n08i40k/schedule-parser-rusted
1
0
Fork 0
mirror of https://github.com/n08i40k/schedule-parser-rusted.git synced 2025-12-06 17:57:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

0.4.0

Browse Source 
Авторизация через токен вк

Слияние schedule_parser с проектом

Перенос схемы запросов/ответов в файлы эндпоинтов

Переход с библиотеки jwt на jsonwebtokens
This commit is contained in:
N08I40K
2025-03-25 02:05:27 +04:00
parent 0316f58592
commit ab1cbd795e
22 changed files with 794 additions and 369 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/routes/auth/mod.rs
View File

@@ -1,3 +1,3 @@
mod schema;
pub mod sign_in;
pub mod sign_up;
mod shared;

109
src/routes/auth/schema.rs
View File

@@ -1,109 +0,0 @@
pub mod sign_in {
use crate::database::models::User;
use crate::routes::schema::shared::{ErrorToHttpCode, IResponse};
use crate::routes::schema::user;
use actix_web::http::StatusCode;
use serde::{Deserialize, Serialize};
#[derive(Deserialize, Serialize)]
pub struct Request {
pub username: String,
pub password: String,
}
pub type Response = IResponse<user::ResponseOk, ResponseErr>;
#[derive(Serialize)]
pub struct ResponseErr {
code: ErrorCode,
}
#[derive(Serialize)]
#[serde(rename_all = "SCREAMING_SNAKE_CASE")]
pub enum ErrorCode {
IncorrectCredentials,
InvalidVkAccessToken,
}
pub trait ResponseExt {
fn ok(user: &User) -> Self;
fn err(code: ErrorCode) -> Response;
}
impl ResponseExt for Response {
fn ok(user: &User) -> Self {
IResponse(Ok(user::ResponseOk::from_user(&user)))
}
fn err(code: ErrorCode) -> Response {
IResponse(Err(ResponseErr { code }))
}
}
impl ErrorToHttpCode for ResponseErr {
fn to_http_status_code(&self) -> StatusCode {
StatusCode::NOT_ACCEPTABLE
}
}
}
pub mod sign_up {
use crate::database::models::{User, UserRole};
use crate::routes::schema::shared::{ErrorToHttpCode, IResponse};
use crate::routes::schema::user;
use actix_web::http::StatusCode;
use serde::{Deserialize, Serialize};
#[derive(Serialize, Deserialize)]
pub struct Request {
pub username: String,
pub password: String,
pub group: String,
pub role: UserRole,
pub version: String,
}
pub type Response = IResponse<user::ResponseOk, ResponseErr>;
#[derive(Serialize)]
#[serde(rename_all = "camelCase")]
pub struct ResponseOk {
id: String,
access_token: String,
group: String,
}
#[derive(Serialize)]
pub struct ResponseErr {
code: ErrorCode,
}
#[derive(Serialize)]
#[serde(rename_all = "SCREAMING_SNAKE_CASE")]
pub enum ErrorCode {
DisallowedRole,
InvalidGroupName,
UsernameAlreadyExists,
}
pub trait ResponseExt {
fn ok(user: &User) -> Self;
fn err(code: ErrorCode) -> Self;
}
impl ResponseExt for Response {
fn ok(user: &User) -> Self {
IResponse(Ok(user::ResponseOk::from_user(&user)))
}
fn err(code: ErrorCode) -> Response {
Self(Err(ResponseErr { code }))
}
}
impl ErrorToHttpCode for ResponseErr {
fn to_http_status_code(&self) -> StatusCode {
StatusCode::NOT_ACCEPTABLE
}
}
}

