some work

2023-03-26 11:08:06 -04:00 · 2023-03-26 11:08:06 -04:00 · c591c63f40
parent 109afa50ab
commit c591c63f40
14 changed files with 233 additions and 36 deletions
--- a/.env
+++ b/.env
@ -1 +1 @@
-DATABASE_URL=postgres://postgres:postgres@localhost/hotel
+DATABASE_URL=postgres://postgres@localhost/hotel
--- a/.idea/dataSources.xml
+++ b/.idea/dataSources.xml
@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
  <component name="DataSourceManagerImpl" format="xml" multifile-model="true">
-    <data-source source="LOCAL" name="hotel@localhost" uuid="105f1b61-47ca-4e1f-868e-283fceb34f96">
+    <data-source source="LOCAL" name="hotel@localhost" uuid="fcbea912-4e4c-4fa0-90f4-86901bab7984">
      <driver-ref>postgresql</driver-ref>
      <synchronize>true</synchronize>
      <jdbc-driver>org.postgresql.Driver</jdbc-driver>
--- a/Cargo.lock
+++ b/Cargo.lock
@ -581,6 +581,12 @@ dependencies = [
 "libc",
 ]
 [[package]]
 name = "hex"
 version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
 [[package]]
 name = "hotel"
 version = "0.1.0"
@ -589,9 +595,11 @@ dependencies = [
 "diesel",
 "diesel_migrations",
 "dotenvy",
 "hex",
 "log",
 "once_cell",
 "r2d2",
 "rand",
 "serde",
 "simple_logger",
 "toml 0.7.3",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -20,3 +20,6 @@ diesel = { version = "2.0.0", features = ["postgres", "r2d2"] } # Database
 dotenvy = "0.15"                                                # Database
 diesel_migrations = "2.0.0"                                     # Database
 r2d2 = "0.8.10"                                                 # Database
 rand = "0.8.5"  # Misc.
 hex = "0.4.3"   # Misc.
--- a/migrations/2023-03-26-024321_create_users/up.sql
+++ b/migrations/2023-03-26-024321_create_users/up.sql
@ -1,5 +1,6 @@
 CREATE TABLE users (
    id SERIAL NOT NULL PRIMARY KEY,
    name VARCHAR(128) NOT NULL UNIQUE,
-    discord_id BIGINT NOT NULL UNIQUE
+    discord_id BIGINT NOT NULL UNIQUE,
    password_hash VARCHAR(256) NOT NULL
 );
--- a/src/config.rs
+++ b/src/config.rs
@ -12,20 +12,20 @@ pub static CONFIG: Lazy<HotelConfig> = Lazy::new(|| {
        }
    };
-    let config = match toml::from_str(&config_str) {
+    match toml::from_str(&config_str) {
        Ok(cfg) => cfg,
        Err(e) => {
            error!("Unable to parse config file: {}", e);
            std::process::exit(1);
        }
-    };
+    }
    config
 });
 #[derive(Serialize, Debug, Deserialize)]
 pub struct HotelConfig {
    pub db_uri: String,
-    pub authorized_3fa_tokens: Vec<String>
+    pub authorized_3fa_tokens: Vec<String>,
    pub mfa_codes_expire_in: i64,
    pub authorized_new_user_tokens: Vec<String>
 }
--- a/src/main.rs
+++ b/src/main.rs
@ -13,40 +13,18 @@ pub mod config;
 pub mod error;
 pub mod models;
 pub mod schema;
 pub mod routes;
 pub mod util;
 pub const MIGRATIONS: EmbeddedMigrations = embed_migrations!();
 #[derive(Serialize, Deserialize)]
 pub struct CodeRequest3FA {
    token: String,
    user: String
 }
 #[post("/v1/3fa_code")]
 pub async fn get_3fa_code(req: Json<CodeRequest3FA>) -> HttpResponse {
    if !CONFIG.authorized_3fa_tokens.contains(&req.token) {
        return HttpResponse::Unauthorized().json(APIErrorResponse {
            errors: vec![
                APIError {
                    code: "ERR_INVALID_CODEREQ_TOKEN".to_string(),
                    message: "Invalid codereq token".to_string(),
                }
            ],
        })
    }
    HttpResponse::Ok().body("d")
 }
 pub type PgPool = Pool<ConnectionManager<PgConnection>>;
 #[actix_web::main]
 async fn main() -> std::io::Result<()> {
    simple_logger::init_with_level(Level::Debug).unwrap();
-    info!("Connecting to database...");
+    info!("Connecting to database at {}...", CONFIG.db_uri);
    let manager = ConnectionManager::new(&CONFIG.db_uri);
    let pool: PgPool = match Pool::builder().build(manager) {
@ -91,7 +69,8 @@ async fn main() -> std::io::Result<()> {
                    })
                ).into()
            }))
-            .service(get_3fa_code)
+            .service(routes::v1::code_3fa::get_3fa_code)
            .service(routes::v1::user_add::add_user_request)
    })
        .bind(("127.0.0.1", 8080))?
