools", @@ -496,6 +499,19 @@ dependencies = [ "cfg-if", ] +[[package]] +name = "env_logger" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cd405aab171cb85d6735e5c8d9db038c17d3ca007a4d2c25f337935c3d90580" +dependencies = [ + "humantime", + "is-terminal", + "log", + "regex", + "termcolor", +] + [[package]] name = "equivalent" version = "1.0.1" @@ -844,6 +860,12 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" +[[package]] +name = "humantime" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" + [[package]] name = "hyper" version = "0.14.28" @@ -2195,6 +2217,15 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "termcolor" +version = "1.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" +dependencies = [ + "winapi-util", +] + [[package]] name = "thiserror" version = "1.0.56" @@ -2645,6 +2676,15 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" +[[package]] +name = "winapi-util" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +dependencies = [ + "winapi", +] + [[package]] name = "winapi-x86_64-pc-windows-gnu" version = "0.4.0" diff --git a/Cargo.toml b/Cargo.toml index 6c6d779..131a8b7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,6 +11,9 @@ maud = { version = "0.26.0", features = ["rocket"] } rocket = {version = "0.5.0", features = ["secrets"] } serde = "1.0.196" sqlx = { version = "0.7.3", features = ["mysql", "macros", "chrono"] } +log = "0.4.20" +env_logger = "0.10.0" +dotenvy = "0.15.7" [dependencies.rocket_db_pools] version = "0.1.0" diff --git a/Rocket.toml b/Rocket.toml index a95f043..ccef1b7 100644 --- a/Rocket.toml +++ b/Rocket.toml @@ -1,2 +1,5 @@ +[release] +secret_key = "CEvBmqk0FHgrtiIbitcTe+citXkWgo2fUfya+EoFiQ0=" + [default.databases.main] url = "mysql://root:123456789@localhost:33306/eegsac_manager" diff --git a/src/auth/mod.rs b/src/auth/mod.rs index 0b62af7..4b759c3 100644 --- a/src/auth/mod.rs +++ b/src/auth/mod.rs @@ -10,10 +10,10 @@ use session::SessionData; use session::Sessions; #[derive(Debug, Clone)] -pub struct User(SessionData); +pub struct RegularUser(pub SessionData); #[rocket::async_trait] -impl<'r> FromRequest<'r> for User { +impl<'r> FromRequest<'r> for RegularUser { type Error = (); async fn from_request(req: &'r Request<'_>) -> Outcome { @@ -22,12 +22,12 @@ impl<'r> FromRequest<'r> for User { let session_id_str = match session_opt { Some(s) => s.value().to_owned(), - None => return Outcome::Error((Status::Unauthorized, ())), + None => return Outcome::Forward(Status::Unauthorized), }; let session_id = match session_id_str.parse::() { Ok(s) => s, - Err(_) => return Outcome::Error((Status::Unauthorized, ())), + Err(_) => return Outcome::Forward(Status::Unauthorized), }; let sessions_outcome = req.guard::<&State>().await; @@ -37,8 +37,8 @@ impl<'r> FromRequest<'r> for User { }; match sessions.get(session_id) { - Some(s) => Outcome::Success(User(s.clone())), - None => Outcome::Error((Status::Unauthorized, ())), + Some(s) => Outcome::Success(RegularUser(s.clone())), + None => Outcome::Forward(Status::Unauthorized), } } } diff --git a/src/auth/session.rs b/src/auth/session.rs index e81a98e..273577f 100644 --- a/src/auth/session.rs +++ b/src/auth/session.rs @@ -64,8 +64,8 @@ impl Sessions { #[derive(Serialize, Deserialize, Debug, Clone)] pub struct SessionData { - user_id: i32, - expires_at: u64, + pub user_id: i32, + pub expires_at: u64, } impl SessionData { diff --git a/src/controller/mod.rs b/src/controller/mod.rs index 60a7a21..5cfed08 100644 --- a/src/controller/mod.rs +++ b/src/controller/mod.rs @@ -1,13 +1,22 @@ -use maud::Markup; +use maud::{html, Markup}; use rocket::http::CookieJar; +use crate::auth::RegularUser; + pub mod login; pub mod register; pub mod user; #[get("/")] -pub fn index(cookies: &CookieJar<'_>) -> Markup { - cookies.add_private(("rocket_session_id", "123456")); +pub fn index(user: RegularUser) -> Markup { + let RegularUser(user) = user; + html! { + "Logged in with user id: " (user.user_id) " :D" + } +} + +#[get("/", rank = 2)] +pub fn index_login(cookies: &CookieJar<'_>) -> Markup { crate::view::login::login() } diff --git a/src/main.rs b/src/main.rs index 88820ea..12c6da6 100644 --- a/src/main.rs +++ b/src/main.rs @@ -20,7 +20,7 @@ fn rocket() -> _ { .manage(auth::session::Sessions::new()) .register("/", catchers![view::not_authorized]) .attach(DefaultDB::init()) - .mount("/", routes![controller::index,]) + .mount("/", routes![controller::index, controller::index_login,]) .mount( "/f", routes![controller::user::create_user, controller::login::login,], diff --git a/src/view/login.rs b/src/view/login.rs index 00247c8..e4bf1bb 100644 --- a/src/view/login.rs +++ b/src/view/login.rs @@ -4,6 +4,6 @@ use super::default_skeleton; pub fn login() -> Markup { default_skeleton(html! { - "TODO" + "NOT LOGGED IN! :O" }) }