Adds "working" signup and success page, from front-end branch.

This commit is contained in:
Joe Ardent 2023-05-22 15:09:42 -07:00
commit a615119afc
11 changed files with 252 additions and 74 deletions

1
.env Normal file
View file

@ -0,0 +1 @@
DATABASE_URL=sqlite://${HOME}/.witch-watch.db

7
Cargo.lock generated
View file

@ -2447,6 +2447,12 @@ dependencies = [
"percent-encoding", "percent-encoding",
] ]
[[package]]
name = "urlencoding"
version = "2.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e8db7427f936968176eaa7cdf81b7f98b980b18495ec28f1b5791ac3bfe3eea9"
[[package]] [[package]]
name = "uuid" name = "uuid"
version = "0.8.2" version = "0.8.2"
@ -2793,6 +2799,7 @@ dependencies = [
"tracing", "tracing",
"tracing-subscriber", "tracing-subscriber",
"unicode-segmentation", "unicode-segmentation",
"urlencoding",
"uuid 1.3.1", "uuid 1.3.1",
] ]

View file

@ -23,3 +23,4 @@ justerror = "1.1.0"
password-hash = { version = "0.5.0", features = ["std", "getrandom"] } password-hash = { version = "0.5.0", features = ["std", "getrandom"] }
axum-login = { version = "0.5.0", features = ["sqlite", "sqlx"] } axum-login = { version = "0.5.0", features = ["sqlite", "sqlx"] }
unicode-segmentation = "1.10.1" unicode-segmentation = "1.10.1"
urlencoding = "2.1.2"

View file

@ -3,4 +3,5 @@ extern crate justerror;
pub mod db; pub mod db;
pub mod handlers; pub mod handlers;
pub(crate) mod templates;
pub mod users; pub mod users;

View file

@ -2,7 +2,10 @@ use std::net::SocketAddr;
use axum::{routing::get, Router}; use axum::{routing::get, Router};
use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt}; use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt};
use witch_watch::{db, handlers}; use witch_watch::{
db,
users::{get_create_user, handle_signup_success, post_create_user},
};
#[tokio::main] #[tokio::main]
async fn main() { async fn main() {
@ -16,16 +19,12 @@ async fn main() {
let pool = db::get_pool().await; let pool = db::get_pool().await;
let _ = witch_watch::users::create_user("joe", &None, &None, &[], &pool)
.await
.unwrap();
// build our application with some routes // build our application with some routes
use handlers::*;
let app = Router::new() let app = Router::new()
.route("/signup", get(get_create_user).post(post_create_user))
.route( .route(
"/", "/signup_success/:id",
get(using_connection_pool_extractor).post(using_connection_extractor), get(handle_signup_success).post(handle_signup_success),
) )
.with_state(pool); .with_state(pool);

View file

@ -1,35 +0,0 @@
use askama::Template;
use axum::{
extract,
http::StatusCode,
response::{Html, IntoResponse, Response},
};
pub(crate) async fn greet(extract::Path(name): extract::Path<String>) -> impl IntoResponse {
let template = HelloTemplate { name };
HtmlTemplate(template)
}
#[derive(Template)]
#[template(path = "hello.html")]
struct HelloTemplate {
name: String,
}
struct HtmlTemplate<T>(T);
impl<T> IntoResponse for HtmlTemplate<T>
where
T: Template,
{
fn into_response(self) -> Response {
match self.0.render() {
Ok(html) => Html(html).into_response(),
Err(err) => (
StatusCode::INTERNAL_SERVER_ERROR,
format!("Failed to render template. Error: {}", err),
)
.into_response(),
}
}
}

12
src/templates.rs Normal file
View file

@ -0,0 +1,12 @@
use askama::Template;
use serde::Deserialize;
#[derive(Debug, Default, Template, Deserialize)]
#[template(path = "signup.html")]
pub struct CreateUser {
pub username: String,
pub displayname: Option<String>,
pub email: Option<String>,
pub password: String,
pub pw_verify: String,
}