96
src/routes/auth/shared.rs Normal file
View File

@@ -0,0 +1,96 @@
use crate::utility::jwt::DEFAULT_ALGORITHM;
use jsonwebtoken::errors::ErrorKind;
use jsonwebtoken::{decode, DecodingKey, Validation};
use serde::{Deserialize, Serialize};
use std::env;
use std::sync::LazyLock;
#[derive(Deserialize, Serialize)]
struct TokenData {
iis: String,
sub: i32,
app: i32,
exp: i32,
iat: i32,
jti: i32,
}
#[derive(Debug, Serialize, Deserialize)]
struct Claims {
sub: String,
iis: String,
jti: i32,
app: i32,
}
#[derive(Debug, PartialEq)]
pub enum Error {
JwtError(ErrorKind),
InvalidSignature,
InvalidToken,
Expired,
UnknownIssuer(String),
UnknownType(i32),
UnknownClientId(i32),
}
//noinspection SpellCheckingInspection
const VK_PUBLIC_KEY: &str = concat!(
"-----BEGIN PUBLIC KEY-----\n",
"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvsvJlhFX9Ju/pvCz1frB\n",
"DgJs592VjdwQuRAmnlJAItyHkoiDIOEocPzgcUBTbDf1plDcTyO2RCkUt0pz0WK6\n",
"6HNhpJyIfARjaWHeUlv4TpuHXAJJsBKklkU2gf1cjID+40sWWYjtq5dAkXnSJUVA\n",
"UR+sq0lJ7GmTdJtAr8hzESqGEcSP15PTs7VUdHZ1nkC2XgkuR8KmKAUb388ji1Q4\n",
"n02rJNOPQgd9r0ac4N2v/yTAFPXumO78N25bpcuWf5vcL9e8THk/U2zt7wf+aAWL\n",
"748e0pREqNluTBJNZfmhC79Xx6GHtwqHyyduiqfPmejmiujNM/rqnA4e30Tg86Yn\n",
"cNZ6vLJyF72Eva1wXchukH/aLispbY+EqNPxxn4zzCWaLKHG87gaCxpVv9Tm0jSD\n",
"2es22NjrUbtb+2pAGnXbyDp2eGUqw0RrTQFZqt/VcmmSCE45FlcZMT28otrwG1ZB\n",
"kZAb5Js3wLEch3ZfYL8sjhyNRPBmJBrAvzrd8qa3rdUjkC9sKyjGAaHu2MNmFl1Y\n",
"JFQ3J54tGpkGgJjD7Kz3w0K6OiPDlVCNQN5sqXm24fCw85Pbi8SJiaLTp/CImrs1\n",
"Z3nHW5q8hljA7OGmqfOP0nZS/5zW9GHPyepsI1rW6CympYLJ15WeNzePxYS5KEX9\n",
"EncmkSD9b45ge95hJeJZteUCAwEAAQ==\n",
"-----END PUBLIC KEY-----"
);
static VK_ID_CLIENT_ID: LazyLock<i32> = LazyLock::new(|| {
env::var("VK_ID_CLIENT_ID")
.expect("VK_ID_CLIENT_ID must be set")
.parse::<i32>()
.expect("VK_ID_CLIENT_ID must be i32")
});
pub fn parse_vk_id(token_str: &String) -> Result<i32, Error> {
let dkey = DecodingKey::from_rsa_pem(VK_PUBLIC_KEY.as_bytes()).unwrap();
match decode::<Claims>(&token_str, &dkey, &Validation::new(DEFAULT_ALGORITHM)) {
Ok(token_data) => {
let claims = token_data.claims;
if claims.iis != "VK" {
Err(Error::UnknownIssuer(claims.iis))
} else if claims.jti != 21 {
Err(Error::UnknownType(claims.jti))
} else if claims.app != *VK_ID_CLIENT_ID {
Err(Error::UnknownClientId(claims.app))
} else {
match claims.sub.parse::<i32>() {
Ok(sub) => Ok(sub),
Err(_) => Err(Error::InvalidToken),
}
}
}
Err(err) => Err(match err.into_kind() {
ErrorKind::InvalidToken => Error::InvalidToken,
ErrorKind::InvalidSignature => Error::InvalidSignature,
ErrorKind::InvalidAlgorithmName => Error::InvalidToken,
ErrorKind::MissingRequiredClaim(_) => Error::InvalidToken,
ErrorKind::ExpiredSignature => Error::Expired,
ErrorKind::InvalidAlgorithm => Error::InvalidToken,
ErrorKind::MissingAlgorithm => Error::InvalidToken,
ErrorKind::Base64(_) => Error::InvalidToken,
ErrorKind::Json(_) => Error::InvalidToken,
ErrorKind::Utf8(_) => Error::InvalidToken,
kind => Error::JwtError(kind),
}),
}
}

