mirror of
https://github.com/danbulant/Portfolio
synced 2026-07-06 03:20:53 +00:00
commit
077adfd117
8 changed files with 213 additions and 83 deletions
|
|
@ -7,6 +7,7 @@ publish = false
|
||||||
[dependencies]
|
[dependencies]
|
||||||
rocket = { version = "^0.5.0-rc.2", features = [
|
rocket = { version = "^0.5.0-rc.2", features = [
|
||||||
"json",
|
"json",
|
||||||
|
"secrets",
|
||||||
] }
|
] }
|
||||||
|
|
||||||
async-stream = { version = "^0.3" }
|
async-stream = { version = "^0.3" }
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,14 @@ impl Into<Admin> for AdminAuth {
|
||||||
impl<'r> FromRequest<'r> for AdminAuth {
|
impl<'r> FromRequest<'r> for AdminAuth {
|
||||||
type Error = Option<String>;
|
type Error = Option<String>;
|
||||||
async fn from_request(req: &'r Request<'_>) -> Outcome<AdminAuth, (Status, Self::Error), ()> {
|
async fn from_request(req: &'r Request<'_>) -> Outcome<AdminAuth, (Status, Self::Error), ()> {
|
||||||
let session_id = req.cookies().get("id").unwrap().name_value().1;
|
let cookie = req.cookies().get_private("id");
|
||||||
|
|
||||||
|
let Some(cookie) = cookie else {
|
||||||
|
return Outcome::Failure((Status::Unauthorized, None));
|
||||||
|
};
|
||||||
|
|
||||||
|
let session_id = cookie.name_value().1;
|
||||||
|
|
||||||
let conn = &req.rocket().state::<Db>().unwrap().conn;
|
let conn = &req.rocket().state::<Db>().unwrap().conn;
|
||||||
|
|
||||||
let uuid = match Uuid::parse_str(&session_id) {
|
let uuid = match Uuid::parse_str(&session_id) {
|
||||||
|
|
|
||||||
|
|
@ -14,12 +14,21 @@ impl Into<Candidate> for CandidateAuth {
|
||||||
self.0
|
self.0
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[rocket::async_trait]
|
#[rocket::async_trait]
|
||||||
impl<'r> FromRequest<'r> for CandidateAuth {
|
impl<'r> FromRequest<'r> for CandidateAuth {
|
||||||
type Error = Option<String>;
|
type Error = Option<String>;
|
||||||
async fn from_request(req: &'r Request<'_>) -> Outcome<CandidateAuth, (Status, Self::Error), ()> {
|
async fn from_request(
|
||||||
let session_id = req.cookies().get("id").unwrap().name_value().1;
|
req: &'r Request<'_>,
|
||||||
|
) -> Outcome<CandidateAuth, (Status, Self::Error), ()> {
|
||||||
|
let cookie = req.cookies().get_private("id");
|
||||||
|
|
||||||
|
let Some(cookie) = cookie else {
|
||||||
|
return Outcome::Failure((Status::Unauthorized, None));
|
||||||
|
};
|
||||||
|
|
||||||
|
let session_id = cookie.name_value().1;
|
||||||
|
|
||||||
let conn = &req.rocket().state::<Db>().unwrap().conn;
|
let conn = &req.rocket().state::<Db>().unwrap().conn;
|
||||||
|
|
||||||
let uuid = match Uuid::parse_str(&session_id) {
|
let uuid = match Uuid::parse_str(&session_id) {
|
||||||
|
|
@ -33,6 +42,5 @@ impl<'r> FromRequest<'r> for CandidateAuth {
|
||||||
Ok(model) => Outcome::Success(CandidateAuth(model)),
|
Ok(model) => Outcome::Success(CandidateAuth(model)),
|
||||||
Err(_) => Outcome::Failure((Status::Unauthorized, None)),
|
Err(_) => Outcome::Failure((Status::Unauthorized, None)),
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,23 +1,15 @@
|
||||||
#[macro_use]
|
#[macro_use]
|
||||||
extern crate rocket;
|
extern crate rocket;
|
||||||
|
|
||||||
use std::net::SocketAddr;
|
|
||||||
|
|
||||||
use guards::request::auth::{CandidateAuth, AdminAuth};
|
|
||||||
use portfolio_core::services::candidate_service::{CandidateService, UserDetails};
|
|
||||||
use requests::{LoginRequest, RegisterRequest};
|
|
||||||
use rocket::http::Status;
|
|
||||||
use rocket::{Rocket, Build};
|
|
||||||
use rocket::serde::json::Json;
|
|
||||||
use rocket::fairing::{self, AdHoc};
|
