Password login enabled

This commit is contained in:
SinTan1729 2023-04-08 15:36:33 -05:00
parent 34b2b116ba
commit 96b3ae1297
4 changed files with 41 additions and 9 deletions

View File

@ -23,6 +23,5 @@ WORKDIR /opt
COPY --from=build /simply-shorten/target/release/simply-shorten /opt/simply-shorten COPY --from=build /simply-shorten/target/release/simply-shorten /opt/simply-shorten
COPY --from=build /simply-shorten/resources /opt/resources COPY --from=build /simply-shorten/resources /opt/resources
COPY ./urls.sqlite /opt/urls.sqlite
CMD ["./simply-shorten"] CMD ["./simply-shorten"]

View File

@ -1,7 +1,8 @@
use actix_session::Session; use actix_session::Session;
use std::time::SystemTime;
pub fn validate(session: Session) -> bool { pub fn validate(session: Session) -> bool {
let token = session.get::<i32>("session-token"); let token = session.get::<String>("session-token");
if token.is_err() { if token.is_err() {
false false
} else if !check(token.unwrap()) { } else if !check(token.unwrap()) {
@ -11,12 +12,37 @@ pub fn validate(session: Session) -> bool {
} }
} }
fn check(token: Option<i32>) -> bool { fn check(token: Option<String>) -> bool {
if token.is_none() { if token.is_none() {
false false
} else if token.unwrap() != 123 { } else {
let token_body = token.unwrap();
let token_parts: Vec<&str> = token_body.split(";").collect();
if token_parts.len() < 2 {
false false
} else { } else {
let token_text = token_parts[0];
let token_time = token_parts[1].parse::<u64>().unwrap_or(0);
let time_now = SystemTime::now()
.duration_since(SystemTime::UNIX_EPOCH)
.expect("Time went backwards!")
.as_secs();
println!("{:#?}", token_parts);
if token_text == "valid-session-token" && time_now < token_time + 1209600 {
// There are 1209600 seconds in 14 days
true true
} else {
false
} }
} }
}
}
pub fn gen_token() -> String {
let token_text = "valid-session-token".to_string();
let time = SystemTime::now()
.duration_since(SystemTime::UNIX_EPOCH)
.expect("Time went backwards!")
.as_secs();
format!("{token_text};{time}")
}

View File

@ -58,6 +58,7 @@ pub fn delete_link(shortlink: String, db: &Connection) -> () {
pub fn open_db(path: String) -> Connection { pub fn open_db(path: String) -> Connection {
let db = Connection::open(path).expect("Unable to open database!"); let db = Connection::open(path).expect("Unable to open database!");
// Create table if it doesn't exist
db.execute( db.execute(
"CREATE TABLE IF NOT EXISTS urls ( "CREATE TABLE IF NOT EXISTS urls (
id INTEGER PRIMARY KEY AUTOINCREMENT, id INTEGER PRIMARY KEY AUTOINCREMENT,

View File

@ -78,8 +78,9 @@ async fn link_handler(shortlink: web::Path<String>, data: web::Data<AppState>) -
// Handle login // Handle login
#[post("/api/login")] #[post("/api/login")]
async fn login(req: String, session: Session) -> HttpResponse { async fn login(req: String, session: Session) -> HttpResponse {
if req == "ssssss".to_string() { if req == env::var("password").unwrap_or(req.clone()) {
session.insert("session-token", 123).unwrap(); // If no password was provided, match any password
session.insert("session-token", auth::gen_token()).unwrap();
HttpResponse::Ok().body("Correct password!") HttpResponse::Ok().body("Correct password!")
} else { } else {
eprintln!("Failed login attempt!"); eprintln!("Failed login attempt!");
@ -104,15 +105,20 @@ async fn delete_link(
#[actix_web::main] #[actix_web::main]
async fn main() -> std::io::Result<()> { async fn main() -> std::io::Result<()> {
// Generate session key in runtime so that restarts invalidates older logins
let secret_key = Key::generate(); let secret_key = Key::generate();
let db_location = env::var("db_url").unwrap_or("/opt/urls.sqlite".to_string());
// Actually start the server
HttpServer::new(move || { HttpServer::new(move || {
App::new() App::new()
.wrap(SessionMiddleware::new( .wrap(SessionMiddleware::new(
CookieSessionStore::default(), CookieSessionStore::default(),
secret_key.clone(), secret_key.clone(),
)) ))
// Maintain a single instance of database throughout
.app_data(web::Data::new(AppState { .app_data(web::Data::new(AppState {
db: database::open_db(env::var("db_url").unwrap_or("./urls.sqlite".to_string())), db: database::open_db(env::var("db_url").unwrap_or(db_location.clone())),
})) }))
.wrap(middleware::Compress::default()) .wrap(middleware::Compress::default())
.service(link_handler) .service(link_handler)