phoenix/icarus_auth
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 46 Wiki Activity

Next release #23

Merged
phoenix merged 2 commits from devel into main 2025-04-08 23:42:04 +00:00
Conversation 0 Commits 2 Files Changed 6 +95 -78
6 changed files with 95 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package]
name = "icarus_auth"
version = "0.3.0"
version = "0.3.2"
edition = "2024"
rust-version = "1.86"

19
src/callers/common.rs
View File

@@ -1,30 +1,37 @@
use axum::{Extension, Json, http::StatusCode};
pub mod response {
use serde::{Deserialize, Serialize};
#[derive(Deserialize, Serialize)]
pub struct TestResult {
message: String,
pub message: String,
}
}
pub mod endpoint {
use super::*;
use axum::{Extension, Json, http::StatusCode};
// basic handler that responds with a static string
pub async fn root() -> &'static str {
"Hello, World!"
}
pub async fn db_ping(Extension(pool): Extension<sqlx::PgPool>) -> (StatusCode, Json<TestResult>) {
pub async fn db_ping(
Extension(pool): Extension<sqlx::PgPool>,
) -> (StatusCode, Json<response::TestResult>) {
match sqlx::query("SELECT 1").execute(&pool).await {
Ok(_) => {
let tr = TestResult {
let tr = response::TestResult {
message: String::from("This works"),
};
(StatusCode::OK, Json(tr))
}
Err(e) => (
StatusCode::BAD_REQUEST,
Json(TestResult {
Json(response::TestResult {
message: e.to_string(),
}),
),
}
}
}

28
src/callers/login.rs
View File

@@ -42,32 +42,10 @@ pub mod endpoint {
axum::Extension(pool): axum::Extension<sqlx::PgPool>,
Json(payload): Json<request::Request>,
) -> (StatusCode, Json<response::Response>) {
let usr = icarus_models::user::User {
username: payload.username,
password: payload.password,
..Default::default()
};
// Check if user exists
match repo::user::exists(&pool, &usr.username).await {
Ok(exists) => {
if !exists {
return not_found("Not Found").await;
}
}
Err(err) => {
return not_found(&err.to_string()).await;
}
};
let user = repo::user::get(&pool, &usr.username).await.unwrap();
let salt = repo::salt::get(&pool, &user.salt_id).await.unwrap();
let salt_str = hashing::get_salt(&salt.salt).unwrap();
// Check if password is correct
match hashing::hash_password(&usr.password, &salt_str) {
Ok(hash_password) => {
if hashing::verify_password(&usr.password, hash_password.clone()).unwrap() {
match repo::user::get(&pool, &payload.username).await {
Ok(user) => {
if hashing::verify_password(&payload.password, user.password.clone()).unwrap() {
// Create token
let key = token_stuff::get_key().unwrap();
let (token_literal, duration) = token_stuff::create_token(&key).unwrap();

37
src/hashing/mod.rs
View File

@@ -11,8 +11,7 @@ use argon2::{
pub fn generate_salt() -> Result<SaltString, argon2::Error> {
// Generate a random salt
// SaltString::generate uses OsRng internally for cryptographic security
let salt = SaltString::generate(&mut OsRng);
Ok(salt)
Ok(SaltString::generate(&mut OsRng))
}
pub fn get_salt(s: &str) -> Result<SaltString, argon2::password_hash::Error> {
@@ -32,9 +31,7 @@ pub fn hash_password(
// Hash the password with the salt
// The output is a PasswordHash string format that includes algorithm, version,
// parameters, salt, and the hash itself.
let password_hash = argon2.hash_password(password_bytes, salt)?.to_string();
Ok(password_hash)
Ok(argon2.hash_password(password_bytes, salt)?.to_string())
}
pub fn verify_password(
@@ -48,11 +45,9 @@ pub fn verify_password(
let parsed_hash = argon2::PasswordHash::new(stored_hash.as_str())?;
// Create an Argon2 instance (it will use the parameters from the parsed hash)
let argon2 = Argon2::default();
// Verify the password against the parsed hash
// This automatically uses the correct salt and parameters embedded in `parsed_hash`
match argon2.verify_password(password_bytes, &parsed_hash) {
match Argon2::default().verify_password(password_bytes, &parsed_hash) {
Ok(()) => Ok(true), // Passwords match
Err(argon2::password_hash::Error::Password) => Ok(false), // Passwords don't match
Err(e) => Err(e), // Some other error occurred (e.g., invalid hash format)
@@ -66,8 +61,7 @@ mod tests {
#[test]
fn test_hash_password() {
let some_password = String::from("somethingrandom");
let salt = generate_salt().unwrap();
match hash_password(&some_password, &salt) {
match hash_password(&some_password, &generate_salt().unwrap()) {
Ok(p) => match verify_password(&some_password, p.clone()) {
Ok(res) => {
assert_eq!(res, true);
@@ -81,4 +75,27 @@ mod tests {
}
}
}
#[test]
fn test_wrong_password() {
let some_password = String::from("somethingrandom");
match hash_password(&some_password, &generate_salt().unwrap()) {
Ok(p) => {
match verify_password(&some_password, p.clone()) {
Ok(res) => {
assert_eq!(res, true, "Passwords are not verified");
}
Err(err) => {
assert!(false, "Error: {:?}", err.to_string());
}
}
let wrong_password = String::from("Differentanotherlevel");
let result = verify_password(&wrong_password, p.clone()).unwrap();
assert_eq!(false, result, "Passwords should not match");
}
Err(err) => {
assert!(false, "Error: {:?}", err.to_string());
}
}
}
}

