priv auth::blind_remove_session => impl not tested

pub auth::login => impl not tested
2020-05-19 19:36:29 -07:00 · 2020-05-19 19:36:29 -07:00 · b007f57dfe
commit b007f57dfe
parent dcb9e9641e
2 changed files with 17 additions and 12 deletions
--- a/server/src/auth.rs
+++ b/server/src/auth.rs
@ -1,6 +1,7 @@
 // Handlers for the base auth routes
 use crate::{
    DBConn, schema,
+    utils,
    models::{
        Invite,
        User
@ -10,7 +11,7 @@ use crate::{
 use rocket::http::Status;
 use rocket::response::{self, Responder, Response};
 use rocket::request::{Form, Request};
-use rocket_contrib::json::Json;
+use rocket_contrib::json::{Json, JsonValue};
 use diesel::{self, prelude::*};
 use std::{error, fmt};

@ -27,10 +28,6 @@ pub struct AuthKey {
    secret: String,
 }

-#[derive(Serialize)]
-pub struct SessionToken {
-    pub data: String
-}
 pub type AuthResult<T, AuthErr> = std::result::Result<T, AuthErr>;

 #[derive(Debug, Clone)]
@ -100,7 +97,7 @@ pub fn join(conn: DBConn, hashcode: u64, name: String) -> AuthResult<Json<User>,
 }

 fn confirm_user_api_access(conn: &MysqlConnection, user_id: u64, user_secret: &str) -> bool {
-    use schema::users::{self, dsl::*};
+    use schema::users::dsl::*;
    let result = users
        .filter(id.eq(user_id))
        .filter(secret.eq(user_secret))
@ -113,21 +110,29 @@ fn confirm_user_api_access(conn: &MysqlConnection, user_id: u64, user_secret: &s
 }

 fn blind_remove_session(conn: &MysqlConnection, sesh_secret: &str) {
+    use crate::schema::sessions::dsl::*;
+
+    let _ignore_result = diesel::delete(sessions
+        .filter(secret.eq(sesh_secret)))
+        .execute(conn);
+}
+
+fn create_new_session_key() -> String {
+    let key_raw = utils::new_key();
+    utils::encode_param(&key_raw)
 }

 #[post("/login", data = "<api_key>")]
-pub fn login(conn: DBConn, api_key: Form<AuthKey>) -> AuthResult<Json<SessionToken>, AuthErr>{
+pub fn login(conn: DBConn, api_key: Form<AuthKey>) -> AuthResult<JsonValue, AuthErr>{
    /*
     * Session Tokens are used to key into a subset of online users
     * This is what should make queries faster per instance as we'll have less data to sift through w/ diesel
    */

    if confirm_user_api_access(&conn.0, api_key.id, &api_key.secret) {
-        // Dump any tokens from before and make a new one
        blind_remove_session(&conn.0, &api_key.secret);
-        Ok(Json(SessionToken {
-            data: "skeleton code".to_string()
-        }))
+        let key = create_new_session_key();
+        Ok(json!({"key": key}))
    }
    else {
        Err(AuthErr {
--- a/server/src/main.rs
+++ b/server/src/main.rs
@ -46,7 +46,7 @@ pub fn rocket() -> rocket::Rocket {
            remove_user, get_user_list
        ])
        .mount("/auth", routes![
-            auth::leave
+            auth::leave, auth::login
        ])
        .attach(Template::fairing())
        .attach(DBConn::fairing())