From 2bac280f3b1739282145410e1679390da382b42b Mon Sep 17 00:00:00 2001 From: DenebTM Date: Sat, 10 Feb 2024 14:02:41 +0100 Subject: [PATCH] make db only return tokens, not validate --- Cargo.lock | 5 +++++ Cargo.toml | 2 +- src/auth.rs | 6 +++--- src/db.rs | 30 ++++++++++++++++++++---------- 4 files changed, 29 insertions(+), 14 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a9680d3..65da376 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1803,6 +1803,7 @@ dependencies = [ "smallvec", "sqlformat", "thiserror", + "time", "tokio", "tokio-stream", "tracing", @@ -1842,6 +1843,7 @@ dependencies = [ "sha2", "sqlx-core", "sqlx-mysql", + "sqlx-postgres", "sqlx-sqlite", "syn 1.0.109", "tempfile", @@ -1887,6 +1889,7 @@ dependencies = [ "sqlx-core", "stringprep", "thiserror", + "time", "tracing", "whoami", ] @@ -1926,6 +1929,7 @@ dependencies = [ "sqlx-core", "stringprep", "thiserror", + "time", "tracing", "whoami", ] @@ -1948,6 +1952,7 @@ dependencies = [ "percent-encoding", "serde", "sqlx-core", + "time", "tracing", "url", "urlencoding", diff --git a/Cargo.toml b/Cargo.toml index 7a0b17a..b47f79c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,7 +23,7 @@ md-5 = "0.10.6" rand = "0.8.5" secrecy = { version = "0.8.0", features = ["serde"] } serde = { version = "1.0.196", features = ["derive"] } -sqlx = { version = "0.7.3", features = ["runtime-tokio", "tls-rustls", "sqlite"] } +sqlx = { version = "0.7.3", features = ["runtime-tokio", "tls-rustls", "sqlite", "time"] } thiserror = "1.0.56" time = { version = "0.3.34", features = ["formatting", "macros"] } tokio = { version = "1.36.0", features = ["macros", "rt-multi-thread"] } diff --git a/src/auth.rs b/src/auth.rs index abe994c..f8d4224 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -14,7 +14,7 @@ use tokio::sync::Mutex; use tracing::{event, instrument, Level}; use crate::{ - db::{/* Database, */ Database, SqliteDatabase}, + db::{/* Database, */ Database, SqliteDatabase, UserTokenEntry}, secrets::{ PadlockGenerationSecret, Password, ServerHash, ServerPadlock, UserServerKey, UserToken, }, @@ -69,8 +69,8 @@ impl UserAuthenticator { ) -> Result<(), AuthenticationError> { let mut db = self.db.lock().await; - if let Some(user_token) = db.get_token(username).await? { - if token == &user_token { + if let Some(UserTokenEntry::Valid(user_token, ..)) = &db.get_token(username).await? { + if token == user_token { return Ok(()); } } diff --git a/src/db.rs b/src/db.rs index 6c55dfb..eadba3d 100644 --- a/src/db.rs +++ b/src/db.rs @@ -11,8 +11,13 @@ const DB_URI_DEFAULT: &str = "sqlite://sqlite.db"; const TABLE_USER_TOKENS: &str = "user_tokens"; +pub enum UserTokenEntry { + Valid(UserToken, time::Time, time::Time), + Invalid(UserToken, time::Time, time::Time), +} + pub trait Database { - async fn get_token(&mut self, username: &str) -> Result, sqlx::Error>; + async fn get_token(&mut self, username: &str) -> Result, sqlx::Error>; async fn save_token(&mut self, username: &str, token: &UserToken) -> Result<(), sqlx::Error>; } @@ -60,21 +65,26 @@ impl SqliteDatabase { impl Database for SqliteDatabase { #[instrument] - async fn get_token(&mut self, username: &str) -> Result, sqlx::Error> { - let row: Option<(String,)> = query_as( - "SELECT token + async fn get_token(&mut self, username: &str) -> Result, sqlx::Error> { + let row: Option<(String, bool, time::Time, time::Time)> = query_as( + "SELECT token, valid, created, last_used FROM user_tokens - WHERE - username = ? - AND valid = TRUE - ORDER BY - created DESC", + WHERE username = ? + ORDER BY created DESC", ) .bind(username) .fetch_optional(&mut self.conn) .await?; - Ok(row.map(|(token_str, ..)| UserToken::from(token_str))) + Ok(row.map(|row| match row { + (token_str, true, created, last_used) => { + UserTokenEntry::Valid(UserToken::from(token_str), created, last_used) + } + + (token_str, false, created, last_used) => { + UserTokenEntry::Invalid(UserToken::from(token_str), created, last_used) + } + })) } #[instrument]