1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
use tokio;
use tokio::sync::Mutex;
use std::{
sync::Arc,
};
use warp::{Filter, Reply, Rejection};
use argon2::{
password_hash::{
rand_core::OsRng,
PasswordHash, PasswordHasher, PasswordVerifier, SaltString
},
Argon2
};
use serde::Deserialize;
mod constants; use constants::*;
mod util;
mod db; use db::DB;
macro_rules! mk_bad_request {
($res:expr) => { Ok(Box::new(warp::reply::with_status($res, warp::http::StatusCode::BAD_REQUEST))) }
}
macro_rules! mk_not_found {
($res:expr) => { Ok(Box::new(warp::reply::with_status($res, warp::http::StatusCode::NOT_FOUND))) }
}
macro_rules! mk_server_err {
() => { Ok(Box::new(warp::reply::with_status("Internal server error", warp::http::StatusCode::INTERNAL_SERVER_ERROR))) }
}
type Response = Result<Box<dyn Reply>, Rejection>;
async fn handle_ping(db: DB, mtoken: Option<String>) -> Response {
if let Some(token) = mtoken {
match db::maybe_refresh_token(db, &token).await {
Ok(()) => {},
Err(err) => { return mk_bad_request!(err); },
}
}
return Ok(Box::new("pong"))
}
#[derive(Deserialize)]
struct RegisterReq {
username: String,
password: String,
}
async fn handle_register(db: DB, req: RegisterReq) -> Response {
let salt = SaltString::generate(&mut OsRng);
let hash = match Argon2::default().hash_password(req.password.as_bytes(), &salt) {
Ok(hash) => hash.to_string(),
Err(_) => return mk_bad_request!("bad request"),
};
match db::register_account(db, &req.username, &hash.to_string()).await {
Ok(()) => Ok(Box::new("Registered")),
Err(err) => mk_bad_request!(err),
}
}
async fn handle_login(db: DB, req: RegisterReq) -> Response {
let passhash = match db::get_passhash(db.clone(), &req.username).await {
Ok(passhash) => passhash,
Err(()) => return mk_not_found!("User not found"),
};
let parsed_hash = match PasswordHash::new(&passhash) {
Ok(parsed_hash) => parsed_hash,
Err(err) => {
eprintln!("Could not parse password hash: {err}");
return mk_server_err!();
}
};
if let Err(_) = Argon2::default().verify_password(req.password.as_bytes(), &parsed_hash) {
return Ok(Box::new(warp::reply::with_status("Incorrect password", warp::http::StatusCode::UNAUTHORIZED)));
}
match db::create_login_token(db, &req.username).await {
Ok(token) => Ok(Box::new(token)),
Err(()) => {
eprintln!("Failed inserting login token for user '{0}'", &req.username);
mk_server_err!()
}
}
}
async fn handle_logout(db: DB, token: String) -> Response {
db::drop_token(db, &token).await;
Ok(Box::new("Logged out"))
}
macro_rules! db_handler1 {
($db:expr, $handler:ident) => { { let db2 = $db.clone(); move |a| $handler(db2.clone(), a) } }
}
#[tokio::main]
async fn main() {
let db: DB = Arc::new(Mutex::new(db::open().await));
println!("Opened database at {DB_FILE_NAME}.");
let use_login_token = warp::header::<String>("x-kaasnoot-token");
let use_optional_login_token = warp::header::optional::<String>("x-kaasnoot-token");
let router =
(warp::get().and(warp::path!("ping"))
.and(use_optional_login_token)
.and_then(db_handler1!(db, handle_ping)))
.or(warp::post().and(warp::path!("register"))
.and(warp::body::json())
.and_then(db_handler1!(db, handle_register)))
.or(warp::post().and(warp::path!("login"))
.and(warp::body::json())
.and_then(db_handler1!(db, handle_login)))
.or(warp::post().and(warp::path!("logout"))
.and(use_login_token)
.and_then(db_handler1!(db, handle_logout)));
warp::serve(router)
.run(([0, 0, 0, 0], 8775))
.await;
}
|
