Added user auth and clicker

2023-10-30 13:26:48 -04:00
parent 8619c00a20
commit 995648dac3
11 changed files with 699 additions and 294 deletions
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,17 +1,25 @@
-use anyhow::Result;
-use bcrypt::{hash, verify, DEFAULT_COST};
+//use anyhow::Result;
+//use bcrypt::{hash, verify, DEFAULT_COST};
 use futures_util::{SinkExt, StreamExt};
 use poem::{
-    get, handler,
+    //get,
+    handler, //Result,
    listener::TcpListener,
    session::{CookieConfig, MemoryStorage, ServerSession, Session},
    web::{
        websocket::{Message, WebSocket},
        Data, Html, Path,
    },
-    EndpointExt, IntoResponse, Route, Server,
+    EndpointExt,
+    IntoResponse,
+    Route,
+    Server,
 };
-use sqlx::SqlitePool;
+use poem_openapi::{
+    payload::Json, types::Password, ApiResponse, Object, OpenApi, OpenApiService, Tags,
+};
+use serde::{Deserialize, Serialize};
+use sqlx::{Pool, Sqlite};

 #[handler]
 fn index() -> Html<&'static str> {
@@ -94,8 +102,168 @@ fn ws(
    })
 }

+#[derive(Debug, Object, Clone, Eq, PartialEq, Serialize, Deserialize)]
+struct User {
+    #[oai(validator(max_length = 64))]
+    username: String,
+}
+#[derive(ApiResponse)]
+enum UserResponse {
+    #[oai(status = 200)]
+    Ok(Json<User>),
+    #[oai(status = 403)]
+    AuthError,
+}
+#[derive(Debug, Object, Clone, Eq, PartialEq)]
+struct NewUser {
+    /// Username
+    #[oai(validator(max_length = 64))]
+    username: String,
+    /// Password
+    #[oai(validator(max_length = 50))]
+    password: Password,
+    /// Invite / Referral Code
+    #[oai(validator(max_length = 8))]
+    referral: Option<String>,
+}
+#[derive(ApiResponse)]
+enum NewUserResponse {
+    #[oai(status = 200)]
+    Ok(Json<User>),
+    #[oai(status = 403)]
+    UsernameTaken,
+    #[oai(status = 403)]
+    InvalidReferral,
+    #[oai(status = 403)]
+    SignupClosed,
+    #[oai(status = 403)]
+    InvalidPassword,
+    #[oai(status = 500)]
+    InternalServerError,
+}
+#[derive(Debug, Object, Clone, Eq, PartialEq)]
+struct UserLogin {
+    /// Username
+    #[oai(validator(max_length = 64))]
+    username: String,
+    /// Password
+    #[oai(validator(max_length = 50))]
+    password: Password,
+}
+#[derive(ApiResponse)]
+enum NumResponse {
+    #[oai(status = 200)]
+    Ok(Json<u32>),
+    #[oai(status = 403)]
+    AuthError,
+}
+#[derive(Tags)]
+enum ApiTags {
+    /// Operations about user
+    User,
+}
+async fn valid_code(code: &str) -> bool {
+    "changeme" == code
+}
+struct Api {
+    db: Pool<Sqlite>,
+    signup_open: bool, //TODO Should be in the db so it can change without restart
+}
+#[OpenApi]
+impl Api {
+    #[oai(path = "/user", method = "post", tag = "ApiTags::User")]
+    async fn create_user(&self, user_form: Json<NewUser>, session: &Session) -> NewUserResponse {
+        let has_referral = match &user_form.referral {
+            Some(code) if valid_code(code).await => true,
+            Some(_) => return NewUserResponse::InvalidReferral,
+            None => false,
+        };
+        if !self.signup_open && !has_referral {
+            return NewUserResponse::SignupClosed;
+        }
+
+        //TODO propper handling of query errors
+        let username = user_form.username.clone();
+        let x = sqlx::query!("SELECT * FROM users WHERE username = ?", username)
+            .fetch_optional(&self.db)
+            .await;
+        if let Ok(Some(_current_user)) = x {
+            return NewUserResponse::UsernameTaken;
+        }
+
+        let hash = match bcrypt::hash(user_form.password.as_str(), bcrypt::DEFAULT_COST) {
+            Ok(hash) => hash,
