From 8b4440f7236b0972c1a804eea4c8305b958ad03c Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Mon, 13 Dec 2021 15:43:47 +0100 Subject: setup basic rocket+diesel app --- backend/src/main.rs | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 backend/src/main.rs (limited to 'backend/src') diff --git a/backend/src/main.rs b/backend/src/main.rs new file mode 100644 index 0000000..fd0ff2e --- /dev/null +++ b/backend/src/main.rs @@ -0,0 +1,15 @@ +#![feature(proc_macro_hygiene, decl_macro)] + +#[macro_use] +extern crate rocket; +#[macro_use] +extern crate rocket_contrib; + +#[get("/")] +fn index() -> &'static str { + "Hello, world!" +} + +fn main() { + rocket::ignite().mount("/", routes![index]).launch(); +} -- cgit v1.2.3 From eabeb7ed7b641dea0b8e71ab33ab97b4ed7a4cda Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Mon, 13 Dec 2021 22:41:20 +0100 Subject: start implementing basic login functionality --- backend/src/db/mod.rs | 2 + backend/src/db/sessions.rs | 46 +++++++++++++++++++ backend/src/db/users.rs | 106 ++++++++++++++++++++++++++++++++++++++++++++ backend/src/main.rs | 27 +++++++++-- backend/src/routes/mod.rs | 1 + backend/src/routes/users.rs | 100 +++++++++++++++++++++++++++++++++++++++++ backend/src/schema.rs | 20 +++++++++ 7 files changed, 299 insertions(+), 3 deletions(-) create mode 100644 backend/src/db/mod.rs create mode 100644 backend/src/db/sessions.rs create mode 100644 backend/src/db/users.rs create mode 100644 backend/src/routes/mod.rs create mode 100644 backend/src/routes/users.rs create mode 100644 backend/src/schema.rs (limited to 'backend/src') diff --git a/backend/src/db/mod.rs b/backend/src/db/mod.rs new file mode 100644 index 0000000..b6e3efc --- /dev/null +++ b/backend/src/db/mod.rs @@ -0,0 +1,2 @@ +pub mod sessions; +pub mod users; diff --git a/backend/src/db/sessions.rs b/backend/src/db/sessions.rs new file mode 100644 index 0000000..0cc3f1a --- /dev/null +++ b/backend/src/db/sessions.rs @@ -0,0 +1,46 @@ +use super::users::User; +use crate::schema::{sessions, users}; +use base64; +use diesel::PgConnection; +use diesel::{insert_into, prelude::*, Insertable, RunQueryDsl}; +use rand::{self, Rng}; + +#[derive(Insertable)] +#[table_name = "sessions"] +struct NewSession { + token: String, + user_id: i32, +} + +#[derive(Queryable, Debug, PartialEq)] +pub struct Session { + pub id: i32, + pub user_id: i32, + pub token: String, +} + +pub fn create_session(user: &User, conn: &PgConnection) -> Session { + let new_session = NewSession { + token: gen_session_token(), + user_id: user.user_id, + }; + let session = insert_into(sessions::table) + .values(&new_session) + .get_result::(conn) + .unwrap(); + + return session; +} + +pub fn find_user_by_session(token: &str, conn: &PgConnection) -> QueryResult<(Session, User)> { + sessions::table + .inner_join(users::table) + .filter(sessions::token.eq(&token)) + .first::<(Session, User)>(conn) +} + +pub fn gen_session_token() -> String { + let mut rng = rand::thread_rng(); + let token: [u8; 32] = rng.gen(); + return base64::encode(&token); +} diff --git a/backend/src/db/users.rs b/backend/src/db/users.rs new file mode 100644 index 0000000..c06e5b3 --- /dev/null +++ b/backend/src/db/users.rs @@ -0,0 +1,106 @@ +use crate::{schema::users, DbConn}; +use argon2; +use diesel::{prelude::*, PgConnection}; +use rand::Rng; +use serde::{Deserialize, Serialize}; + +#[derive(Debug, Deserialize)] +pub struct Credentials<'a> { + pub username: &'a str, + pub password: &'a str, +} + +#[derive(Insertable)] +#[table_name = "users"] +pub struct NewUser<'a> { + pub username: &'a str, + pub password_hash: &'a [u8], + pub password_salt: &'a [u8], +} + +#[derive(Queryable, Debug)] +pub struct User { + pub user_id: i32, + pub username: String, + pub password_salt: Vec, + pub password_hash: Vec, +} + +// TODO: make this configurable somewhere +fn argon2_config() -> argon2::Config<'static> { + argon2::Config { + variant: argon2::Variant::Argon2i, + version: argon2::Version::Version13, + mem_cost: 4096, + time_cost: 3, + lanes: 1, + thread_mode: argon2::ThreadMode::Sequential, + // TODO: set a secret + secret: &[], + ad: &[], + hash_length: 32, + } +} + +pub fn create_user(credentials: &Credentials, conn: &PgConnection) -> QueryResult { + let argon_config = argon2_config(); + + let salt: [u8; 32] = rand::thread_rng().gen(); + let hash = argon2::hash_raw(credentials.password.as_bytes(), &salt, &argon_config).unwrap(); + let