shockrah/freechat
shockrah/freechat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

No more jwt db checks

Browse Source 
Also wrapping relevant db code with ok/err checks
This commit is contained in:
shockrah 2021-03-30 22:45:39 -07:00
parent 41202507c1
commit 75dcb7b73e
3 changed files with 29 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
json-api/migrations/2020-12-29-030934_jwt/down.sql
View File

@ -1,2 +0,0 @@
-- This file should undo anything in `up.sql`
DROP TABLE `jwt`;

5
json-api/migrations/2020-12-29-030934_jwt/up.sql
View File

@ -1,5 +0,0 @@
CREATE TABLE IF NOT EXISTS `jwt`(
`id` BIGINT UNSIGNED NOT NULL,
`token` VARCHAR(256) NOT NULL,
PRIMARY KEY (`id`)
);

61
json-api/src/auth.rs
View File

@ -108,7 +108,7 @@ pub fn encrypt_secret(raw: &str) -> BcryptResult<String> {
} }
async fn valid_jwt(p: &Pool, token: &str) -> AuthReason { async fn valid_jwt(token: &str) -> AuthReason {
use jsonwebtoken::{ use jsonwebtoken::{
decode, DecodingKey, decode, DecodingKey,
Validation, Algorithm Validation, Algorithm
@ -123,13 +123,12 @@ async fn valid_jwt(p: &Pool, token: &str) -> AuthReason {
.as_millis() as i64; .as_millis() as i64;
// subject used for querying speed NOT security // subject used for querying speed NOT security
let listed = db::auth::listed_jwt(p, decoded.claims.sub, token).await.unwrap();
let active = now < decoded.claims.exp; let active = now < decoded.claims.exp;
if active {
return match listed && active { AuthReason::Good
true => AuthReason::Good, } else {
false => AuthReason::BadKey AuthReason::BadKey
}; }
} }
else { else {
return AuthReason::BadKey; return AuthReason::BadKey;
@ -172,7 +171,7 @@ pub async fn wall_entry<'path, 'pool, 'params>(
if let Some(jwt) = jwt { if let Some(jwt) = jwt {
// get the headers here // get the headers here
return valid_jwt(pool, jwt).await; return valid_jwt(jwt).await;
} }
if let Some((id, secret)) = login_params_from_qs(params) { if let Some((id, secret)) = login_params_from_qs(params) {
// Last chance we might be hitting the /login route so we have to do the heavy auth flow // Last chance we might be hitting the /login route so we have to do the heavy auth flow
@ -181,22 +180,28 @@ pub async fn wall_entry<'path, 'pool, 'params>(
return AuthReason::BadKey; return AuthReason::BadKey;
} }
else { else {
return match Member::get(pool, id).await { match Member::get(pool, id).await {
Response::Row(user) => { Ok(response) => match response {
if valid_secret(secret, &user.secret) && valid_perms(user, path){ Response::Row(user) => {
AuthReason::LoginValid if valid_secret(secret, &user.secret) && valid_perms(user, path){
} AuthReason::LoginValid
else { }
AuthReason::BadKey else {
} AuthReason::BadKey
}, }
Response::Empty => AuthReason::BadKey, },
Response::Other(err) => AuthReason::ServerIssue(err), Response::Empty => AuthReason::BadKey,
_ => AuthReason::ServerIssue("db-lib returned garbage".into()) Response::Other(err) => AuthReason::ServerIssue(err),
_ => AuthReason::ServerIssue("db-lib returned garbage".into())
}
Err(err) => {
AuthReason::ServerIssue(format!("{}", err))
}
} }
} }
} else {
return AuthReason::NoKey;
} }
return AuthReason::NoKey;
} }
pub async fn login_get_jwt(p: &Pool, response: &mut hyper::Response<hyper::Body>, params: HashMap<String, String>) { pub async fn login_get_jwt(p: &Pool, response: &mut hyper::Response<hyper::Body>, params: HashMap<String, String>) {
@ -219,18 +224,10 @@ pub async fn login_get_jwt(p: &Pool, response: &mut hyper::Response<hyper::Body>
&claim, &claim,
&ENCODING_KEY).unwrap(); &ENCODING_KEY).unwrap();
match db::auth::add_jwt(p, id, &encoded).await { response.headers_mut().insert("Content-Type",
Ok(_) => { HeaderValue::from_static("application/json"));
response.headers_mut().insert("Content-Type",
HeaderValue::from_static("application/json"));
http::set_json_body(response, serde_json::json!({"jwt": encoded})); http::set_json_body(response, serde_json::json!({"jwt": encoded}));
},
Err(e) => {
eprintln!("{}", e);
*response.status_mut() = hyper::StatusCode::INTERNAL_SERVER_ERROR;
}
};
} }