Add logout API
parent
032b5b4783
commit
a1c5fa42a7
|
@ -38,6 +38,8 @@ eg. `POST /api/users/change {"name":"example","pin":"10","changed_event":"name",
|
||||||
DEPRECATED `POST /api/users/change/<name>/<pin>/<new-name>/<new-pin>` Change a users pin/name
|
DEPRECATED `POST /api/users/change/<name>/<pin>/<new-name>/<new-pin>` Change a users pin/name
|
||||||
Returns status & reason json.
|
Returns status & reason json.
|
||||||
|
|
||||||
|
`POST /api/logout {"name":"<username>"}` to logout a user if the token matches
|
||||||
|
|
||||||
|
|
||||||
## Chat Documentation
|
## Chat Documentation
|
||||||
|
|
||||||
|
@ -71,7 +73,7 @@ Whenever user sends a message, client will send message & token and backend will
|
||||||
- [x] Have cookie expire
|
- [x] Have cookie expire
|
||||||
- [x] Remove old cookie
|
- [x] Remove old cookie
|
||||||
- [x] Use token for most stuff
|
- [x] Use token for most stuff
|
||||||
- [ ] Logout API
|
- [x] Logout API
|
||||||
- [x] Fail on NULL token
|
- [x] Fail on NULL token
|
||||||
- [x] Pronouns
|
- [x] Pronouns
|
||||||
- [x] Set pronouns
|
- [x] Set pronouns
|
||||||
|
|
61
src/auth.rs
61
src/auth.rs
|
@ -1,6 +1,6 @@
|
||||||
extern crate log;
|
extern crate log;
|
||||||
use crate::file_io::{db_add, db_write, db_read};
|
use crate::file_io::{db_add, db_write, db_read};
|
||||||
use rocket::http::{Cookie, Cookies};
|
use rocket::http::{Cookie, Cookies, SameSite};
|
||||||
use crate::user::User;
|
use crate::user::User;
|
||||||
use rocket_contrib::json::{Json, JsonValue};
|
use rocket_contrib::json::{Json, JsonValue};
|
||||||
use random_string::generate;
|
use random_string::generate;
|
||||||
|
@ -132,6 +132,58 @@ pub fn check_token(name: String, mut cookies: Cookies) -> JsonValue {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// logout event struct
|
||||||
|
#[derive(Deserialize, Debug)]
|
||||||
|
pub struct LogoutEvent {
|
||||||
|
pub name: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
// Logout API
|
||||||
|
#[post("/logout", format = "json", data = "<info>")]
|
||||||
|
pub fn logout(info: Json<LogoutEvent>, mut cookies: Cookies) -> JsonValue {
|
||||||
|
let mut users: Vec<User> = db_read();
|
||||||
|
for i in 0..users.len() {
|
||||||
|
if info.name.to_lowercase() == users[i].name {
|
||||||
|
let token = match cookies.get_private("token") {
|
||||||
|
None => {
|
||||||
|
warn!("couldn't get token cookie!");
|
||||||
|
return json!({
|
||||||
|
"status": "fail",
|
||||||
|
"reason": "could not read cookie",
|
||||||
|
});
|
||||||
|
},
|
||||||
|
Some(token) => token,
|
||||||
|
};
|
||||||
|
if token.value() == "NULL" {
|
||||||
|
warn!("NULL token!");
|
||||||
|
return json!({
|
||||||
|
"status": "fail",
|
||||||
|
"reason": "NULL token",
|
||||||
|
});
|
||||||
|
} else if token.value() == users[i].session_token {
|
||||||
|
cookies.remove_private(Cookie::named("token"));
|
||||||
|
users[i].session_token = "NULL".to_string();
|
||||||
|
info!("logged out user {}", info.name);
|
||||||
|
return json!({
|
||||||
|
"status": "ok",
|
||||||
|
"reason": "logged out",
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
warn!("token does not match! cannot logout");
|
||||||
|
return json!({
|
||||||
|
"status": "fail",
|
||||||
|
"reason": "token does not match",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
warn!("logged out user {}, user not found", info.name);
|
||||||
|
return json!({
|
||||||
|
"status": "fail",
|
||||||
|
"reason": "user not found",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
// Check if pin matches user
|
// Check if pin matches user
|
||||||
#[get("/users/<name>/<pin>")]
|
#[get("/users/<name>/<pin>")]
|
||||||
pub fn check_pin(mut cookies: Cookies, name: String, pin: i32) -> JsonValue {
|
pub fn check_pin(mut cookies: Cookies, name: String, pin: i32) -> JsonValue {
|
||||||
|
@ -147,7 +199,6 @@ pub fn check_pin(mut cookies: Cookies, name: String, pin: i32) -> JsonValue {
|
||||||
let token = create_token(i.name.clone(), users);
|
let token = create_token(i.name.clone(), users);
