Mercurial > lbo > hg > analyrics

changeset 2:93ea889e6009

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add logging and make login check password
author Lewin Bormann <lbo@spheniscida.de>
date Sat, 09 Jul 2022 08:44:23 -0700
parents b587a4c37254
children ca6c273aeb4f
files Cargo.toml Rocket.toml devdata.sql src/main.rs
diffstat 4 files changed, 53 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/Cargo.toml	Fri Jul 08 20:28:28 2022 -0700
+++ b/Cargo.toml	Sat Jul 09 08:44:23 2022 -0700
@@ -6,6 +6,9 @@
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+env_logger = "0.9.0"
+log = "0.4.17"
 rocket = { version = "0.5.0-rc.2", features = ["secrets"] }
 rocket_db_pools = { version = "0.1.0-rc.2", features = ["sqlx_sqlite"] }
+sha256 = "1.0.3"
 tokio = { version = "1.19.2", features = ["fs"] }
--- a/Rocket.toml	Fri Jul 08 20:28:28 2022 -0700
+++ b/Rocket.toml	Sat Jul 09 08:44:23 2022 -0700
@@ -1,2 +1,6 @@
 [default.databases.sqlite_main]
 url = "/home/lbo/dev/rust/analyrics/dev.sqlite"
+
+[default]
+port = 8000
+secret_key = "edeaaff3f1774ad2888673770c6d64097e391bc362d7d6fb34982ddf0efd18cb"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/devdata.sql	Sat Jul 09 08:44:23 2022 -0700
@@ -0,0 +1,2 @@
+
+INSERT INTO users (id, username, password_hash, name) VALUES (null, "lbo", "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8", "Lewin");
--- a/src/main.rs	Fri Jul 08 20:28:28 2022 -0700
+++ b/src/main.rs	Sat Jul 09 08:44:23 2022 -0700
@@ -1,3 +1,5 @@
+use log::{debug, error, info, Level};
+
 #[macro_use]
 use rocket::{self};
 
@@ -6,8 +8,8 @@
 use rocket::request::{self, FlashMessage};
 use rocket::response::{self, Flash, Redirect, Responder, Response};
 
-use rocket_db_pools::sqlx;
-use rocket_db_pools::{Connection, Database};
+use rocket_db_pools::sqlx::{self, pool::PoolConnection, Executor, Sqlite, SqlitePool};
+use rocket_db_pools::{Connection, Database, Pool};
 
 use std::io;
 use std::path::Path;
@@ -17,7 +19,21 @@
 // TO DO: use other databases?
 #[derive(Database)]
 #[database("sqlite_main")]
-struct ConfigDB(sqlx::SqlitePool);
+struct ConfigDB(SqlitePool);
+
+async fn check_user_password<S: AsRef<str>>(
+    mut conn: PoolConnection<Sqlite>,
+    user: S,
+    password: S,
+) -> Result<bool, sqlx::Error> {
+    // TODO: salt passwords.
+    let pwdhash = sha256::digest(password.as_ref());
+    let q = sqlx::query("SELECT username FROM users WHERE username = ? AND password_hash = ?")
+        .bind(user.as_ref())
+        .bind(pwdhash);
+    let result = conn.fetch_all(q).await?;
+    Ok(result.len() == 1)
+}
 
 const USER_ID_COOKIE_KEY: &str = "user_id";
 
@@ -42,10 +58,14 @@
 
 #[rocket::get("/login")]
 async fn route_login_form<'r>(
+    flash: Option<FlashMessage<'_>>,
     cookies: &CookieJar<'_>,
 ) -> Result<LoginResponse, InternalServerError> {
+    if let Some(flash) = flash {
+        info!("Flash message: {}: {}", flash.kind(), flash.message());
+    }
     if let Some(cookie) = cookies.get_private(USER_ID_COOKIE_KEY) {
-        println!("Logged in as {}", cookie.value());
+        info!("Logged in as {}", cookie.value());
         Ok(LoginResponse::LoggedInAlready {
             redirect: Redirect::to(rocket::uri!("/")),
         })
@@ -71,23 +91,38 @@
 }
 
 #[rocket::post("/login", data = "<login>")]
-async fn route_login_post(cookies: &CookieJar<'_>, login: Form<LoginForm>) -> Flash<Redirect> {
+async fn route_login_post(
+    db: Connection<ConfigDB>,
+    cookies: &CookieJar<'_>,
+    login: Form<LoginForm>,
+) -> Flash<Redirect> {
     // TO DO: look up user in database.
-    let c = Cookie::new(USER_ID_COOKIE_KEY, login.username.clone());
-    cookies.add_private(c);
-    Flash::success(Redirect::to(rocket::uri!("/")), "Successfully logged in.")
+    let db = db.into_inner();
+    if let Ok(true) = check_user_password(db, &login.username, &login.password).await {
+        let c = Cookie::new(USER_ID_COOKIE_KEY, login.username.clone());
+        cookies.add_private(c);
+        Flash::success(Redirect::to(rocket::uri!("/")), "Successfully logged in.")
+    } else {
+        Flash::error(
+            Redirect::to(rocket::uri!("/login")),
+            "User/password not found.",
+        )
+    }
 }
 
 #[rocket::get("/")]
 async fn route_index(flash: Option<FlashMessage<'_>>) -> response::content::RawHtml<File> {
     if let Some(flash) = flash {
-        println!("Flash message: {}: {}", flash.kind(), flash.message());
+        info!("Flash message: {}: {}", flash.kind(), flash.message());
     }
     response::content::RawHtml(asset("index.html").await.unwrap())
 }
 
 #[rocket::launch]
 fn rocketmain() -> _ {
+    env_logger::init();
+
+    info!("{:?}", rocket::Config::figment());
     rocket::build().attach(ConfigDB::init()).mount(
         "/",
         rocket::routes![