Switch to private cookies, and make other cookie improvements
Signed-off-by: Erin Nova <erin@the-system.eu.org>pull/5/head
parent
6f18959e9c
commit
196a344376
|
@ -1,3 +1,5 @@
|
||||||
/target
|
/target
|
||||||
.vscode
|
.vscode
|
||||||
users.json
|
users.json
|
||||||
|
message.zsh
|
||||||
|
users_db/
|
||||||
|
|
|
@ -7,7 +7,7 @@ edition = "2018"
|
||||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
rocket = "0.4.10"
|
rocket = { version = "0.4.10", features = ["private-cookies"] }
|
||||||
serde = { version = "1.0.126", features = ["derive"] }
|
serde = { version = "1.0.126", features = ["derive"] }
|
||||||
serde_json = "1.0"
|
serde_json = "1.0"
|
||||||
sha1 = "0.6.0"
|
sha1 = "0.6.0"
|
||||||
|
|
|
@ -60,9 +60,12 @@ Whenever user sends a message, client will send message & token and backend will
|
||||||
- [x] Finish up `chat::create_message()`
|
- [x] Finish up `chat::create_message()`
|
||||||
- [x] Create `chat::fetch_messages()`
|
- [x] Create `chat::fetch_messages()`
|
||||||
- [ ] Create `chat::delete_message()`
|
- [ ] Create `chat::delete_message()`
|
||||||
|
- [x] Switch to using sled database to store users
|
||||||
- [x] Token generation & storage
|
- [x] Token generation & storage
|
||||||
- [x] Sets cookie
|
- [x] Sets cookie
|
||||||
- [x] Store token in json
|
- [x] Store token in json
|
||||||
|
- [x] Have cookie expire
|
||||||
|
- [x] Remove old cookie
|
||||||
- [x] Pronouns
|
- [x] Pronouns
|
||||||
- [x] Set pronouns
|
- [x] Set pronouns
|
||||||
- [ ] Change pronouns
|
- [ ] Change pronouns
|
||||||
|
|
13
src/auth.rs
13
src/auth.rs
|
@ -98,10 +98,15 @@ pub fn check_pin(mut cookies: Cookies, name: String, pin: i32) -> JsonValue {
|
||||||
if i.name == name.to_lowercase() {
|
if i.name == name.to_lowercase() {
|
||||||
if i.pin_hashed == hashed_pin_input {
|
if i.pin_hashed == hashed_pin_input {
|
||||||
info!("pin correct for user {}", i.name);
|
info!("pin correct for user {}", i.name);
|
||||||
|
|
||||||
// Create token for user & set a cookie
|
// Create token for user & set a cookie
|
||||||
let token = create_token(i.name.clone(), users);
|
let token = create_token(i.name.clone(), users);
|
||||||
cookies.add(Cookie::new("token", token));
|
let cookie = Cookie::build("token", token)
|
||||||
cookies.add(Cookie::new("user", name));
|
.path("/")
|
||||||
|
.secure(true)
|
||||||
|
.finish();
|
||||||
|
cookies.remove_private(Cookie::named("token"));
|
||||||
|
cookies.add_private(cookie);
|
||||||
info!("set the token cookie");
|
info!("set the token cookie");
|
||||||
|
|
||||||
return json!({
|
return json!({
|
||||||
|
@ -109,6 +114,8 @@ pub fn check_pin(mut cookies: Cookies, name: String, pin: i32) -> JsonValue {
|
||||||
"reason": "pin matches",
|
"reason": "pin matches",
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
|
cookies.remove_private(Cookie::named("token"));
|
||||||
|
info!("removed private cookie");
|
||||||
warn!("pin incorrect for user {}", i.name);
|
warn!("pin incorrect for user {}", i.name);
|
||||||
return json!({
|
return json!({
|
||||||
"status": "fail",
|
"status": "fail",
|
||||||
|
@ -117,6 +124,8 @@ pub fn check_pin(mut cookies: Cookies, name: String, pin: i32) -> JsonValue {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
cookies.remove_private(Cookie::named("token"));
|
||||||
|
info!("removed private cookie");
|
||||||
warn!(
|
warn!(
|
||||||
"cannot check pin for user {} as they do not exist",
|
"cannot check pin for user {} as they do not exist",
|
||||||
name.to_string().to_lowercase()
|
name.to_string().to_lowercase()
|
||||||
|
|
15
src/chat.rs
15
src/chat.rs
|
@ -2,7 +2,8 @@
|
||||||
extern crate log;
|
extern crate log;
|
||||||
use once_cell::sync::Lazy;
|
use once_cell::sync::Lazy;
|
||||||
use std::sync::Mutex;
|
use std::sync::Mutex;
|
||||||
use crate::file_io::read_json;
|
use crate::file_io::db_read;
|
||||||
|
use rocket::http::{Cookie, Cookies};
|
||||||
use crate::message::{Message, MessageInput};
|
use crate::message::{Message, MessageInput};
|
||||||
use rocket_contrib::json::{Json, JsonValue};
|
use rocket_contrib::json::{Json, JsonValue};
|
||||||
use chrono::prelude::*;
|
use chrono::prelude::*;
|
||||||
|
@ -60,14 +61,13 @@ fn create_message(message: Json<MessageInput>, file: &str, user: &User) -> JsonV
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if user can create the message, and then create more info about the message
|
// Check if user can create the message, and then create more info about the message
|
||||||
fn check_token(message: Json<MessageInput>) -> JsonValue {
|
fn check_token(token: Cookie, message: Json<MessageInput<'_>>) -> JsonValue {
|
||||||
// check if token is correct for name given
|
// check if token is correct for name given
|
||||||
let users: Vec<User> = read_json(); // create vector out of users in json file
|
let users: Vec<User> = db_read(); // create vector out of users in json file
|
||||||
|
|
||||||
for i in &users {
|
for i in &users {
|
||||||
// loop through elements
|
// loop through elements
|
||||||
if i.name == message.name.to_lowercase() { // if it finds the user in the file
|
if i.name == message.name.to_lowercase() { // if it finds the user in the file
|
||||||
if i.session_token == message.token { // if token matches
|
if i.session_token == token.value() { // if token matches
|
||||||
info!("user exists and given token matches");
|
info!("user exists and given token matches");
|
||||||
return create_message(message, "messages.json", i);
|
return create_message(message, "messages.json", i);
|
||||||
} else {
|
} else {
|
||||||
|
@ -88,6 +88,7 @@ fn check_token(message: Json<MessageInput>) -> JsonValue {
|
||||||
|
|
||||||
// Receive a basic message
|
// Receive a basic message
|
||||||
#[post("/message/send", format = "json", data = "<message>")]
|
#[post("/message/send", format = "json", data = "<message>")]
|
||||||
pub fn send_message(message: Json<MessageInput<'_>>) -> JsonValue {
|
pub fn send_message(message: Json<MessageInput<'_>>, mut cookies: Cookies) -> JsonValue {
|
||||||
check_token(message)
|
let token = cookies.get_private("token").unwrap();
|
||||||
|
check_token(token, message)
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,6 @@ pub struct MessageInput<'r> {
|
||||||
pub name: &'r str,
|
pub name: &'r str,
|
||||||
pub body: &'r str,
|
pub body: &'r str,
|
||||||
pub date: &'r str,
|
pub date: &'r str,
|
||||||
pub token: &'r str,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Deserialize, Serialize, Clone)]
|
#[derive(Debug, Deserialize, Serialize, Clone)]
|
||||||
|
|
Loading…
Reference in New Issue