10
src/main.rs
View File

@@ -25,8 +25,14 @@ mod init {
pub async fn routes() -> Router {
// build our application with a route
Router::new()
.route(callers::endpoints::DBTEST, get(callers::common::db_ping))
.route(callers::endpoints::ROOT, get(callers::common::root))
.route(
callers::endpoints::DBTEST,
get(callers::common::endpoint::db_ping),
)
.route(
callers::endpoints::ROOT,
get(callers::common::endpoint::root),
)
.route(
callers::endpoints::REGISTER,
post(callers::register::register_user),

35
src/token_stuff/mod.rs
View File

@@ -18,11 +18,22 @@ pub fn get_key() -> Result<String, dotenvy::Error> {
Ok(key)
}
pub fn get_expiration() -> time::Result<time::Duration> {
let now = time::OffsetDateTime::now_utc();
let epoch = time::OffsetDateTime::UNIX_EPOCH;
let since_the_epoch = now - epoch;
Ok(since_the_epoch)
pub fn get_issued() -> time::Result<time::OffsetDateTime> {
Ok(time::OffsetDateTime::now_utc())
}
pub fn get_expiration(issued: &time::OffsetDateTime) -> Result<time::OffsetDateTime, time::Error> {
let duration_expire = time::Duration::hours(4);
Ok(*issued + duration_expire)
}
mod util {
pub fn time_to_std_time(
provided_time: &time::OffsetDateTime,
) -> Result<std::time::SystemTime, std::time::SystemTimeError> {
let converted = std::time::SystemTime::from(*provided_time);
Ok(converted)
}
}
pub fn create_token(provided_key: &String) -> Result<(String, i64), josekit::JoseError> {
@@ -33,13 +44,11 @@ pub fn create_token(provided_key: &String) -> Result<(String, i64), josekit::Jos
payload.set_subject(MESSAGE);
payload.set_issuer(ISSUER);
payload.set_audience(vec![AUDIENCE]);
match get_expiration() {
Ok(duration) => {
let expire = duration.whole_seconds();
let _ = payload.set_claim(
"expiration",
Some(serde_json::to_value(expire.to_string()).unwrap()),
);
match get_issued() {
Ok(issued) => {
let expire = get_expiration(&issued).unwrap();
payload.set_issued_at(&util::time_to_std_time(&issued).unwrap());
payload.set_expires_at(&util::time_to_std_time(&expire).unwrap());
let key: String = if provided_key.is_empty() {
get_key().unwrap()
@@ -50,7 +59,7 @@ pub fn create_token(provided_key: &String) -> Result<(String, i64), josekit::Jos
let signer = Hs256.signer_from_bytes(key.as_bytes()).unwrap();
Ok((
josekit::jwt::encode_with_signer(&payload, &header, &signer).unwrap(),
duration.whole_seconds(),
(expire - time::OffsetDateTime::UNIX_EPOCH).whole_seconds(),
))
}
Err(e) => Err(josekit::JoseError::InvalidClaim(e.into())),