xeovalyte/wrbapp-next
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

Revamed auth system

Browse Source
This commit is contained in:
xeovalyte 2025-02-07 15:59:50 +01:00
parent 07493b83a5
commit 31aa9dc066
Signed by: xeovalyte
SSH Key Fingerprint: SHA256:GWI1hq+MNKR2UOcvk7n9tekASXT8vyazK7vDF9Xyciw
13 changed files with 118 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
server/Cargo.lock generated
View File

@ -2203,6 +2203,7 @@ checksum = "744018581f9a3454a9e15beb8a33b017183f1e7c0cd170232a2d1453b23a51c4"
dependencies = [ dependencies = [
"getrandom 0.2.15", "getrandom 0.2.15",
"rand 0.8.5", "rand 0.8.5",
"serde",
] ]
[[package]] [[package]]

2
server/Cargo.toml
View File

@ -23,7 +23,7 @@ bitflags = { version = "2.8", features = [ "serde" ] }
tracing = "0.1" tracing = "0.1"
tracing-subscriber = "0.3" tracing-subscriber = "0.3"
chrono = "0.4" chrono = "0.4"
uuid = { version = "1.12", features = ["v4", "fast-rng"] } uuid = { version = "1.12", features = ["v4", "fast-rng", "serde"] }
serde_json = "1.0.137" serde_json = "1.0.137"
rand = "0.9" rand = "0.9"
rand_chacha = "0.9" rand_chacha = "0.9"

4
server/migrations/001_create_members.sql
View File

@ -4,7 +4,7 @@ CREATE TABLE "members" (
full_name text NOT NULL, full_name text NOT NULL,
registration_token text NOT NULL UNIQUE, registration_token text NOT NULL UNIQUE,
diploma text, diploma text,
swim_groups bigint NOT NULL, groups bigint NOT NULL,
groups bigint NOT NULL roles bigint NOT NULL
); );

46
server/src/auth.rs
View File

@ -6,7 +6,7 @@ use argon2::{
}; };
use axum::{ use axum::{
extract::FromRequestParts, extract::FromRequestParts,
http::{request::Parts, StatusCode}, http::{header, request::Parts, HeaderMap, StatusCode},
RequestPartsExt, RequestPartsExt,
}; };
use axum_extra::{ use axum_extra::{
@ -16,13 +16,15 @@ use axum_extra::{
TypedHeader, TypedHeader,
}; };
use bearer::verify_bearer; use bearer::verify_bearer;
use chrono::Utc;
pub use error::AuthError; pub use error::AuthError;
use rand::distr::Alphanumeric; use rand::distr::Alphanumeric;
use rand::prelude::*; use rand::prelude::*;
use rand_chacha::ChaCha20Rng; use rand_chacha::ChaCha20Rng;
use sqlx::PgPool;
use tokio::task; use tokio::task;
use crate::database::model::User; use crate::{database::model::Session, model::User};
mod bearer; mod bearer;
mod error; mod error;
@ -73,6 +75,46 @@ where
} }
} }
pub async fn get_user_from_header(pool: &PgPool, headers: &HeaderMap) -> Result<User, AuthError> {
let bearer_value = headers.get(header::AUTHORIZATION);
let bearer_value = bearer_value
.ok_or_else(|| AuthError::InvalidToken)?
.to_str()
.map_err(|_| AuthError::InvalidToken)?;
let token = get_token_from_bearer(bearer_value)?;
let potential_user = match token.split_once("_") {
Some(("ses", _)) => {
let session = match Session::from_token(&pool, &token).await {
Ok(s) => s,
Err(_) => return Err(AuthError::InvalidToken),
};
if session.expires_at < Utc::now() {
return Err(AuthError::InvalidToken);
}
let db_user = match crate::database::model::User::get(&pool, session.user_id).await {
Ok(u) => u,
Err(_) => return Err(AuthError::InvalidToken),
};
db_user.into()
}
_ => return Err(AuthError::InvalidToken),
};
Ok(potential_user)
}
pub fn get_token_from_bearer(bearer: &str) -> Result<String, AuthError> {
match bearer.strip_prefix("Bearer ") {
Some(token) => Ok(token.to_string()),
None => return Err(AuthError::InvalidToken),
}
}
pub async fn generate_password_hash( pub async fn generate_password_hash(
password: String, password: String,
) -> Result<String, argon2::password_hash::Error> { ) -> Result<String, argon2::password_hash::Error> {