View file

@ -1,57 +1,177 @@
use std::fmt::Display;
use argon2::{ use argon2::{
password_hash::{rand_core::OsRng, PasswordHash, PasswordHasher, PasswordVerifier, SaltString}, password_hash::{rand_core::OsRng, PasswordHash, PasswordHasher, PasswordVerifier, SaltString},
Argon2, Argon2,
}; };
use sqlx::{error::DatabaseError, Sqlite, SqlitePool}; use askama::Template;
use tracing::log::log; use axum::{
extract::{Form, Path, State},
http::StatusCode,
response::{IntoResponse, Response},
};
use sqlx::{sqlite::SqliteRow, Row, SqlitePool};
use unicode_segmentation::UnicodeSegmentation; use unicode_segmentation::UnicodeSegmentation;
use uuid::Uuid; use uuid::Uuid;
use crate::templates::CreateUser;
const CREATE_QUERY: &str = const CREATE_QUERY: &str =
"insert into witches (id, username, displayname, email, pwhash) values ($1, $2, $3, $4, $5)"; "insert into witches (id, username, displayname, email, pwhash) values ($1, $2, $3, $4, $5)";
const ID_QUERY: &str = "select * from witches where id = $1";
#[derive(Debug, Default, Clone, PartialEq, Eq)]
pub struct User { pub struct User {
id: Uuid, id: Uuid,
username: String, username: String,
displayname: Option<String>, displayname: Option<String>,
email: Option<String>, email: Option<String>,
last_seen: Option<i64>,
} }
#[derive(Debug, Clone, sqlx::FromRow, sqlx::Encode)] impl Display for User {
pub(crate) struct DbUser { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
id: Uuid, let uname = &self.username;
username: String, let dname = if let Some(ref n) = self.displayname {
displayname: Option<String>, n
email: Option<String>, } else {
last_seen: Option<u64>, ""
pwhash: String, };
} let email = if let Some(ref e) = self.email { e } else { "" };
write!(f, "Username: {uname}\nDisplayname: {dname}\nEmail: {email}")
impl From<DbUser> for User {
fn from(dbu: DbUser) -> Self {
User {
id: dbu.id,
username: dbu.username,
displayname: dbu.displayname,
email: dbu.email,
}
} }
} }
pub async fn create_user( #[derive(Debug, Clone, Template)]
username: &str, #[template(path = "signup_success.html")]
displayname: &Option<String>, pub struct CreateUserSuccess(User);
email: &Option<String>,
password: &[u8], impl sqlx::FromRow<'_, SqliteRow> for User {
pool: &SqlitePool, fn from_row(row: &SqliteRow) -> Result<Self, sqlx::Error> {
) -> Result<User, CreateUserError> { let bytes: Vec<u8> = row.get("id");
let bytes = bytes.as_slice();
let bytes: [u8; 16] = bytes.try_into().unwrap();
let id = Uuid::from_bytes_le(bytes);
let username: String = row.get("username");
let displayname: Option<String> = row.get("displayname");
let last_seen: Option<i64> = row.get("last_seen");
let email: Option<String> = row.get("email");
Ok(Self {
id,
username,
displayname,
email,
last_seen,
})
}
}
/// Get Handler: displays the form to create a user
pub async fn get_create_user() -> CreateUser {
CreateUser::default()
}
/// Post Handler: validates form values and calls the actual, private user
/// creation function
#[axum::debug_handler]
pub async fn post_create_user(
State(pool): State<SqlitePool>,
Form(signup): Form<CreateUser>,
) -> Result<Response, CreateUserError> {
let username = &signup.username;
let displayname = &signup.displayname;
let email = &signup.email;
let password = &signup.password;
let verify = &signup.pw_verify;
let username = username.trim(); let username = username.trim();
let name_len = username.graphemes(true).size_hint().1.unwrap(); let name_len = username.graphemes(true).size_hint().1.unwrap();
// we are not ascii exclusivists around here // we are not ascii exclusivists around here
if !(1..=20).contains(&name_len) { if !(1..=20).contains(&name_len) {
return Err(CreateUserErrorKind::BadUsername.into()); return Err(CreateUserErrorKind::BadUsername.into());
} }
if let Some(ref dn) = displayname {
if dn.len() > 50 {
return Err(CreateUserErrorKind::BadDisplayname.into());
}
}
if password != verify {
return Err(CreateUserErrorKind::PasswordMismatch.into());
}
let password = urlencoding::decode(password)
.map_err(|_| CreateUserErrorKind::BadPassword)?
.to_string();
let password = password.as_bytes();
let displayname = if let Some(dn) = displayname {
let dn = urlencoding::decode(dn)
.map_err(|_| CreateUserErrorKind::BadDisplayname)?
.to_string();
Some(dn)
} else {
None
};
let displayname = &displayname;
// TODO(2023-05-17): validate email
let email = if let Some(email) = email {
let email = urlencoding::decode(email)
.map_err(|_| CreateUserErrorKind::BadEmail)?
.to_string();
Some(email)
} else {
None
};
let email = &email;
let user = create_user(username, displayname, email, password, &pool).await?;
tracing::debug!("created {user:?}");
let id = user.id.simple().to_string();
let location = format!("/signup_success/{id}");
let resp = axum::response::Redirect::temporary(&location).into_response();
Ok(resp)
}
/// Get handler for successful signup
pub async fn handle_signup_success(
Path(id): Path<String>,
State(pool): State<SqlitePool>,
) -> Response {
let user: User = {
let id = id;
let id = Uuid::try_parse(&id).unwrap_or_default();
let id_bytes = id.to_bytes_le();
sqlx::query_as(ID_QUERY)
.bind(id_bytes.as_slice())
.fetch_one(&pool)
.await
.unwrap_or_default()
};
let mut resp = CreateUserSuccess(user.clone()).into_response();
if user.username.is_empty() {
// redirect to front page if we got here without a valid witch header
*resp.status_mut() = StatusCode::TEMPORARY_REDIRECT;
resp.headers_mut().insert("Location", "/".parse().unwrap());
}
resp
}
async fn create_user(
username: &str,
displayname: &Option<String>,
email: &Option<String>,
password: &[u8],
pool: &SqlitePool,
) -> Result<User, CreateUserError> {
// Argon2 with default params (Argon2id v19) // Argon2 with default params (Argon2id v19)
let argon2 = Argon2::default(); let argon2 = Argon2::default();
let salt = SaltString::generate(&mut OsRng); let salt = SaltString::generate(&mut OsRng);
@ -79,6 +199,7 @@ pub async fn create_user(
username: username.to_string(), username: username.to_string(),
displayname: displayname.to_owned(), displayname: displayname.to_owned(),
email: email.to_owned(), email: email.to_owned(),
last_seen: None,
}; };
Ok(user) Ok(user)
} }
@ -89,13 +210,13 @@ pub async fn create_user(
if exit == 2067u32 || exit == 1555 { if exit == 2067u32 || exit == 1555 {
Err(CreateUserErrorKind::AlreadyExists.into()) Err(CreateUserErrorKind::AlreadyExists.into())
} else { } else {
Err(CreateUserErrorKind::Unknown.into()) Err(CreateUserErrorKind::UnknownDBError.into())
} }
} else { } else {
Err(CreateUserErrorKind::Unknown.into()) Err(CreateUserErrorKind::UnknownDBError.into())
} }
} }
_ => Err(CreateUserErrorKind::Unknown.into()), _ => Err(CreateUserErrorKind::UnknownDBError.into()),
} }
} }
@ -103,6 +224,17 @@ pub async fn create_user(
#[non_exhaustive] #[non_exhaustive]
pub struct CreateUserError(#[from] CreateUserErrorKind); pub struct CreateUserError(#[from] CreateUserErrorKind);
impl IntoResponse for CreateUserError {
fn into_response(self) -> askama_axum::Response {
match self.0 {
CreateUserErrorKind::UnknownDBError => {
(StatusCode::INTERNAL_SERVER_ERROR, format!("{self}")).into_response()
}
_ => (StatusCode::BAD_REQUEST, format!("{self}")).into_response(),
}
}
}
#[Error] #[Error]
#[non_exhaustive] #[non_exhaustive]
pub enum CreateUserErrorKind { pub enum CreateUserErrorKind {
@ -110,6 +242,9 @@ pub enum CreateUserErrorKind {
#[error(desc = "Usernames must be between 1 and 20 non-whitespace characters long")] #[error(desc = "Usernames must be between 1 and 20 non-whitespace characters long")]
BadUsername, BadUsername,
PasswordMismatch, PasswordMismatch,
BadPassword,
BadDisplayname,
BadEmail,
MissingFields, MissingFields,
Unknown, UnknownDBError,
} }