use rocket::fairing::{self, AdHoc};
|
||||||
use rocket::response::status::Custom;
|
|
||||||
|
|
||||||
use migration::{MigratorTrait};
|
use rocket::{Build, Rocket};
|
||||||
use sea_orm_rocket::{Connection, Database};
|
|
||||||
|
|
||||||
|
use migration::MigratorTrait;
|
||||||
|
use sea_orm_rocket::Database;
|
||||||
|
|
||||||
mod pool;
|
|
||||||
mod guards;
|
mod guards;
|
||||||
|
mod pool;
|
||||||
mod requests;
|
mod requests;
|
||||||
mod routes;
|
mod routes;
|
||||||
|
|
||||||
|
|
@ -26,70 +18,6 @@ use pool::Db;
|
||||||
pub use entity::candidate;
|
pub use entity::candidate;
|
||||||
pub use entity::candidate::Entity as Candidate;
|
pub use entity::candidate::Entity as Candidate;
|
||||||
|
|
||||||
use portfolio_core::crypto::random_8_char_string;
|
|
||||||
|
|
||||||
#[post("/", data = "<post_form>")]
|
|
||||||
async fn create(conn: Connection<'_, Db>, post_form: Json<RegisterRequest>) -> Result<String, Custom<String>> {
|
|
||||||
let db = conn.into_inner();
|
|
||||||
let form = post_form.into_inner();
|
|
||||||
|
|
||||||
let plain_text_password = random_8_char_string();
|
|
||||||
|
|
||||||
let candidate = CandidateService::create(db, form.application_id, &plain_text_password, form.personal_id_number)
|
|
||||||
.await;
|
|
||||||
|
|
||||||
if candidate.is_err() { // TODO cleanup
|
|
||||||
let e = candidate.err().unwrap();
|
|
||||||
return Err(Custom(Status::from_code(e.code()).unwrap_or_default(), e.message()));
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(plain_text_password)
|
|
||||||
}
|
|
||||||
|
|
||||||
#[get("/whoami")]
|
|
||||||
async fn validate(session: CandidateAuth) -> Result<String, Custom<String>> {
|
|
||||||
let candidate: entity::candidate::Model = session.into();
|
|
||||||
Ok(candidate.application.to_string())
|
|
||||||
}
|
|
||||||
|
|
||||||
#[get("/admin")]
|
|
||||||
async fn admin(session: AdminAuth) -> Result<String, Custom<String>> {
|
|
||||||
Ok("Hello admin".to_string())
|
|
||||||
}
|
|
||||||
|
|
||||||
#[put("/details", data = "<details>")]
|
|
||||||
async fn fill_details(conn: Connection<'_, Db>, details: Json<UserDetails>, session: CandidateAuth) -> Result<String, Custom<String>> {
|
|
||||||
let db = conn.into_inner();
|
|
||||||
let form = details.into_inner();
|
|
||||||
let candidate: entity::candidate::Model = session.into();
|
|
||||||
|
|
||||||
let candidate = CandidateService::add_user_details(db, candidate, form)
|
|
||||||
.await;
|
|
||||||
|
|
||||||
if candidate.is_err() { // TODO cleanup
|
|
||||||
let e = candidate.err().unwrap();
|
|
||||||
return Err(Custom(Status::from_code(e.code()).unwrap_or_default(), e.message()));
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok("Details added".to_string())
|
|
||||||
}
|
|
||||||
|
|
||||||
#[post("/login", data = "<login_form>")]
|
|
||||||
async fn login(conn: Connection<'_, Db>, login_form: Json<LoginRequest>, ip_addr: SocketAddr) -> Result<String, Custom<String>> {
|
|
||||||
let db = conn.into_inner();
|
|
||||||
println!("{} {}", login_form.application_id, login_form.password);
|
|
||||||
|
|
||||||
let session_token = CandidateService::login(
|
|
||||||
db,
|
|
||||||
login_form.application_id,
|
|
||||||
login_form.password.to_string(),
|
|
||||||
ip_addr.ip().to_string()
|
|
||||||
)
|
|
||||||
.await;
|
|
||||||
|
|
||||||
session_token.map_err(|e| Custom(Status::from_code(e.code()).unwrap_or_default(), e.message()))
|
|
||||||
}
|
|
||||||
|
|
||||||
#[get("/hello")]
|
#[get("/hello")]
|
||||||
async fn hello() -> &'static str {
|
async fn hello() -> &'static str {
|
||||||
"Hello, world!"
|
"Hello, world!"
