nebkor
/
what2watch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

checkpoint working skeleton for login

This commit is contained in:
Joe Ardent 2023-05-28 12:20:55 -07:00
parent 151719daf1
commit b1fd57c486
7 changed files with 140 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
migrations/20230426221940_init.up.sql
View File

@ -5,7 +5,7 @@
-- users
create table if not exists witches (
id blob not null primary key,
id int not null primary key,
username text not null unique,
displayname text,
email text,

4
src/db.rs
View File

@ -20,12 +20,12 @@ pub async fn get_pool() -> SqlitePool {
let conn_opts = SqliteConnectOptions::new()
.foreign_keys(true)
.auto_vacuum(sqlx::sqlite::SqliteAutoVacuum::Incremental)
.filename(&db_filename);
.filename(&db_filename)
.busy_timeout(Duration::from_secs(TIMEOUT));
// setup connection pool
SqlitePoolOptions::new()
.max_connections(MAX_CONNS)
.connect_timeout(Duration::from_secs(TIMEOUT))
.connect_with(conn_opts)
.await
.expect("can't connect to database")

8
src/main.rs
View File

@ -8,7 +8,7 @@ use witch_watch::{
db,
generic_handlers::{handle_slash, handle_slash_redir},
session_store::SqliteSessionStore,
users::{get_create_user, handle_signup_success, post_create_user},
users::{get_create_user, get_login, handle_signup_success, post_create_user, post_login},
};
#[tokio::main]
@ -22,6 +22,7 @@ async fn main() {
.init();
let pool = db::get_pool().await;
let session_layer = {
let store = SqliteSessionStore::from_client(pool.clone());
store.migrate().await.expect("Could not migrate session DB");
let secret = {
@ -30,9 +31,9 @@ async fn main() {
rng.fill_bytes(&mut bytes);
bytes
};
let session_layer = SessionLayer::new(store, &secret).with_secure(true);
SessionLayer::new(store, &secret).with_secure(true)
};
// build our application with some routes
let app = Router::new()
.route("/", get(handle_slash).post(handle_slash))
.route("/signup", get(get_create_user).post(post_create_user))
@ -40,6 +41,7 @@ async fn main() {
"/signup_success/:id",
get(handle_signup_success).post(handle_signup_success),
)
.route("/login", get(get_login).post(post_login))
.fallback(handle_slash_redir)
.layer(session_layer)
.with_state(pool);

18
src/templates.rs
View File

@ -1,7 +1,7 @@
use askama::Template;
use serde::Deserialize;
use serde::{Deserialize, Serialize};
#[derive(Debug, Default, Template, Deserialize)]
#[derive(Debug, Default, Template, Deserialize, Serialize)]
#[template(path = "signup.html")]
pub struct CreateUser {
pub username: String,
@ -10,3 +10,17 @@ pub struct CreateUser {
pub password: String,
pub pw_verify: String,
}
#[derive(Debug, Default, Template, Deserialize, Serialize)]
#[template(path = "login_post.html")]
pub struct LoginPost {
pub username: String,
pub password: String,
}
#[derive(Debug, Default, Template, Deserialize, Serialize)]
#[template(path = "login_get.html")]
pub struct LoginGet {
pub username: String,
pub password: String,
}