153
src/routes/auth/sign_in.rs
View File

@@ -1,47 +1,138 @@
use self::schema::*;
use crate::database::driver;
use crate::database::models::User;
use crate::routes::auth::schema;
use crate::{AppState, utility};
use crate::routes::auth::shared::parse_vk_id;
use crate::routes::auth::sign_in::schema::ErrorCode;
use crate::routes::auth::sign_in::schema::SignInData::{Default, Vk};
use crate::{utility, AppState};
use actix_web::{post, web};
use diesel::SaveChangesDsl;
use std::ops::DerefMut;
use web::Json;
#[post("/sign-in")]
pub async fn sign_in(
data: Json<schema::sign_in::Request>,
app_state: web::Data<AppState>,
) -> schema::sign_in::Response {
use schema::sign_in::*;
async fn sign_in(data: SignInData, app_state: &web::Data<AppState>) -> Response {
let user = match &data {
Default(data) => driver::users::get_by_username(&app_state.database, &data.username),
Vk(id) => driver::users::get_by_vk_id(&app_state.database, *id),
};
match driver::users::get_by_username(&app_state.database, data.username.clone()) {
Ok(mut user) => match bcrypt::verify(&data.password, &user.password) {
Ok(true) => {
let mut lock = app_state.connection();
let conn = lock.deref_mut();
user.access_token = utility::jwt::encode(&user.id);
user.save_changes::<User>(conn)
.expect("Failed to update user");
Response::ok(&user)
match user {
Ok(mut user) => {
if let Default(data) = data {
match bcrypt::verify(&data.password, &user.password) {
Ok(result) => {
if !result {
return Response::err(ErrorCode::IncorrectCredentials);
}
}
Err(_) => {
return Response::err(ErrorCode::IncorrectCredentials);
}
}
}
Ok(false) | Err(_) => Response::err(ErrorCode::IncorrectCredentials),
},
let mut lock = app_state.connection();
let conn = lock.deref_mut();
user.access_token = utility::jwt::encode(&user.id);
user.save_changes::<User>(conn)
.expect("Failed to update user");
Response::ok(&user)
}
Err(_) => Response::err(ErrorCode::IncorrectCredentials),
}
}
#[post("/sign-in")]
pub async fn sign_in_default(data: Json<Request>, app_state: web::Data<AppState>) -> Response {
sign_in(Default(data.into_inner()), &app_state).await
}
#[post("/sign-in-vk")]
pub async fn sign_in_vk(data_json: Json<vk::Request>, app_state: web::Data<AppState>) -> Response {
let data = data_json.into_inner();
match parse_vk_id(&data.access_token) {
Ok(id) => sign_in(Vk(id), &app_state).await,
Err(_) => Response::err(ErrorCode::InvalidVkAccessToken),
}
}
mod schema {
use crate::database::models::User;
use crate::routes::schema::{user, ErrorToHttpCode, IResponse};
use actix_web::http::StatusCode;
use serde::{Deserialize, Serialize};
#[derive(Deserialize, Serialize)]
pub struct Request {
pub username: String,
pub password: String,
}
pub mod vk {
use serde::{Deserialize, Serialize};
#[derive(Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Request {
pub access_token: String,
}
}
pub type Response = IResponse<user::ResponseOk, ResponseErr>;
#[derive(Serialize)]
pub struct ResponseErr {
code: ErrorCode,
}
#[derive(Serialize)]
#[serde(rename_all = "SCREAMING_SNAKE_CASE")]
pub enum ErrorCode {
IncorrectCredentials,
InvalidVkAccessToken,
}
pub trait ResponseExt {
fn ok(user: &User) -> Self;
fn err(code: ErrorCode) -> Response;
}
impl ResponseExt for Response {
fn ok(user: &User) -> Self {
IResponse(Ok(user::ResponseOk::from_user(&user)))
}
fn err(code: ErrorCode) -> Response {
IResponse(Err(ResponseErr { code }))
}
}
impl ErrorToHttpCode for ResponseErr {
fn to_http_status_code(&self) -> StatusCode {
StatusCode::NOT_ACCEPTABLE
}
}
/// Internal
pub enum SignInData {
Default(Request),
Vk(i32),
}
}
#[cfg(test)]
mod tests {
use crate::app_state::app_state;
use super::schema::*;
use crate::database::driver;
use crate::database::models::{User, UserRole};
use crate::routes::auth::schema;
use crate::routes::auth::sign_in::sign_in;
use crate::test_env::tests::{static_app_state, test_app, test_env};
use crate::routes::auth::sign_in::sign_in_default;
use crate::test_env::tests::{static_app_state, test_app, test_app_state, test_env};
use crate::utility;
use actix_http::StatusCode;
use actix_web::dev::ServiceResponse;
@@ -50,8 +141,8 @@ mod tests {
use sha2::{Digest, Sha256};
use std::fmt::Write;
async fn sign_in_client(data: schema::sign_in::Request) -> ServiceResponse {
let app = test_app(app_state(), sign_in).await;
async fn sign_in_client(data: Request) -> ServiceResponse {
let app = test_app(test_app_state(), sign_in_default).await;
let req = test::TestRequest::with_uri("/sign-in")
.method(Method::POST)
@@ -100,7 +191,7 @@ mod tests {
async fn sign_in_ok() {
prepare("test::sign_in_ok".to_string());
let resp = sign_in_client(schema::sign_in::Request {
let resp = sign_in_client(Request {
username: "test::sign_in_ok".to_string(),
password: "example".to_string(),
})
@@ -113,7 +204,7 @@ mod tests {
async fn sign_in_err() {
prepare("test::sign_in_err".to_string());
let invalid_username = sign_in_client(schema::sign_in::Request {
let invalid_username = sign_in_client(Request {
username: "test::sign_in_err::username".to_string(),
password: "example".to_string(),
})
@@ -121,7 +212,7 @@ mod tests {
assert_eq!(invalid_username.status(), StatusCode::NOT_ACCEPTABLE);
let invalid_password = sign_in_client(schema::sign_in::Request {
let invalid_password = sign_in_client(Request {
username: "test::sign_in_err".to_string(),
password: "bad_password".to_string(),
})