|
||||||
|
|
@ -107,7 +35,24 @@ async fn start() -> Result<(), rocket::Error> {
|
||||||
.attach(Db::init())
|
.attach(Db::init())
|
||||||
.attach(AdHoc::try_on_ignite("Migrations", run_migrations))
|
.attach(AdHoc::try_on_ignite("Migrations", run_migrations))
|
||||||
//.mount("/", FileServer::from(relative!("/static")))
|
//.mount("/", FileServer::from(relative!("/static")))
|
||||||
.mount("/", routes![create, login, hello, validate, fill_details, admin])
|
.mount("/", routes![hello])
|
||||||
|
.mount(
|
||||||
|
"/candidate/",
|
||||||
|
routes![
|
||||||
|
routes::candidate::login,
|
||||||
|
routes::candidate::whoami,
|
||||||
|
routes::candidate::fill_details,
|
||||||
|
],
|
||||||
|
)
|
||||||
|
.mount(
|
||||||
|
"/admin/",
|
||||||
|
routes![
|
||||||
|
routes::admin::login,
|
||||||
|
routes::admin::whoami,
|
||||||
|
routes::admin::hello,
|
||||||
|
routes::admin::create_candidate,
|
||||||
|
],
|
||||||
|
)
|
||||||
.register("/", catchers![])
|
.register("/", catchers![])
|
||||||
.launch()
|
.launch()
|
||||||
.await
|
.await
|
||||||
|
|
|
||||||
|
|
@ -13,4 +13,12 @@ pub struct LoginRequest {
|
||||||
pub struct RegisterRequest {
|
pub struct RegisterRequest {
|
||||||
pub application_id: i32,
|
pub application_id: i32,
|
||||||
pub personal_id_number: String,
|
pub personal_id_number: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Serialize, Deserialize)]
|
||||||
|
#[serde(crate = "rocket::serde")]
|
||||||
|
pub struct AdminLoginRequest {
|
||||||
|
pub admin_id: i32,
|
||||||
|
pub password: String,
|
||||||
}
|
}
|
||||||
87
api/src/routes/admin.rs
Normal file
87
api/src/routes/admin.rs
Normal file
|
|
@ -0,0 +1,87 @@
|
||||||
|
use std::net::SocketAddr;
|
||||||
|
|
||||||
|
use portfolio_core::{
|
||||||
|
crypto::random_8_char_string,
|
||||||
|
services::{admin_service::AdminService, candidate_service::CandidateService},
|
||||||
|
};
|
||||||
|
use requests::{AdminLoginRequest, RegisterRequest};
|
||||||
|
use rocket::http::{Cookie, Status, CookieJar};
|
||||||
|
use rocket::response::status::Custom;
|
||||||
|
use rocket::serde::json::Json;
|
||||||
|
|
||||||
|
use sea_orm_rocket::Connection;
|
||||||
|
|
||||||
|
use crate::{guards::request::auth::AdminAuth, pool::Db, requests};
|
||||||
|
|
||||||
|
#[post("/login", data = "<login_form>")]
|
||||||
|
pub async fn login(
|
||||||
|
conn: Connection<'_, Db>,
|
||||||
|
login_form: Json<AdminLoginRequest>,
|
||||||
|
ip_addr: SocketAddr,
|
||||||
|
cookies: &CookieJar<'_>,
|
||||||
|
) -> Result<String, Custom<String>> {
|
||||||
|
let db = conn.into_inner();
|
||||||
|
println!("{} {}", login_form.admin_id, login_form.password);
|
||||||
|
|
||||||
|
let session_token = AdminService::login(
|
||||||
|
db,
|
||||||
|
login_form.admin_id,
|
||||||
|
login_form.password.to_string(),
|
||||||
|
ip_addr.ip().to_string(),
|
||||||
|
)
|
||||||
|
.await;
|
||||||
|
|
||||||
|
if let Err(e) = session_token {
|
||||||
|
return Err(Custom(
|
||||||
|
Status::from_code(e.code()).unwrap_or(Status::InternalServerError),
|
||||||
|
e.to_string(),
|
||||||
|
));
|
||||||
|
} else {
|
||||||
|
let session_token = session_token.unwrap();
|
||||||
|
cookies.add_private(Cookie::new("id", session_token.clone()));
|
||||||
|
|
||||||
|
return Ok(session_token);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[get("/whoami")]
|
||||||
|
pub async fn whoami(session: AdminAuth) -> Result<String, Custom<String>> {
|
||||||
|
let admin: entity::admin::Model = session.into();
|
||||||
|
Ok(admin.id.to_string())
|
||||||
|
}
|
||||||
|
|
||||||
|
#[get("/hello")]
|
||||||
|
pub async fn hello(_session: AdminAuth) -> Result<String, Custom<String>> {
|
||||||
|
Ok("Hello admin".to_string())
|
||||||
|
}
|
||||||
|
|
||||||
|
#[post("/create", data = "<post_form>")]
|
