start working on auth

src/lib.rs

@@ -1 +1,2 @@
+pub mod model;
 pub mod rest;

src/main.rs

@@ -1,4 +1,5 @@
-use rot::rest;
+use rot::{model::user::Users, rest};
+use sqlx::SqlitePool;
 
 #[macro_use]
 extern crate rocket;
@@ -7,5 +8,9 @@ extern crate rocket;
 async fn rocket() -> _ {
     env_logger::init();
 
-    rest::start()
+    //let pool = SqlitePool::connect(":memory:").await.unwrap();
+    let pool = SqlitePool::connect("db.sqlite").await.unwrap(); //TODO: fixme
+    let users = Users::new(&pool).await.unwrap(); //TODO: fixme
+
+    rest::start(pool)
 }

src/model/mod.rs

@@ -0,0 +1 @@
+pub mod user;

src/model/user.rs

@@ -0,0 +1,130 @@
+use std::ops::Deref;
+
+use argon2::{password_hash::SaltString, Argon2, PasswordHash, PasswordHasher, PasswordVerifier};
+use base64::{engine, prelude::BASE64_STANDARD_NO_PAD};
+use rocket::{
+    request::{self, FromRequest},
+    Request,
+};
+use sqlx::{FromRow, SqlitePool};
+
+#[derive(FromRow, Debug)]
+pub struct User {
+    id: i64,
+    name: String,
+    pw: String,
+    is_cox: bool,
+    is_admin: bool,
+    is_guest: bool,
+}
+
+pub enum LoginError {
+    SqlxError(sqlx::Error),
+    InvalidAuthenticationCombo,
+}
+
+impl From<sqlx::Error> for LoginError {
+    fn from(sqlx_error: sqlx::Error) -> Self {
+        Self::SqlxError(sqlx_error)
+    }
+}
+impl User {
+    pub async fn find_by_name(db: &SqlitePool, name: String) -> Result<Self, sqlx::Error> {
+        let user: User = sqlx::query_as!(
+            User,
+            "
+SELECT id, name, pw, is_cox, is_admin, is_guest
+FROM user 
+WHERE name like ?
+        ",
+            name
+        )
+        .fetch_one(db)
+        .await?;
+
+        Ok(user)
+    }
+
+    pub async fn login(db: &SqlitePool, name: String, pw: String) -> Result<Self, LoginError> {
+        let user = User::find_by_name(db, name).await?;
+
+        let argon2 = Argon2::default();
+        let salt = SaltString::from_b64("CdR4i0HA9e0CM").unwrap(); //TODO: generate salt for each user
+        let password_hash = argon2
+            .hash_password(&pw.as_bytes(), &salt)
+            .unwrap()
+            .to_string();
+        //TODO: fixme
+        let parsed_hash = PasswordHash::new(&password_hash).unwrap(); //TODO: fixme
+
+        //TODO: If user.pw == "" -> set new pw!
+        match Argon2::default()
+            .verify_password(base64::encode(pw.as_bytes()).as_bytes(), &parsed_hash)
+        {
+            Ok(_) => Ok(user),
+            Err(_) => Err(LoginError::InvalidAuthenticationCombo),
+        }
+    }
+}
+
+pub struct Users {
+    users: Vec<User>,
+}
+
+#[derive(Debug)]
+pub enum Error {}
+
+//#[rocket::async_trait]
+//impl<'r> FromRequest<'r> for User {
+//    type Error = Error;
+//
+//    async fn from_request(req: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
+//        //TODO: https://betterprogramming.pub/building-the-rust-web-app-multiple-users-and-authentication-5ca5988ddfe4
+//    }
+//}
+
+impl Deref for Users {
+    type Target = Vec<User>;
+
+    fn deref(&self) -> &Self::Target {
+        &self.users
+    }
+}
+
+impl Users {
+    pub async fn new(pool: &SqlitePool) -> Result<Self, sqlx::Error> {
+        let users: Vec<User> = sqlx::query_as!(
+            User,
+            r#"
+SELECT id, name, pw, is_cox, is_admin, is_guest
+FROM user 
+        "#,
+        )
+        .fetch_all(pool)
+        .await?;
+
+        Ok(Self { users })
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::Users;
+    use sqlx::SqlitePool;
+
+    #[sqlx::test]
+    fn user_with_test_db() {
+        let pool = SqlitePool::connect(":memory:").await.unwrap();
+        sqlx::query_file!("./migration.sql")
+            .execute(&pool)
+            .await
+            .unwrap();
+        sqlx::query_file!("./seeds.sql")
+            .execute(&pool)
+            .await
+            .unwrap();
+
+        let users = Users::new(&pool).await.unwrap();
+        assert_eq!(users.len(), 4);
+    }
+}

src/rest/auth.rs

@@ -0,0 +1,47 @@
+use rocket::{
+    form::Form,
+    get, post,
+    request::FlashMessage,
+    response::{status, Flash, Redirect},
+    routes, FromForm, Responder, Route, State,
+};
+use rocket_dyn_templates::{context, tera, Template};
+use sqlx::SqlitePool;
+
+use crate::model::user::{self, User, Users};
+
+#[get("/")]
+async fn index(flash: Option<FlashMessage<'_>>) -> Template {
+    let mut context = tera::Context::new();
+
+    if let Some(msg) = flash {
+        context.insert("flash", &msg.into_inner());
+    }
+
+    Template::render("auth/login", context.into_json())
+}
+
+#[derive(FromForm)]
+struct LoginForm {
+    name: String,
+    password: String,
+}
+
+#[post("/", data = "<login>")]
+async fn login(login: Form<LoginForm>, db: &State<SqlitePool>) -> Flash<Redirect> {
+    let user = User::login(db, login.name.clone(), login.password.clone()).await;
+
+    //TODO: be able to use for find_by_name. This would get rid of the following match clause.
+    let user = match user {
+        Ok(user) => user,
+        Err(_) => {
+            return Flash::error(Redirect::to("/auth"), "Falscher Benutzername/Passwort");
+        }
+    };
+
+    Flash::success(Redirect::to("/"), "Login erfolgreich")
+}
+
+pub fn routes() -> Vec<Route> {
+    routes![index, login]
+}

src/rest/mod.rs

@@ -1,14 +1,21 @@
 use rocket::{get, routes, Build, Rocket};
-use rocket_dyn_templates::Template;
+use rocket_dyn_templates::{context, Template};
+use sqlx::SqlitePool;
+
+use crate::model::user::Users;
+
+mod auth;
 
 #[get("/")]
-fn index() -> &'static str {
-    "Hello, world!"
+fn index() -> Template {
+    Template::render("index", context! {})
 }
 
-pub fn start() -> Rocket<Build> {
+pub fn start(db: SqlitePool) -> Rocket<Build> {
     rocket::build()
+        .manage(db)
         .mount("/", routes![index])
+        .mount("/auth", auth::routes())
         .attach(Template::fairing())
 }