234
src/routes/auth/sign_up.rs
View File

@@ -1,22 +1,19 @@
use self::schema::*;
use crate::AppState;
use crate::database::driver;
use crate::database::models::{User, UserRole};
use crate::routes::auth::schema;
use crate::{utility, AppState};
use crate::database::models::UserRole;
use crate::routes::auth::shared::{Error, parse_vk_id};
use actix_web::{post, web};
use objectid::ObjectId;
use rand::{Rng, rng};
use web::Json;
#[post("/sign-up")]
pub async fn sign_up(
data: Json<schema::sign_up::Request>,
app_state: web::Data<AppState>,
) -> schema::sign_up::Response {
use schema::sign_up::*;
async fn sign_up(data: SignUpData, app_state: &web::Data<AppState>) -> Response {
// If user selected forbidden role.
if data.role == UserRole::Admin {
return Response::err(ErrorCode::DisallowedRole);
}
// If specified group doesn't exist in schedule.
let schedule_opt = app_state.schedule.lock().unwrap();
if let Some(schedule) = &*schedule_opt {
@@ -25,37 +22,193 @@ pub async fn sign_up(
}
}
if driver::users::contains_by_username(&app_state.database, data.username.clone()) {
// If user with specified username already exists.
if driver::users::contains_by_username(&app_state.database, &data.username) {
return Response::err(ErrorCode::UsernameAlreadyExists);
}
let id = ObjectId::new().unwrap().to_string();
let access_token = utility::jwt::encode(&id);
let user = User {
id,
username: data.username.clone(),
password: bcrypt::hash(data.password.as_str(), bcrypt::DEFAULT_COST).unwrap(),
vk_id: None,
access_token,
group: data.group.clone(),
role: data.role.clone(),
version: data.version.clone(),
};
// If user with specified VKID already exists.
if let Some(id) = data.vk_id {
if driver::users::contains_by_vk_id(&app_state.database, id) {
return Response::err(ErrorCode::VkAlreadyExists);
}
}
let user = data.to_user();
driver::users::insert(&app_state.database, &user).unwrap();
Response::ok(&user)
}
#[post("/sign-up")]
pub async fn sign_up_default(data_json: Json<Request>, app_state: web::Data<AppState>) -> Response {
let data = data_json.into_inner();
sign_up(
SignUpData {
username: data.username,
password: data.password,
vk_id: None,
group: data.group,
role: data.role,
version: data.version,
},
&app_state,
)
.await
}
#[post("/sign-up-vk")]
pub async fn sign_up_vk(data_json: Json<vk::Request>, app_state: web::Data<AppState>) -> Response {
let data = data_json.into_inner();
match parse_vk_id(&data.access_token) {
Ok(id) => {
sign_up(
SignUpData {
username: data.username,
password: rng()
.sample_iter(&rand::distr::Alphanumeric)
.take(16)
.map(char::from)
.collect(),
vk_id: Some(id),
group: data.group,
role: data.role,
version: data.version,
},
&app_state,
)
.await
}
Err(err) => {
if err != Error::Expired {
eprintln!("Failed to parse vk id token!");
eprintln!("{:?}", err);
}
Response::err(ErrorCode::InvalidVkAccessToken)
}
}
}
mod schema {
use crate::database::models::{User, UserRole};
use crate::routes::schema::{ErrorToHttpCode, IResponse, user};
use crate::utility;
use actix_web::http::StatusCode;
use objectid::ObjectId;
use serde::{Deserialize, Serialize};
/// WEB
#[derive(Serialize, Deserialize)]
pub struct Request {
pub username: String,
pub password: String,
pub group: String,
pub role: UserRole,
pub version: String,
}
pub mod vk {
use crate::database::models::UserRole;
use serde::{Deserialize, Serialize};
#[derive(Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Request {
