Add authentication #1

Merged
hannaeko merged 11 commits from feature/auth into master 2021-04-03 17:54:16 +02:00
6 changed files with 718 additions and 638 deletions
Showing only changes of commit 13a163423c - Show all commits

1288
Cargo.lock generated

File diff suppressed because it is too large Load Diff

View File

@ -11,8 +11,8 @@ trust-dns-client = "0.20.1"
trust-dns-proto = "0.20.1"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
rocket = "0.4"
rocket_contrib = { version = "0.4", default-features = false, features = ["json", "diesel_sqlite_pool"]}
rocket = { git = "https://github.com/SergioBenitez/Rocket", rev = "0654890", version = "0.5.0-dev" }
rocket_contrib = { git = "https://github.com/SergioBenitez/Rocket", rev = "0654890", default-features = false, features = ["json", "diesel_sqlite_pool"], version = "0.5.0-dev"}
toml = "0.5"
base64 = "0.13.0"
uuid = { version = "0.8.2", features = ["v4", "serde"] }

View File

@ -9,13 +9,16 @@ use crate::models::users::{LocalUser, CreateUserRequest, AuthClaims, AuthTokenRe
#[post("/users/me/token", data = "<auth_request>")]
pub fn create_auth_token(
pub async fn create_auth_token(
conn: DbConn,
config: State<Config>,
config: State<'_, Config>,
auth_request: Json<AuthTokenRequest>
) -> Result<Json<AuthTokenResponse>, ErrorResponse<()>> {
let user_info = LocalUser::get_user_by_creds(&conn, &auth_request.username, &auth_request.password)?;
let user_info = conn.run(move |c| {
LocalUser::get_user_by_creds(c, &auth_request.username, &auth_request.password)
}).await?;
let token = AuthClaims::new(&user_info, config.web_app.token_duration)
.encode(&config.web_app.secret)
.map_err(|e| make_500(e))?;
@ -24,9 +27,12 @@ pub fn create_auth_token(
}
#[post("/users", data = "<user_request>")]
pub fn create_user<'r>(conn: DbConn, user_request: Json<CreateUserRequest>) -> Result<Response<'r>, ErrorResponse<()>>{
pub async fn create_user<'r>(conn: DbConn, user_request: Json<CreateUserRequest>) -> Result<Response<'r>, ErrorResponse<()>>{
// TODO: Check current user if any to check if user has permission to create users (with or without role)
let _user_info = LocalUser::create_user(&conn, user_request.into_inner())?;
let _user_info = conn.run(|c| {
LocalUser::create_user(&c, user_request.into_inner())
}).await?;
Response::build()
.status(Status::Created)
.ok()

View File

@ -27,6 +27,7 @@ use auth::routes::*;
#[database("db")]
pub struct DbConn(diesel::SqliteConnection);
#[get("/zones/<zone>/records")]
fn get_zone_records(
client: State<SyncClient<TcpClientConnection>>,
@ -60,7 +61,8 @@ fn get_zone_records(
Ok(Json(records))
}
fn main() {
#[launch]
fn rocket() -> rocket::Rocket {
let app_config = config::load("config.toml".into());
println!("{:#?}", app_config);
@ -71,5 +73,5 @@ fn main() {
.manage(client)
.manage(app_config)
.attach(DbConn::fairing())
.mount("/api/v1", routes![get_zone_records, create_auth_token, create_user]).launch();
.mount("/api/v1", routes![get_zone_records, create_auth_token, create_user])
}

View File

@ -44,8 +44,8 @@ impl<T> ErrorResponse<T> {
}
}
impl<'r, T: Serialize> Responder<'r> for ErrorResponse<T> {
fn respond_to(self, req: &Request) -> response::Result<'r> {
impl<'r, T: Serialize> Responder<'r, 'static> for ErrorResponse<T> {
fn respond_to(self, req: &'r Request<'_>) -> response::Result<'static> {
let status = self.status;
Response::build_from(Json(self).respond_to(req)?).status(status).ok()
}

