diff --git a/Cargo.lock b/Cargo.lock index cff5810..dbfa3fe 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,6 +2,41 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "aead" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" +dependencies = [ + "crypto-common", + "generic-array", +] + +[[package]] +name = "aes" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "433cfd6710c9986c576a25ca913c39d66a6474107b406f34f91d4a8923395241" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "aes-gcm" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "82e1366e0c69c9f927b1fa5ce2c7bf9eafc8f9268c0b9800729e8b267612447c" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "ghash", + "subtle", +] + [[package]] name = "ahash" version = "0.7.6" @@ -221,6 +256,16 @@ dependencies = [ "phf_codegen", ] +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", +] + [[package]] name = "codespan-reporting" version = "0.11.1" @@ -237,7 +282,13 @@ version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7efb37c3e1ccb1ff97164ad95ac1606e8ccd35b3fa0a7d99a304c7f4a428cc24" dependencies = [ + "aes-gcm", + "base64", + "hkdf", "percent-encoding", + "rand", + "sha2", + "subtle", "time", "version_check", ] @@ -308,9 +359,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" dependencies = [ "generic-array", + "rand_core", "typenum", ] +[[package]] +name = "ctr" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" +dependencies = [ + "cipher", +] + [[package]] name = "cxx" version = "1.0.94" @@ -658,6 +719,16 @@ dependencies = [ "wasi", ] +[[package]] +name = "ghash" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d930750de5717d2dd0b8c0d42c076c0e884c81a73e6cab859bbd2339c71e3e40" +dependencies = [ + "opaque-debug", + "polyval", +] + [[package]] name = "glob" version = "0.3.1" @@ -755,6 +826,24 @@ version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" +[[package]] +name = "hkdf" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + [[package]] name = "http" version = "0.2.9" @@ -916,6 +1005,15 @@ dependencies = [ "libc", ] +[[package]] +name = "inout" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" +dependencies = [ + "generic-array", +] + [[package]] name = "instant" version = "0.1.12" @@ -1211,6 +1309,12 @@ version = "1.17.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3" +[[package]] +name = "opaque-debug" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" + [[package]] name = "overload" version = "0.1.1" @@ -1441,6 +1545,18 @@ version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160" +[[package]] +name = "polyval" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ef234e08c11dfcb2e56f79fd70f6f2eb7f025c0ce2333e82f4f0518ecad30c6" +dependencies = [ + "cfg-if", + "cpufeatures", + "opaque-debug", + "universal-hash", +] + [[package]] name = "ppv-lite86" version = "0.2.17" @@ -1686,11 +1802,12 @@ name = "rot" version = "0.1.0" dependencies = [ "argon2", - "base64", "env_logger", "log", "rocket", "rocket_dyn_templates", + "serde", + "serde_json", "sqlx", ] @@ -2436,6 +2553,16 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39ec24b3121d976906ece63c9daad25b85969647682eee313cb5779fdd69e14e" +[[package]] +name = "universal-hash" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d3160b73c9a19f7e2939a2fdad446c57c1bbbbf4d919d3213ff1267a580d8b5" +dependencies = [ + "crypto-common", + "subtle", +] + [[package]] name = "untrusted" version = "0.7.1" diff --git a/Cargo.toml b/Cargo.toml index 3e18997..c0a90a1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,10 +6,11 @@ edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -rocket = { version = "0.5.0-rc.3"} +rocket = { version = "0.5.0-rc.3", features = ["secrets"]} rocket_dyn_templates = {version = "0.1.0-rc.3", features = [ "tera" ] } log = "0.4" env_logger = "0.10" sqlx = { version = "0.6", features = ["sqlite", "runtime-tokio-rustls", "macros"] } argon2 = "0.5" -base64 = "0.21" +serde = { version = "1.0", features = [ "derive" ]} +serde_json = "1.0" diff --git a/src/model/user.rs b/src/model/user.rs index 5f5dee6..b3b6db2 100644 --- a/src/model/user.rs +++ b/src/model/user.rs @@ -1,17 +1,8 @@ -use std::ops::Deref; - -use argon2::{ - password_hash::{rand_core::OsRng, SaltString}, - Argon2, PasswordHash, PasswordHasher, PasswordVerifier, -}; -use base64::{engine, prelude::BASE64_STANDARD_NO_PAD, Engine}; -use rocket::{ - request::{self, FromRequest}, - Request, -}; +use argon2::{password_hash::SaltString, Argon2, PasswordHasher}; +use serde::Serialize; use sqlx::{FromRow, SqlitePool}; -#[derive(FromRow, Debug)] +#[derive(FromRow, Debug, Serialize)] pub struct User { id: i64, name: String, diff --git a/src/rest/auth.rs b/src/rest/auth.rs index 42d059b..823d803 100644 --- a/src/rest/auth.rs +++ b/src/rest/auth.rs @@ -1,14 +1,17 @@ use rocket::{ form::Form, - get, post, + get, + http::{Cookie, CookieJar}, + post, request::FlashMessage, - response::{status, Flash, Redirect}, - routes, FromForm, Responder, Route, State, + response::{Flash, Redirect}, + routes, FromForm, Route, State, }; -use rocket_dyn_templates::{context, tera, Template}; +use rocket_dyn_templates::{tera, Template}; +use serde_json::json; use sqlx::SqlitePool; -use crate::model::user::{self, User}; +use crate::model::user::User; #[get("/")] async fn index(flash: Option>) -> Template { @@ -28,7 +31,11 @@ struct LoginForm { } #[post("/", data = "")] -async fn login(login: Form, db: &State) -> Flash { +async fn login( + login: Form, + db: &State, + cookies: &CookieJar<'_>, +) -> Flash { let user = User::login(db, login.name.clone(), login.password.clone()).await; //TODO: be able to use for find_by_name. This would get rid of the following match clause. @@ -39,6 +46,9 @@ async fn login(login: Form, db: &State) -> Flash