pub access_token: String,
pub username: String,
pub group: String,
pub role: UserRole,
pub version: String,
}
}
pub type Response = IResponse<user::ResponseOk, ResponseErr>;
#[derive(Serialize)]
#[serde(rename_all = "camelCase")]
pub struct ResponseOk {
id: String,
access_token: String,
group: String,
}
#[derive(Serialize)]
pub struct ResponseErr {
code: ErrorCode,
}
#[derive(Serialize)]
#[serde(rename_all = "SCREAMING_SNAKE_CASE")]
pub enum ErrorCode {
DisallowedRole,
InvalidGroupName,
UsernameAlreadyExists,
InvalidVkAccessToken,
VkAlreadyExists,
}
pub trait ResponseExt {
fn ok(user: &User) -> Self;
fn err(code: ErrorCode) -> Self;
}
impl ResponseExt for Response {
fn ok(user: &User) -> Self {
IResponse(Ok(user::ResponseOk::from_user(&user)))
}
fn err(code: ErrorCode) -> Response {
Self(Err(ResponseErr { code }))
}
}
impl ErrorToHttpCode for ResponseErr {
fn to_http_status_code(&self) -> StatusCode {
StatusCode::NOT_ACCEPTABLE
}
}
/// Internal
pub struct SignUpData {
pub username: String,
pub password: String,
pub vk_id: Option<i32>,
pub group: String,
pub role: UserRole,
pub version: String,
}
impl SignUpData {
pub fn to_user(self) -> User {
let id = ObjectId::new().unwrap().to_string();
let access_token = utility::jwt::encode(&id);
User {
id,
username: self.username,
password: bcrypt::hash(self.password, bcrypt::DEFAULT_COST).unwrap(),
vk_id: self.vk_id,
access_token,
group: self.group,
role: self.role,
version: self.version,
}
}
}
}
#[cfg(test)]
mod tests {
use crate::app_state::app_state;
use crate::database::driver;
use crate::database::models::UserRole;
use crate::routes::auth::schema;
use crate::routes::auth::sign_up::sign_up;
use crate::test_env::tests::{static_app_state, test_app, test_env};
use crate::routes::auth::sign_up::schema::Request;
use crate::routes::auth::sign_up::sign_up_default;
use crate::test_env::tests::{static_app_state, test_app, test_app_state, test_env};
use actix_http::StatusCode;
use actix_web::dev::ServiceResponse;
use actix_web::http::Method;
@@ -68,11 +221,11 @@ mod tests {
}
async fn sign_up_client(data: SignUpPartial) -> ServiceResponse {
let app = test_app(app_state(), sign_up).await;
let app = test_app(test_app_state(), sign_up_default).await;
let req = test::TestRequest::with_uri("/sign-up")
.method(Method::POST)
.set_json(schema::sign_up::Request {
.set_json(Request {
username: data.username.clone(),
password: "example".to_string(),
group: data.group.clone(),
@@ -91,7 +244,7 @@ mod tests {
test_env();
let app_state = static_app_state();
driver::users::delete_by_username(&app_state.database, "test::sign_up_valid".to_string());
driver::users::delete_by_username(&app_state.database, &"test::sign_up_valid".to_string());
// test
@@ -114,7 +267,7 @@ mod tests {
let app_state = static_app_state();
driver::users::delete_by_username(
&app_state.database,
"test::sign_up_multiple".to_string(),
&"test::sign_up_multiple".to_string(),
);
let create = sign_up_client(SignUpPartial {
@@ -150,4 +303,19 @@ mod tests {
assert_eq!(resp.status(), StatusCode::NOT_ACCEPTABLE);
}
#[actix_web::test]
async fn sign_up_invalid_group() {
test_env();
// test
let resp = sign_up_client(SignUpPartial {
username: "test::sign_up_invalid_group".to_string(),
group: "invalid_group".to_string(),
role: UserRole::Student,
})
.await;
assert_eq!(resp.status(), StatusCode::NOT_ACCEPTABLE);
}
}

