From 8b4440f7236b0972c1a804eea4c8305b958ad03c Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Mon, 13 Dec 2021 15:43:47 +0100 Subject: setup basic rocket+diesel app --- .gitignore | 2 ++ Cargo.toml | 5 +++ backend/Cargo.toml | 16 ++++++++++ backend/diesel.toml | 5 +++ backend/migrations/.gitkeep | 0 .../00000000000000_diesel_initial_setup/down.sql | 6 ++++ .../00000000000000_diesel_initial_setup/up.sql | 36 ++++++++++++++++++++++ backend/src/main.rs | 15 +++++++++ 8 files changed, 85 insertions(+) create mode 100644 .gitignore create mode 100644 Cargo.toml create mode 100644 backend/Cargo.toml create mode 100644 backend/diesel.toml create mode 100644 backend/migrations/.gitkeep create mode 100644 backend/migrations/00000000000000_diesel_initial_setup/down.sql create mode 100644 backend/migrations/00000000000000_diesel_initial_setup/up.sql create mode 100644 backend/src/main.rs diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a9d37c5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +target +Cargo.lock diff --git a/Cargo.toml b/Cargo.toml new file mode 100644 index 0000000..b3d8882 --- /dev/null +++ b/Cargo.toml @@ -0,0 +1,5 @@ +[workspace] + +members = [ + "backend", +] \ No newline at end of file diff --git a/backend/Cargo.toml b/backend/Cargo.toml new file mode 100644 index 0000000..42933e5 --- /dev/null +++ b/backend/Cargo.toml @@ -0,0 +1,16 @@ +[package] +name = "mozaic4-backend" +version = "0.0.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +rocket = "0.4.10" +diesel = { version = "1.4.4", features = ["postgres"] } +dotenv = "0.15.0" + +[dependencies.rocket_contrib] +version = "0.4.10" +default-features = false +features = ["diesel_postgres_pool"] \ No newline at end of file diff --git a/backend/diesel.toml b/backend/diesel.toml new file mode 100644 index 0000000..92267c8 --- /dev/null +++ b/backend/diesel.toml @@ -0,0 +1,5 @@ +# For documentation on how to configure this file, +# see diesel.rs/guides/configuring-diesel-cli + +[print_schema] +file = "src/schema.rs" diff --git a/backend/migrations/.gitkeep b/backend/migrations/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/backend/migrations/00000000000000_diesel_initial_setup/down.sql b/backend/migrations/00000000000000_diesel_initial_setup/down.sql new file mode 100644 index 0000000..a9f5260 --- /dev/null +++ b/backend/migrations/00000000000000_diesel_initial_setup/down.sql @@ -0,0 +1,6 @@ +-- This file was automatically created by Diesel to setup helper functions +-- and other internal bookkeeping. This file is safe to edit, any future +-- changes will be added to existing projects as new migrations. + +DROP FUNCTION IF EXISTS diesel_manage_updated_at(_tbl regclass); +DROP FUNCTION IF EXISTS diesel_set_updated_at(); diff --git a/backend/migrations/00000000000000_diesel_initial_setup/up.sql b/backend/migrations/00000000000000_diesel_initial_setup/up.sql new file mode 100644 index 0000000..d68895b --- /dev/null +++ b/backend/migrations/00000000000000_diesel_initial_setup/up.sql @@ -0,0 +1,36 @@ +-- This file was automatically created by Diesel to setup helper functions +-- and other internal bookkeeping. This file is safe to edit, any future +-- changes will be added to existing projects as new migrations. + + + + +-- Sets up a trigger for the given table to automatically set a column called +-- `updated_at` whenever the row is modified (unless `updated_at` was included +-- in the modified columns) +-- +-- # Example +-- +-- ```sql +-- CREATE TABLE users (id SERIAL PRIMARY KEY, updated_at TIMESTAMP NOT NULL DEFAULT NOW()); +-- +-- SELECT diesel_manage_updated_at('users'); +-- ``` +CREATE OR REPLACE FUNCTION diesel_manage_updated_at(_tbl regclass) RETURNS VOID AS $$ +BEGIN + EXECUTE format('CREATE TRIGGER set_updated_at BEFORE UPDATE ON %s + FOR EACH ROW EXECUTE PROCEDURE diesel_set_updated_at()', _tbl); +END; +$$ LANGUAGE plpgsql; + +CREATE OR REPLACE FUNCTION diesel_set_updated_at() RETURNS trigger AS $$ +BEGIN + IF ( + NEW IS DISTINCT FROM OLD AND + NEW.updated_at IS NOT DISTINCT FROM OLD.updated_at + ) THEN + NEW.updated_at := current_timestamp; + END IF; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; diff --git a/backend/src/main.rs b/backend/src/main.rs new file mode 100644 index 0000000..fd0ff2e --- /dev/null +++ b/backend/src/main.rs @@ -0,0 +1,15 @@ +#![feature(proc_macro_hygiene, decl_macro)] + +#[macro_use] +extern crate rocket; +#[macro_use] +extern crate rocket_contrib; + +#[get("/")] +fn index() -> &'static str { + "Hello, world!" +} + +fn main() { + rocket::ignite().mount("/", routes![index]).launch(); +} -- cgit v1.2.3 From eabeb7ed7b641dea0b8e71ab33ab97b4ed7a4cda Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Mon, 13 Dec 2021 22:41:20 +0100 Subject: start implementing basic login functionality --- backend/Cargo.toml | 17 +++- backend/Rocket.toml | 2 + .../migrations/2021-12-13-145111_users/down.sql | 1 + backend/migrations/2021-12-13-145111_users/up.sql | 6 ++ .../migrations/2021-12-13-151129_sessions/down.sql | 1 + .../migrations/2021-12-13-151129_sessions/up.sql | 5 + backend/src/db/mod.rs | 2 + backend/src/db/sessions.rs | 46 +++++++++ backend/src/db/users.rs | 106 +++++++++++++++++++++ backend/src/main.rs | 27 +++++- backend/src/routes/mod.rs | 1 + backend/src/routes/users.rs | 100 +++++++++++++++++++ backend/src/schema.rs | 20 ++++ backend/tests/common.rs | 0 14 files changed, 326 insertions(+), 8 deletions(-) create mode 100644 backend/Rocket.toml create mode 100644 backend/migrations/2021-12-13-145111_users/down.sql create mode 100644 backend/migrations/2021-12-13-145111_users/up.sql create mode 100644 backend/migrations/2021-12-13-151129_sessions/down.sql create mode 100644 backend/migrations/2021-12-13-151129_sessions/up.sql create mode 100644 backend/src/db/mod.rs create mode 100644 backend/src/db/sessions.rs create mode 100644 backend/src/db/users.rs create mode 100644 backend/src/routes/mod.rs create mode 100644 backend/src/routes/users.rs create mode 100644 backend/src/schema.rs create mode 100644 backend/tests/common.rs diff --git a/backend/Cargo.toml b/backend/Cargo.toml index 42933e5..b44b5ad 100644 --- a/backend/Cargo.toml +++ b/backend/Cargo.toml @@ -6,11 +6,18 @@ edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -rocket = "0.4.10" -diesel = { version = "1.4.4", features = ["postgres"] } +rocket = { version= "0.5.0-rc.1", features = ["json"] } +diesel = { version = "1.4.4", features = ["postgres", "r2d2"] } dotenv = "0.15.0" +rust-argon2 = "0.8" +rand = "0.8.4" +serde = { version = "1.0", features = ["derive"] } +serde_bytes = "0.11" +chrono = { version = "0.4", features = ["serde"] } +serde_json = "1.0" +base64 = "0.13.0" -[dependencies.rocket_contrib] -version = "0.4.10" -default-features = false + +[dependencies.rocket_sync_db_pools] +version = "0.1.0-rc.1" features = ["diesel_postgres_pool"] \ No newline at end of file diff --git a/backend/Rocket.toml b/backend/Rocket.toml new file mode 100644 index 0000000..40635de --- /dev/null +++ b/backend/Rocket.toml @@ -0,0 +1,2 @@ +[debug.databases.postgresql_database] +url = "postgresql://planetwars:planetwars@localhost/planetwars" \ No newline at end of file diff --git a/backend/migrations/2021-12-13-145111_users/down.sql b/backend/migrations/2021-12-13-145111_users/down.sql new file mode 100644 index 0000000..441087a --- /dev/null +++ b/backend/migrations/2021-12-13-145111_users/down.sql @@ -0,0 +1 @@ +DROP TABLE users; \ No newline at end of file diff --git a/backend/migrations/2021-12-13-145111_users/up.sql b/backend/migrations/2021-12-13-145111_users/up.sql new file mode 100644 index 0000000..6ec7e01 --- /dev/null +++ b/backend/migrations/2021-12-13-145111_users/up.sql @@ -0,0 +1,6 @@ +CREATE TABLE users( + id SERIAL PRIMARY KEY, + username VARCHAR(52) NOT NULL, + password_salt BYTEA NOT NULL, + password_hash BYTEA NOT NULL +); \ No newline at end of file diff --git a/backend/migrations/2021-12-13-151129_sessions/down.sql b/backend/migrations/2021-12-13-151129_sessions/down.sql new file mode 100644 index 0000000..54d1e93 --- /dev/null +++ b/backend/migrations/2021-12-13-151129_sessions/down.sql @@ -0,0 +1 @@ +DROP TABLE sessions; \ No newline at end of file diff --git a/backend/migrations/2021-12-13-151129_sessions/up.sql b/backend/migrations/2021-12-13-151129_sessions/up.sql new file mode 100644 index 0000000..f8ec21b --- /dev/null +++ b/backend/migrations/2021-12-13-151129_sessions/up.sql @@ -0,0 +1,5 @@ +CREATE TABLE sessions ( + id serial PRIMARY KEY, + user_id integer REFERENCES users(id) NOT NULL, + token VARCHAR(255) NOT NULL UNIQUE +) \ No newline at end of file diff --git a/backend/src/db/mod.rs b/backend/src/db/mod.rs new file mode 100644 index 0000000..b6e3efc --- /dev/null +++ b/backend/src/db/mod.rs @@ -0,0 +1,2 @@ +pub mod sessions; +pub mod users; diff --git a/backend/src/db/sessions.rs b/backend/src/db/sessions.rs new file mode 100644 index 0000000..0cc3f1a --- /dev/null +++ b/backend/src/db/sessions.rs @@ -0,0 +1,46 @@ +use super::users::User; +use crate::schema::{sessions, users}; +use base64; +use diesel::PgConnection; +use diesel::{insert_into, prelude::*, Insertable, RunQueryDsl}; +use rand::{self, Rng}; + +#[derive(Insertable)] +#[table_name = "sessions"] +struct NewSession { + token: String, + user_id: i32, +} + +#[derive(Queryable, Debug, PartialEq)] +pub struct Session { + pub id: i32, + pub user_id: i32, + pub token: String, +} + +pub fn create_session(user: &User, conn: &PgConnection) -> Session { + let new_session = NewSession { + token: gen_session_token(), + user_id: user.user_id, + }; + let session = insert_into(sessions::table) + .values(&new_session) + .get_result::(conn) + .unwrap(); + + return session; +} + +pub fn find_user_by_session(token: &str, conn: &PgConnection) -> QueryResult<(Session, User)> { + sessions::table + .inner_join(users::table) + .filter(sessions::token.eq(&token)) + .first::<(Session, User)>(conn) +} + +pub fn gen_session_token() -> String { + let mut rng = rand::thread_rng(); + let token: [u8; 32] = rng.gen(); + return base64::encode(&token); +} diff --git a/backend/src/db/users.rs b/backend/src/db/users.rs new file mode 100644 index 0000000..c06e5b3 --- /dev/null +++ b/backend/src/db/users.rs @@ -0,0 +1,106 @@ +use crate::{schema::users, DbConn}; +use argon2; +use diesel::{prelude::*, PgConnection}; +use rand::Rng; +use serde::{Deserialize, Serialize}; + +#[derive(Debug, Deserialize)] +pub struct Credentials<'a> { + pub username: &'a str, + pub password: &'a str, +} + +#[derive(Insertable)] +#[table_name = "users"] +pub struct NewUser<'a> { + pub username: &'a str, + pub password_hash: &'a [u8], + pub password_salt: &'a [u8], +} + +#[derive(Queryable, Debug)] +pub struct User { + pub user_id: i32, + pub username: String, + pub password_salt: Vec, + pub password_hash: Vec, +} + +// TODO: make this configurable somewhere +fn argon2_config() -> argon2::Config<'static> { + argon2::Config { + variant: argon2::Variant::Argon2i, + version: argon2::Version::Version13, + mem_cost: 4096, + time_cost: 3, + lanes: 1, + thread_mode: argon2::ThreadMode::Sequential, + // TODO: set a secret + secret: &[], + ad: &[], + hash_length: 32, + } +} + +pub fn create_user(credentials: &Credentials, conn: &PgConnection) -> QueryResult { + let argon_config = argon2_config(); + + let salt: [u8; 32] = rand::thread_rng().gen(); + let hash = argon2::hash_raw(credentials.password.as_bytes(), &salt, &argon_config).unwrap(); + let new_user = NewUser { + username: &credentials.username, + password_salt: &salt, + password_hash: &hash, + }; + diesel::insert_into(users::table) + .values(&new_user) + .get_result::(conn) +} + +pub fn authenticate_user(credentials: &Credentials, db_conn: &PgConnection) -> Option { + let user = users::table + .filter(users::username.eq(&credentials.username)) + .first::(db_conn) + .unwrap(); + + let password_matches = argon2::verify_raw( + credentials.password.as_bytes(), + &user.password_salt, + &user.password_hash, + &argon2_config(), + ) + .unwrap(); + + if password_matches { + return Some(user); + } else { + return None; + } +} + +#[test] +fn test_argon() { + let credentials = Credentials { + username: "piepkonijn", + password: "geheim123", + }; + let argon_config = argon2_config(); + + let salt: [u8; 32] = rand::thread_rng().gen(); + let hash = argon2::hash_raw(credentials.password.as_bytes(), &salt, &argon_config).unwrap(); + let new_user = NewUser { + username: &credentials.username, + password_hash: &hash, + password_salt: &salt, + }; + + let password_matches = argon2::verify_raw( + credentials.password.as_bytes(), + &new_user.password_salt, + &new_user.password_hash, + &argon2_config(), + ) + .unwrap(); + + assert!(password_matches); +} diff --git a/backend/src/main.rs b/backend/src/main.rs index fd0ff2e..6ee54ec 100644 --- a/backend/src/main.rs +++ b/backend/src/main.rs @@ -1,15 +1,36 @@ #![feature(proc_macro_hygiene, decl_macro)] +use rocket::{Build, Rocket}; +use rocket_sync_db_pools::database; + #[macro_use] extern crate rocket; #[macro_use] -extern crate rocket_contrib; +extern crate diesel; + +mod db; +mod routes; +mod schema; + +#[database("postgresql_database")] +pub struct DbConn(diesel::PgConnection); #[get("/")] fn index() -> &'static str { "Hello, world!" } -fn main() { - rocket::ignite().mount("/", routes![index]).launch(); +#[launch] +fn rocket() -> Rocket { + rocket::build() + .mount( + "/", + routes![ + index, + routes::users::register, + routes::users::login, + routes::users::current_user, + ], + ) + .attach(DbConn::fairing()) } diff --git a/backend/src/routes/mod.rs b/backend/src/routes/mod.rs new file mode 100644 index 0000000..913bd46 --- /dev/null +++ b/backend/src/routes/mod.rs @@ -0,0 +1 @@ +pub mod users; diff --git a/backend/src/routes/users.rs b/backend/src/routes/users.rs new file mode 100644 index 0000000..274b712 --- /dev/null +++ b/backend/src/routes/users.rs @@ -0,0 +1,100 @@ +use crate::db::{sessions, users}; +use crate::{ + db::users::{Credentials, User}, + DbConn, +}; +use rocket::serde::json::Json; +use serde::{Deserialize, Serialize}; + +use rocket::http::Status; +use rocket::request::{self, FromRequest, Outcome, Request}; + +#[derive(Debug)] +pub enum AuthTokenError { + BadCount, + Missing, + Invalid, +} + +// TODO: error handling and proper lifetimes +#[rocket::async_trait] +impl<'r> FromRequest<'r> for User { + type Error = AuthTokenError; + + async fn from_request(request: &'r Request<'_>) -> Outcome { + let keys: Vec<_> = request.headers().get("Authorization").collect(); + let token = match keys.len() { + 0 => return Outcome::Failure((Status::BadRequest, AuthTokenError::Missing)), + 1 => keys[0].to_string(), + _ => return Outcome::Failure((Status::BadRequest, AuthTokenError::BadCount)), + }; + let db = request.guard::().await.unwrap(); + let (_session, user) = db + .run(move |conn| sessions::find_user_by_session(&token, conn)) + .await + .unwrap(); + Outcome::Success(user) + } +} + +#[derive(Serialize, Deserialize)] +pub struct UserData { + pub user_id: i32, + pub username: String, +} + +impl From for UserData { + fn from(user: User) -> Self { + UserData { + user_id: user.user_id, + username: user.username, + } + } +} + +#[derive(Deserialize)] +pub struct RegistrationParams { + pub username: String, + pub password: String, +} + +#[post("/register", data = "")] +pub async fn register(db_conn: DbConn, params: Json) -> Json { + db_conn + .run(move |conn| { + let credentials = Credentials { + username: ¶ms.username, + password: ¶ms.password, + }; + let user = users::create_user(&credentials, conn).unwrap(); + Json(user.into()) + }) + .await +} + +#[derive(Deserialize)] +pub struct LoginParams { + pub username: String, + pub password: String, +} + +#[post("/login", data = "")] +pub async fn login(db_conn: DbConn, params: Json) -> String { + db_conn + .run(move |conn| { + let credentials = Credentials { + username: ¶ms.username, + password: ¶ms.password, + }; + // TODO: handle failures + let user = users::authenticate_user(&credentials, conn).unwrap(); + let session = sessions::create_session(&user, conn); + return session.token; + }) + .await +} + +#[get("/users/me")] +pub async fn current_user(user: User) -> Json { + Json(user.into()) +} diff --git a/backend/src/schema.rs b/backend/src/schema.rs new file mode 100644 index 0000000..04ecbd7 --- /dev/null +++ b/backend/src/schema.rs @@ -0,0 +1,20 @@ +table! { + sessions (id) { + id -> Int4, + user_id -> Int4, + token -> Varchar, + } +} + +table! { + users (id) { + id -> Int4, + username -> Varchar, + password_salt -> Bytea, + password_hash -> Bytea, + } +} + +joinable!