From 64f20f01ec555d04b94813e1d5524be6de837013 Mon Sep 17 00:00:00 2001 From: shockrah Date: Thu, 13 Feb 2020 17:13:41 -0800 Subject: [PATCH] structures for authentication payloads added new temporary goal slowly integrating payload module into invites and users modules --- server/src/invites.rs | 18 ++++++++++++++---- server/src/payload.rs | 3 +-- server/src/users.rs | 20 +++++++++++--------- server/todo.md | 3 +++ 4 files changed, 29 insertions(+), 15 deletions(-) diff --git a/server/src/invites.rs b/server/src/invites.rs index 42a7213..8c64db9 100644 --- a/server/src/invites.rs +++ b/server/src/invites.rs @@ -4,7 +4,7 @@ use rand::random; use chrono::{Duration, Utc}; use crate::DBConn; use crate::models::Invite; -use crate::schema; +use crate::{schema, payload}; /* TODO: both the generation and usage endpoints for invites need the following @@ -35,7 +35,10 @@ pub fn generate_invite(conn: DBConn) -> Result { #[get("/")] pub fn use_invite(hash: u64, conn: DBConn) -> Result { - // jank but whatever + use rand::{thread_rng, Rng}; + use rand::distributions::Alphanumeric; + + // NOTE: collection of 1 item from the table could be done cleaner use schema::invites::dsl::*; let data: Vec = invites.select((id, expires, uses)) .filter(id.eq(hash)) @@ -43,11 +46,18 @@ pub fn use_invite(hash: u64, conn: DBConn) -> Result { .unwrap(); if data.is_empty() { - Err("invite does not exist".to_string()) + Err("invite does not exist".into()) } else { + let invite_id = data[0].id; + // generating the field data we need for the random token + let nu_token: String = thread_rng() + .sample_iter(&Alphanumeric) + .take(30) + .collect(); + let row = diesel::delete(invites.filter(id.eq(hash))).execute(&conn.0); - Ok(format!("Invite used successfully {:?}", row)) + Ok(format!("Invite used successfully {:?} random fields[{}]", row, nu_token)) } } diff --git a/server/src/payload.rs b/server/src/payload.rs index f54fc3c..560e4bc 100644 --- a/server/src/payload.rs +++ b/server/src/payload.rs @@ -8,7 +8,6 @@ #[derive(Serialize)] pub struct NewUserResponse { pub userid: u64, - pub token: String, pub username: String, - pub email: Option, + pub email: String, } \ No newline at end of file diff --git a/server/src/users.rs b/server/src/users.rs index 9df27d9..928e325 100644 --- a/server/src/users.rs +++ b/server/src/users.rs @@ -7,28 +7,30 @@ use crate::payload; pub struct NewUserForm { pub username: String, pub display: Option, - pub email: Option, - pub password: String // this part is generated for the user if an invite is used + pub email: Option, // email users wants to use + pub password: String, // user provided password to use + pub token: String, // initially given to the user by the server + pub invite_id: u64 // invite that they used to join the server } #[post("/create", data = "")] pub fn create_user(user_sign_up: Form) -> Json { - let email = match user_sign_up.email.clone() { - Some(val) => { - val + // Constructing the response to the user with stuff they'll need to reconnect to the server + let email: String = match user_sign_up.email.clone() { + Some(mail) => { + mail } None => { "None".to_string() } }; - - // Constructing the response to the user with stuff they'll need to reconnect to the server + // TODO: generate the token key-values that the client needs to reconnect easily from now on let user_auth = payload::NewUserResponse { userid: 1, - token: "random token".to_string(), username: user_sign_up.username.clone(), - email: Some(email), + email: email }; + Json(user_auth) } diff --git a/server/todo.md b/server/todo.md index 6a748c7..4de5ffe 100644 --- a/server/todo.md +++ b/server/todo.md @@ -8,6 +8,9 @@ frontend js needs some testing if it's to be guaranteed to work at all this part we'll probably use an sql db or something that couples easily with rocket keep the user data designi as stupid simple as possible to enforce both security by surface and haxor simplicity +Checking for users that are online needs to happen behind an auth wall + + # Auth * Modules should serve as a collection of authentication payloads and functions to verify that data from the client is correct