shockrah/freechat
shockrah/freechat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

No more jwt db checks

Browse Source 
Also wrapping relevant db code with ok/err checks
This commit is contained in:
shockrah 2021-03-30 22:45:39 -07:00
parent 41202507c1
commit 75dcb7b73e
3 changed files with 29 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
json-api/migrations/2020-12-29-030934_jwt/down.sql
View File

@ -1,2 +0,0 @@
-- This file should undo anything in `up.sql`
DROP TABLE `jwt`;

5
json-api/migrations/2020-12-29-030934_jwt/up.sql
View File

@ -1,5 +0,0 @@
CREATE TABLE IF NOT EXISTS `jwt`(
`id` BIGINT UNSIGNED NOT NULL,
`token` VARCHAR(256) NOT NULL,
PRIMARY KEY (`id`)
);

61
json-api/src/auth.rs
View File

@ -108,7 +108,7 @@ pub fn encrypt_secret(raw: &str) -> BcryptResult<String> {
}
async fn valid_jwt(p: &Pool, token: &str) -> AuthReason {
async fn valid_jwt(token: &str) -> AuthReason {
use jsonwebtoken::{
decode, DecodingKey,
Validation, Algorithm
@ -123,13 +123,12 @@ async fn valid_jwt(p: &Pool, token: &str) -> AuthReason {
.as_millis() as i64;
// subject used for querying speed NOT security
let listed = db::auth::listed_jwt(p, decoded.claims.sub, token).await.unwrap();
let active = now < decoded.claims.exp;
return match listed && active {
true => AuthReason::Good,
false => AuthReason::BadKey
};
if active {
AuthReason::Good
} else {
AuthReason::BadKey
}
}
else {
return AuthReason::BadKey;
@ -172,7 +171,7 @@ pub async fn wall_entry<'path, 'pool, 'params>(
if let Some(jwt) = jwt {
// get the headers here
return valid_jwt(pool, jwt).await;
return valid_jwt(jwt).await;
}
if let Some((id, secret)) = login_params_from_qs(params) {
// Last chance we might be hitting the /login route so we have to do the heavy auth flow
@ -181,22 +180,28 @@ pub async fn wall_entry<'path, 'pool, 'params>(
return AuthReason::BadKey;
}
else {
return match Member::get(pool, id).await {
Response::Row(user) => {
if valid_secret(secret, &user.secret) && valid_perms(user, path){
AuthReason::LoginValid
}
else {
AuthReason::BadKey
}
},
Response::Empty => AuthReason::BadKey,
Response::Other(err) => AuthReason::ServerIssue(err),
_ => AuthReason::ServerIssue("db-lib returned garbage".into())
match Member::get(pool, id).await {
Ok(response) => match response {
Response::Row(user) => {
if valid_secret(secret, &user.secret) && valid_perms(user, path){
AuthReason::LoginValid
}
else {
AuthReason::BadKey
}
},
Response::Empty => AuthReason::BadKey,
Response::Other(err) => AuthReason::ServerIssue(err),
_ => AuthReason::ServerIssue("db-lib returned garbage".into())
}
Err(err) => {
AuthReason::ServerIssue(format!("{}", err))
}
}
}
} else {
return AuthReason::NoKey;
}
return AuthReason::NoKey;
}
pub async fn login_get_jwt(p: &Pool, response: &mut hyper::Response<hyper::Body>, params: HashMap<String, String>) {
@ -219,18 +224,10 @@ pub async fn login_get_jwt(p: &Pool, response: &mut hyper::Response<hyper::Body>
&claim,
&ENCODING_KEY).unwrap();
match db::auth::add_jwt(p, id, &encoded).await {
Ok(_) => {
response.headers_mut().insert("Content-Type",
HeaderValue::from_static("application/json"));
response.headers_mut().insert("Content-Type",
HeaderValue::from_static("application/json"));
http::set_json_body(response, serde_json::json!({"jwt": encoded}));
},
Err(e) => {
eprintln!("{}", e);
*response.status_mut() = hyper::StatusCode::INTERNAL_SERVER_ERROR;
}
};
http::set_json_body(response, serde_json::json!({"jwt": encoded}));
}