(sessions -> users (user_id)); + +allow_tables_to_appear_in_same_query!(sessions, users,); diff --git a/backend/tests/common.rs b/backend/tests/common.rs new file mode 100644 index 0000000..e69de29 -- cgit v1.2.3 From 13cdbc7ff760ae91ee3f62b2a2f62c7559ccaa3c Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Tue, 14 Dec 2021 20:23:07 +0100 Subject: test registration & login --- backend/Cargo.toml | 5 +- .../migrations/2021-12-13-145111_users/down.sql | 1 + backend/migrations/2021-12-13-145111_users/up.sql | 4 +- backend/src/lib.rs | 35 ++++++++++ backend/src/main.rs | 34 +--------- backend/tests/common.rs | 75 ++++++++++++++++++++++ 6 files changed, 121 insertions(+), 33 deletions(-) create mode 100644 backend/src/lib.rs diff --git a/backend/Cargo.toml b/backend/Cargo.toml index b44b5ad..cd70bc0 100644 --- a/backend/Cargo.toml +++ b/backend/Cargo.toml @@ -20,4 +20,7 @@ base64 = "0.13.0" [dependencies.rocket_sync_db_pools] version = "0.1.0-rc.1" -features = ["diesel_postgres_pool"] \ No newline at end of file +features = ["diesel_postgres_pool"] + +[dev-dependencies] +parking_lot = "0.11" \ No newline at end of file diff --git a/backend/migrations/2021-12-13-145111_users/down.sql b/backend/migrations/2021-12-13-145111_users/down.sql index 441087a..49285a1 100644 --- a/backend/migrations/2021-12-13-145111_users/down.sql +++ b/backend/migrations/2021-12-13-145111_users/down.sql @@ -1 +1,2 @@ +DROP INDEX users_username_index DROP TABLE users; \ No newline at end of file diff --git a/backend/migrations/2021-12-13-145111_users/up.sql b/backend/migrations/2021-12-13-145111_users/up.sql index 6ec7e01..f35e718 100644 --- a/backend/migrations/2021-12-13-145111_users/up.sql +++ b/backend/migrations/2021-12-13-145111_users/up.sql @@ -3,4 +3,6 @@ CREATE TABLE users( username VARCHAR(52) NOT NULL, password_salt BYTEA NOT NULL, password_hash BYTEA NOT NULL -); \ No newline at end of file +); + +CREATE UNIQUE INDEX users_username_index ON users(username); \ No newline at end of file diff --git a/backend/src/lib.rs b/backend/src/lib.rs new file mode 100644 index 0000000..0a21850 --- /dev/null +++ b/backend/src/lib.rs @@ -0,0 +1,35 @@ +#![feature(proc_macro_hygiene, decl_macro)] + +use rocket::{Build, Rocket}; +use rocket_sync_db_pools::database; + +#[macro_use] +extern crate rocket; +#[macro_use] +extern crate diesel; + +mod db; +mod routes; +mod schema; + +#[database("postgresql_database")] +pub struct DbConn(diesel::PgConnection); + +#[get("/")] +fn index() -> &'static str { + "Hello, world!" +} + +pub fn rocket() -> Rocket { + rocket::build() + .mount( + "/", + routes![ + index, + routes::users::register, + routes::users::login, + routes::users::current_user, + ], + ) + .attach(DbConn::fairing()) +} diff --git a/backend/src/main.rs b/backend/src/main.rs index 6ee54ec..65be48d 100644 --- a/backend/src/main.rs +++ b/backend/src/main.rs @@ -1,36 +1,8 @@ -#![feature(proc_macro_hygiene, decl_macro)] - -use rocket::{Build, Rocket}; -use rocket_sync_db_pools::database; - #[macro_use] extern crate rocket; -#[macro_use] -extern crate diesel; - -mod db; -mod routes; -mod schema; - -#[database("postgresql_database")] -pub struct DbConn(diesel::PgConnection); - -#[get("/")] -fn index() -> &'static str { - "Hello, world!" -} +extern crate mozaic4_backend; #[launch] -fn rocket() -> Rocket { - rocket::build() - .mount( - "/", - routes![ - index, - routes::users::register, - routes::users::login, - routes::users::current_user, - ], - ) - .attach(DbConn::fairing()) +fn launch() -> _ { + mozaic4_backend::rocket() } diff --git a/backend/tests/common.rs b/backend/tests/common.rs index e69de29..8ab68a1 100644 --- a/backend/tests/common.rs +++ b/backend/tests/common.rs @@ -0,0 +1,75 @@ +extern crate mozaic4_backend; + +use diesel; +use diesel::prelude::*; +use mozaic4_backend::DbConn; +use rocket::http::{ContentType, Header, Status}; +use rocket::local::asynchronous::Client; + +// We use a lock to synchronize between tests so DB operations don't collide. +// For now. In the future, we'll have a nice way to run each test in a DB +// transaction so we can regain concurrency. +static DB_LOCK: parking_lot::Mutex<()> = parking_lot::const_mutex(()); + +async fn reset_db(db: &DbConn) { + db.run(|conn| { + diesel::sql_query("TRUNCATE TABLE users, sessions") + .execute(conn) + .expect("drop all tables"); + }) + .await +} + +macro_rules! run_test { + (|$client:ident, $conn:ident| $block:expr) => {{ + let _lock = DB_LOCK.lock(); + + rocket::async_test(async move { + let $client = Client::tracked(mozaic4_backend::rocket()) + .await + .expect("Rocket client"); + let db = mozaic4_backend::DbConn::get_one($client.rocket()).await; + let $conn = db.expect("failed to get database connection for testing"); + reset_db(&$conn).await; + + $block + }) + }}; +} + +#[test] +fn test_registration() { + run_test!(|client, _conn| { + let response = client + .post("/register") + .header(ContentType::JSON) + .body(r#"{"username": "piepkonijn", "password": "geheim123"}"#) + .dispatch() + .await; + + assert_eq!(response.status(), Status::Ok); + assert_eq!(response.content_type(), Some(ContentType::JSON)); + + let response = client + .post("/login") + .header(ContentType::JSON) + .body(r#"{"username": "piepkonijn", "password": "geheim123"}"#) + .dispatch() + .await; + + assert_eq!(response.status(), Status::Ok); + let token = response.into_string().await.unwrap(); + + let response = client + .get("/users/me") + .header(Header::new("Authorization", token)) + .dispatch() + .await; + + assert_eq!(response.status(), Status::Ok); + assert_eq!(response.content_type(), Some(ContentType::JSON)); + let resp = response.into_string().await.unwrap(); + let json: serde_json::Value = serde_json::from_str(&resp).unwrap(); + assert_eq!(json["username"], "piepkonijn"); + }); +} -- cgit v1.2.3 From 6aa72b3c8717f32e62c772aeed327d3cd9a6fa65 Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Wed, 15 Dec 2021 22:40:55 +0100 Subject: gracefully handle invalid login credentials --- backend/src/db/users.rs | 32 ++++++------- backend/src/main.rs | 2 +- backend/src/routes/users.rs | 40 ++++++++++++----- backend/tests/common.rs | 75 ------------------------------- backend/tests/login.rs | 106 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 153 insertions(+), 102 deletions(-) delete mode 100644 backend/tests/common.rs create mode 100644 backend/tests/login.rs diff --git a/backend/src/db/users.rs b/backend/src/db/users.rs index c06e5b3..29cee88 100644 --- a/backend/src/db/users.rs +++ b/backend/src/db/users.rs @@ -58,24 +58,26 @@ pub fn create_user(credentials: &Credentials, conn: &PgConnection) -> QueryResul } pub fn authenticate_user(credentials: &Credentials, db_conn: &PgConnection) -> Option { - let user = users::table + users::table .filter(users::username.eq(&credentials.username)) .first::(db_conn) - .unwrap(); + .optional() + .unwrap() + .and_then(|user| { + let password_matches = argon2::verify_raw( + credentials.password.as_bytes(), + &user.password_salt, + &user.password_hash, + &argon2_config(), + ) + .unwrap(); - let