18
server/src/auth/scopes.rs
View File

@ -1,19 +1 @@
use crate::bitflags_serde_impl;
use bitflags::bitflags;
use serde::Deserialize;
bitflags! {
#[derive(Clone, Copy, Debug)]
pub struct Scopes: u64 {
const USER_READ = 1 << 0;
const USER_WRITE = 1 << 1;
const USER_DELETE = 1 << 2;
const MEMBER_CREATE = 1 << 3;
const MEMBER_READ = 1 << 4;
const MEMBER_WRITE = 1 << 5;
const MEMBER_DELETE = 1 << 6;
}
}
bitflags_serde_impl!(Scopes, u64);

12
server/src/database/model/member.rs
View File

@ -2,7 +2,7 @@ use rand::distr::{Alphanumeric, SampleString};
use sqlx::{PgPool, Postgres, QueryBuilder}; use sqlx::{PgPool, Postgres, QueryBuilder};
use validator::Validate; use validator::Validate;
use crate::model::member::{Groups, SwimGroups}; use crate::model::member::{Groups, Roles};
#[derive(Debug, Validate, sqlx::FromRow)] #[derive(Debug, Validate, sqlx::FromRow)]
pub struct Member { pub struct Member {
@ -12,8 +12,8 @@ pub struct Member {
pub full_name: String, pub full_name: String,
pub registration_token: Option<String>, pub registration_token: Option<String>,
pub diploma: Option<String>, pub diploma: Option<String>,
pub swim_groups: SwimGroups,
pub groups: Groups, pub groups: Groups,
pub roles: Roles,
} }
impl Member { impl Member {
@ -53,7 +53,7 @@ impl Member {
} }
let mut query_builder = QueryBuilder::new( let mut query_builder = QueryBuilder::new(
"INSERT INTO members(member_id, first_name, full_name, registration_token, diploma, swim_groups, groups) " "INSERT INTO members(member_id, first_name, full_name, registration_token, diploma, groups, roles) "
); );
query_builder.push_values(members.into_iter(), |mut b, member| { query_builder.push_values(members.into_iter(), |mut b, member| {
@ -64,8 +64,8 @@ impl Member {
b.push_bind(member.full_name); b.push_bind(member.full_name);
b.push_bind(registration_token); b.push_bind(registration_token);
b.push_bind(member.diploma); b.push_bind(member.diploma);
b.push_bind(member.swim_groups.bits() as i64);
b.push_bind(member.groups.bits() as i64); b.push_bind(member.groups.bits() as i64);
b.push_bind(member.roles.bits() as i64);
}); });
let query = query_builder.build(); let query = query_builder.build();
@ -86,14 +86,14 @@ impl Member {
sqlx::query!( sqlx::query!(
" "
UPDATE ONLY members UPDATE ONLY members
SET first_name = $1, full_name = $2, diploma = $3, swim_groups = $4, groups = $5 SET first_name = $1, full_name = $2, diploma = $3, groups = $4, roles = $5
WHERE member_id = $6 WHERE member_id = $6
", ",
member.first_name, member.first_name,
member.full_name, member.full_name,
member.diploma, member.diploma,
member.swim_groups.bits() as i64,
member.groups.bits() as i64, member.groups.bits() as i64,
member.roles.bits() as i64,
member.member_id member.member_id
) )
.execute(&mut **transaction) .execute(&mut **transaction)

1
server/src/database/model/session.rs
View File

@ -1,6 +1,7 @@
use chrono::{DateTime, Utc}; use chrono::{DateTime, Utc};
use sqlx::{PgPool, Postgres}; use sqlx::{PgPool, Postgres};
#[derive(Debug)]
pub struct Session { pub struct Session {
pub session_id: uuid::Uuid, pub session_id: uuid::Uuid,
pub user_id: uuid::Uuid, pub user_id: uuid::Uuid,

