Switch to private cookies, and make other cookie improvements
Signed-off-by: Erin Nova <erin@the-system.eu.org>pull/5/head
parent
6f18959e9c
commit
196a344376
|
@ -1,3 +1,5 @@
|
|||
/target
|
||||
.vscode
|
||||
users.json
|
||||
message.zsh
|
||||
users_db/
|
||||
|
|
|
@ -7,7 +7,7 @@ edition = "2018"
|
|||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||
|
||||
[dependencies]
|
||||
rocket = "0.4.10"
|
||||
rocket = { version = "0.4.10", features = ["private-cookies"] }
|
||||
serde = { version = "1.0.126", features = ["derive"] }
|
||||
serde_json = "1.0"
|
||||
sha1 = "0.6.0"
|
||||
|
|
|
@ -60,9 +60,12 @@ Whenever user sends a message, client will send message & token and backend will
|
|||
- [x] Finish up `chat::create_message()`
|
||||
- [x] Create `chat::fetch_messages()`
|
||||
- [ ] Create `chat::delete_message()`
|
||||
- [x] Switch to using sled database to store users
|
||||
- [x] Token generation & storage
|
||||
- [x] Sets cookie
|
||||
- [x] Store token in json
|
||||
- [x] Have cookie expire
|
||||
- [x] Remove old cookie
|
||||
- [x] Pronouns
|
||||
- [x] Set pronouns
|
||||
- [ ] Change pronouns
|
||||
|
|
13
src/auth.rs
13
src/auth.rs
|
@ -98,10 +98,15 @@ pub fn check_pin(mut cookies: Cookies, name: String, pin: i32) -> JsonValue {
|
|||
if i.name == name.to_lowercase() {
|
||||
if i.pin_hashed == hashed_pin_input {
|
||||
info!("pin correct for user {}", i.name);
|
||||
|
||||
// Create token for user & set a cookie
|
||||
let token = create_token(i.name.clone(), users);
|
||||
cookies.add(Cookie::new("token", token));
|
||||
cookies.add(Cookie::new("user", name));
|
||||
let cookie = Cookie::build("token", token)
|
||||
.path("/")
|
||||
.secure(true)
|
||||
.finish();
|
||||
cookies.remove_private(Cookie::named("token"));
|
||||
cookies.add_private(cookie);
|
||||
info!("set the token cookie");
|
||||
|
||||
return json!({
|
||||
|
@ -109,6 +114,8 @@ pub fn check_pin(mut cookies: Cookies, name: String, pin: i32) -> JsonValue {
|
|||
"reason": "pin matches",
|
||||
});
|
||||
} else {
|
||||
cookies.remove_private(Cookie::named("token"));
|
||||
info!("removed private cookie");
|
||||
warn!("pin incorrect for user {}", i.name);
|
||||
return json!({
|
||||
"status": "fail",
|
||||
|
@ -117,6 +124,8 @@ pub fn check_pin(mut cookies: Cookies, name: String, pin: i32) -> JsonValue {
|
|||
};
|
||||
};
|
||||
}
|
||||
cookies.remove_private(Cookie::named("token"));
|
||||
info!("removed private cookie");
|
||||
warn!(
|
||||
"cannot check pin for user {} as they do not exist",
|
||||
name.to_string().to_lowercase()
|
||||
|
|
15
src/chat.rs
15
src/chat.rs
|
@ -2,7 +2,8 @@
|
|||
extern crate log;
|
||||
use once_cell::sync::Lazy;
|
||||
use std::sync::Mutex;
|
||||
use crate::file_io::read_json;
|
||||
use crate::file_io::db_read;
|
||||
use rocket::http::{Cookie, Cookies};
|
||||
use crate::message::{Message, MessageInput};
|
||||
use rocket_contrib::json::{Json, JsonValue};
|
||||
use chrono::prelude::*;
|
||||
|
@ -60,14 +61,13 @@ fn create_message(message: Json<MessageInput>, file: &str, user: &User) -> JsonV
|
|||
}
|
||||
|
||||
// Check if user can create the message, and then create more info about the message
|
||||
fn check_token(message: Json<MessageInput>) -> JsonValue {
|
||||
fn check_token(token: Cookie, message: Json<MessageInput<'_>>) -> JsonValue {
|
||||
// check if token is correct for name given
|
||||
let users: Vec<User> = read_json(); // create vector out of users in json file
|
||||
|
||||
let users: Vec<User> = db_read(); // create vector out of users in json file
|
||||
for i in &users {
|
||||
// loop through elements
|
||||
if i.name == message.name.to_lowercase() { // if it finds the user in the file
|
||||
if i.session_token == message.token { // if token matches
|
||||
if i.session_token == token.value() { // if token matches
|
||||
info!("user exists and given token matches");
|
||||
return create_message(message, "messages.json", i);
|
||||
} else {
|
||||
|
@ -88,6 +88,7 @@ fn check_token(message: Json<MessageInput>) -> JsonValue {
|
|||
|
||||
// Receive a basic message
|
||||
#[post("/message/send", format = "json", data = "<message>")]
|
||||
pub fn send_message(message: Json<MessageInput<'_>>) -> JsonValue {
|
||||
check_token(message)
|
||||
pub fn send_message(message: Json<MessageInput<'_>>, mut cookies: Cookies) -> JsonValue {
|
||||
let token = cookies.get_private("token").unwrap();
|
||||
check_token(token, message)
|
||||
}
|
||||
|
|
|
@ -8,7 +8,6 @@ pub struct MessageInput<'r> {
|
|||
pub name: &'r str,
|
||||
pub body: &'r str,
|
||||
pub date: &'r str,
|
||||
pub token: &'r str,
|
||||
}
|
||||
|
||||
#[derive(Debug, Deserialize, Serialize, Clone)]
|
||||
|
|
Loading…
Reference in New Issue