shockrah/freechat
shockrah/freechat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Removed joindate from members schema

Browse Source 
+ Auth module now uses std::time for time based calculations
! All time notations are i64 and rounded to the Millisecond

* Moving db pool to a lazy static to avoid constructing a whole pool on every request

+ Adding more logging per request, even if its lazy logging
* Content-Types are now correctly written per type
This commit is contained in:
shockrah 2021-03-20 19:47:59 -07:00
parent 8812ff7198
commit 03c41b6833
5 changed files with 41 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
json-api/Makefile
View File

@ -4,5 +4,8 @@ default:
dep:
cargo update
run:
cargo run --release -- -s
clean:
cargo clean

1
json-api/migrations/2020-07-05-215114_members/up.sql
View File

@ -4,7 +4,6 @@ CREATE TABLE IF NOT EXISTS `members`(
`id` BIGINT UNSIGNED NOT NULL auto_increment,
`secret` varchar(256) NOT NULL,
`name` varchar(256) NOT NULL,
`joindate` bigint NOT NULL,
`status` integer NOT NULL,
`permissions` bigint UNSIGNED NOT NULL,
PRIMARY KEY( `id` , `secret` )

6
json-api/src/auth.rs
View File

@ -3,7 +3,7 @@ use bcrypt::{self, BcryptResult};
use mysql_async::Pool;
use std::collections::HashMap;
use std::time::{SystemTime, UNIX_EPOCH};
use std::time::{Duration, SystemTime, UNIX_EPOCH};
use crate::routes;
use crate::qs_param;
@ -30,7 +30,9 @@ struct Claim {
impl Claim {
pub fn new(id: db::UBigInt) -> Claim {
let now = SystemTime::now()
// JWT's expire every 48 hours
let now = (SystemTime::now() + Duration::from_secs(60 * 60 * 48))
.duration_since(UNIX_EPOCH)
.expect("System time fetch failed")
.as_millis() as i64;

45
json-api/src/main.rs
View File

@ -45,6 +45,12 @@ const NO_ERR: u16 = 0;
const CONFIG_ERR: u16 = 1;
const SHUTDOWN_ERR: u16 = 2;
lazy_static! {
static ref DB_POOL: Pool = {
Pool::new(&env::var("DATABASE_URL").unwrap())
};
}
async fn route_dispatcher(
pool: &Pool,
resp: &mut Response<Body>,
@ -82,7 +88,7 @@ async fn route_dispatcher(
/* META ROUTE */
(GET, routes::META) => meta::server_meta(resp).await,
_ => {
eprintln!("\tNOT FOUND: {}: {}", meth, path);
println!("\tNOT FOUND: {}: {}", meth, path);
*resp.status_mut() = StatusCode::NOT_FOUND
}
}
@ -104,13 +110,21 @@ async fn main_responder(request: Request<Body>) -> Result<Response<Body>, hyper:
};
if let Some(params) = params_opt {
let mysql_pool = Pool::new(&env::var("DATABASE_URL").unwrap());
match auth::wall_entry(path, &mysql_pool, &params).await {
OpenAuth | Good => route_dispatcher(&mysql_pool, &mut response, &method, path, body, params, headers).await,
LoginValid => auth::login_get_jwt(&mysql_pool, &mut response, params).await,
NoKey | BadKey => *response.status_mut() = StatusCode::UNAUTHORIZED,
match auth::wall_entry(path, &DB_POOL, &params).await {
OpenAuth | Good => {
// route dispatch has its own more comprehensive logging
route_dispatcher(&DB_POOL, &mut response, &method, path, body, params, headers).await;
},
LoginValid => {
println!("LoginValid");
auth::login_get_jwt(&DB_POOL, &mut response, params).await;
},
NoKey | BadKey => {
println!("NoKey | BadKey");
*response.status_mut() = StatusCode::UNAUTHORIZED;
},
ServerIssue(msg) => {
println!("\tAUTH : 500 [{}]", msg);
eprintln!("{}", msg);
*response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR;
}
}
@ -158,8 +172,8 @@ async fn attempt_owner_creation(name: &str) {
let p = Pool::new(&env::var("DATABASE_URL").unwrap());
let owner_secret = auth::generate_secret();
if let Ok(enc_secret) = auth::encrypt_secret(&owner_secret) {
if let Ok(response) = db::Member::add(&p, name, &enc_secret, perms::OWNER).await {
match response {
match db::Member::add(&p, name, &enc_secret, perms::OWNER).await {
Ok(response) => match response {
db::Response::Row(mut owner) => {
owner.secret = owner_secret; // giving the secret itself back to the user
let server_config = serde_json::json!({
@ -168,15 +182,10 @@ async fn attempt_owner_creation(name: &str) {
});
println!("{}", serde_json::to_string_pretty(&server_config).unwrap());
},
db::Response::Empty => {
eprintln!("SQL server failed to return owner data, check configs and also the members table to make sure there's nothing there by accident");
},
_ => {}
};
}
else {
eprintln!("Could not communicate with the SQL server, check your configs!");
}
_ => eprintln!("SQL server failed to return owner data, check configs and also the members table to make sure there's nothing there by accident")
},
Err(e) => eprintln!("Error communicating with database : {}", e)
};
}
else {
eprintln!("Could not generate a proper secret");

8
json-api/src/messages.rs
View File

@ -68,6 +68,7 @@ pub async fn send_message(pool: &Pool, response: &mut Response<Body>, body: Body
let uid = qs_param!(params, "id", u64).unwrap();
let ctype: Option<&str> = match headers.get("Content-Type") {
Some(hval) => {
println!("{:?}", hval);
match hval.to_str() {
Ok(s) => Some(s),
_ => None
@ -96,7 +97,12 @@ pub async fn send_message(pool: &Pool, response: &mut Response<Body>, body: Body
*response.status_mut() = StatusCode::BAD_REQUEST;
} else {
// block away wrong content types
const CONTENT_TYPES: [&'static str;7] = ["text", "png", "jpeg", "jpg", "webm", "mp3", "mp4"];
const CONTENT_TYPES: [&'static str;7] = [
"text/plain",
"image/png", "image/jpeg", "image/jpg",
"application/webm", "application/mp4",
"application/mp3"
];
if CONTENT_TYPES.contains(&ctype.unwrap()) == false {
*response.status_mut() = StatusCode::BAD_REQUEST;
}