8
server/src/database/model/user.rs
View File

@ -44,6 +44,14 @@ impl User {
Ok(user) Ok(user)
} }
pub async fn get(transaction: &PgPool, user_id: uuid::Uuid) -> Result<Self, sqlx::Error> {
let user = sqlx::query_as!(Self, "SELECT * FROM users WHERE user_id = $1", user_id)
.fetch_one(transaction)
.await?;
Ok(user)
}
} }
#[derive(Debug)] #[derive(Debug)]

20
server/src/model/member.rs
View File

@ -13,21 +13,21 @@ pub struct Member {
pub name: Name, pub name: Name,
pub registration_token: Option<String>, pub registration_token: Option<String>,
pub diploma: Option<String>, pub diploma: Option<String>,
pub swim_groups: SwimGroups,
pub groups: Groups, pub groups: Groups,
pub roles: Roles,
} }
bitflags! { bitflags! {
#[derive(Clone, Copy, Debug, Serialize, Deserialize)] #[derive(Clone, Copy, Debug, Serialize, Deserialize)]
pub struct Groups: u64 { pub struct Roles: u64 {
const NONE = 1 << 0; const MEMBER = 1 << 0;
const KADER = 1 << 1; const KADER = 1 << 1;
const ZWEMZAKEN = 1 << 2; const ZWEMZAKEN = 1 << 2;
const WEDSTRIJDEN = 1 << 3; const WEDSTRIJDEN = 1 << 3;
} }
#[derive(Clone, Copy, Debug, Serialize, Deserialize)] #[derive(Clone, Copy, Debug, Serialize, Deserialize)]
pub struct SwimGroups: u64 { pub struct Groups: u64 {
const NONE = 1 << 0; const NONE = 1 << 0;
const A1 = 1 << 1; const A1 = 1 << 1;
@ -76,15 +76,15 @@ bitflags! {
} }
} }
impl From<i64> for SwimGroups { impl From<i64> for Groups {
fn from(value: i64) -> Self { fn from(value: i64) -> Self {
Self::from_bits(value as u64).unwrap_or(SwimGroups::NONE) Self::from_bits(value as u64).unwrap_or(Groups::empty())
} }
} }
impl From<i64> for Groups { impl From<i64> for Roles {
fn from(value: i64) -> Self { fn from(value: i64) -> Self {
Self::from_bits(value as u64).unwrap_or(Groups::NONE) Self::from_bits(value as u64).unwrap_or(Roles::MEMBER)
} }
} }
@ -99,8 +99,8 @@ impl From<DbMember> for Member {
}, },
registration_token: value.registration_token, registration_token: value.registration_token,
diploma: value.diploma, diploma: value.diploma,
swim_groups: value.swim_groups,
groups: value.groups, groups: value.groups,
roles: value.roles,
} }
} }
} }
@ -113,8 +113,8 @@ impl From<Member> for DbMember {
full_name: value.name.full, full_name: value.name.full,
registration_token: None, registration_token: None,
diploma: value.diploma, diploma: value.diploma,
swim_groups: value.swim_groups,
groups: value.groups, groups: value.groups,
roles: value.roles,
} }
} }
} }

3
server/src/model/session.rs
View File

@ -2,6 +2,7 @@ use chrono::{DateTime, Duration, Utc};
use crate::auth::generate_session_token; use crate::auth::generate_session_token;
#[derive(Debug)]
pub struct Session { pub struct Session {
pub session_id: uuid::Uuid, pub session_id: uuid::Uuid,
pub user_id: uuid::Uuid, pub user_id: uuid::Uuid,
@ -13,7 +14,7 @@ pub struct Session {
impl Session { impl Session {
pub fn new(user_id: uuid::Uuid) -> Self { pub fn new(user_id: uuid::Uuid) -> Self {
let session_id = uuid::Uuid::new_v4(); let session_id = uuid::Uuid::new_v4();
let token = generate_session_token(); let token = format!("ses_{}", generate_session_token());
let created_at = Utc::now(); let created_at = Utc::now();
let expires_at = Utc::now() + Duration::days(7); let expires_at = Utc::now() + Duration::days(7);

