nerdcult
/
api
4
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: nerdcult:b79457485087390c0c969f94a3dd9799cede141e
Branches Tags
nerdcult:master
..
compare: nerdcult:040d338ae0f460966b578c3d26d1c51a6205dc1e
Branches Tags
nerdcult:master

2 Commits
b794574850 ... 040d338ae0

Author SHA1 Message Date
antifallobst 040d338ae0
feat(api): fully implemented the authenticate endpoint 2023-08-17 00:57:08 +02:00
antifallobst 1477e4cef6
feat(api): fully implemented the verify endpoint 2023-08-17 00:44:57 +02:00
3 changed files with 51 additions and 6 deletions
Show Stats Expand all files Collapse all files

10
src/accounts.rs
View File

@ -115,4 +115,14 @@ impl Account {
Err(e) => Err(Error::new(e)), Err(e) => Err(Error::new(e)),
} }
} }
pub async fn check_password(&self, password: String) -> Result<bool> {
let hash = PasswordHash::new(self.password.as_str())
.map_err(|_| anyhow::Error::msg("Failed to parse the password hash"))?;
match Pbkdf2.verify_password(password.as_bytes(), &hash) {
Ok(_) => Ok(true),
Err(_) => Ok(false),
}
}
} }

32
src/api/account/handlers.rs
View File

@ -33,7 +33,10 @@ pub async fn register(
return Ok(data::RegisterResponse::Blocked); return Ok(data::RegisterResponse::Blocked);
} }
if Account::from_username(pool, &request.username).await?.is_some() { if Account::from_username(pool, &request.username)
.await?
.is_some()
{
return Ok(data::RegisterResponse::Conflict( return Ok(data::RegisterResponse::Conflict(
data::RegisterConflict::Username, data::RegisterConflict::Username,
)); ));
@ -59,7 +62,10 @@ pub async fn register(
SmtpClientBuilder::new(&std::env::var("SMTP_HOST_URL")?, 465) SmtpClientBuilder::new(&std::env::var("SMTP_HOST_URL")?, 465)
.implicit_tls(true) .implicit_tls(true)
.credentials(mail_send::Credentials::Plain { username: &std::env::var("SMTP_USER")?, secret: &std::env::var("SMTP_PASSWORD")? }) .credentials(mail_send::Credentials::Plain {
username: &std::env::var("SMTP_USER")?,
secret: &std::env::var("SMTP_PASSWORD")?,
})
.connect() .connect()
.await? .await?
.send(message) .send(message)
@ -78,6 +84,13 @@ pub async fn verify(
return Ok(data::VerifyResponse::Blocked); return Ok(data::VerifyResponse::Blocked);
} }
let token = match VerificationToken::check(pool, request.token).await? {
Some(t) => t,
None => return Ok(data::VerifyResponse::TokenUnknown),
};
token.apply(pool).await?;
Ok(data::VerifyResponse::Success) Ok(data::VerifyResponse::Success)
} }
@ -89,10 +102,19 @@ pub async fn authenticate(
return Ok(data::AuthenticateResponse::Blocked); return Ok(data::AuthenticateResponse::Blocked);
} }
let account = match Account::from_username(pool, &request.username).await? {
Some(a) => a,
None => return Ok(data::AuthenticateResponse::UserNotFound),
};
if !account.check_password(request.password).await? {
return Ok(data::AuthenticateResponse::WrongPassword);
}
let token = AuthToken::new(pool, account.id, chrono::Duration::days(7)).await?;
Ok(data::AuthenticateResponse::Success( Ok(data::AuthenticateResponse::Success(
data::AuthenticateSuccess { data::AuthenticateSuccess { token: token.token },
token: "not_a_valid_token".to_string(),
},
)) ))
} }

13
src/tokens.rs
View File

@ -1,3 +1,4 @@
use crate::accounts::Account;
use anyhow::{Error, Result}; use anyhow::{Error, Result};
use sqlx::{mysql::MySqlPool, types::chrono as sqlx_chrono}; use sqlx::{mysql::MySqlPool, types::chrono as sqlx_chrono};
@ -159,4 +160,16 @@ impl VerificationToken {
Err(e) => Err(Error::new(e)), Err(e) => Err(Error::new(e)),
} }
} }
pub async fn apply(&self, pool: &MySqlPool) -> Result<()> {
sqlx::query!(r#"DELETE FROM VerificationTokens WHERE token = ?;"#, self.token)
.execute(pool)
.await?;
sqlx::query!(r#"UPDATE Accounts SET verified=true WHERE id = ?;"#, self.account)
.execute(pool)
.await?;
Ok(())
}
} }