summaryrefslogtreecommitdiffstats
path: root/src/handlers.rs
diff options
context:
space:
mode:
authorYigit Sever2021-04-14 11:55:25 +0300
committerYigit Sever2021-04-14 19:11:49 +0300
commit3e333c952a54453bd877c556a09f2e8e0c434c87 (patch)
tree1010b5242877b663bf832b1f225a5c0fdbf7a4e1 /src/handlers.rs
parentedfab6ae2f97a7288ff456265050c01ff397ea8c (diff)
downloadgradecoin-3e333c952a54453bd877c556a09f2e8e0c434c87.tar.gz
gradecoin-3e333c952a54453bd877c556a09f2e8e0c434c87.tar.bz2
gradecoin-3e333c952a54453bd877c556a09f2e8e0c434c87.zip
Add auth documentation
Diffstat (limited to 'src/handlers.rs')
-rw-r--r--src/handlers.rs35
1 files changed, 33 insertions, 2 deletions
diff --git a/src/handlers.rs b/src/handlers.rs
index 9d1bb10..55d3ab4 100644
--- a/src/handlers.rs
+++ b/src/handlers.rs
@@ -37,9 +37,37 @@ const BEARER: &str = "Bearer ";
37/// POST request to /register endpoint 37/// POST request to /register endpoint
38/// 38///
39/// Lets a [`User`] (=student) to authenticate themselves to the system 39/// Lets a [`User`] (=student) to authenticate themselves to the system
40/// This `request` can be rejected if the payload is malformed (= not authenticated properly) or if 40/// This `request` can be rejected if the payload is malformed (=not authenticated properly) or if
41/// the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account 41/// the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account
42/// The request first comes in encrypted 42///
43/// # Authentication Process
44/// - Gradecoin's Public Key (`G_PK`) is listed on moodle.
45/// - Gradecoin's Private Key (`G_PR`) is loaded here
46///
47/// - Student picks a short temporary key (`k_temp`)
48/// - Creates a JSON object (`auth_plaintext`) with their `metu_id` and `public key` in base64 (PEM) format (`S_PK`):
49/// {
50/// student_id: "e12345",
51/// public_key: "---BEGIN PUBLIC KEY..."
52/// }
53///
54/// - Encrypts the serialized string of `auth_plaintext` with AES in TODO format using the temporary key
55/// (`k_temp`), the result is `auth_ciphertext`, (TODO base64?)
56/// - The temporary key student has picked `k_temp` is encrypted (TODO details) with `G_PK` (TODO
57/// base64?) = `key_ciphertext`
58/// - The payload JSON object (`auth_request`) can be prepared now:
59/// {
60/// c: "auth_ciphertext"
61/// key: "key_ciphertext"
62/// }
63///
64/// ## Gradecoin Side
65///
66/// - Upon receiving, we first extract the temporary key by decrypting `key`, receiving `temp_key`
67/// - With this key, we can decrypt c TODO with aes?
68/// - We then verify the payload and calculate the User fingerprint
69/// - Finally, create the new [`User`] object, insert to users HashMap `<fingerprint, User>`
70///
43pub async fn authenticate_user( 71pub async fn authenticate_user(
44 request: InitialAuthRequest, 72 request: InitialAuthRequest,
45 db: Db, 73 db: Db,
@@ -47,6 +75,7 @@ pub async fn authenticate_user(
47 debug!("POST request to /register, authenticate_user"); 75 debug!("POST request to /register, authenticate_user");
48 76
49 // TODO: lazyload or something <14-04-21, yigit> // 77 // TODO: lazyload or something <14-04-21, yigit> //
78 // This is our key, used to first decrypt the users temporal key
50 let der_encoded = PRIVATE_KEY 79 let der_encoded = PRIVATE_KEY
51 .lines() 80 .lines()
52 .filter(|line| !line.starts_with("-")) 81 .filter(|line| !line.starts_with("-"))
@@ -54,6 +83,8 @@ pub async fn authenticate_user(
54 data.push_str(&line); 83 data.push_str(&line);
55 data 84 data
56 }); 85 });
86
87 // Our private key is saved in PEM (base64) format
57 let der_bytes = base64::decode(&der_encoded).expect("failed to decode base64 content"); 88 let der_bytes = base64::decode(&der_encoded).expect("failed to decode base64 content");
58 let private_key = RSAPrivateKey::from_pkcs1(&der_bytes).expect("failed to parse key"); 89 let private_key = RSAPrivateKey::from_pkcs1(&der_bytes).expect("failed to parse key");
59 90