password_matches = argon2::verify_raw( - credentials.password.as_bytes(), - &user.password_salt, - &user.password_hash, - &argon2_config(), - ) - .unwrap(); - - if password_matches { - return Some(user); - } else { - return None; - } + if password_matches { + return Some(user); + } else { + return None; + } + }) } #[test] diff --git a/backend/src/main.rs b/backend/src/main.rs index 65be48d..3c0efa8 100644 --- a/backend/src/main.rs +++ b/backend/src/main.rs @@ -3,6 +3,6 @@ extern crate rocket; extern crate mozaic4_backend; #[launch] -fn launch() -> _ { +fn launch() -> rocket::Rocket { mozaic4_backend::rocket() } diff --git a/backend/src/routes/users.rs b/backend/src/routes/users.rs index 274b712..72a857f 100644 --- a/backend/src/routes/users.rs +++ b/backend/src/routes/users.rs @@ -7,7 +7,8 @@ use rocket::serde::json::Json; use serde::{Deserialize, Serialize}; use rocket::http::Status; -use rocket::request::{self, FromRequest, Outcome, Request}; +use rocket::request::{FromRequest, Outcome, Request}; +use rocket::response::status; #[derive(Debug)] pub enum AuthTokenError { @@ -23,17 +24,25 @@ impl<'r> FromRequest<'r> for User { async fn from_request(request: &'r Request<'_>) -> Outcome { let keys: Vec<_> = request.headers().get("Authorization").collect(); - let token = match keys.len() { + let auth_header = match keys.len() { 0 => return Outcome::Failure((Status::BadRequest, AuthTokenError::Missing)), - 1 => keys[0].to_string(), + 1 => keys[0], _ => return Outcome::Failure((Status::BadRequest, AuthTokenError::BadCount)), }; + + let token = match auth_header.strip_prefix("Bearer ") { + Some(token) => token.to_string(), + None => return Outcome::Failure((Status::BadRequest, AuthTokenError::Invalid)), + }; + let db = request.guard::().await.unwrap(); - let (_session, user) = db + let res = db .run(move |conn| sessions::find_user_by_session(&token, conn)) - .await - .unwrap(); - Outcome::Success(user) + .await; + match res { + Ok((_session, user)) => Outcome::Success(user), + Err(_) => Outcome::Failure((Status::Unauthorized, AuthTokenError::Invalid)), + } } } @@ -79,7 +88,10 @@ pub struct LoginParams { } #[post("/login", data = "")] -pub async fn login(db_conn: DbConn, params: Json) -> String { +pub async fn login( + db_conn: DbConn, + params: Json, +) -> Result> { db_conn .run(move |conn| { let credentials = Credentials { @@ -87,9 +99,15 @@ pub async fn login(db_conn: DbConn, params: Json) -> String { password: ¶ms.password, }; // TODO: handle failures - let user = users::authenticate_user(&credentials, conn).unwrap(); - let session = sessions::create_session(&user, conn); - return session.token; + let authenticated = users::authenticate_user(&credentials, conn); + + match authenticated { + None => Err(status::Forbidden(Some("invalid auth"))), + Some(user) => { + let session = sessions::create_session(&user, conn); + Ok(session.token) + } + } }) .await } diff --git a/backend/tests/common.rs b/backend/tests/common.rs deleted file mode 100644 index 8ab68a1..0000000 --- a/backend/tests/common.rs +++ /dev/null @@ -1,75 +0,0 @@ -extern crate mozaic4_backend; - -use diesel; -use diesel::prelude::*; -use mozaic4_backend::DbConn; -use rocket::http::{ContentType, Header, Status}; -use rocket::local::asynchronous::Client; - -// We use a lock to synchronize between tests so DB operations don't collide. -// For now. In the future, we'll have a nice way to run each test in a DB -// transaction so we can regain concurrency. -static DB_LOCK: parking_lot::Mutex<()> = parking_lot::const_mutex(()); - -async fn reset_db(db: &DbConn) { - db.run(|conn| { - diesel::sql_query("TRUNCATE TABLE users, sessions") - .execute(conn) - .expect("drop all tables"); - }) - .await -} - -macro_rules! run_test { - (|$client:ident, $conn:ident| $block:expr) => {{ - let _lock = DB_LOCK.lock(); - - rocket::async_test(async move { - let $client = Client::tracked(mozaic4_backend::rocket()) - .await - .expect("Rocket client"); - let db = mozaic4_backend::DbConn::get_one($client.rocket()).await; - let $conn = db.expect("failed to get database connection for testing"); - reset_db(&$conn).await; - - $block - }) - }}; -} - -#[test] -fn test_registration() { - run_test!(|client, _conn| { - let response = client - .post("/register") - .header(ContentType::JSON) - .body(r#"{"username": "piepkonijn", "password": "geheim123"}"#) - .dispatch() - .await; - - assert_eq!(response.status(), Status::Ok); - assert_eq!(response.content_type(), Some(ContentType::JSON)); - - let response = client - .post("/login") - .header(ContentType::JSON) - .body(r#"{"username": "piepkonijn", "password": "geheim123"}"#) - .dispatch() - .await; - - assert_eq!(response.status(), Status::Ok); - let token = response.into_string().await.unwrap(); - - let response = client - .get("/users/me") - .header(Header::new("Authorization", token)) - .dispatch() - .await; - - assert_eq!(response.status(), Status::Ok); - assert_eq!(response.content_type(), Some(ContentType::JSON)); - let resp = response.into_string().await.unwrap(); - let json: serde_json::Value = serde_json::from_str(&resp).unwrap(); - assert_eq!(json["username"], "piepkonijn"); - }); -} diff --git a/backend/tests/login.rs b/backend/tests/login.rs new file mode 100644 index 0000000..9c70af2 --- /dev/null +++ b/backend/tests/login.rs @@ -0,0 +1,106 @@ +extern crate mozaic4_backend; + +use diesel; +use diesel::prelude::*; +use mozaic4_backend::DbConn; +use rocket::http::{ContentType, Header, Status}; +use rocket::local::asynchronous::Client; + +// We use a lock to synchronize between tests so DB operations don't collide. +// For now. In the future, we'll have a nice way to run each test in a DB +// transaction so we can regain concurrency. +static DB_LOCK: parking_lot::Mutex<()> = parking_lot::const_mutex(()); + +async fn reset_db(db: &DbConn) { + db.run(|conn| { + diesel::sql_query("TRUNCATE TABLE users, sessions") + .execute(conn) + .expect("drop all tables"); + }) + .await +} + +macro_rules! run_test { + (|$client:ident, $conn:ident| $block:expr) => {{ + let _lock = DB_LOCK.lock(); + + rocket::async_test(async move { + let $client = Client::tracked(mozaic4_backend::rocket()) + .await + .expect("Rocket client"); + let db = mozaic4_backend::DbConn::get_one($client.rocket()).await; + let $conn = db.expect("failed to get database connection for testing"); + reset_db(&$conn).await; + + $block + }) + }}; +} + +pub struct BearerAuth { + token: String, +} + +impl BearerAuth { + pub fn new(token: String) -> Self { + Self { token } + } +} + +impl<'a> Into> for BearerAuth { + fn into(self) -> Header<'a> { + Header::new("Authorization", format!("Bearer {}", self.token)) + } +} + +#[test] +fn test_registration() { + run_test!(|client, _conn| { + let response = client + .post("/register") + .header(ContentType::JSON) + .body(r#"{"username": "piepkonijn", "password": "geheim123"}"#) + .dispatch() + .await; + + assert_eq!(response.status(), Status::Ok); + assert_eq!(response.content_type(), Some(ContentType::JSON)); + + let response = client + .post("/login") + .header(ContentType::JSON) + .body(r#"{"username": "piepkonijn", "password": "geheim123"}"#) + .dispatch() + .await; + + assert_eq!(response.status(), Status::Ok); + let token = response.into_string().await.unwrap(); + + let response = client + .get("/users/me") + .header(BearerAuth::new(token)) + .dispatch() + .await; + + assert_eq!(response.status(), Status::Ok); + assert_eq!(response.content_type(), Some(ContentType::JSON)); + let resp = response.into_string().await.unwrap(); + let json: serde_json::Value = serde_json::from_str(&resp).unwrap(); + assert_eq!(json["username"], "piepkonijn"); + }); +} + +#[test] +fn test_reject_invalid_credentials() { + run_test!(|client, _conn| { + let response = client + .post("/login") + .header(ContentType::JSON) + .body(r#"{"username": "piepkonijn", "password": "letmeinplease"}"#) + .dispatch() + .await; + + assert_eq!