56
src/routes/schema.rs
View File

@@ -1,39 +1,37 @@
pub mod shared {
use actix_web::body::EitherBody;
use actix_web::error::JsonPayloadError;
use actix_web::http::StatusCode;
use actix_web::{HttpRequest, HttpResponse, Responder};
use serde::Serialize;
use actix_web::body::EitherBody;
use actix_web::error::JsonPayloadError;
use actix_web::http::StatusCode;
use actix_web::{HttpRequest, HttpResponse, Responder};
use serde::Serialize;
pub struct IResponse<T: Serialize, E: Serialize>(pub Result<T, E>);
pub struct IResponse<T: Serialize, E: Serialize>(pub Result<T, E>);
pub trait ErrorToHttpCode {
fn to_http_status_code(&self) -> StatusCode;
}
pub trait ErrorToHttpCode {
fn to_http_status_code(&self) -> StatusCode;
}
impl<T: Serialize, E: Serialize + ErrorToHttpCode> Responder for IResponse<T, E> {
type Body = EitherBody<String>;
impl<T: Serialize, E: Serialize + ErrorToHttpCode> Responder for IResponse<T, E> {
type Body = EitherBody<String>;
fn respond_to(self, _: &HttpRequest) -> HttpResponse<Self::Body> {
match serde_json::to_string(&self.0) {
Ok(body) => {
let code = match &self.0 {
Ok(_) => StatusCode::OK,
Err(e) => e.to_http_status_code(),
};
fn respond_to(self, _: &HttpRequest) -> HttpResponse<Self::Body> {
match serde_json::to_string(&self.0) {
Ok(body) => {
let code = match &self.0 {
Ok(_) => StatusCode::OK,
Err(e) => e.to_http_status_code(),
};
match HttpResponse::build(code)
.content_type(mime::APPLICATION_JSON)
.message_body(body)
{
Ok(res) => res.map_into_left_body(),
Err(err) => HttpResponse::from_error(err).map_into_right_body(),
}
match HttpResponse::build(code)
.content_type(mime::APPLICATION_JSON)
.message_body(body)
{
Ok(res) => res.map_into_left_body(),
Err(err) => HttpResponse::from_error(err).map_into_right_body(),
}
}
Err(err) => {
HttpResponse::from_error(JsonPayloadError::Serialize(err)).map_into_right_body()
}
Err(err) => {
HttpResponse::from_error(JsonPayloadError::Serialize(err)).map_into_right_body()
}
}
}