diff options
| author | Yigit Sever | 2021-04-14 03:27:27 +0300 |
|---|---|---|
| committer | Yigit Sever | 2021-04-14 19:11:49 +0300 |
| commit | edfab6ae2f97a7288ff456265050c01ff397ea8c (patch) | |
| tree | e98ce8b12c1ef4d61c70944f47d87d74297a8ed3 /src/handlers.rs | |
| parent | a5d5ab88d3f73d0b6f5fa847df6dace90810313d (diff) | |
| download | gradecoin-edfab6ae2f97a7288ff456265050c01ff397ea8c.tar.gz gradecoin-edfab6ae2f97a7288ff456265050c01ff397ea8c.tar.bz2 gradecoin-edfab6ae2f97a7288ff456265050c01ff397ea8c.zip | |
[WIP] Initial implementation of user auth
There is a dance involved and everything
Write down specs for RSA and AES, padding scheme, ugh.
Diffstat (limited to 'src/handlers.rs')
| -rw-r--r-- | src/handlers.rs | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/src/handlers.rs b/src/handlers.rs index b9df931..9d1bb10 100644 --- a/src/handlers.rs +++ b/src/handlers.rs | |||
| @@ -1,3 +1,4 @@ | |||
| 1 | use base64; | ||
| 1 | /// API handlers, the ends of each filter chain | 2 | /// API handlers, the ends of each filter chain |
| 2 | use blake2::{Blake2s, Digest}; | 3 | use blake2::{Blake2s, Digest}; |
| 3 | use jsonwebtoken::errors::ErrorKind; | 4 | use jsonwebtoken::errors::ErrorKind; |
| @@ -5,12 +6,16 @@ use jsonwebtoken::{decode, Algorithm, DecodingKey, TokenData, Validation}; | |||
| 5 | use log::{debug, warn}; | 6 | use log::{debug, warn}; |
| 6 | use md5::Md5; | 7 | use md5::Md5; |
| 7 | use parking_lot::RwLockUpgradableReadGuard; | 8 | use parking_lot::RwLockUpgradableReadGuard; |
| 9 | use rsa::{PaddingScheme, RSAPrivateKey}; | ||
| 8 | use serde::Serialize; | 10 | use serde::Serialize; |
| 9 | use serde_json; | 11 | use serde_json; |
| 12 | use sha2; | ||
| 10 | use std::convert::Infallible; | 13 | use std::convert::Infallible; |
| 11 | use std::fs; | 14 | use std::fs; |
| 12 | use warp::{http::StatusCode, reply}; | 15 | use warp::{http::StatusCode, reply}; |
| 13 | 16 | ||
| 17 | use crate::PRIVATE_KEY; | ||
| 18 | |||
| 14 | #[derive(Serialize, Debug)] | 19 | #[derive(Serialize, Debug)] |
| 15 | struct GradeCoinResponse { | 20 | struct GradeCoinResponse { |
| 16 | res: ResponseType, | 21 | res: ResponseType, |
| @@ -23,7 +28,9 @@ enum ResponseType { | |||
| 23 | Error, | 28 | Error, |
| 24 | } | 29 | } |
| 25 | 30 | ||
| 26 | use crate::schema::{AuthRequest, Block, Claims, Db, MetuId, NakedBlock, Transaction, User}; | 31 | use crate::schema::{ |
| 32 | AuthRequest, Block, Claims, Db, InitialAuthRequest, MetuId, NakedBlock, Transaction, User, | ||
| 33 | }; | ||
| 27 | 34 | ||
| 28 | const BEARER: &str = "Bearer "; | 35 | const BEARER: &str = "Bearer "; |
| 29 | 36 | ||
| @@ -32,11 +39,34 @@ const BEARER: &str = "Bearer "; | |||
| 32 | /// Lets a [`User`] (=student) to authenticate themselves to the system | 39 | /// Lets a [`User`] (=student) to authenticate themselves to the system |
| 33 | /// This `request` can be rejected if the payload is malformed (= not authenticated properly) or if | 40 | /// This `request` can be rejected if the payload is malformed (= not authenticated properly) or if |
| 34 | /// the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account | 41 | /// the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account |
| 42 | /// The request first comes in encrypted | ||
| 35 | pub async fn authenticate_user( | 43 | pub async fn authenticate_user( |
| 36 | request: AuthRequest, | 44 | request: InitialAuthRequest, |
| 37 | db: Db, | 45 | db: Db, |
| 38 | ) -> Result<impl warp::Reply, warp::Rejection> { | 46 | ) -> Result<impl warp::Reply, warp::Rejection> { |
| 39 | debug!("POST request to /register, authenticate_user"); | 47 | debug!("POST request to /register, authenticate_user"); |
| 48 | |||
| 49 | // TODO: lazyload or something <14-04-21, yigit> // | ||
| 50 | let der_encoded = PRIVATE_KEY | ||
| 51 | .lines() | ||
| 52 | .filter(|line| !line.starts_with("-")) | ||
| 53 | .fold(String::new(), |mut data, line| { | ||
| 54 | data.push_str(&line); | ||
| 55 | data | ||
| 56 | }); | ||
| 57 | let der_bytes = base64::decode(&der_encoded).expect("failed to decode base64 content"); | ||
| 58 | let private_key = RSAPrivateKey::from_pkcs1(&der_bytes).expect("failed to parse key"); | ||
| 59 | |||
| 60 | let padding = PaddingScheme::new_oaep::<sha2::Sha256>(); | ||
| 61 | let dec_key = private_key | ||
| 62 | .decrypt(padding, &request.key.as_bytes()) | ||
| 63 | .expect("failed to decrypt"); | ||
| 64 | |||
| 65 | // then decrypt c using key dec_key | ||
| 66 | |||
| 67 | // let request: AuthRequest = serde_json::from_str(&String::from_utf8(dec_data).unwrap()).unwrap(); | ||
| 68 | let request; | ||
| 69 | |||
| 40 | let provided_id = request.student_id.clone(); | 70 | let provided_id = request.student_id.clone(); |
| 41 | 71 | ||
| 42 | let priv_student_id = match MetuId::new(request.student_id, request.passwd) { | 72 | let priv_student_id = match MetuId::new(request.student_id, request.passwd) { |