(response.status(), Status::Forbidden); + // assert_eq!(response.content_type(), Some(ContentType::JSON)); + }); +} -- cgit v1.2.3 From 2dbb085008f68ed56675cf23ea6e1c89af632ea9 Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Sat, 18 Dec 2021 15:39:05 +0100 Subject: use async closures for tests --- backend/tests/login.rs | 53 ++++++++++------------------------------------- backend/tests/util/mod.rs | 39 ++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 42 deletions(-) create mode 100644 backend/tests/util/mod.rs diff --git a/backend/tests/login.rs b/backend/tests/login.rs index 9c70af2..b4e07e3 100644 --- a/backend/tests/login.rs +++ b/backend/tests/login.rs @@ -1,41 +1,10 @@ +#![feature(async_closure)] extern crate mozaic4_backend; -use diesel; -use diesel::prelude::*; -use mozaic4_backend::DbConn; use rocket::http::{ContentType, Header, Status}; -use rocket::local::asynchronous::Client; -// We use a lock to synchronize between tests so DB operations don't collide. -// For now. In the future, we'll have a nice way to run each test in a DB -// transaction so we can regain concurrency. -static DB_LOCK: parking_lot::Mutex<()> = parking_lot::const_mutex(()); - -async fn reset_db(db: &DbConn) { - db.run(|conn| { - diesel::sql_query("TRUNCATE TABLE users, sessions") - .execute(conn) - .expect("drop all tables"); - }) - .await -} - -macro_rules! run_test { - (|$client:ident, $conn:ident| $block:expr) => {{ - let _lock = DB_LOCK.lock(); - - rocket::async_test(async move { - let $client = Client::tracked(mozaic4_backend::rocket()) - .await - .expect("Rocket client"); - let db = mozaic4_backend::DbConn::get_one($client.rocket()).await; - let $conn = db.expect("failed to get database connection for testing"); - reset_db(&$conn).await; - - $block - }) - }}; -} +mod util; +use util::run_test; pub struct BearerAuth { token: String, @@ -53,9 +22,9 @@ impl<'a> Into> for BearerAuth { } } -#[test] -fn test_registration() { - run_test!(|client, _conn| { +#[rocket::async_test] +async fn test_registration() { + run_test(async move |client, _conn| { let response = client .post("/register") .header(ContentType::JSON) @@ -87,12 +56,12 @@ fn test_registration() { let resp = response.into_string().await.unwrap(); let json: serde_json::Value = serde_json::from_str(&resp).unwrap(); assert_eq!(json["username"], "piepkonijn"); - }); + }).await } -#[test] -fn test_reject_invalid_credentials() { - run_test!(|client, _conn| { +#[rocket::async_test] +async fn test_reject_invalid_credentials() { + run_test(async move |client, _conn| { let response = client .post("/login") .header(ContentType::JSON) @@ -102,5 +71,5 @@ fn test_reject_invalid_credentials() { assert_eq!(response.status(), Status::Forbidden); // assert_eq!(response.content_type(), Some(ContentType::JSON)); - }); + }).await } diff --git a/backend/tests/util/mod.rs b/backend/tests/util/mod.rs new file mode 100644 index 0000000..3502ddb --- /dev/null +++ b/backend/tests/util/mod.rs @@ -0,0 +1,39 @@ +use std::future::Future; + +use diesel::RunQueryDsl; +use mozaic4_backend::DbConn; +use rocket::local::asynchronous::Client; + +// We use a lock to synchronize between tests so DB operations don't collide. +// For now. In the future, we'll have a nice way to run each test in a DB +// transaction so we can regain concurrency. +static DB_LOCK: parking_lot::Mutex<()> = parking_lot::const_mutex(()); + +async fn reset_db(db: &DbConn) { + db.run(|conn| { + diesel::sql_query("TRUNCATE TABLE users, sessions") + .execute(conn) + .expect("drop all tables"); + }) + .await +} + +pub async fn run_test(test_closure: F) +where + F: FnOnce(Client, DbConn) -> R, + R: Future, +{ + let _lock = DB_LOCK.lock(); + + let client = Client::untracked(mozaic4_backend::rocket()) + .await + .expect("failed to create test client"); + let db = mozaic4_backend::DbConn::get_one(client.rocket()) + .await + .expect("failed to get db connection"); + + // make sure we start with a clean DB + reset_db(&db).await; + + test_closure(client, db).await; +} -- cgit v1.2.3 From 52242b03f1af7f73e73592c2e5ee2bc54813a64d Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Sun, 19 Dec 2021 00:16:46 +0100 Subject: simple bot uploads --- backend/Cargo.toml | 3 +- backend/migrations/2021-12-18-130837_bots/down.sql | 3 + backend/migrations/2021-12-18-130837_bots/up.sql | 14 ++++ backend/src/db/bots.rs | 54 ++++++++++++ backend/src/db/mod.rs | 1 + backend/src/db/sessions.rs | 2 +- backend/src/db/users.rs | 2 +- backend/src/lib.rs | 9 +- backend/src/routes/bots.rs | 96 +++++++++++++++++++++ backend/src/routes/mod.rs | 1 + backend/src/routes/users.rs | 2 +- backend/src/schema.rs | 21 ++++- backend/tests/bots.rs | 98 ++++++++++++++++++++++ backend/tests/login.rs | 26 ++---- backend/tests/util/mod.rs | 28 ++++++- 15 files changed, 328 insertions(+), 32 deletions(-) create mode 100644 backend/migrations/2021-12-18-130837_bots/down.sql create mode 100644 backend/migrations/2021-12-18-130837_bots/up.sql create mode 100644 backend/src/db/bots.rs create mode 100644 backend/src/routes/bots.rs create mode 100644 backend/tests/bots.rs diff --git a/backend/Cargo.toml b/backend/Cargo.toml index cd70bc0..ed64ac3 100644 --- a/backend/Cargo.toml +++ b/backend/Cargo.toml @@ -7,7 +7,7 @@ edition = "2021" [dependencies] rocket = { version= "0.5.0-rc.1", features = ["json"] } -diesel = { version = "1.4.4", features = ["postgres", "r2d2"] } +diesel = { version = "1.4.4", features = ["postgres", "r2d2", "chrono"] } dotenv = "0.15.0" rust-argon2 = "0.8" rand = "0.8.4" @@ -16,6 +16,7 @@ serde_bytes = "0.11" chrono = { version = "0.4", features = ["serde"] } serde_json = "1.0" base64 = "0.13.0" +zip = "0.5" [dependencies.rocket_sync_db_pools] diff --git a/backend/migrations/2021-12-18-130837_bots/down.sql b/backend/migrations/2021-12-18-130837_bots/down.sql new file mode 100644 index 0000000..3d14604 --- /dev/null +++ b/backend/migrations/2021-12-18-130837_bots/down.sql @@ -0,0 +1,3 @@ +DROP TABLE code_bundles; +DROP INDEX bots_index; +DROP TABLE bots; \ No newline at end of file diff --git a/backend/migrations/2021-12-18-130837_bots/up.sql b/backend/migrations/2021-12-18-130837_bots/up.sql new file mode 100644 index 0000000..27f3582 --- /dev/null +++ b/backend/migrations/2021-12-18-130837_bots/up.sql @@ -0,0 +1,14 @@ +CREATE TABLE bots ( + id serial PRIMARY KEY, + owner_id integer REFERENCES users(id) NOT NULL, + name text NOT NULL +); + +CREATE UNIQUE INDEX bots_index ON bots(owner_id, name); + +CREATE TABLE code_bundles ( + id serial PRIMARY KEY, + bot_id integer REFERENCES bots(id) NOT NULL, + path text NOT NULL, + created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP +); \ No newline at end of file diff --git a/backend/src/db/bots.rs b/backend/src/db/bots.rs new file mode 100644 index 0000000..d359e28 --- /dev/null +++ b/backend/src/db/bots.rs @@ -0,0 +1,54 @@ +use diesel::prelude::*; +use serde::{Deserialize, Serialize}; + +use crate::schema::{bots, code_bundles}; +use crate::DbConn; +use chrono; + +#[derive(Insertable)] +#[table_name = "bots"] +pub struct NewBot<'a> { + pub owner_id: i32, + pub name: &'a str, +} + +#[derive(Queryable, Debug, PartialEq, Serialize, Deserialize)] +pub struct Bot { + pub id: i32, + pub owner_id: i32, + pub name: String, +} + +pub fn create_bot(new_bot: &NewBot, conn: &PgConnection) -> QueryResult { + diesel::insert_into(bots::table) + .values(new_bot) + .get_result(conn) +} + +pub fn find_bot(id: i32, conn: &PgConnection) -> QueryResult { + bots::table.find(id).first(conn) +} + +#[derive(Insertable)] +#[table_name = "code_bundles"] +pub struct NewCodeBundle<'a> { + pub bot_id: i32, + pub path: &'a str, +} + +#[derive(Queryable, Serialize, Deserialize, Debug)] +pub struct CodeBundle { + pub id: i32, + pub bot_id: i32, + pub path: String, + pub created_at: chrono::NaiveDateTime, +} + +pub