From a58b0cb40b69ca44a3f0d251c90412a94c287e54 Mon Sep 17 00:00:00 2001 From: phoenix Date: Mon, 7 Apr 2025 17:35:47 +0000 Subject: [PATCH] Changes to token (#21) Reviewed-on: https://git.kundeng.us/phoenix/icarus_auth/pulls/21 Co-authored-by: phoenix Co-committed-by: phoenix --- src/callers/login.rs | 83 +++++++++++++++++++----------------------- src/token_stuff/mod.rs | 35 +++++++++++------- 2 files changed, 60 insertions(+), 58 deletions(-) diff --git a/src/callers/login.rs b/src/callers/login.rs index 66286ee..76a4272 100644 --- a/src/callers/login.rs +++ b/src/callers/login.rs @@ -42,55 +42,48 @@ pub mod endpoint { axum::Extension(pool): axum::Extension, Json(payload): Json, ) -> (StatusCode, Json) { - let usr = icarus_models::user::User { - username: payload.username, - password: payload.password, - ..Default::default() - }; - // Check if user exists - match repo::user::exists(&pool, &usr.username).await { - Ok(exists) => { - if !exists { - return not_found("Not Found").await; - } - } - Err(err) => { - return not_found(&err.to_string()).await; - } - }; + match repo::user::get(&pool, &payload.username).await { + Ok(user) => { + let salt = repo::salt::get(&pool, &user.salt_id).await.unwrap(); + let salt_str = hashing::get_salt(&salt.salt).unwrap(); + let unhashed_password = payload.password; - let user = repo::user::get(&pool, &usr.username).await.unwrap(); - let salt = repo::salt::get(&pool, &user.salt_id).await.unwrap(); - let salt_str = hashing::get_salt(&salt.salt).unwrap(); + // Check if password is correct + match hashing::hash_password(&unhashed_password, &salt_str) { + Ok(hash_password) => { + if hashing::verify_password(&unhashed_password, hash_password.clone()) + .unwrap() + { + // Create token + let key = token_stuff::get_key().unwrap(); + let (token_literal, duration) = + token_stuff::create_token(&key).unwrap(); - // Check if password is correct - match hashing::hash_password(&usr.password, &salt_str) { - Ok(hash_password) => { - if hashing::verify_password(&usr.password, hash_password.clone()).unwrap() { - // Create token - let key = token_stuff::get_key().unwrap(); - let (token_literal, duration) = token_stuff::create_token(&key).unwrap(); - - if token_stuff::verify_token(&key, &token_literal) { - ( - StatusCode::OK, - Json(response::Response { - message: String::from("Successful"), - data: vec![icarus_models::login_result::LoginResult { - id: user.id, - username: user.username, - token: token_literal, - token_type: String::from(token_stuff::TOKENTYPE), - expiration: duration, - }], - }), - ) - } else { - return not_found("Could not verify password").await; + if token_stuff::verify_token(&key, &token_literal) { + ( + StatusCode::OK, + Json(response::Response { + message: String::from("Successful"), + data: vec![icarus_models::login_result::LoginResult { + id: user.id, + username: user.username, + token: token_literal, + token_type: String::from(token_stuff::TOKENTYPE), + expiration: duration, + }], + }), + ) + } else { + return not_found("Could not verify password").await; + } + } else { + return not_found("Error Hashing").await; + } + } + Err(err) => { + return not_found(&err.to_string()).await; } - } else { - return not_found("Error Hashing").await; } } Err(err) => { diff --git a/src/token_stuff/mod.rs b/src/token_stuff/mod.rs index 2771dec..d189a2d 100644 --- a/src/token_stuff/mod.rs +++ b/src/token_stuff/mod.rs @@ -18,11 +18,22 @@ pub fn get_key() -> Result { Ok(key) } -pub fn get_expiration() -> time::Result { - let now = time::OffsetDateTime::now_utc(); - let epoch = time::OffsetDateTime::UNIX_EPOCH; - let since_the_epoch = now - epoch; - Ok(since_the_epoch) +pub fn get_issued() -> time::Result { + Ok(time::OffsetDateTime::now_utc()) +} + +pub fn get_expiration(issued: &time::OffsetDateTime) -> Result { + let duration_expire = time::Duration::hours(4); + Ok(*issued + duration_expire) +} + +mod util { + pub fn time_to_std_time( + provided_time: &time::OffsetDateTime, + ) -> Result { + let converted = std::time::SystemTime::from(*provided_time); + Ok(converted) + } } pub fn create_token(provided_key: &String) -> Result<(String, i64), josekit::JoseError> { @@ -33,13 +44,11 @@ pub fn create_token(provided_key: &String) -> Result<(String, i64), josekit::Jos payload.set_subject(MESSAGE); payload.set_issuer(ISSUER); payload.set_audience(vec![AUDIENCE]); - match get_expiration() { - Ok(duration) => { - let expire = duration.whole_seconds(); - let _ = payload.set_claim( - "expiration", - Some(serde_json::to_value(expire.to_string()).unwrap()), - ); + match get_issued() { + Ok(issued) => { + let expire = get_expiration(&issued).unwrap(); + payload.set_issued_at(&util::time_to_std_time(&issued).unwrap()); + payload.set_expires_at(&util::time_to_std_time(&expire).unwrap()); let key: String = if provided_key.is_empty() { get_key().unwrap() @@ -50,7 +59,7 @@ pub fn create_token(provided_key: &String) -> Result<(String, i64), josekit::Jos let signer = Hs256.signer_from_bytes(key.as_bytes()).unwrap(); Ok(( josekit::jwt::encode_with_signer(&payload, &header, &signer).unwrap(), - duration.whole_seconds(), + (expire - time::OffsetDateTime::UNIX_EPOCH).whole_seconds(), )) } Err(e) => Err(josekit::JoseError::InvalidClaim(e.into())),