new_user = NewUser { + username: &credentials.username, + password_salt: &salt, + password_hash: &hash, + }; + diesel::insert_into(users::table) + .values(&new_user) + .get_result::(conn) +} + +pub fn authenticate_user(credentials: &Credentials, db_conn: &PgConnection) -> Option { + let user = users::table + .filter(users::username.eq(&credentials.username)) + .first::(db_conn) + .unwrap(); + + let password_matches = argon2::verify_raw( + credentials.password.as_bytes(), + &user.password_salt, + &user.password_hash, + &argon2_config(), + ) + .unwrap(); + + if password_matches { + return Some(user); + } else { + return None; + } +} + +#[test] +fn test_argon() { + let credentials = Credentials { + username: "piepkonijn", + password: "geheim123", + }; + let argon_config = argon2_config(); + + let salt: [u8; 32] = rand::thread_rng().gen(); + let hash = argon2::hash_raw(credentials.password.as_bytes(), &salt, &argon_config).unwrap(); + let new_user = NewUser { + username: &credentials.username, + password_hash: &hash, + password_salt: &salt, + }; + + let password_matches = argon2::verify_raw( + credentials.password.as_bytes(), + &new_user.password_salt, + &new_user.password_hash, + &argon2_config(), + ) + .unwrap(); + + assert!(password_matches); +} diff --git a/backend/src/main.rs b/backend/src/main.rs index fd0ff2e..6ee54ec 100644 --- a/backend/src/main.rs +++ b/backend/src/main.rs @@ -1,15 +1,36 @@ #![feature(proc_macro_hygiene, decl_macro)] +use rocket::{Build, Rocket}; +use rocket_sync_db_pools::database; + #[macro_use] extern crate rocket; #[macro_use] -extern crate rocket_contrib; +extern crate diesel; + +mod db; +mod routes; +mod schema; + +#[database("postgresql_database")] +pub struct DbConn(diesel::PgConnection); #[get("/")] fn index() -> &'static str { "Hello, world!" } -fn main() { - rocket::ignite().mount("/", routes![index]).launch(); +#[launch] +fn rocket() -> Rocket { + rocket::build() + .mount( + "/", + routes![ + index, + routes::users::register, + routes::users::login, + routes::users::current_user, + ], + ) + .attach(DbConn::fairing()) } diff --git a/backend/src/routes/mod.rs b/backend/src/routes/mod.rs new file mode 100644 index 0000000..913bd46 --- /dev/null +++ b/backend/src/routes/mod.rs @@ -0,0 +1 @@ +pub mod users; diff --git a/backend/src/routes/users.rs b/backend/src/routes/users.rs new file mode 100644 index 0000000..274b712 --- /dev/null +++ b/backend/src/routes/users.rs @@ -0,0 +1,100 @@ +use crate::db::{sessions, users}; +use crate::{ + db::users::{Credentials, User}, + DbConn, +}; +use rocket::serde::json::Json; +use serde::{Deserialize, Serialize}; + +use rocket::http::Status; +use rocket::request::{self, FromRequest, Outcome, Request}; + +#[derive(Debug)] +pub enum AuthTokenError { + BadCount, + Missing, + Invalid, +} + +// TODO: error handling and proper lifetimes +#[rocket::async_trait] +impl<'r> FromRequest<'r> for User { + type Error = AuthTokenError; + + async fn from_request(request: &'r Request<'_>) -> Outcome { + let keys: Vec<_> = request.headers().get("Authorization").collect(); + let token = match keys.len() { + 0 => return Outcome::Failure((Status::BadRequest, AuthTokenError::Missing)), + 1 => keys[0].to_string(), + _ => return Outcome::Failure((Status::BadRequest, AuthTokenError::BadCount)), + }; + let db = request.guard::().await.unwrap(); + let (_session, user) = db + .run(move |conn| sessions::find_user_by_session(&token, conn)) + .await + .unwrap(); + Outcome::Success(user) + } +} + +#[derive(Serialize, Deserialize)] +pub struct UserData { + pub user_id: i32, + pub username: String, +} + +impl From for UserData { + fn from(user: User) -> Self { + UserData { + user_id: user.user_id, + username: user.username, + } + } +} + +#[derive(Deserialize)] +pub struct RegistrationParams { + pub username: String, + pub password: String, +} + +#[post("/register", data = "")] +pub async fn register(db_conn: DbConn, params: Json) -> Json { + db_conn + .run(move |conn| { + let credentials = Credentials { + username: ¶ms.username, + password: ¶ms.password, + }; + let user = users::create_user(&credentials, conn).unwrap(); + Json(user.into()) + }) + .await +} + +#[derive(Deserialize)] +pub struct LoginParams { + pub username: String, + pub password: String, +} + +#[post("/login", data = "")] +pub async fn login(db_conn: DbConn, params: Json) -> String { + db_conn + .run(move |conn| { + let credentials = Credentials { + username: ¶ms.username, + password: ¶ms.password, + }; + // TODO: handle failures + let user = users::authenticate_user(&credentials, conn).unwrap(); + let session = sessions::create_session(&user, conn); + return session.token; + }) + .await +} + +#[get("/users/me")] +pub async fn current_user(user: User) -> Json { + Json(user.into()) +} diff --git a/backend/src/schema.rs b/backend/src/schema.rs new file mode 100644 index 0000000..04ecbd7 --- /dev/null +++ b/backend/src/schema.rs @@ -0,0 +1,20 @@ +table! { + sessions (id) { + id -> Int4, + user_id -> Int4, + token -> Varchar, + } +} + +table! { + users (id) { + id -> Int4, + username -> Varchar, + password_salt -> Bytea, + password_hash -> Bytea, + } +} + +joinable!(sessions -> users (user_id)); + +allow_tables_to_appear_in_same_query!(sessions, users,); -- cgit v1.2.3 From 13cdbc7ff760ae91ee3f62b2a2f62c7559ccaa3c Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Tue, 14 Dec 2021 20:23:07 +0100 Subject: test registration & login --- backend/src/lib.rs | 35 +++++++++++++++++++++++++++++++++++ backend/src/main.rs | 34 +++------------------------------- 2 files changed, 38 insertions(+), 31 deletions(-) create mode 100644 backend/src/lib.rs (limited to 'backend/src') diff --git a/backend/src/lib.rs b/backend/src/lib.rs new file mode 100644 index 0000000..0a21850 --- /dev/null +++ b/backend/src/lib.rs @@ -0,0 +1,35 @@ +#![feature(proc_macro_hygiene, decl_macro)] + +use rocket::{Build, Rocket}; +use rocket_sync_db_pools::database; + +#[macro_use] +extern crate rocket; +#[macro_use] +extern crate diesel; + +mod db; +mod routes; +mod schema; + +#[database("postgresql_database")] +pub struct DbConn(diesel::PgConnection); + +#[get("/")] +fn index() -> &'static str { + "Hello, world!" +} + +pub fn rocket() -> Rocket { + rocket::build() + .mount( + "/", + routes![ + index, + routes::users::register, + routes::users::login, + routes::users::current_user, + ], + ) + .attach(DbConn::fairing()) +} diff --git a/backend/src/main.rs b/backend/src/main.rs index 6ee54ec..65be48d 100644 --- a/backend/src/main.rs +++ b/backend/src/main.rs @@ -1,36 +1,8 @@ -#![feature(proc_macro_hygiene, decl_macro)] - -use rocket::{Build, Rocket}; -use rocket_sync_db_pools::database; - #[macro_use] extern crate rocket; -#[macro_use] -extern crate diesel; - -mod db; -mod routes; -mod schema; - -#[database("postgresql_database")] -pub struct DbConn(diesel::PgConnection); - -#[get("/")] -fn index() -> &'static str { - "Hello, world!" -} +extern crate mozaic4_backend; #[launch] -fn rocket() -> Rocket { - rocket::build() - .mount( - "/", - routes![ - index, - routes::users::register, - routes::users::login, - routes::users::current_user, - ], - ) - .attach(DbConn::fairing()) +fn launch() -> _ { + mozaic4_backend::rocket() } -- cgit v1.2.3 From 6aa72b3c8717f32e62c772aeed327d3cd9a6fa65 Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Wed, 15 Dec 2021 22:40:55 +0100 Subject: gracefully handle invalid login credentials --- backend/src/db/users.rs | 32 +++++++++++++++++--------------- backend/src/main.rs | 2 +- backend/src/routes/users.rs | 40 +++++++++++++++++++++++++++++----------- 3 files changed, 47 insertions(+), 27 deletions(-) (limited to 'backend/src') diff --git a/backend/src/db/users.rs b/backend/src/db/users.rs index c06e5b3..29cee88 100644 --- a/backend/src/db/users.rs +++ b/backend/src/db/users.rs @@ -58,24 +58,26 @@ pub fn create_user(credentials: &Credentials, conn: &PgConnection) -> QueryResul } pub fn authenticate_user(credentials: &Credentials, db_conn: &PgConnection) -> Option { - let user = users::table + users::table .filter(users::username.eq(&credentials.username)) .first::(db_conn) - .unwrap(); + .optional() + .unwrap() + .and_then(|user| { + let password_matches = argon2::verify_raw( + credentials.password.as_bytes(), + &user.password_salt, + &user.password_hash, + &argon2_config(), + ) + .unwrap(); - let password_matches = argon2::verify_raw( - credentials.password.as_bytes(), - &user.password_salt, - &user.password_hash, - &argon2_config(), - ) - .unwrap(); - - if password_matches { - return Some(user); - } else { - return None; - } + if password_matches { + return Some(user); + } else { + return None; + } + }) } #[test] diff --git a/backend/src/main.rs b/backend/src/main.rs index 65be48d..3c0efa8 100644 --- a/backend/src/main.rs +++ b/backend/src/main.rs @@ -3,6 +3,6 @@ extern crate rocket; extern crate mozaic4_backend; #[launch] -fn launch() -> _ { +fn launch() -> rocket::Rocket { mozaic4_backend::rocket() } diff --git a/backend/src/routes/users.rs b/backend/src/routes/users.rs index 274b712..72a857f 100644 --- a/backend/src/routes/users.rs +++ b/backend/src/routes/users.rs @@ -7,7 +7,8 @@ use rocket::serde::json::Json; use serde::{Deserialize, Serialize}; use rocket::http::Status; -use rocket::request::{self, FromRequest, Outcome, Request}; +use rocket::request::{FromRequest, Outcome, Request}; +use rocket::response::status; #[derive(Debug)] pub enum AuthTokenError { @@ -23,17 +24,25 @@ impl<'r> FromRequest<'r> for User { async fn from_request(request: &'r Request<'_>) -> Outcome { let keys: Vec<_> = request.headers().get("Authorization").collect(); - let token = match keys.len() { + let auth_header = match keys.len() { 0 => return Outcome::Failure((Status::BadRequest, AuthTokenError::Missing)), - 1 => keys[0].to_string(), + 1 => keys[0], _ => return Outcome::Failure((Status::BadRequest, AuthTokenError::BadCount)), }; + + let token = match auth_header.strip_prefix("Bearer ") { + Some(token) => token.to_string(), + None => return Outcome::Failure((Status::BadRequest, AuthTokenError::Invalid)), + }; + let db = request.guard::().await.unwrap(); - let (_session, user) = db + let res = db .run(move |conn| sessions::find_user_by_session(&token, conn)) - .await - .unwrap(); - Outcome::Success(user) + .await; + match res { + Ok((_session, user)) => Outcome::Success(user), + Err(_) => Outcome::Failure((Status::Unauthorized, AuthTokenError::Invalid)), + } } } @@ -79,7 +88,10 @@ pub struct LoginParams { } #[post("/login", data = "")] -pub async fn login(db_conn: DbConn, params: Json) -> String { +pub async fn login( + db_conn: DbConn, + params: Json, +) -> Result> { db_conn .run(move |conn| { let credentials = Credentials { @@ -87,9 +99,15 @@ pub async fn login(db_conn: DbConn, params: Json) -> String { password: ¶ms.password, }; // TODO: handle failures - let user = users::authenticate_user(&credentials, conn).unwrap(); - let session = sessions::create_session(&user, conn); - return session.token; + let authenticated = users::authenticate_user(&credentials, conn); + + match authenticated { + None => Err(status::Forbidden(Some("invalid auth"))), + Some(user) => { + let session = sessions::create_session(&user, conn); + Ok(session.token) + } + } }) .await } -- cgit v1.2.3 From 52242b03f1af7f73e73592c2e5ee2bc54813a64d Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Sun, 19 Dec 2021 00:16:46 +0100 Subject: simple bot uploads --- backend/src/db/bots.rs | 54 +++++++++++++++++++++++++ backend/src/db/mod.rs | 1 + backend/src/db/sessions.rs | 2 +- backend/src/db/users.rs | 2 +- backend/src/lib.rs | 9 +++-- backend/src/routes/bots.rs | 96 +++++++++++++++++++++++++++++++++++++++++++++ backend/src/routes/mod.rs | 1 + backend/src/routes/users.rs | 2 +- backend/src/schema.rs | 21 +++++++++- 9 files changed, 181 insertions(+), 7 deletions(-) create mode 100644 backend/src/db/bots.rs create mode 100644 backend/src/routes/bots.rs (limited to 'backend/src') diff --git a/backend/src/db/bots.rs b/backend/src/db/bots.rs new file mode 100644 index 0000000..d359e28 --- /dev/null +++ b/backend/src/db/bots.rs @@ -0,0 +1,54 @@ +use diesel::prelude::*; +use serde::{Deserialize, Serialize}; + +use crate::schema::{bots, code_bundles}; +use crate::DbConn; +use chrono; + +#[derive(Insertable)] +#[table_name = "bots"] +pub struct NewBot<'a> { + pub owner_id: i32, + pub name: &'a str, +} + +#[derive(Queryable, Debug, PartialEq, Serialize, Deserialize)] +pub struct Bot { + pub id: i32, + pub owner_id: i32, + pub name: String, +} + +pub fn create_bot(new_bot: &NewBot, conn: &PgConnection) -> QueryResult { + diesel::insert_into(bots::table) + .values(new_bot) + .get_result(conn) +} + +pub fn find_bot(id: i32, conn: &PgConnection) -> QueryResult { + bots::table.find(id).first(conn) +} + +#[derive(Insertable)] +#[table_name = "code_bundles"] +pub struct NewCodeBundle<'a> { + pub bot_id: i32, + pub path: &'a str, +} + +#[derive(Queryable, Serialize, Deserialize, Debug)] +pub struct CodeBundle { + pub id: i32, + pub bot_id: i32, + pub path: String, + pub created_at: chrono::NaiveDateTime, +} + +pub fn create_code_bundle( + new_code_bundle: &NewCodeBundle, + conn: &PgConnection, +) -> QueryResult { + diesel::insert_into(code_bundles::table) + .values(new_code_bundle) + .get_result(conn) +} diff --git a/backend/src/db/mod.rs b/backend/src/db/mod.rs index b6e3efc..947b789 100644 --- a/backend/src/db/mod.rs +++ b/backend/src/db/mod.rs @@ -1,2 +1,3 @@ +pub mod bots; pub mod sessions; pub mod users; diff --git a/backend/src/db/sessions.rs b/backend/src/db/sessions.rs index 0cc3f1a..96f3926 100644 --- a/backend/src/db/sessions.rs +++ b/backend/src/db/sessions.rs @@ -22,7 +22,7 @@ pub struct Session { pub fn create_session(user: &User, conn: &PgConnection) -> Session { let new_session = NewSession { token: gen_session_token(), - user_id: user.user_id, + user_id: user.id, }; let session = insert_into(sessions::table) .values(&new_session) diff --git a/backend/src/db/users.rs b/backend/src/db/users.rs index 29cee88..0817766 100644 --- a/backend/src/db/users.rs +++ b/backend/src/db/users.rs @@ -20,7 +20,7 @@ pub struct NewUser<'a> { #[derive(Queryable, Debug)] pub struct User { - pub user_id: i32, + pub id: i32, pub username: String, pub password_salt: Vec, pub password_hash: Vec, diff --git a/backend/src/lib.rs b/backend/src/lib.rs index 0a21850..8807637 100644 --- a/backend/src/lib.rs +++ b/backend/src/lib.rs @@ -8,9 +8,9 @@ extern crate rocket; #[macro_use] extern crate diesel; -mod db; -mod routes; -mod schema; +pub mod db; +pub mod routes; +pub mod schema; #[database("postgresql_database")] pub struct DbConn(diesel::PgConnection); @@ -29,6 +29,9 @@ pub fn rocket() -> Rocket { routes::users::register, routes::users::login, routes::users::current_user, + routes::bots::create_bot, + routes::bots::get_bot, + routes::bots::upload_bot_code, ], ) .attach(DbConn::fairing()) diff --git a/backend/src/routes/bots.rs b/backend/src/routes/bots.rs new file mode 100644 index 0000000..413c145 --- /dev/null +++ b/backend/src/routes/bots.rs @@ -0,0 +1,96 @@ +use rand::Rng; +use rocket::data::ToByteUnit; +use rocket::fs::TempFile; +use rocket::Data; +use rocket::{response::status, serde::json::Json}; +use serde::{Deserialize, Serialize}; +use std::io::Cursor; +use std::path::Path; + +use crate::DbConn; + +use crate::db::bots::{self, CodeBundle}; +use crate::db::users::User; +use bots::Bot; + +#[derive(Serialize, Deserialize, Debug)] +pub struct BotParams { + name: String, +} + +// TODO: handle errors +#[post("/bots", data = "")] +pub async fn create_bot( + db_conn: DbConn, + user: User, + params: Json, +) -> status::Created> { + db_conn + .run(move |conn| { + let bot_params = bots::NewBot { + owner_id: user.id, + name: ¶ms.name, + }; + let bot = bots::create_bot(&bot_params, conn).unwrap(); + let bot_url = uri!(get_bot(bot.id)).to_string(); + status::Created::new(bot_url).body(Json(bot)) + }) + .await +} + +// TODO: handle errors +#[get("/bots/")] +pub async fn get_bot(db_conn: DbConn, bot_id: i32) -> Json { + db_conn + .run(move |conn| { + let bot = bots::find_bot(bot_id, conn).unwrap(); + Json(bot) + }) + .await +} + +// TODO: proper error handling +#[post("/bots//upload", data = "")] +pub async fn upload_bot_code( + db_conn: DbConn, + user: User, + bot_id: i32, + data: Data<'_>, +) -> status::Created> { + // TODO: put in config somewhere + let data_path = "./data/bots"; + + let bot = db_conn + .run(move |conn| bots::find_bot(bot_id, conn)) + .await + .expect("Bot not found"); + + assert_eq!(user.id, bot.owner_id); + + // generate a random filename + let token: [u8; 16] = rand::thread_rng().gen(); + let name = base64::encode(&token); + + let path = Path::new(data_path).join(name); + let capped_buf = data.open(10usize.megabytes()).into_bytes().await.unwrap(); + assert!(capped_buf.is_complete()); + let buf = capped_buf.into_inner(); + + zip::ZipArchive::new(Cursor::new(buf)) + .unwrap() + .extract(&path) + .unwrap(); + + let code_bundle = db_conn + .run(move |conn| { + let bundle = bots::NewCodeBundle { + bot_id: bot.id, + path: path.to_str().unwrap(), + }; + bots::create_code_bundle(&bundle, conn).expect("Failed to create code bundle") + }) + .await; + + // TODO: proper location + status::Created::new("").body(Json(code_bundle)) +} diff --git a/backend/src/routes/mod.rs b/backend/src/routes/mod.rs index 913bd46..718d7ef 100644 --- a/backend/src/routes/mod.rs +++ b/backend/src/routes/mod.rs @@ -1 +1,2 @@ +pub mod bots; pub mod users; diff --git a/backend/src/routes/users.rs b/backend/src/routes/users.rs index 72a857f..45a94b9 100644 --- a/backend/src/routes/users.rs +++ b/backend/src/routes/users.rs @@ -55,7 +55,7 @@ pub struct UserData { impl From for UserData { fn from(user: User) -> Self { UserData { - user_id: user.user_id, + user_id: user.id, username: user.username, } } diff --git a/backend/src/schema.rs b/backend/src/schema.rs index 04ecbd7..bf58434 100644 --- a/backend/src/schema.rs +++ b/backend/src/schema.rs @@ -1,3 +1,20 @@ +table! { + bots (id) { + id -> Int4, + owner_id -> Int4, + name -> Text, + } +} + +table! { + code_bundles (id) { + id -> Int4, + bot_id -> Int4, + path -> Text, + created_at -> Timestamp, + } +} + table! { sessions (id) { id -> Int4, @@ -15,6 +32,8 @@ table! { } } +joinable!(bots -> users (owner_id)); +joinable!(code_bundles -> bots (bot_id)); joinable!(sessions -> users (user_id)); -allow_tables_to_appear_in_same_query!(sessions, users,); +allow_tables_to_appear_in_same_query!(bots, code_bundles, sessions, users,); -- cgit v1.2.3 From 1fb4a5151bd8cfe6de4d8c19e2066a9281a0b61a Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Wed, 29 Dec 2021 16:11:27 +0100 Subject: migrate to axum --- backend/src/db/bots.rs | 1 - backend/src/db/users.rs | 2 +- backend/src/lib.rs | 95 ++++++++++++++++++++++++++--------- backend/src/main.rs | 18 +++++-- backend/src/routes/bots.rs | 87 +++++++++++++------------------- backend/src/routes/users.rs | 118 ++++++++++++++++++-------------------------- 6 files changed, 165 insertions(+), 156 deletions(-) (limited to 'backend/src') diff --git a/backend/src/db/bots.rs b/backend/src/db/bots.rs index d359e28..bc9cb11 100644 --- a/backend/src/db/bots.rs +++ b/backend/src/db/bots.rs @@ -2,7 +2,6 @@ use diesel::prelude::*; use serde::{Deserialize, Serialize}; use crate::schema::{bots, code_bundles}; -use crate::DbConn; use chrono; #[derive(Insertable)] diff --git a/backend/src/db/users.rs b/backend/src/db/users.rs index 0817766..663f173 100644 --- a/backend/src/db/users.rs +++ b/backend/src/db/users.rs @@ -1,4 +1,4 @@ -use crate::{schema::users, DbConn}; +use crate::schema::users; use argon2; use diesel::{prelude::*, PgConnection}; use rand::Rng; diff --git a/backend/src/lib.rs b/backend/src/lib.rs index 8807637..665523f 100644 --- a/backend/src/lib.rs +++ b/backend/src/lib.rs @@ -1,10 +1,5 @@ #![feature(proc_macro_hygiene, decl_macro)] -use rocket::{Build, Rocket}; -use rocket_sync_db_pools::database; - -#[macro_use] -extern crate rocket; #[macro_use] extern crate diesel; @@ -12,27 +7,79 @@ pub mod db; pub mod routes; pub mod schema; -#[database("postgresql_database")] -pub struct DbConn(diesel::PgConnection); +use std::ops::Deref; + +use axum; +use bb8::PooledConnection; +use bb8_diesel::{self, DieselConnectionManager}; +use diesel::PgConnection; -#[get("/")] -fn index() -> &'static str { +use axum::{ + async_trait, + extract::{Extension, FromRequest, RequestParts}, + http::StatusCode, + routing::{get, post}, + AddExtensionLayer, Router, +}; + +async fn index_handler() -> &'static str { "Hello, world!" } -pub fn rocket() -> Rocket { - rocket::build() - .mount( - "/", - routes![ - index, - routes::users::register, - routes::users::login, - routes::users::current_user, - routes::bots::create_bot, - routes::bots::get_bot, - routes::bots::upload_bot_code, - ], - ) - .attach(DbConn::fairing()) +type ConnectionPool = bb8::Pool>; + +pub async fn app() -> Router { + let database_url = "postgresql://planetwars:planetwars@localhost/planetwars"; + let manager = DieselConnectionManager::::new(database_url); + let pool = bb8::Pool::builder().build(manager).await.unwrap(); + + let app = Router::new() + .route("/", get(index_handler)) + .route("/users/register", post(routes::users::register)) + .route("/users/login", post(routes::users::login)) + .route("/users/me", get(routes::users::current_user)) + .route("/bots", post(routes::bots::create_bot)) + .route("/bots/:bot_id", get(routes::bots::get_bot)) + .route("/bots/:bot_id/upload", post(routes::bots::upload_bot_code)) + .layer(AddExtensionLayer::new(pool)); + app +} + +// we can also write a custom extractor that grabs a connection from the pool +// which setup is appropriate depends on your application +pub struct DatabaseConnection(PooledConnection<'static, DieselConnectionManager>); + +impl Deref for DatabaseConnection { + type Target = PooledConnection<'static, DieselConnectionManager>; + + fn deref(&self) -> &Self::Target { + &self.0 + } +} + +#[async_trait] +impl