14
server/src/model/user.rs
View File

@ -1,5 +1,19 @@
use serde::Serialize;
#[derive(Serialize)]
pub struct User { pub struct User {
pub id: uuid::Uuid, pub id: uuid::Uuid,
pub email: String, pub email: String,
pub admin: bool, pub admin: bool,
} }
use crate::database::model::User as DbUser;
impl From<DbUser> for User {
fn from(db_user: DbUser) -> Self {
Self {
id: db_user.user_id,
email: db_user.email,
admin: db_user.admin,
}
}
}

24
server/src/routes.rs
View File

@ -1,5 +1,14 @@
use crate::{auth::Permissions, AppState}; use crate::{
use axum::{extract::State, http::StatusCode, routing::get, Router}; auth::{get_user_from_header, Permissions},
model::User,
AppState,
};
use axum::{
extract::State,
http::{HeaderMap, StatusCode},
routing::get,
Json, Router,
};
pub mod auth; pub mod auth;
pub mod member; pub mod member;
@ -14,10 +23,11 @@ pub fn routes() -> Router<AppState> {
} }
async fn root( async fn root(
State(_state): State<AppState>, State(state): State<AppState>,
permissions: Permissions<'_>, // permissions: Permissions<'_>,
) -> Result<String, (StatusCode, String)> { headers: HeaderMap,
tracing::info!("{:?}", permissions); ) -> Result<Json<User>, crate::Error> {
let user = get_user_from_header(&state.pool, &headers).await?;
Ok("Hello world".to_string()) Ok(Json(user))
} }

24
server/src/routes/member/migrate.rs
View File

@ -11,7 +11,7 @@ use crate::{
auth::{AuthError, Permissions}, auth::{AuthError, Permissions},
database::model::Member as DbMember, database::model::Member as DbMember,
model::{ model::{
member::{Groups, Name, SwimGroups}, member::{Groups, Name, Roles},
Member, Member,
}, },
util::convert_vec, util::convert_vec,
@ -119,7 +119,7 @@ struct Row {
#[serde(rename = "E-mail")] #[serde(rename = "E-mail")]
email: String, email: String,
#[serde(rename = "Verenigingssporten")] #[serde(rename = "Verenigingssporten")]
swim_groups: String, groups: String,
#[serde(rename = "Diploma dropdown 1")] #[serde(rename = "Diploma dropdown 1")]
diploma: Option<String>, diploma: Option<String>,
} }
@ -164,22 +164,22 @@ impl Row {
members members
} }
fn swim_groups_parsed(&self) -> SwimGroups { fn groups_parsed(&self) -> Groups {
let mut swim_groups: Vec<String> = Vec::new(); let mut groups: Vec<String> = Vec::new();
let group_parts: Vec<&str> = self.swim_groups.split(", ").collect(); let group_parts: Vec<&str> = self.groups.split(", ").collect();
for group in group_parts { for group in group_parts {
let hour_parts: Vec<&str> = group.split(" - ").collect(); let hour_parts: Vec<&str> = group.split(" - ").collect();
if let Some(group) = hour_parts.get(1) { if let Some(group) = hour_parts.get(1) {
swim_groups.push(group.to_uppercase()) groups.push(group.to_uppercase())
} }
} }
let swim_groups_string = swim_groups.join("|"); let groups_string = groups.join("|");
bitflags::parser::from_str(&swim_groups_string).unwrap_or(SwimGroups::empty()) bitflags::parser::from_str(&groups_string).unwrap_or(Groups::empty())
} }
} }
@ -201,8 +201,8 @@ impl Into<Member> for Row {
name, name,
registration_token: None, registration_token: None,
diploma: self.diploma.clone(), diploma: self.diploma.clone(),
swim_groups: self.swim_groups_parsed(), groups: self.groups_parsed(),
groups: Groups::empty(), roles: Roles::MEMBER,
} }
} }
} }
@ -264,8 +264,8 @@ fn generate_diff(members_new: Vec<Member>, members_old: Vec<Member>) -> MembersD
name: new_member.name.clone(), name: new_member.name.clone(),
registration_token: old_member.registration_token, registration_token: old_member.registration_token,
diploma: new_member.diploma.clone(), diploma: new_member.diploma.clone(),
swim_groups: new_member.swim_groups.clone(), groups: new_member.groups,
groups: old_member.groups, roles: old_member.roles,
}) })
} else { } else {
members_remove.push(old_member); members_remove.push(old_member);