        .run()
--- a/src/models.rs
+++ b/src/models.rs
@ -1,11 +1,21 @@
 use diesel::prelude::*;
 use crate::schema::{users, codes_3fa};
 #[derive(Queryable)]
 #[diesel(table_name = users)]
 pub struct User {
    pub id: i32,
    pub name: String,
-    pub discord_id: i64
+    pub discord_id: i64,
    pub password_hash: String
 }
 #[derive(Insertable)]
 #[diesel(table_name = users)]
 pub struct NewUser {
    pub name: String,
    pub discord_id: i64,
    pub password_hash: String
 }
 #[derive(Queryable)]
@ -17,3 +27,11 @@ pub struct Code3FA {
    pub user_id: i32,
    pub expires_on: i64
 }
 #[derive(Insertable, Clone)]
 #[diesel(table_name = codes_3fa)]
 pub struct NewCode3FA {
    pub code: String,
    pub user_id: i32,
    pub expires_on: i64
 }
--- a/src/routes/mod.rs
+++ b/src/routes/mod.rs
@ -0,0 +1 @@
 pub mod v1;
--- a/src/routes/v1/code_3fa.rs
+++ b/src/routes/v1/code_3fa.rs
@ -0,0 +1,141 @@
 use actix_web::{HttpResponse, web};
 use actix_web::web::{Data, Json};
 use crate::config::CONFIG;
 use crate::error::{APIError, APIErrorResponse};
 use actix_web::post;
 use diesel::prelude::*;
 use log::error;
 use rand::Rng;
 use serde::{Serialize, Deserialize};
 use crate::models::{Code3FA, NewCode3FA, User};
 use crate::PgPool;
 use crate::util::current_unix_time;
 #[derive(Serialize, Deserialize, Clone)]
 pub struct CodeRequest3FA {
    token: String,
    user: String
 }
 #[derive(Serialize, Deserialize)]
 pub struct CodeResponse {
    user: String,
    code: String,
    id: i32,
    valid_until: i64
 }
 #[post("/v1/3fa_code")]
 pub async fn get_3fa_code(pool: Data<PgPool>, req: Json<CodeRequest3FA>) -> HttpResponse {
    use crate::schema::users;
    use crate::schema::codes_3fa;
    if !CONFIG.authorized_3fa_tokens.contains(&req.token) {
        return HttpResponse::Unauthorized().json(APIErrorResponse {
            errors: vec![
                APIError {
                    code: "ERR_INVALID_CODEREQ_TOKEN".to_string(),
                    message: "Invalid codereq token".to_string(),
                }
            ],
        })
    }
    let req_clone = req.clone();
    let pool_clone = pool.clone();
    let results = match web::block(move || {
        let mut conn = pool_clone.get().expect("Unable to get db pool");
        users::table.filter(users::name.eq(&req_clone.user)).load::<User>(&mut conn)
    }).await {
        Ok(r) => r,
        Err(e) => {
            error!("Database error: {}", e);
            return HttpResponse::InternalServerError().json(APIErrorResponse {
                errors: vec![
                    APIError {
                        code: "ERR_BLOCKING_ERROR".to_string(),
                        message: "There was an error running the database request. Please try again later.".to_string()
                    }
                ]
            })
        }
    };
    let user_list = match results {
        Ok(r) => r,
        Err(e) => {
            error!("Database error: {}", e);
            return HttpResponse::InternalServerError().json(APIErrorResponse {
                errors: vec![
                    APIError {
                        code: "ERR_DB_ERROR".to_string(),
                        message: "There was an error fetching the user. Please try again later.".to_string()
                    }
                ]
            })
        }
    };
    if user_list.is_empty() {
        return HttpResponse::Unauthorized().json(APIErrorResponse {
            errors: vec![
                APIError {
                    code: "ERR_USER_DOES_NOT_EXIST".to_string(),
                    message: "Cannot issue codereq for a non-existent user".to_string()
                }
            ]
        })