View File

@ -2,7 +2,7 @@ use uuid::Uuid;
use diesel::prelude::*;
use diesel::result::Error as DieselError;
use diesel_derive_enum::DbEnum;
use rocket::request::{FromRequest, Request, Outcome, State};
use rocket::{State, request::{FromRequest, Request, Outcome}};
use serde::{Serialize, Deserialize};
use rocket::http::Status;
use chrono::serde::ts_seconds;
@ -93,10 +93,11 @@ pub struct UserInfo {
pub username: String,
}
impl<'a, 'r> FromRequest<'a, 'r> for UserInfo {
#[rocket::async_trait]
impl<'r> FromRequest<'r> for UserInfo {
type Error = UserError;
fn from_request(request: &'a Request<'r>) -> Outcome<UserInfo, UserError> {
async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
let auth_header = match request.headers().get_one(AUTH_HEADER) {
None => return Outcome::Forward(()),
Some(auth_header) => auth_header,
@ -109,8 +110,8 @@ impl<'a, 'r> FromRequest<'a, 'r> for UserInfo {
};
// TODO: Better error handling
let config = request.guard::<State<Config>>().unwrap();
let conn = request.guard::<DbConn>().unwrap();
let config = request.guard::<State<Config>>().await.unwrap();
let conn = request.guard::<DbConn>().await.unwrap();
let token_data = AuthClaims::decode(
token, &config.web_app.secret
@ -125,13 +126,14 @@ impl<'a, 'r> FromRequest<'a, 'r> for UserInfo {
};
let user_id = token_data.sub;
let user_info = match LocalUser::get_user_by_uuid(&conn, user_id) {
Err(UserError::NotFound) => return Outcome::Failure((Status::NotFound, UserError::NotFound)),
Err(e) => return Outcome::Failure((Status::InternalServerError, e)),
Ok(d) => d,
};
return Outcome::Success(user_info)
conn.run(|c| {
match LocalUser::get_user_by_uuid(c, user_id) {
Err(UserError::NotFound) => Outcome::Failure((Status::NotFound, UserError::NotFound)),
Err(e) => Outcome::Failure((Status::InternalServerError, e)),
Ok(d) => Outcome::Success(d),
}
}).await
}
}
@ -166,7 +168,7 @@ impl From<HasherError> for UserError {
}
impl LocalUser {
pub fn create_user(conn: &DbConn, user_request: CreateUserRequest) -> Result<UserInfo, UserError> {
pub fn create_user(conn: &diesel::SqliteConnection, user_request: CreateUserRequest) -> Result<UserInfo, UserError> {
use crate::schema::localuser::dsl::*;
use crate::schema::user::dsl::*;
@ -193,11 +195,11 @@ impl LocalUser {
conn.immediate_transaction(|| -> diesel::QueryResult<()> {
diesel::insert_into(user)
.values(new_user)
.execute(&**conn)?;
.execute(conn)?;
diesel::insert_into(localuser)
.values(new_localuser)
.execute(&**conn)?;
.execute(conn)?;
Ok(())
})?;
@ -206,7 +208,7 @@ impl LocalUser {
}
pub fn get_user_by_creds(
conn: &DbConn,
conn: &diesel::SqliteConnection,
request_username: &str,
request_password: &str
) -> Result<UserInfo, UserError> {
@ -216,7 +218,7 @@ impl LocalUser {
let (client_user, client_localuser): (User, LocalUser) = user.inner_join(localuser)
.filter(username.eq(request_username))
.get_result(&**conn)?;
.get_result(conn)?;
if !check_password(&request_password, &client_localuser.password)? {
return Err(UserError::NotFound);
@ -229,13 +231,13 @@ impl LocalUser {
})
}
pub fn get_user_by_uuid(conn: &DbConn, request_user_id: String) -> Result<UserInfo, UserError> {
pub fn get_user_by_uuid(conn: &diesel::SqliteConnection, request_user_id: String) -> Result<UserInfo, UserError> {
use crate::schema::localuser::dsl::*;
use crate::schema::user::dsl::*;
let (client_user, client_localuser): (User, LocalUser) = user.inner_join(localuser)
.filter(id.eq(request_user_id))
.get_result(&**conn)?;
.get_result(conn)?;
Ok(UserInfo {
id: client_user.id,