structures for authentication payloads

added new temporary goal
slowly integrating payload module into invites and users modules

server/src/invites.rs

@@ -4,7 +4,7 @@ use rand::random;
 use chrono::{Duration, Utc};
 use crate::DBConn;
 use crate::models::Invite;
-use crate::schema;
+use crate::{schema, payload};
 
 /*
 TODO: both the generation and usage endpoints for invites need the following
@@ -35,7 +35,10 @@ pub fn generate_invite(conn: DBConn) -> Result<String, String> {
 
 #[get("/<hash>")]
 pub fn use_invite(hash: u64, conn: DBConn) -> Result<String, String> {
-    // jank but whatever
+    use rand::{thread_rng, Rng};
+    use rand::distributions::Alphanumeric;
+
+    // NOTE: collection of 1 item from the table could be done cleaner
     use schema::invites::dsl::*;
     let data: Vec<Invite> = invites.select((id, expires, uses))
         .filter(id.eq(hash))
@@ -43,11 +46,18 @@ pub fn use_invite(hash: u64, conn: DBConn) -> Result<String, String> {
         .unwrap();
 
     if data.is_empty() {
-        Err("invite does not exist".to_string())
+        Err("invite does not exist".into())
     }
     else {
+        let invite_id = data[0].id;
+        // generating the field data we need for the random token
+        let nu_token: String = thread_rng()
+            .sample_iter(&Alphanumeric)
+            .take(30)
+            .collect();
+
         let row = diesel::delete(invites.filter(id.eq(hash))).execute(&conn.0);
-        Ok(format!("Invite used successfully {:?}", row))
+        Ok(format!("Invite used successfully {:?} random fields[{}]", row, nu_token))
     }
 }
 

server/src/payload.rs

@@ -8,7 +8,6 @@
 #[derive(Serialize)]
 pub struct NewUserResponse {
     pub userid: u64,
-    pub token: String,
     pub username: String,
-    pub email: Option<String>,
+    pub email: String,
 }

server/src/users.rs

@@ -7,28 +7,30 @@ use crate::payload;
 pub struct NewUserForm {
     pub username: String,
     pub display: Option<String>,
-    pub email: Option<String>,
+    pub email: Option<String>,      // email users wants to use
-    pub password: String    // this part is generated for the user if an invite is used
+    pub password: String,   // user provided password to use
+    pub token: String,   // initially given to the user by the server
+    pub invite_id: u64   // invite that they used to join the server
 }
 
 #[post("/create", data = "<user_sign_up>")]
 pub fn create_user(user_sign_up: Form<NewUserForm>) -> Json<payload::NewUserResponse> {
-    let email = match user_sign_up.email.clone() {
+    // Constructing the response to the user with stuff they'll need to reconnect to the server
-        Some(val) => {
+    let email: String = match user_sign_up.email.clone() {
-            val
+        Some(mail) => {
+            mail
         }
         None => {
             "None".to_string()
         }
     };
-
+    // TODO: generate the token key-values that the client needs to reconnect easily from now on
-    // Constructing the response to the user with stuff they'll need to reconnect to the server
     let user_auth = payload::NewUserResponse {
         userid: 1,
-        token: "random token".to_string(),
         username: user_sign_up.username.clone(),
-        email: Some(email),
+        email: email
     };
+
     Json(user_auth)
 }
 

server/todo.md

@@ -8,6 +8,9 @@ frontend js needs some testing if it's to be guaranteed to work at all
 this part we'll probably use an sql db or something that couples easily with rocket
     keep the user data designi as stupid simple as possible to enforce both security by surface and haxor simplicity
 
+Checking for users that are online needs to happen behind an auth wall
+
+
 # Auth
 
 * Modules should serve as a collection of authentication payloads and functions to verify that data from the client is correct