From 75dcb7b73eb9489ed6a610f91cc2e71a68cf67ce Mon Sep 17 00:00:00 2001
From: shockrah <alejandros714@protonmail.com>
Date: Tue, 30 Mar 2021 22:45:39 -0700
Subject: [PATCH] No more jwt db checks Also wrapping relevant db code with
 ok/err checks

---
 .../migrations/2020-12-29-030934_jwt/down.sql |  2 -
 .../migrations/2020-12-29-030934_jwt/up.sql   |  5 --
 json-api/src/auth.rs                          | 61 +++++++++----------
 3 files changed, 29 insertions(+), 39 deletions(-)
 delete mode 100644 json-api/migrations/2020-12-29-030934_jwt/down.sql
 delete mode 100644 json-api/migrations/2020-12-29-030934_jwt/up.sql

diff --git a/json-api/migrations/2020-12-29-030934_jwt/down.sql b/json-api/migrations/2020-12-29-030934_jwt/down.sql
deleted file mode 100644
index 14ed108..0000000
--- a/json-api/migrations/2020-12-29-030934_jwt/down.sql
+++ /dev/null
@@ -1,2 +0,0 @@
--- This file should undo anything in `up.sql`
-DROP TABLE `jwt`;
\ No newline at end of file
diff --git a/json-api/migrations/2020-12-29-030934_jwt/up.sql b/json-api/migrations/2020-12-29-030934_jwt/up.sql
deleted file mode 100644
index 544afe2..0000000
--- a/json-api/migrations/2020-12-29-030934_jwt/up.sql
+++ /dev/null
@@ -1,5 +0,0 @@
-CREATE TABLE IF NOT EXISTS `jwt`(
-    `id` BIGINT UNSIGNED NOT NULL,
-    `token` VARCHAR(256) NOT NULL,
-    PRIMARY KEY (`id`)
-);
\ No newline at end of file
diff --git a/json-api/src/auth.rs b/json-api/src/auth.rs
index 1ecc958..d8ae090 100644
--- a/json-api/src/auth.rs
+++ b/json-api/src/auth.rs
@@ -108,7 +108,7 @@ pub fn encrypt_secret(raw: &str) -> BcryptResult<String> {
 }
 
 
-async fn valid_jwt(p: &Pool, token: &str)  -> AuthReason {
+async fn valid_jwt(token: &str)  -> AuthReason {
     use jsonwebtoken::{
         decode, DecodingKey,
         Validation, Algorithm
@@ -123,13 +123,12 @@ async fn valid_jwt(p: &Pool, token: &str)  -> AuthReason {
             .as_millis() as i64;
 
         // subject used for querying speed NOT security
-        let listed = db::auth::listed_jwt(p, decoded.claims.sub, token).await.unwrap();
         let active = now < decoded.claims.exp;
-
-        return match listed && active {
-            true => AuthReason::Good,
-            false => AuthReason::BadKey
-        };
+        if active {
+            AuthReason::Good
+        } else {
+            AuthReason::BadKey
+        }
     }
     else {
         return AuthReason::BadKey;
@@ -172,7 +171,7 @@ pub async fn wall_entry<'path, 'pool, 'params>(
 
     if let Some(jwt) = jwt {
         // get the headers here
-        return valid_jwt(pool, jwt).await;
+        return valid_jwt(jwt).await;
     }
     if let Some((id, secret)) = login_params_from_qs(params) {
         // Last chance we might be hitting the /login route so we have to do the  heavy auth flow
@@ -181,22 +180,28 @@ pub async fn wall_entry<'path, 'pool, 'params>(
             return AuthReason::BadKey;
         }
         else {
-            return match Member::get(pool, id).await {
-                Response::Row(user) => {
-                    if valid_secret(secret, &user.secret) && valid_perms(user, path){
-                        AuthReason::LoginValid
-                    }
-                    else {
-                        AuthReason::BadKey
-                    }
-                },
-                Response::Empty => AuthReason::BadKey,
-                Response::Other(err)  => AuthReason::ServerIssue(err),
-                _ => AuthReason::ServerIssue("db-lib returned garbage".into())
+            match Member::get(pool, id).await {
+                Ok(response) => match response {
+                    Response::Row(user) => {
+                        if valid_secret(secret, &user.secret) && valid_perms(user, path){
+                            AuthReason::LoginValid
+                        }
+                        else {
+                            AuthReason::BadKey
+                        }
+                    },
+                    Response::Empty => AuthReason::BadKey,
+                    Response::Other(err)  => AuthReason::ServerIssue(err),
+                    _ => AuthReason::ServerIssue("db-lib returned garbage".into())
+                }
+                Err(err) => {
+                    AuthReason::ServerIssue(format!("{}", err))
+                }
             }
         }
+    } else {
+        return AuthReason::NoKey;
     }
-    return AuthReason::NoKey;
 }
 
 pub async fn login_get_jwt(p: &Pool, response: &mut hyper::Response<hyper::Body>, params: HashMap<String, String>) {
@@ -219,18 +224,10 @@ pub async fn login_get_jwt(p: &Pool, response: &mut hyper::Response<hyper::Body>
         &claim, 
         &ENCODING_KEY).unwrap();
     
-    match db::auth::add_jwt(p, id, &encoded).await {
-        Ok(_) => {
-            response.headers_mut().insert("Content-Type",
-            HeaderValue::from_static("application/json"));
+    response.headers_mut().insert("Content-Type",
+    HeaderValue::from_static("application/json"));
 
-            http::set_json_body(response, serde_json::json!({"jwt": encoded}));
-        },
-        Err(e) => {
-            eprintln!("{}", e);
-            *response.status_mut() = hyper::StatusCode::INTERNAL_SERVER_ERROR;
-        }
-    };
+    http::set_json_body(response, serde_json::json!({"jwt": encoded}));
 }