    }
    let user = &user_list[0];
    let codereq = NewCode3FA {
        code: random_3fa_code(),
        user_id: user.id,
        expires_on: current_unix_time() + CONFIG.mfa_codes_expire_in,
    };
    let codereq_clone = codereq.clone();
    let insert_result: QueryResult<Code3FA> = match web::block(move || {
        let mut conn = pool.get().expect("Unable to get db pool");
        diesel::insert_into(codes_3fa::table).values(codereq_clone).get_result(&mut conn)
    }).await {
        Ok(r) => r,
        Err(e) => {
            error!("Database error: {}", e);
            return HttpResponse::InternalServerError().json(APIErrorResponse {
                errors: vec![
                    APIError {
                        code: "ERR_BLOCKING_ERROR".to_string(),
                        message: "There was an error running the insert database request. Please try again later.".to_string()
                    }
                ]
            })
        }
    };
    let code = match insert_result {
        Ok(r) => r,
        Err(e) => {
            error!("Database error: {}", e);
            return HttpResponse::InternalServerError().json(APIErrorResponse {
                errors: vec![
                    APIError {
                        code: "ERR_DB_ERROR".to_string(),
                        message: "There was an error creating the codereq. Please try again later.".to_string()
                    }
                ]
            })
        }
    };
    HttpResponse::Ok().json(CodeResponse {
        user: req.user.clone(),
        code: code.code,
        id: code.id,
        valid_until: code.expires_on,
    })
 }
 fn random_3fa_code() -> String {
    // 3fa codes are 10-digit hex values (5-byte)
    let mut rng = rand::thread_rng();
    let bytes: [u8; 5] = rng.gen();
    hex::encode(bytes)
 }
--- a/src/routes/v1/mod.rs
+++ b/src/routes/v1/mod.rs
@ -0,0 +1,2 @@
 pub mod code_3fa;
 pub mod user_add;
--- a/src/routes/v1/user_add.rs
+++ b/src/routes/v1/user_add.rs
@ -0,0 +1,31 @@
 use actix_web::HttpResponse;
 use actix_web::post;
 use actix_web::web::{Data, Json};
 use serde::{Serialize, Deserialize};
 use crate::config::CONFIG;
 use crate::error::{APIError, APIErrorResponse};
 use crate::PgPool;
 #[derive(Serialize, Deserialize, Clone)]
 pub struct UserAddRequest {
    pub token: String,
    pub name: String,
    pub discord_id: i64,
    pub password_hash: String
 }
 #[post("/v1/user/add")]
 pub async fn add_user_request(db: Data<PgPool>, req: Json<UserAddRequest>) -> HttpResponse {
    if !CONFIG.authorized_new_user_tokens.contains(&req.token) {
        return HttpResponse::Unauthorized().json(APIErrorResponse {
            errors: vec![
                APIError {
                    code: "ERR_INVALID_NEW_USER_TOKEN".to_string(),
                    message: "Invalid newuser token".to_string(),
                }
            ],
        })
    }
    HttpResponse::Ok().body("d")
 }
--- a/src/schema.rs
+++ b/src/schema.rs
@ -14,6 +14,7 @@ diesel::table! {
        id -> Int4,
        name -> Varchar,
        discord_id -> Int8,
        password_hash -> Varchar,
    }
 }
--- a/src/util.rs
+++ b/src/util.rs
@ -0,0 +1,12 @@
 use std::ops::Add;
 use std::time::{Duration, SystemTime, UNIX_EPOCH};
 pub fn current_unix_time() -> i64 {
    let time = SystemTime::now().duration_since(UNIX_EPOCH).expect("Time went backwards").as_secs();
    time as i64
 }
 pub fn has_expired(time: i64) -> bool {
    let time = SystemTime::UNIX_EPOCH.add(Duration::from_secs(time as u64));
    SystemTime::now().lt(&time)
 }
`@ -1 +1 @@`
	`DATABASE_URL=postgres://postgres:postgres@localhost/hotel`	`DATABASE_URL=postgres://postgres@localhost/hotel`