18
templates/base.html Normal file
View file

@ -0,0 +1,18 @@
<!DOCTYPE html>
<html lang="en">
<head>
<title>{% block title %}{{ title }} - Witch Watch{% endblock %}</title>
{% block head %}{% endblock %}
</head>
<body>
<div id="header">
{% block header %}{% endblock %}
</div>
<div id="content">
{% block content %}{% endblock %}
</div>
<div id="footer">
{% block footer %}{% endblock %}
</div>
</body>
</html>

23
templates/signup.html Normal file
View file

@ -0,0 +1,23 @@
{% extends "base.html" %}
{% block title %}Sign Up for Witch Watch, Bish{% endblock %}
{% block content %}
<p>
<form action="/signup" enctype="application/x-www-form-urlencoded" method="post">
<label for="username">Username</label>
<input type="text" name="username" id="username" minlength="1" maxlength="20" required></br>
<label for="displayname">Displayname (optional)</label>
<input type="text" name="displayname" id="displayname"></br>
<label for="email">Email (optional)</label>
<input type="text" name="email"></br>
<label for="password">Password</label>
<input type="password" name="password" id="password" required></br>
<label for="confirm_password">Confirm Password</label>
<input type="password" name="pw_verify" id="pw_verify" required></br>
<input type="submit" value="Signup">
</form>
</p>
{% endblock %}

View file

@ -0,0 +1,16 @@
{% extends "base.html" %}
{% block title %}Thanks for Signing Up for Witch Watch, Bish{% endblock %}
{% block content %}
<h1>You did it!</h1>
<div id="signup_success"><p>
{{ self.0 }}
</p>
</div>
<p>Now, head on over to <a href="/login">the login page</a> and get watchin'!</p>
{% endblock %}