From 918d81b03f55b782be56bce9d15410fcd9d66369 Mon Sep 17 00:00:00 2001 From: core Date: Mon, 20 Feb 2023 21:48:46 -0500 Subject: [PATCH] use webroot for magic links instead of apiroot --- trifid-api/config.toml | 1 + trifid-api/src/config.rs | 1 + trifid-api/src/tokens.rs | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/trifid-api/config.toml b/trifid-api/config.toml index 720184e..3e7dd33 100644 --- a/trifid-api/config.toml +++ b/trifid-api/config.toml @@ -1,6 +1,7 @@ listen_port = 8000 db_url = "postgres://postgres@localhost/trifidapi" base = "http://localhost:8000" +web_root = "http://localhost:5173 magic_links_valid_for = 86400 session_tokens_valid_for = 86400 totp_verification_valid_for = 3600 \ No newline at end of file diff --git a/trifid-api/src/config.rs b/trifid-api/src/config.rs index df92e6b..aaedf2e 100644 --- a/trifid-api/src/config.rs +++ b/trifid-api/src/config.rs @@ -6,6 +6,7 @@ pub struct TFConfig { pub listen_port: u16, pub db_url: String, pub base: Url, + pub web_root: Url, pub magic_links_valid_for: i64, pub session_tokens_valid_for: i64, pub totp_verification_valid_for: i64 diff --git a/trifid-api/src/tokens.rs b/trifid-api/src/tokens.rs index c0a1c02..5e8c31f 100644 --- a/trifid-api/src/tokens.rs +++ b/trifid-api/src/tokens.rs @@ -11,7 +11,7 @@ use crate::util::{TOTP_ALGORITHM, TOTP_DIGITS, TOTP_ISSUER, TOTP_SKEW, TOTP_STEP // https://admin.defined.net/auth/magic-link?email=coredoescode%40gmail.com&token=ml-ckBsgw_5IdK5VYgseBYcoV_v_cQjtdq1re_RhDu_MKg pub async fn send_magic_link(id: i64, email: String, db: &PgPool, config: &TFConfig) -> Result<(), Box> { let otp = format!("ml-{}", Uuid::new_v4()); - let otp_url = config.base.join(&format!("/auth/magic-link?email={}&token={}", urlencoding::encode(&email.clone()), otp.clone())).unwrap(); + let otp_url = config.web_root.join(&format!("/auth/magic-link?email={}&token={}", urlencoding::encode(&email.clone()), otp.clone())).unwrap(); sqlx::query!("INSERT INTO magic_links (id, user_id, expires_on) VALUES ($1, $2, $3) ON CONFLICT DO NOTHING;", otp, id as i32, SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as i32 + config.magic_links_valid_for as i32).execute(db).await?; // TODO: send email info!("sent magic link {} to {}, valid for {} seconds", otp_url, email.clone(), config.magic_links_valid_for);