||||||
|
pub async fn create_candidate(
|
||||||
|
conn: Connection<'_, Db>,
|
||||||
|
_session: AdminAuth,
|
||||||
|
post_form: Json<RegisterRequest>,
|
||||||
|
) -> Result<String, Custom<String>> {
|
||||||
|
let db = conn.into_inner();
|
||||||
|
let form = post_form.into_inner();
|
||||||
|
|
||||||
|
let plain_text_password = random_8_char_string();
|
||||||
|
|
||||||
|
let candidate = CandidateService::create(
|
||||||
|
db,
|
||||||
|
form.application_id,
|
||||||
|
&plain_text_password,
|
||||||
|
form.personal_id_number,
|
||||||
|
)
|
||||||
|
.await;
|
||||||
|
|
||||||
|
if candidate.is_err() {
|
||||||
|
// TODO cleanup
|
||||||
|
let e = candidate.err().unwrap();
|
||||||
|
return Err(Custom(
|
||||||
|
Status::from_code(e.code()).unwrap_or_default(),
|
||||||
|
e.message(),
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(plain_text_password)
|
||||||
|
}
|
||||||
72
api/src/routes/candidate.rs
Normal file
72
api/src/routes/candidate.rs
Normal file
|
|
@ -0,0 +1,72 @@
|
||||||
|
use std::net::SocketAddr;
|
||||||
|
|
||||||
|
use portfolio_core::services::candidate_service::{CandidateService, UserDetails};
|
||||||
|
use requests::LoginRequest;
|
||||||
|
use rocket::http::{Cookie, CookieJar, Status};
|
||||||
|
use rocket::response::status::Custom;
|
||||||
|
use rocket::serde::json::Json;
|
||||||
|
|
||||||
|
use sea_orm_rocket::Connection;
|
||||||
|
|
||||||
|
use crate::{guards::request::auth::CandidateAuth, pool::Db, requests};
|
||||||
|
|
||||||
|
#[post("/login", data = "<login_form>")]
|
||||||
|
pub async fn login(
|
||||||
|
conn: Connection<'_, Db>,
|
||||||
|
login_form: Json<LoginRequest>,
|
||||||
|
ip_addr: SocketAddr,
|
||||||
|
cookies: &CookieJar<'_>,
|
||||||
|
) -> Result<String, Custom<String>> {
|
||||||
|
let db = conn.into_inner();
|
||||||
|
println!("{} {}", login_form.application_id, login_form.password);
|
||||||
|
|
||||||
|
let session_token = CandidateService::login(
|
||||||
|
db,
|
||||||
|
login_form.application_id,
|
||||||
|
login_form.password.to_string(),
|
||||||
|
ip_addr.ip().to_string(),
|
||||||
|
)
|
||||||
|
.await;
|
||||||
|
|
||||||
|
if let Err(e) = session_token {
|
||||||
|
return Err(Custom(
|
||||||
|
Status::from_code(e.code()).unwrap_or(Status::InternalServerError),
|
||||||
|
e.to_string(),
|
||||||
|
));
|
||||||
|
} else {
|
||||||
|
let session_token = session_token.unwrap();
|
||||||
|
cookies.add_private(Cookie::new("id", session_token.clone()));
|
||||||
|
|
||||||
|
return Ok(session_token);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[get("/whoami")]
|
||||||
|
pub async fn whoami(session: CandidateAuth) -> Result<String, Custom<String>> {
|
||||||
|
let candidate: entity::candidate::Model = session.into();
|
||||||
|
Ok(candidate.application.to_string())
|
||||||
|
}
|
||||||
|
|
||||||
|
#[put("/details", data = "<details>")]
|
||||||
|
pub async fn fill_details(
|
||||||
|
conn: Connection<'_, Db>,
|
||||||
|
details: Json<UserDetails>,
|
||||||
|
session: CandidateAuth,
|
||||||
|
) -> Result<String, Custom<String>> {
|
||||||
|
let db = conn.into_inner();
|
||||||
|
let form = details.into_inner();
|
||||||
|
let candidate: entity::candidate::Model = session.into();
|
||||||
|
|
||||||
|
let candidate = CandidateService::add_user_details(db, candidate, form).await;
|
||||||
|
|
||||||
|
if candidate.is_err() {
|
||||||
|
// TODO cleanup
|
||||||
|
let e = candidate.err().unwrap();
|
||||||
|
return Err(Custom(
|
||||||
|
Status::from_code(e.code()).unwrap_or_default(),
|
||||||
|
e.message(),
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok("Details added".to_string())
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,2 @@
|
||||||
|
pub mod admin;
|
||||||
|
pub mod candidate;
|
||||||
Loading…
Reference in a new issue