fn create_code_bundle( + new_code_bundle: &NewCodeBundle, + conn: &PgConnection, +) -> QueryResult { + diesel::insert_into(code_bundles::table) + .values(new_code_bundle) + .get_result(conn) +} diff --git a/backend/src/db/mod.rs b/backend/src/db/mod.rs index b6e3efc..947b789 100644 --- a/backend/src/db/mod.rs +++ b/backend/src/db/mod.rs @@ -1,2 +1,3 @@ +pub mod bots; pub mod sessions; pub mod users; diff --git a/backend/src/db/sessions.rs b/backend/src/db/sessions.rs index 0cc3f1a..96f3926 100644 --- a/backend/src/db/sessions.rs +++ b/backend/src/db/sessions.rs @@ -22,7 +22,7 @@ pub struct Session { pub fn create_session(user: &User, conn: &PgConnection) -> Session { let new_session = NewSession { token: gen_session_token(), - user_id: user.user_id, + user_id: user.id, }; let session = insert_into(sessions::table) .values(&new_session) diff --git a/backend/src/db/users.rs b/backend/src/db/users.rs index 29cee88..0817766 100644 --- a/backend/src/db/users.rs +++ b/backend/src/db/users.rs @@ -20,7 +20,7 @@ pub struct NewUser<'a> { #[derive(Queryable, Debug)] pub struct User { - pub user_id: i32, + pub id: i32, pub username: String, pub password_salt: Vec, pub password_hash: Vec, diff --git a/backend/src/lib.rs b/backend/src/lib.rs index 0a21850..8807637 100644 --- a/backend/src/lib.rs +++ b/backend/src/lib.rs @@ -8,9 +8,9 @@ extern crate rocket; #[macro_use] extern crate diesel; -mod db; -mod routes; -mod schema; +pub mod db; +pub mod routes; +pub mod schema; #[database("postgresql_database")] pub struct DbConn(diesel::PgConnection); @@ -29,6 +29,9 @@ pub fn rocket() -> Rocket { routes::users::register, routes::users::login, routes::users::current_user, + routes::bots::create_bot, + routes::bots::get_bot, + routes::bots::upload_bot_code, ], ) .attach(DbConn::fairing()) diff --git a/backend/src/routes/bots.rs b/backend/src/routes/bots.rs new file mode 100644 index 0000000..413c145 --- /dev/null +++ b/backend/src/routes/bots.rs @@ -0,0 +1,96 @@ +use rand::Rng; +use rocket::data::ToByteUnit; +use rocket::fs::TempFile; +use rocket::Data; +use rocket::{response::status, serde::json::Json}; +use serde::{Deserialize, Serialize}; +use std::io::Cursor; +use std::path::Path; + +use crate::DbConn; + +use crate::db::bots::{self, CodeBundle}; +use crate::db::users::User; +use bots::Bot; + +#[derive(Serialize, Deserialize, Debug)] +pub struct BotParams { + name: String, +} + +// TODO: handle errors +#[post("/bots", data = "")] +pub async fn create_bot( + db_conn: DbConn, + user: User, + params: Json, +) -> status::Created> { + db_conn + .run(move |conn| { + let bot_params = bots::NewBot { + owner_id: user.id, + name: ¶ms.name, + }; + let bot = bots::create_bot(&bot_params, conn).unwrap(); + let bot_url = uri!(get_bot(bot.id)).to_string(); + status::Created::new(bot_url).body(Json(bot)) + }) + .await +} + +// TODO: handle errors +#[get("/bots/")] +pub async fn get_bot(db_conn: DbConn, bot_id: i32) -> Json { + db_conn + .run(move |conn| { + let bot = bots::find_bot(bot_id, conn).unwrap(); + Json(bot) + }) + .await +} + +// TODO: proper error handling +#[post("/bots//upload", data = "")] +pub async fn upload_bot_code( + db_conn: DbConn, + user: User, + bot_id: i32, + data: Data<'_>, +) -> status::Created> { + // TODO: put in config somewhere + let data_path = "./data/bots"; + + let bot = db_conn + .run(move |conn| bots::find_bot(bot_id, conn)) + .await + .expect("Bot not found"); + + assert_eq!(user.id, bot.owner_id); + + // generate a random filename + let token: [u8; 16] = rand::thread_rng().gen(); + let name = base64::encode(&token); + + let path = Path::new(data_path).join(name); + let capped_buf = data.open(10usize.megabytes()).into_bytes().await.unwrap(); + assert!(capped_buf.is_complete()); + let buf = capped_buf.into_inner(); + + zip::ZipArchive::new(Cursor::new(buf)) + .unwrap() + .extract(&path) + .unwrap(); + + let code_bundle = db_conn + .run(move |conn| { + let bundle = bots::NewCodeBundle { + bot_id: bot.id, + path: path.to_str().unwrap(), + }; + bots::create_code_bundle(&bundle, conn).expect("Failed to create code bundle") + }) + .await; + + // TODO: proper location + status::Created::new("").body(Json(code_bundle)) +} diff --git a/backend/src/routes/mod.rs b/backend/src/routes/mod.rs index 913bd46..718d7ef 100644 --- a/backend/src/routes/mod.rs +++ b/backend/src/routes/mod.rs @@ -1 +1,2 @@ +pub mod bots; pub mod users; diff --git a/backend/src/routes/users.rs b/backend/src/routes/users.rs index 72a857f..45a94b9 100644 --- a/backend/src/routes/users.rs +++ b/backend/src/routes/users.rs @@ -55,7 +55,7 @@ pub struct UserData { impl From for UserData { fn from(user: User) -> Self { UserData { - user_id: user.user_id, + user_id: user.id, username: user.username, } } diff --git a/backend/src/schema.rs b/backend/src/schema.rs index 04ecbd7..bf58434 100644 --- a/backend/src/schema.rs +++ b/backend/src/schema.rs @@ -1,3 +1,20 @@ +table! { + bots (id) { + id -> Int4, + owner_id -> Int4, + name -> Text, + } +} + +table! { + code_bundles (id) { + id -> Int4, + bot_id -> Int4, + path -> Text, + created_at -> Timestamp, + } +} + table! { sessions (id) { id -> Int4, @@ -15,6 +32,8 @@ table! { } } +joinable!(bots -> users (owner_id)); +joinable!(code_bundles -> bots (bot_id)); joinable!(sessions -> users (user_id)); -allow_tables_to_appear_in_same_query!(sessions, users,); +allow_tables_to_appear_in_same_query!(bots, code_bundles, sessions, users,); diff --git a/backend/tests/bots.rs b/backend/tests/bots.rs new file mode 100644 index 0000000..fe81712 --- /dev/null +++ b/backend/tests/bots.rs @@ -0,0 +1,98 @@ +#![feature(async_closure)] +extern crate mozaic4_backend; +extern crate zip; + +use rocket::http::{ContentType, Status}; + +mod util; +use mozaic4_backend::db::{bots, sessions, users}; +use mozaic4_backend::DbConn; +use sessions::Session; +use users::{Credentials, User}; +use util::{run_test, BearerAuth}; + +async fn user_with_session(conn: &DbConn) -> (User, Session) { + conn.run(|conn| { + let credentials = Credentials { + username: "piepkonijn", + password: "geheim123", + }; + let user = users::create_user(&credentials, conn).unwrap(); + let session = sessions::create_session(&user, conn); + (user, session) + }) + .await +} + +#[rocket::async_test] +async fn test_bot_create() { + run_test(async move |client, conn| { + let (user, session) = user_with_session(&conn).await; + + let response = client + .post("/bots") + .header(BearerAuth::new(session.token.clone())) + .header(ContentType::JSON) + .body( + r#"{ + "name": "testbot" + }"#, + ) + .dispatch() + .await; + + assert_eq!(response.status(), Status::Created); + assert_eq!(response.content_type(), Some(ContentType::JSON)); + + let resp_text = response.into_string().await.unwrap(); + let json: serde_json::Value = serde_json::from_str(&resp_text).unwrap(); + assert_eq!(json["name"], "testbot"); + assert_eq!(json["owner_id"], user.id); + }) + .await +} + +// create an example zipfile for bot upload +fn create_zip() -> std::io::Result> { + use std::io::Write; + use zip::write::FileOptions; + + let cursor = std::io::Cursor::new(Vec::new()); + let mut zip = zip::ZipWriter::new(cursor); + + zip.start_file("test.txt", FileOptions::default())?; + zip.write_all(b"sup brudi")?; + let buf = zip.finish()?; + Ok(buf.into_inner()) +} + +#[rocket::async_test] +async fn test_bot_upload() { + run_test(async move |client, conn| { + let (user, session) = user_with_session(&conn).await; + + let owner_id = user.id; + let bot = conn + .run(move |conn| { + let new_bot = bots::NewBot { + name: "testbot", + owner_id: owner_id, + }; + bots::create_bot(&new_bot, conn).unwrap() + }) + .await; + + let zip_file = create_zip().unwrap(); + + let response = client + .post(format!("/bots/{}/upload", bot.id)) + .header(BearerAuth::new(session.token.clone())) + .header(ContentType::JSON) + .body(zip_file) + .dispatch() + .await; + + assert_eq!