aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorYigit Sever2021-04-14 11:55:25 +0300
committerYigit Sever2021-04-14 19:11:49 +0300
commit6bee6eb48c460ccdc638cdb0997946a56ed98c7d (patch)
tree6b6d011e421d422a2363dbe757f944889b548bc4 /src
parente466f25ecfa356137523ee597b9fc6ab0da5df22 (diff)
downloadgradecoin-6bee6eb48c460ccdc638cdb0997946a56ed98c7d.tar.gz
gradecoin-6bee6eb48c460ccdc638cdb0997946a56ed98c7d.tar.bz2
gradecoin-6bee6eb48c460ccdc638cdb0997946a56ed98c7d.zip
Add auth documentation
Diffstat (limited to 'src')
-rw-r--r--src/handlers.rs35
1 files changed, 33 insertions, 2 deletions
diff --git a/src/handlers.rs b/src/handlers.rs
index 9d1bb10..55d3ab4 100644
--- a/src/handlers.rs
+++ b/src/handlers.rs
@@ -37,9 +37,37 @@ const BEARER: &str = "Bearer ";
37/// POST request to /register endpoint 37/// POST request to /register endpoint
38/// 38///
39/// Lets a [`User`] (=student) to authenticate themselves to the system 39/// Lets a [`User`] (=student) to authenticate themselves to the system
40/// This `request` can be rejected if the payload is malformed (= not authenticated properly) or if 40/// This `request` can be rejected if the payload is malformed (=not authenticated properly) or if
41/// the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account 41/// the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account
42/// The request first comes in encrypted 42///
43/// # Authentication Process
44/// - Gradecoin's Public Key (`G_PK`) is listed on moodle.
45/// - Gradecoin's Private Key (`G_PR`) is loaded here
46///
47/// - Student picks a short temporary key (`k_temp`)
48/// - Creates a JSON object (`auth_plaintext`) with their `metu_id` and `public key` in base64 (PEM) format (`S_PK`):
49/// {
50/// student_id: "e12345",
51/// public_key: "---BEGIN PUBLIC KEY..."
52/// }
53///
54/// - Encrypts the serialized string of `auth_plaintext` with AES in TODO format using the temporary key
55/// (`k_temp`), the result is `auth_ciphertext`, (TODO base64?)
56/// - The temporary key student has picked `k_temp` is encrypted (TODO details) with `G_PK` (TODO
57/// base64?) = `key_ciphertext`
58/// - The payload JSON object (`auth_request`) can be prepared now:
59/// {
60/// c: "auth_ciphertext"
61/// key: "key_ciphertext"
62/// }
63///
64/// ## Gradecoin Side
65///
66/// - Upon receiving, we first extract the temporary key by decrypting `key`, receiving `temp_key`
67/// - With this key, we can decrypt c TODO with aes?
68/// - We then verify the payload and calculate the User fingerprint
69/// - Finally, create the new [`User`] object, insert to users HashMap `<fingerprint, User>`
70///
43pub async fn authenticate_user( 71pub async fn authenticate_user(
44 request: InitialAuthRequest, 72 request: InitialAuthRequest,
45 db: Db, 73 db: Db,
@@ -47,6 +75,7 @@ pub async fn authenticate_user(
47 debug!("POST request to /register, authenticate_user"); 75 debug!("POST request to /register, authenticate_user");
48 76
49 // TODO: lazyload or something <14-04-21, yigit> // 77 // TODO: lazyload or something <14-04-21, yigit> //
78 // This is our key, used to first decrypt the users temporal key
50 let der_encoded = PRIVATE_KEY 79 let der_encoded = PRIVATE_KEY
51 .lines() 80 .lines()
52 .filter(|line| !line.starts_with("-")) 81 .filter(|line| !line.starts_with("-"))
@@ -54,6 +83,8 @@ pub async fn authenticate_user(
54 data.push_str(&line); 83 data.push_str(&line);
55 data 84 data
56 }); 85 });
86
87 // Our private key is saved in PEM (base64) format
57 let der_bytes = base64::decode(&der_encoded).expect("failed to decode base64 content"); 88 let der_bytes = base64::decode(&der_encoded).expect("failed to decode base64 content");
58 let private_key = RSAPrivateKey::from_pkcs1(&der_bytes).expect("failed to parse key"); 89 let private_key = RSAPrivateKey::from_pkcs1(&der_bytes).expect("failed to parse key");
59 90