FromRequest for DatabaseConnection +where + B: Send, +{ + type Rejection = (StatusCode, String); + + async fn from_request(req: &mut RequestParts) -> Result { + let Extension(pool) = Extension::::from_request(req) + .await + .map_err(internal_error)?; + + let conn = pool.get_owned().await.map_err(internal_error)?; + + Ok(Self(conn)) + } +} + +/// Utility function for mapping any error into a `500 Internal Server Error` +/// response. +fn internal_error(err: E) -> (StatusCode, String) +where + E: std::error::Error, +{ + (StatusCode::INTERNAL_SERVER_ERROR, err.to_string()) } diff --git a/backend/src/main.rs b/backend/src/main.rs index 3c0efa8..c75aaf6 100644 --- a/backend/src/main.rs +++ b/backend/src/main.rs @@ -1,8 +1,16 @@ -#[macro_use] -extern crate rocket; +use std::net::SocketAddr; + extern crate mozaic4_backend; +extern crate tokio; + +#[tokio::main] +async fn main() { + let app = mozaic4_backend::app().await; + + let addr = SocketAddr::from(([127, 0, 0, 1], 9000)); -#[launch] -fn launch() -> rocket::Rocket { - mozaic4_backend::rocket() + axum::Server::bind(&addr) + .serve(app.into_make_service()) + .await + .unwrap(); } diff --git a/backend/src/routes/bots.rs b/backend/src/routes/bots.rs index 413c145..da09669 100644 --- a/backend/src/routes/bots.rs +++ b/backend/src/routes/bots.rs @@ -1,16 +1,14 @@ +use axum::extract::{Path, RawBody}; +use axum::http::StatusCode; +use axum::Json; use rand::Rng; -use rocket::data::ToByteUnit; -use rocket::fs::TempFile; -use rocket::Data; -use rocket::{response::status, serde::json::Json}; use serde::{Deserialize, Serialize}; use std::io::Cursor; -use std::path::Path; - -use crate::DbConn; +use std::path; use crate::db::bots::{self, CodeBundle}; use crate::db::users::User; +use crate::DatabaseConnection; use bots::Bot; #[derive(Serialize, Deserialize, Debug)] @@ -18,52 +16,36 @@ pub struct BotParams { name: String, } -// TODO: handle errors -#[post("/bots", data = "")] pub async fn create_bot( - db_conn: DbConn, + conn: DatabaseConnection, user: User, params: Json, -) -> status::Created> { - db_conn - .run(move |conn| { - let bot_params = bots::NewBot { - owner_id: user.id, - name: ¶ms.name, - }; - let bot = bots::create_bot(&bot_params, conn).unwrap(); - let bot_url = uri!(get_bot(bot.id)).to_string(); - status::Created::new(bot_url).body(Json(bot)) - }) - .await +) -> (StatusCode, Json) { + let bot_params = bots::NewBot { + owner_id: user.id, + name: ¶ms.name, + }; + let bot = bots::create_bot(&bot_params, &conn).unwrap(); + (StatusCode::CREATED, Json(bot)) } // TODO: handle errors -#[get("/bots/")] -pub async fn get_bot(db_conn: DbConn, bot_id: i32) -> Json { - db_conn - .run(move |conn| { - let bot = bots::find_bot(bot_id, conn).unwrap(); - Json(bot) - }) - .await +pub async fn get_bot(conn: DatabaseConnection, Path(bot_id): Path) -> Json { + let bot = bots::find_bot(bot_id, &conn).unwrap(); + Json(bot) } // TODO: proper error handling -#[post("/bots//upload", data = "")] pub async fn upload_bot_code( - db_conn: DbConn, + conn: DatabaseConnection, user: User, - bot_id: i32, - data: Data<'_>, -) -> status::Created> { + Path(bot_id): Path, + RawBody(body): RawBody, +) -> (StatusCode, Json) { // TODO: put in config somewhere let data_path = "./data/bots"; - let bot = db_conn - .run(move |conn| bots::find_bot(bot_id, conn)) - .await - .expect("Bot not found"); + let bot = bots::find_bot(bot_id, &conn).expect("Bot not found"); assert_eq!(user.id, bot.owner_id); @@ -71,26 +53,23 @@ pub async fn upload_bot_code( let token: [u8; 16] = rand::thread_rng().gen(); let name = base64::encode(&token); - let path = Path::new(data_path).join(name); - let capped_buf = data.open(10usize.megabytes()).into_bytes().await.unwrap(); - assert!(capped_buf.is_complete()); - let buf = capped_buf.into_inner(); + let path = path::Path::new(data_path).join(name); + // let capped_buf = data.open(10usize.megabytes()).into_bytes().await.unwrap(); + // assert!