(response.status(), Status::Created); + }) + .await +} diff --git a/backend/tests/login.rs b/backend/tests/login.rs index b4e07e3..60c5d6f 100644 --- a/backend/tests/login.rs +++ b/backend/tests/login.rs @@ -1,27 +1,11 @@ #![feature(async_closure)] extern crate mozaic4_backend; -use rocket::http::{ContentType, Header, Status}; +use rocket::http::{ContentType, Status}; mod util; use util::run_test; -pub struct BearerAuth { - token: String, -} - -impl BearerAuth { - pub fn new(token: String) -> Self { - Self { token } - } -} - -impl<'a> Into> for BearerAuth { - fn into(self) -> Header<'a> { - Header::new("Authorization", format!("Bearer {}", self.token)) - } -} - #[rocket::async_test] async fn test_registration() { run_test(async move |client, _conn| { @@ -47,7 +31,7 @@ async fn test_registration() { let response = client .get("/users/me") - .header(BearerAuth::new(token)) + .header(util::BearerAuth::new(token)) .dispatch() .await; @@ -56,7 +40,8 @@ async fn test_registration() { let resp = response.into_string().await.unwrap(); let json: serde_json::Value = serde_json::from_str(&resp).unwrap(); assert_eq!(json["username"], "piepkonijn"); - }).await + }) + .await } #[rocket::async_test] @@ -71,5 +56,6 @@ async fn test_reject_invalid_credentials() { assert_eq!(response.status(), Status::Forbidden); // assert_eq!(response.content_type(), Some(ContentType::JSON)); - }).await + }) + .await } diff --git a/backend/tests/util/mod.rs b/backend/tests/util/mod.rs index 3502ddb..f34e9f3 100644 --- a/backend/tests/util/mod.rs +++ b/backend/tests/util/mod.rs @@ -2,7 +2,7 @@ use std::future::Future; use diesel::RunQueryDsl; use mozaic4_backend::DbConn; -use rocket::local::asynchronous::Client; +use rocket::{http::Header, local::asynchronous::Client}; // We use a lock to synchronize between tests so DB operations don't collide. // For now. In the future, we'll have a nice way to run each test in a DB @@ -11,9 +11,13 @@ static DB_LOCK: parking_lot::Mutex<()> = parking_lot::const_mutex(()); async fn reset_db(db: &DbConn) { db.run(|conn| { - diesel::sql_query("TRUNCATE TABLE users, sessions") - .execute(conn) - .expect("drop all tables"); + diesel::sql_query( + r#" + TRUNCATE TABLE users, sessions, + bots, code_bundles"#, + ) + .execute(conn) + .expect("drop all tables"); }) .await } @@ -37,3 +41,19 @@ where test_closure(client, db).await; } + +pub struct BearerAuth { + token: String, +} + +impl BearerAuth { + pub fn new(token: String) -> Self { + Self { token } + } +} + +impl<'a> Into> for BearerAuth { + fn into(self) -> Header<'a> { + Header::new("Authorization", format!("Bearer {}", self.token)) + } +} -- cgit v1.2.3 From 1fb4a5151bd8cfe6de4d8c19e2066a9281a0b61a Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Wed, 29 Dec 2021 16:11:27 +0100 Subject: migrate to axum --- backend/Cargo.toml | 13 +++-- backend/src/db/bots.rs | 1 - backend/src/db/users.rs | 2 +- backend/src/lib.rs | 95 ++++++++++++++++++++++++++--------- backend/src/main.rs | 18 +++++-- backend/src/routes/bots.rs | 87 +++++++++++++------------------- backend/src/routes/users.rs | 118 ++++++++++++++++++-------------------------- 7 files changed, 171 insertions(+), 163 deletions(-) diff --git a/backend/Cargo.toml b/backend/Cargo.toml index ed64ac3..de98df7 100644 --- a/backend/Cargo.toml +++ b/backend/Cargo.toml @@ -6,8 +6,12 @@ edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -rocket = { version= "0.5.0-rc.1", features = ["json"] } -diesel = { version = "1.4.4", features = ["postgres", "r2d2", "chrono"] } +tokio = { version = "1.15", features = ["full"] } +hyper = "0.14" +axum = { version = "0.4", features = ["json", "headers"] } +diesel = { version = "1.4.4", features = ["postgres", "chrono"] } +bb8 = "0.7" +bb8-diesel = "0.2" dotenv = "0.15.0" rust-argon2 = "0.8" rand = "0.8.4" @@ -18,10 +22,5 @@ serde_json = "1.0" base64 = "0.13.0" zip = "0.5" - -[dependencies.rocket_sync_db_pools] -version = "0.1.0-rc.1" -features = ["diesel_postgres_pool"] - [dev-dependencies] parking_lot = "0.11" \ No newline at end of file diff --git a/backend/src/db/bots.rs b/backend/src/db/bots.rs index d359e28..bc9cb11 100644 --- a/backend/src/db/bots.rs +++ b/backend/src/db/bots.rs @@ -2,7 +2,6 @@ use diesel::prelude::*; use serde::{Deserialize, Serialize}; use crate::schema::{bots, code_bundles}; -use crate::DbConn; use chrono; #[derive(Insertable)] diff --git a/backend/src/db/users.rs b/backend/src/db/users.rs index 0817766..663f173 100644 --- a/backend/src/db/users.rs +++ b/backend/src/db/users.rs @@ -1,4 +1,4 @@ -use crate::{schema::users, DbConn}; +use crate::schema::users; use argon2; use diesel::{prelude::*, PgConnection}; use rand::Rng; diff --git a/backend/src/lib.rs b/backend/src/lib.rs index 8807637..665523f 100644 --- a/backend/src/lib.rs +++ b/backend/src/lib.rs @@ -1,10 +1,5 @@ #![feature(proc_macro_hygiene, decl_macro)] -use rocket::{Build, Rocket}; -use rocket_sync_db_pools::database; - -#[macro_use] -extern crate rocket; #[macro_use] extern crate diesel; @@ -12,27 +7,79 @@ pub mod db; pub mod routes; pub mod schema; -#[database("postgresql_database")] -pub struct DbConn(diesel::PgConnection); +use std::ops::Deref; + +use axum; +use bb8::PooledConnection; +use bb8_diesel::{self, DieselConnectionManager}; +use diesel::PgConnection; -#[get("/")] -fn index() -> &'static str { +use axum::{ + async_trait, + extract::{Extension, FromRequest, RequestParts}, + http::StatusCode, + routing::{get, post}, + AddExtensionLayer, Router, +}; + +async fn index_handler() -> &'static str { "Hello, world!" } -pub fn rocket() -> Rocket { - rocket::build() - .mount( - "/", - routes![ - index, - routes::users::register, - routes::users::login, - routes::users::current_user, - routes::bots::create_bot, - routes::bots::get_bot, - routes::bots::upload_bot_code, - ], - ) - .attach(DbConn::fairing()) +type ConnectionPool = bb8::Pool>; + +pub async fn app() -> Router { + let database_url = "postgresql://planetwars:planetwars@localhost/planetwars"; + let manager = DieselConnectionManager::::new(database_url); + let pool = bb8::Pool::builder().build(manager).await.unwrap(); + + let app = Router::new() + .route("/", get(index_handler)) + .route("/users/register", post(routes::users::register)) + .route("/users/login", post(routes::users::login)) + .route("/users/me", get(routes::users::current_user)) + .route("/bots", post(routes::bots::create_bot)) + .route("/bots/:bot_id", get(routes::bots::get_bot)) + .route("/bots/:bot_id/upload", post(routes::bots::upload_bot_code)) + .layer(AddExtensionLayer::new(pool)); + app +} + +// we can also write a custom extractor that grabs a connection from the pool +// which setup is appropriate depends on your application +pub struct DatabaseConnection(PooledConnection<'static, DieselConnectionManager>); + +impl Deref for DatabaseConnection { + type Target = PooledConnection<'static, DieselConnectionManager>; + + fn deref(&self) -> &Self::Target { + &self.0 + } +} + +#[async_trait] +impl FromRequest for DatabaseConnection +where + B: Send, +{ + type Rejection = (StatusCode, String); + + async fn from_request(req: &mut RequestParts) -> Result { + let Extension(pool) = Extension::::from_request(req) + .await + .map_err(internal_error)?; + + let conn = pool.get_owned().await.map_err(internal_error)?; + + Ok(Self(conn)) + } +} + +/// Utility function for mapping any error into a `500 Internal Server Error` +/// response. +fn internal_error(err: E) -> (StatusCode, String) +where + E: std::error::Error, +{ + (StatusCode::INTERNAL_SERVER_ERROR, err.to_string()) } diff --git a/backend/src/main.rs b/backend/src/main.rs index 3c0efa8..c75aaf6 100644 --- a/backend/src/main.rs +++ b/backend/src/main.rs @@ -1,8 +1,16 @@ -#[macro_use] -extern crate rocket; +use std::net::SocketAddr; + extern crate mozaic4_backend; +extern crate tokio; + +#[tokio::main] +async fn main() { + let app = mozaic4_backend::app().await; + + let addr = SocketAddr::from(([127, 0, 0, 1], 9000)); -#[launch] -fn launch() -> rocket::Rocket { - mozaic4_backend::rocket() + axum::Server::bind(&addr) + .serve(app.into_make_service()) + .await + .unwrap(); } diff --git a/backend/src/routes/bots.rs b/backend/src/routes/bots.rs index 413c145..da09669 100644 --- a/backend/src/routes/bots.rs +++ b/backend/src/routes/bots.rs @@ -1,16 +1,14 @@ +use axum::extract::{Path, RawBody}; +use axum::http::StatusCode; +use axum::Json; use rand::Rng; -use rocket::data::ToByteUnit; -use rocket::fs::TempFile; -use rocket::Data; -use rocket::{response::status, serde::json::Json}; use serde::{Deserialize, Serialize}; use std::io::Cursor; -use std::path::Path; - -use crate::DbConn; +use std::path; use crate::db::bots::{self, CodeBundle}; use crate::db::users::User; +use crate::DatabaseConnection; use bots::Bot; #[derive(Serialize, Deserialize, Debug)] @@ -18,52 +16,36 @@ pub struct BotParams { name: String, } -// TODO: handle errors -#[post("/bots", data = "")] pub async fn create_bot( - db_conn: DbConn, + conn: DatabaseConnection, user: User, params: Json, -) -> status::Created> { - db_conn - .run(move |conn| { - let bot_params = bots::NewBot { - owner_id: user.id, - name: ¶ms.name, - }; - let bot = bots::create_bot(&bot_params, conn).unwrap(); - let bot_url = uri!(get_bot(bot.id)).to_string(); - status::Created::new(bot_url).body(Json(bot)) - }) - .await +) -> (StatusCode, Json) { + let bot_params = bots::NewBot { + owner_id: user.id, + name: ¶ms.name, + }; + let bot = bots::create_bot(&bot_params, &conn).unwrap(); + (StatusCode::CREATED, Json(bot)) } // TODO: handle errors -#[get("/bots/")] -pub async fn get_bot(db_conn: DbConn, bot_id: i32) -> Json { - db_conn - .run(move |conn| { - let bot = bots::find_bot(bot_id, conn).unwrap(); - Json(bot) - }) - .await +pub async fn get_bot(conn: DatabaseConnection, Path(bot_id): Path) -> Json { + let bot = bots::find_bot(bot_id, &conn).unwrap(); + Json(bot) } // TODO: proper error handling -#[post("/bots//upload", data = "")] pub async fn upload_bot_code( - db_conn: DbConn, + conn: DatabaseConnection, user: User, - bot_id: i32, - data: Data<'_>, -) -> status::Created> { + Path(bot_id): Path, + RawBody(body): RawBody, +) -> (StatusCode, Json) { // TODO: put in config somewhere let data_path = "./data/bots"; - let bot = db_conn - .run(move |conn| bots::find_bot(bot_id, conn)) - .await - .expect("Bot not found"); + let bot = bots::find_bot(bot_id, &conn).expect("Bot not found"); assert_eq!(user.id, bot.owner_id); @@ -71,26 +53,23 @@ pub async fn upload_bot_code( let token: [u8; 16] = rand::thread_rng().gen(); let name = base64::encode(&token); - let path = Path::new(data_path).join(name); - let capped_buf = data.open(10usize.megabytes()).into_bytes().await.unwrap(); - assert!(capped_buf.is_complete()); - let buf = capped_buf.into_inner(); + let path = path::Path::new(data_path).join(name); + // let capped_buf = data.open(10usize.megabytes()).into_bytes().await.unwrap(); + // assert!(capped_buf.is_complete()); + // let buf = capped_buf.into_inner(); + let buf = hyper::body::to_bytes(body).await.unwrap(); zip::ZipArchive::new(Cursor::new(buf)) .unwrap() .extract(&path) .unwrap(); - let code_bundle = db_conn - .run(move |conn| { - let bundle = bots::NewCodeBundle { - bot_id: bot.id, - path: path.to_str().unwrap(), - }; - bots::create_code_bundle(&bundle, conn).expect("Failed to create code bundle") - }) - .await; + let bundle = bots::NewCodeBundle { + bot_id: bot.id, + path: path.to_str().unwrap(), + }; + let code_bundle = + bots::create_code_bundle(&bundle, &conn).expect("Failed to create code bundle"); - // TODO: proper location - status::Created::new("").body(Json(code_bundle)) + (StatusCode::CREATED, Json(code_bundle)) } diff --git a/backend/src/routes/users.rs b/backend/src/routes/users.rs index 45a94b9..fc77d7b 100644 --- a/backend/src/routes/users.rs +++ b/backend/src/routes/users.rs @@ -1,48 +1,32 @@ +use crate::db::users::{Credentials, User}; use crate::db::{sessions, users}; -use crate::{ - db::users::{Credentials, User}, - DbConn, -}; -use rocket::serde::json::Json; +use crate::DatabaseConnection; +use axum::extract::{FromRequest, RequestParts, TypedHeader}; +use axum::headers::authorization::Bearer; +use axum::headers::Authorization; +use axum::http::StatusCode; +use axum::{async_trait, Json}; use serde::{Deserialize, Serialize}; -use rocket::http::Status; -use rocket::request::{FromRequest, Outcome, Request}; -use rocket::response::status; +type AuthorizationHeader = TypedHeader>; -#[derive(Debug)] -pub enum AuthTokenError { - BadCount, - Missing, - Invalid, -} - -// TODO: error handling and proper lifetimes -#[rocket::async_trait] -impl<'r> FromRequest<'r> for User { - type Error = AuthTokenError; +#[async_trait] +impl FromRequest for User +where + B: Send, +{ + type Rejection = (StatusCode, String); - async fn from_request(request: &'r Request<'_>) -> Outcome { - let keys: Vec<_> = request.headers().get("Authorization").collect(); - let auth_header = match keys.len() { - 0 => return Outcome::Failure((Status::BadRequest, AuthTokenError::Missing)), - 1 => keys[0], - _ => return Outcome::Failure((Status::BadRequest, AuthTokenError::BadCount)), - }; + async fn from_request(req: &mut RequestParts) -> Result { + let conn = DatabaseConnection::from_request(req).await?; + let TypedHeader(Authorization(bearer)) = AuthorizationHeader::from_request(req) + .await + .map_err(|_| (StatusCode::UNAUTHORIZED, "".to_string()))?; - let token = match auth_header.strip_prefix("Bearer ") { - Some(token) => token.to_string(), - None => return Outcome::Failure((Status::BadRequest, AuthTokenError::Invalid)), - }; + let (_session, user) = sessions::find_user_by_session(bearer.token(), &conn) + .map_err(|_| (StatusCode::UNAUTHORIZED, "".to_string()))?; - let db = request.guard::().await.unwrap(); - let res = db - .run(move |conn| sessions::find_user_by_session(&token, conn)) - .await; - match res { - Ok((_session, user)) => Outcome::Success(user), - Err(_) => Outcome::Failure((Status::Unauthorized, AuthTokenError::Invalid)), - } + Ok(user) } } @@ -67,18 +51,16 @@ pub struct RegistrationParams { pub password: String, } -#[post("/register", data = "")] -pub async fn register(db_conn: DbConn, params: Json) -> Json { - db_conn - .run(move |conn| { - let credentials = Credentials { - username: ¶ms.username, - password: ¶ms.password, - }; - let user = users::create_user(&credentials, conn).unwrap(); - Json(user.into()) - }) - .await +pub async fn register( + conn: DatabaseConnection, + params: Json, +) -> Json { + let credentials = Credentials { + username: ¶ms.username, + password: ¶ms.password, + }; + let user = users::create_user(&credentials, &conn).unwrap(); + Json(user.into()) } #[derive(Deserialize)] @@ -87,32 +69,26 @@ pub struct LoginParams { pub password: String, } -#[post("/login", data = "")] pub async fn login( - db_conn: DbConn, + conn: DatabaseConnection, params: Json, -) -> Result> { - db_conn - .run(move |conn| { - let credentials = Credentials { - username: ¶ms.username, - password: ¶ms.password, - }; - // TODO: handle failures - let authenticated = users::authenticate_user(&credentials, conn); +) -> Result { + let credentials = Credentials { + username: ¶ms.username, + password: ¶ms.password, + }; + // TODO: handle failures + let authenticated = users::authenticate_user(&credentials, &conn); - match authenticated { - None => Err(status::Forbidden(Some("invalid auth"))), - Some(user) => { - let session = sessions::create_session(&user, conn); - Ok(session.token) - } - } - }) - .await + match authenticated { + None => Err(StatusCode::FORBIDDEN), + Some(user) => { + let session = sessions::create_session(&user, &conn); + Ok(session.token) + } + } } -#[get("/users/me")] pub async fn current_user(user: User) -> Json { Json(user.into()) } -- cgit v1.2.3