+            _ => return NewUserResponse::InvalidPassword,
+        };
+
+        let res = sqlx::query!(
+            "INSERT INTO users(username, password, admin) VALUES(?,?,?)",
+            username,
+            hash,
+            false
+        )
+        .execute(&self.db)
+        .await;
+
+        match res {
+            Err(_e) => NewUserResponse::InternalServerError,
+            Ok(_) => {
+                let user = User { username };
+                session.set("user", user.username.clone());
+                NewUserResponse::Ok(Json(user))
+            }
+        }
+    }
+    #[oai(path = "/user", method = "get", tag = "ApiTags::User")]
+    async fn get_user(&self, session: &Session) -> UserResponse {
+        if let Some(username) = session.get::<String>("user") {
+            UserResponse::Ok(Json(User { username }))
+        } else {
+            UserResponse::AuthError
+        }
+    }
+    #[oai(path = "/auth", method = "post", tag = "ApiTags::User")]
+    async fn auth_user(&self, user: Json<UserLogin>, session: &Session) -> UserResponse {
+        let password = user.password.as_str();
+        let username = user.username.to_string();
+
+        let result = sqlx::query!("SELECT * FROM users WHERE username = ?", username)
+            .fetch_one(&self.db)
+            .await;
+        match result {
+            Ok(user) if bcrypt::verify(password, &user.password).unwrap_or(false) => {
+                let current_user = User {
+                    username: username.clone(),
+                };
+                session.set("user", username);
+                UserResponse::Ok(Json(current_user))
+            }
+            _ => UserResponse::AuthError,
+        }
+    }
+
+    #[oai(path = "/num", method = "get", tag = "ApiTags::User")]
+    //async fn get_num(&self, session: &Session) -> Json<u32> {
+    async fn get_num(&self, session: &Session) -> NumResponse {
+        //if session.get("user")
+        if let None = session.get::<String>("user") {
+            return NumResponse::AuthError;
+        }
+        match session.get("num") {
+            Some(i) => {
+                session.set("num", i + 1);
+                NumResponse::Ok(Json(i))
+            }
+            None => {
+                session.set("num", 1_u32);
+                NumResponse::Ok(Json(1))
+            }
+        }
+    }
+}
+
 #[tokio::main]
-async fn main() -> Result<()> {
+async fn main() -> anyhow::Result<()> {
    if std::env::var_os("RUST_LOG").is_none() {
        std::env::set_var("RUST_LOG", "poem=debug");
    }
@@ -103,16 +271,26 @@ async fn main() -> Result<()> {

    let session = ServerSession::new(CookieConfig::default(), MemoryStorage::new());

-    let dbpool = SqlitePool::connect("sqlite:chat.db").await?;
+    //let dbpool = SqlitePool::connect("sqlite:chat.db").await?;
+    let dbpool = Pool::<Sqlite>::connect("sqlite:chat.db").await?;
+    let api = OpenApiService::new(
+        Api {
+            db: dbpool,
+            signup_open: false,
+        },
+        "Chat",
+        "0.0",
+    );

    let app = Route::new()
-        .at("/api/", get(index))
-        .at(
-            "/api/ws/:name",
-            get(ws.data(tokio::sync::broadcast::channel::<String>(32).0)),
-        )
-        .with(session)
-        .data(dbpool);
+        //.at("/api/", get(index))
+        //.at(
+        //    "/api/ws/:name",
+        //    get(ws.data(tokio::sync::broadcast::channel::<String>(32).0)),
+        //)
+        //.data(dbpool)
+        .nest("/api", api)
+        .with(session);

    Server::new(TcpListener::bind("127.0.0.1:3000"))
        .run(app)