(capped_buf.is_complete()); + // let buf = capped_buf.into_inner(); + let buf = hyper::body::to_bytes(body).await.unwrap(); zip::ZipArchive::new(Cursor::new(buf)) .unwrap() .extract(&path) .unwrap(); - let code_bundle = db_conn - .run(move |conn| { - let bundle = bots::NewCodeBundle { - bot_id: bot.id, - path: path.to_str().unwrap(), - }; - bots::create_code_bundle(&bundle, conn).expect("Failed to create code bundle") - }) - .await; + let bundle = bots::NewCodeBundle { + bot_id: bot.id, + path: path.to_str().unwrap(), + }; + let code_bundle = + bots::create_code_bundle(&bundle, &conn).expect("Failed to create code bundle"); - // TODO: proper location - status::Created::new("").body(Json(code_bundle)) + (StatusCode::CREATED, Json(code_bundle)) } diff --git a/backend/src/routes/users.rs b/backend/src/routes/users.rs index 45a94b9..fc77d7b 100644 --- a/backend/src/routes/users.rs +++ b/backend/src/routes/users.rs @@ -1,48 +1,32 @@ +use crate::db::users::{Credentials, User}; use crate::db::{sessions, users}; -use crate::{ - db::users::{Credentials, User}, - DbConn, -}; -use rocket::serde::json::Json; +use crate::DatabaseConnection; +use axum::extract::{FromRequest, RequestParts, TypedHeader}; +use axum::headers::authorization::Bearer; +use axum::headers::Authorization; +use axum::http::StatusCode; +use axum::{async_trait, Json}; use serde::{Deserialize, Serialize}; -use rocket::http::Status; -use rocket::request::{FromRequest, Outcome, Request}; -use rocket::response::status; +type AuthorizationHeader = TypedHeader>; -#[derive(Debug)] -pub enum AuthTokenError { - BadCount, - Missing, - Invalid, -} - -// TODO: error handling and proper lifetimes -#[rocket::async_trait] -impl<'r> FromRequest<'r> for User { - type Error = AuthTokenError; +#[async_trait] +impl FromRequest for User +where + B: Send, +{ + type Rejection = (StatusCode, String); - async fn from_request(request: &'r Request<'_>) -> Outcome { - let keys: Vec<_> = request.headers().get("Authorization").collect(); - let auth_header = match keys.len() { - 0 => return Outcome::Failure((Status::BadRequest, AuthTokenError::Missing)), - 1 => keys[0], - _ => return Outcome::Failure((Status::BadRequest, AuthTokenError::BadCount)), - }; + async fn from_request(req: &mut RequestParts) -> Result { + let conn = DatabaseConnection::from_request(req).await?; + let TypedHeader(Authorization(bearer)) = AuthorizationHeader::from_request(req) + .await + .map_err(|_| (StatusCode::UNAUTHORIZED, "".to_string()))?; - let token = match auth_header.strip_prefix("Bearer ") { - Some(token) => token.to_string(), - None => return Outcome::Failure((Status::BadRequest, AuthTokenError::Invalid)), - }; + let (_session, user) = sessions::find_user_by_session(bearer.token(), &conn) + .map_err(|_| (StatusCode::UNAUTHORIZED, "".to_string()))?; - let db = request.guard::().await.unwrap(); - let res = db - .run(move |conn| sessions::find_user_by_session(&token, conn)) - .await; - match res { - Ok((_session, user)) => Outcome::Success(user), - Err(_) => Outcome::Failure((Status::Unauthorized, AuthTokenError::Invalid)), - } + Ok(user) } } @@ -67,18 +51,16 @@ pub struct RegistrationParams { pub password: String, } -#[post("/register", data = "")] -pub async fn register(db_conn: DbConn, params: Json) -> Json { - db_conn - .run(move |conn| { - let credentials = Credentials { - username: ¶ms.username, - password: ¶ms.password, - }; - let user = users::create_user(&credentials, conn).unwrap(); - Json(user.into()) - }) - .await +pub async fn register( + conn: DatabaseConnection, + params: Json, +) -> Json { + let credentials = Credentials { + username: ¶ms.username, + password: ¶ms.password, + }; + let user = users::create_user(&credentials, &conn).unwrap(); + Json(user.into()) } #[derive(Deserialize)] @@ -87,32 +69,26 @@ pub struct LoginParams { pub password: String, } -#[post("/login", data = "")] pub async fn login( - db_conn: DbConn, + conn: DatabaseConnection, params: Json, -) -> Result> { - db_conn - .run(move |conn| { - let credentials = Credentials { - username: ¶ms.username, - password: ¶ms.password, - }; - // TODO: handle failures - let authenticated = users::authenticate_user(&credentials, conn); +) -> Result { + let credentials = Credentials { + username: ¶ms.username, + password: ¶ms.password, + }; + // TODO: handle failures + let authenticated = users::authenticate_user(&credentials, &conn); - match authenticated { - None => Err(status::Forbidden(Some("invalid auth"))), - Some(user) => { - let session = sessions::create_session(&user, conn); - Ok(session.token) - } - } - }) - .await + match authenticated { + None => Err(StatusCode::FORBIDDEN), + Some(user) => { + let session = sessions::create_session(&user, &conn); + Ok(session.token) + } + } } -#[get("/users/me")] pub async fn current_user(user: User) -> Json { Json(user.into()) } -- cgit v1.2.3