175
src/users.rs
View File

@ -10,23 +10,25 @@ use axum::{
http::StatusCode,
response::{IntoResponse, Response},
};
use axum_login::{
secrecy::{SecretVec}, AuthUser,
};
use sqlx::{query_as, sqlite::SqliteRow, Row, SqlitePool};
use axum_login::{secrecy::SecretVec, AuthUser, SqliteStore};
use rand_core::CryptoRngCore;
use sqlx::{query_as, SqlitePool};
use unicode_segmentation::UnicodeSegmentation;
use uuid::Uuid;
use crate::{templates::CreateUser, ToBlob};
use crate::{
templates::{CreateUser, LoginGet},
ToBlob,
};
const CREATE_QUERY: &str =
"insert into witches (id, username, displayname, email, pwhash) values ($1, $2, $3, $4, $5)";
const ID_QUERY: &str = "select * from witches where id = $1";
// const PW_QUERY: &str = "select pwhash from witches where id = $1";
#[derive(Debug, Default, Clone, PartialEq, Eq)]
#[derive(Debug, Default, Clone, PartialEq, Eq, sqlx::FromRow)]
pub struct User {
pub id: Uuid,
pub id: i64,
pub username: String,
pub displayname: Option<String>,
pub email: Option<String>,
@ -47,8 +49,10 @@ impl Display for User {
}
}
impl AuthUser<Uuid> for User {
fn get_id(&self) -> Uuid {
pub type AuthContext = axum_login::extractors::AuthContext<i64, User, SqliteStore<User>>;
impl AuthUser<i64> for User {
fn get_id(&self) -> i64 {
self.id
}
@ -57,33 +61,49 @@ impl AuthUser<Uuid> for User {
}
}
//--------------------------------------------------------------------------
// Result types for user creation
//--------------------------------------------------------------------------
#[derive(Debug, Clone, Template)]
#[template(path = "signup_success.html")]
pub struct CreateUserSuccess(User);
impl sqlx::FromRow<'_, SqliteRow> for User {
fn from_row(row: &SqliteRow) -> Result<Self, sqlx::Error> {
let bytes: Vec<u8> = row.get("id");
let bytes = bytes.as_slice();
let bytes: [u8; 16] = bytes.try_into().unwrap();
let id = Uuid::from_bytes_le(bytes);
let username: String = row.get("username");
let displayname: Option<String> = row.get("displayname");
let last_seen: Option<i64> = row.get("last_seen");
let email: Option<String> = row.get("email");
let pwhash: String = row.get("pwhash");
#[Error(desc = "Could not create user.")]
#[non_exhaustive]
pub struct CreateUserError(#[from] CreateUserErrorKind);
Ok(Self {
id,
username,
displayname,
email,
last_seen,
pwhash,
})
impl IntoResponse for CreateUserError {
fn into_response(self) -> askama_axum::Response {
match self.0 {
CreateUserErrorKind::UnknownDBError => {
(StatusCode::INTERNAL_SERVER_ERROR, format!("{self}")).into_response()
}
_ => (StatusCode::BAD_REQUEST, format!("{self}")).into_response(),
}
}
}
#[Error]
#[non_exhaustive]
pub enum CreateUserErrorKind {
AlreadyExists,
#[error(desc = "Usernames must be between 1 and 20 non-whitespace characters long")]
BadUsername,
PasswordMismatch,
#[error(desc = "Password must have at least 4 and at most 50 characters")]
BadPassword,
#[error(desc = "Display name must be less than 100 characters long")]
BadDisplayname,
BadEmail,
MissingFields,
UnknownDBError,
}
//--------------------------------------------------------------------------
// User creation route handlers
//--------------------------------------------------------------------------
/// Get Handler: displays the form to create a user
pub async fn get_create_user() -> CreateUser {
CreateUser::default()
@ -109,12 +129,6 @@ pub async fn post_create_user(
return Err(CreateUserErrorKind::BadUsername.into());
}
if let Some(ref dn) = displayname {
if dn.len() > 50 {
return Err(CreateUserErrorKind::BadDisplayname.into());
}
}
if password != verify {
return Err(CreateUserErrorKind::PasswordMismatch.into());
}
@ -122,12 +136,21 @@ pub async fn post_create_user(
let password = urlencoding::decode(password)
.map_err(|_| CreateUserErrorKind::BadPassword)?
.to_string();
let password = password.trim();
let password = password.as_bytes();
if !(4..=50).contains(&password.len()) {
return Err(CreateUserErrorKind::BadPassword.into());
}
let displayname = if let Some(dn) = displayname {
let dn = urlencoding::decode(dn)
.map_err(|_| CreateUserErrorKind::BadDisplayname)?
.to_string()
.trim()
.to_string();
if dn.graphemes(true).size_hint().1.unwrap() > 100 {
return Err(CreateUserErrorKind::BadDisplayname.into());
}
Some(dn)
} else {
None
@ -147,7 +170,7 @@ pub async fn post_create_user(
let user = create_user(username, displayname, email, password, &pool).await?;
tracing::debug!("created {user:?}");
let id = user.id.simple().to_string();
let id = user.id;
let location = format!("/signup_success/{id}");
let resp = axum::response::Redirect::temporary(&location).into_response();
@ -180,6 +203,54 @@ pub async fn handle_signup_success(
resp
}
//--------------------------------------------------------------------------
// Login error and success types
//--------------------------------------------------------------------------
#[Error]
pub struct LoginError(#[from] LoginErrorKind);
#[Error]
#[non_exhaustive]
pub enum LoginErrorKind {
BadPassword,
Unknown,
}
impl IntoResponse for LoginError {
fn into_response(self) -> Response {
match self.0 {
LoginErrorKind::Unknown => (
StatusCode::INTERNAL_SERVER_ERROR,
"An unknown error occurred; you cursed, brah?",
)
.into_response(),
_ => (StatusCode::BAD_REQUEST, format!("{self}")).into_response(),
}
}
}
//--------------------------------------------------------------------------
// Login handlers
//--------------------------------------------------------------------------
/// Handle login queries
#[axum::debug_handler]
pub async fn post_login(
mut auth: AuthContext,
State(pool): State<SqlitePool>,
) -> Result<(), LoginError> {
Err(LoginErrorKind::Unknown.into())
}
pub async fn get_login() -> impl IntoResponse {
LoginGet::default()
}
//-------------------------------------------------------------------------
// private fns
//-------------------------------------------------------------------------
async fn create_user(
username: &str,
displayname: &Option<String>,
@ -195,9 +266,10 @@ async fn create_user(
.unwrap() // safe to unwrap, we know the salt is valid
.to_string();
let id = Uuid::new_v4();
let mut rng = OsRng;
let id: i64 = rng.as_rngcore().next_u64() as i64;
let res = sqlx::query(CREATE_QUERY)
.bind(id.blob())
.bind(id)
.bind(username)
.bind(displayname)
.bind(email)
@ -233,32 +305,3 @@ async fn create_user(
_ => Err(CreateUserErrorKind::UnknownDBError.into()),
}
}
#[Error(desc = "Could not create user.")]
#[non_exhaustive]
pub struct CreateUserError(#[from] CreateUserErrorKind);
impl IntoResponse for CreateUserError {
fn into_response(self) -> askama_axum::Response {
match self.0 {
CreateUserErrorKind::UnknownDBError => {
(StatusCode::INTERNAL_SERVER_ERROR, format!("{self}")).into_response()
}
_ => (StatusCode::BAD_REQUEST, format!("{self}")).into_response(),
}
}
}
#[Error]
#[non_exhaustive]
pub enum CreateUserErrorKind {
AlreadyExists,
#[error(desc = "Usernames must be between 1 and 20 non-whitespace characters long")]
BadUsername,
PasswordMismatch,
BadPassword,
BadDisplayname,
BadEmail,
MissingFields,
UnknownDBError,
}

0
templates/login_get.html Normal file
View File

0
templates/login_post.html Normal file
View File