diff --git a/server-api/src/auth.rs b/server-api/src/auth.rs index 31ca816..8d198e0 100644 --- a/server-api/src/auth.rs +++ b/server-api/src/auth.rs @@ -1,4 +1,4 @@ -use bcrypt; +use bcrypt::{self, BcryptResult}; use mysql_async::{Pool}; use mysql_async::error::Error as SqlError; @@ -9,6 +9,7 @@ use db::{member::Member, common::FromDB}; use db::Response; // used when we create a new users for the first time +#[derive(Debug)] pub enum AuthReason { Good, //passed regular check OpenAuth, // route does not require auth @@ -17,10 +18,15 @@ pub enum AuthReason { } -fn valid_user(given_pass: &str, hash: &str) -> bool { - return match bcrypt::verify(given_pass, hash) { +fn valid_secret(given_pass: &str, hash: &str) -> bool { + let result = bcrypt::verify(given_pass, hash); + println!("\tGiven: {} \tRaw: {}\t{:?}", given_pass, hash, result); + return match result { Ok(result) => result, - Err(_) => return false + Err(e) => { + eprintln!("{}", e); + return false; + } } } @@ -34,12 +40,32 @@ fn valid_perms(member: Member, path: &str) -> bool { return true; } +pub fn generate_secret() -> String { + /* + * Generates a url-safe-plaintext secret for our db + * */ + use getrandom::getrandom; + use base64::{encode_config, URL_SAFE}; + + let mut buf: Vec = vec![0;64]; + getrandom(&mut buf).unwrap(); + encode_config(buf,URL_SAFE) +} + +pub fn encrypt_secret(raw: &str) -> BcryptResult { + const BCRYPT_COST: u32 = 14; + return bcrypt::hash(raw, BCRYPT_COST); +} + pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) -> Result { - // Start by Checking if the api key is in our keystore + use std::borrow::Cow; + + // Dont need to auth if it's not required if routes::is_open(path) { Ok(AuthReason::OpenAuth) } else { + // make sure we have some legit parameter to use match (params.get("id"), params.get("secret")) { /* * If we apparantly have user data then check for validity in credentials @@ -48,10 +74,9 @@ pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) -> /* unwrapping because i couldn't care less about poorly formatted request data */ let id = id_v.as_u64().unwrap_or(0); // basically nobody is allowed to have 0 as its supposed to be reserved let secret = secret_v.as_str().unwrap_or(""); - use std::borrow::Cow; return match Member::get(pool, id).await { Response::Row(user) => { - if valid_user(secret, &user.secret) && valid_perms(user, path){ + if valid_secret(secret, &user.secret) == true && valid_perms(user, path){ Ok(AuthReason::Good) } else { @@ -70,17 +95,6 @@ pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) -> } } -pub fn generate_secret() -> String { - /* - * Generates a url-safe-plaintext secret for our db - * */ - use getrandom::getrandom; - use base64::{encode_config, URL_SAFE}; - - let mut buf: Vec = vec![0;64]; - getrandom(&mut buf).unwrap(); - encode_config(buf,URL_SAFE) -} @@ -111,4 +125,13 @@ mod auth_tests { assert_eq!(true, result.is_ok()); } + #[test] + fn validity_check() { + use bcrypt::{hash, DEFAULT_COST}; + let plain = super::generate_secret(); + match hash(&plain, DEFAULT_COST) { + Ok(hash) => assert_eq!(super::valid_secret(&plain, &hash), true), + Err(err) => panic!("{}", err) + } + } } diff --git a/server-api/src/routes.rs b/server-api/src/routes.rs index 1a7e0b3..2ad0b06 100644 --- a/server-api/src/routes.rs +++ b/server-api/src/routes.rs @@ -1,7 +1,6 @@ // TODO: this whole ass module bro i mean c'mon.... just just clean it type Rstr = &'static str; -pub const SERVER_META: Rstr = "/meta"; // @returns server meta document TBD pub const INVITE_CREATE: Rstr = "/invite/create"; // @ perms::CREATE_INVITE pub const CHANNELS_LIST: Rstr = "/channels/list"; // requires none @@ -59,13 +58,6 @@ pub fn is_open(path: &str) -> bool { * Simple interface for determining if a route/base is open * i.e. requires authentication or not */ - let mut ret = path == SERVER_META; - for route in DYNAMIC_ROUTE_BASES.iter() { - if route.1 == true || ret == true{ - ret = true; - break; - } - } - return ret; + return path.starts_with("/join/"); }