|
||||||
let cookie = Cookie::build("token", token)
|
let cookie = Cookie::build("token", token)
|
||||||
.path("/")
|
.path("/")
|
||||||
.secure(true)
|
|
||||||
.finish();
|
.finish();
|
||||||
cookies.remove_private(Cookie::named("token"));
|
cookies.remove_private(Cookie::named("token"));
|
||||||
cookies.add_private(cookie);
|
cookies.add_private(cookie);
|
||||||
|
@ -181,7 +232,7 @@ pub fn check_pin(mut cookies: Cookies, name: String, pin: i32) -> JsonValue {
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Deserialize, Debug)]
|
#[derive(Deserialize, Debug)]
|
||||||
pub struct Event {
|
pub struct ChangeEvent {
|
||||||
pub name: String,
|
pub name: String,
|
||||||
pub pin: String,
|
pub pin: String,
|
||||||
pub changed_event: String,
|
pub changed_event: String,
|
||||||
|
@ -190,11 +241,9 @@ pub struct Event {
|
||||||
|
|
||||||
// Change info about a user
|
// Change info about a user
|
||||||
#[post("/users/change", format = "json", data = "<input>")]
|
#[post("/users/change", format = "json", data = "<input>")]
|
||||||
pub fn change_info(input: Json<Event>, mut cookies: Cookies) -> JsonValue {
|
pub fn change_info(input: Json<ChangeEvent>, mut cookies: Cookies) -> JsonValue {
|
||||||
println!("{:?}", input);
|
|
||||||
// read in the users & hash the pin
|
// read in the users & hash the pin
|
||||||
let mut users: Vec<User> = db_read();
|
let mut users: Vec<User> = db_read();
|
||||||
let hashed_pin = sha1::Sha1::from(&input.pin).digest().to_string();
|
|
||||||
|
|
||||||
// get token from cookie
|
// get token from cookie
|
||||||
let token = match cookies.get_private("token") {
|
let token = match cookies.get_private("token") {
|
||||||
|
|
13
src/chat.rs
13
src/chat.rs
|
@ -80,7 +80,7 @@ fn check_token(token: Cookie, message: Json<MessageInput<'_>>) -> JsonValue {
|
||||||
warn!("token does not match!");
|
warn!("token does not match!");
|
||||||
return json!({
|
return json!({
|
||||||
"status": "fail",
|
"status": "fail",
|
||||||
"reason": "token does not match"
|
"reason": "token does not match",
|
||||||
})
|
})
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -95,6 +95,15 @@ fn check_token(token: Cookie, message: Json<MessageInput<'_>>) -> JsonValue {
|
||||||
// Receive a basic message
|
// Receive a basic message
|
||||||
#[post("/message/send", format = "json", data = "<message>")]
|
#[post("/message/send", format = "json", data = "<message>")]
|
||||||
pub fn send_message(message: Json<MessageInput<'_>>, mut cookies: Cookies) -> JsonValue {
|
pub fn send_message(message: Json<MessageInput<'_>>, mut cookies: Cookies) -> JsonValue {
|
||||||
let token = cookies.get_private("token").unwrap();
|
let token = match cookies.get_private("token") {
|
||||||
|
None => {
|
||||||
|
warn!("couldn't get token cookie!");
|
||||||
|
return json!({
|
||||||
|
"status": "fail",
|
||||||
|
"reason": "could not read cookie",
|
||||||
|
});
|
||||||
|
},
|
||||||
|
Some(token) => token,
|
||||||
|
};
|
||||||
check_token(token, message)
|
check_token(token, message)
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,7 @@ fn main() {
|
||||||
env_logger::init();
|
env_logger::init();
|
||||||
info!("Started up rocket");
|
info!("Started up rocket");
|
||||||
let cors_fairing = AdHoc::on_response("CORS", |_, res| {
|
let cors_fairing = AdHoc::on_response("CORS", |_, res| {
|
||||||
res.set_raw_header("Access-Control-Allow-Origin", "*");
|
res.set_raw_header("Access-Control-Allow-Origin", "http://localhost:8000");
|
||||||
});
|
});
|
||||||
info!("Built CORS fairing");
|
info!("Built CORS fairing");
|
||||||
|
|
||||||
|
@ -36,7 +36,8 @@ fn main() {
|
||||||
chat::send_message,
|
chat::send_message,
|
||||||
chat::fetch_messages,
|
chat::fetch_messages,
|
||||||
auth::change_info,
|
auth::change_info,
|
||||||
auth::check_token
|
auth::check_token,
|
||||||
|
auth::logout
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
.mount("/", StaticFiles::from("frontend"))
|
.mount("/", StaticFiles::from("frontend"))
|
||||||
|
|
Loading…
Reference in New Issue