diff options
| -rw-r--r-- | src/handlers.rs | 33 | ||||
| -rw-r--r-- | src/lib.rs | 42 | ||||
| -rw-r--r-- | src/schema.rs | 1 |
3 files changed, 24 insertions, 52 deletions
diff --git a/src/handlers.rs b/src/handlers.rs index 251d970..5273324 100644 --- a/src/handlers.rs +++ b/src/handlers.rs | |||
| @@ -7,6 +7,7 @@ use block_modes::{BlockMode, Cbc}; | |||
| 7 | use chrono::Utc; | 7 | use chrono::Utc; |
| 8 | use jsonwebtoken::errors::ErrorKind; | 8 | use jsonwebtoken::errors::ErrorKind; |
| 9 | use jsonwebtoken::{decode, Algorithm, DecodingKey, TokenData, Validation}; | 9 | use jsonwebtoken::{decode, Algorithm, DecodingKey, TokenData, Validation}; |
| 10 | use lazy_static::lazy_static; | ||
| 10 | use log::{debug, warn}; | 11 | use log::{debug, warn}; |
| 11 | use md5::Md5; | 12 | use md5::Md5; |
| 12 | use parking_lot::RwLockUpgradableReadGuard; | 13 | use parking_lot::RwLockUpgradableReadGuard; |
| @@ -55,6 +56,21 @@ use crate::schema::{ | |||
| 55 | 56 | ||
| 56 | const BEARER: &str = "Bearer "; | 57 | const BEARER: &str = "Bearer "; |
| 57 | 58 | ||
| 59 | lazy_static! { | ||
| 60 | static ref DER_ENCODED: String = PRIVATE_KEY | ||
| 61 | .lines() | ||
| 62 | .filter(|line| !line.starts_with('-')) | ||
| 63 | .fold(String::new(), |mut data, line| { | ||
| 64 | data.push_str(&line); | ||
| 65 | data | ||
| 66 | }); | ||
| 67 | |||
| 68 | // base64(der(pem)) | ||
| 69 | // Our private key is saved in PEM (base64) format | ||
| 70 | static ref DER_BYTES: Vec<u8> = base64::decode(&*DER_ENCODED).expect("failed to decode base64 content"); | ||
| 71 | static ref GRADECOIN_PRIVATE_KEY: RSAPrivateKey = RSAPrivateKey::from_pkcs1(&DER_BYTES).expect("failed to parse key"); | ||
| 72 | } | ||
| 73 | |||
| 58 | /// POST request to /register endpoint | 74 | /// POST request to /register endpoint |
| 59 | /// | 75 | /// |
| 60 | /// Lets a [`User`] (=student) to authenticate themselves to the system | 76 | /// Lets a [`User`] (=student) to authenticate themselves to the system |
| @@ -100,21 +116,6 @@ pub async fn authenticate_user( | |||
| 100 | // In essence PEM files are just base64 encoded versions of the DER encoded data. | 116 | // In essence PEM files are just base64 encoded versions of the DER encoded data. |
| 101 | // ~tls.mbed.org | 117 | // ~tls.mbed.org |
| 102 | 118 | ||
| 103 | // TODO: lazyload or something <14-04-21, yigit> // | ||
| 104 | // Load our RSA Private Key as DER | ||
| 105 | let der_encoded = PRIVATE_KEY | ||
| 106 | .lines() | ||
| 107 | .filter(|line| !line.starts_with('-')) | ||
| 108 | .fold(String::new(), |mut data, line| { | ||
| 109 | data.push_str(&line); | ||
| 110 | data | ||
| 111 | }); | ||
| 112 | |||
| 113 | // base64(der(pem)) | ||
| 114 | // Our private key is saved in PEM (base64) format | ||
| 115 | let der_bytes = base64::decode(&der_encoded).expect("failed to decode base64 content"); | ||
| 116 | let gradecoin_private_key = RSAPrivateKey::from_pkcs1(&der_bytes).expect("failed to parse key"); | ||
| 117 | |||
| 118 | let padding = PaddingScheme::new_oaep::<sha2::Sha256>(); | 119 | let padding = PaddingScheme::new_oaep::<sha2::Sha256>(); |
| 119 | 120 | ||
| 120 | // Peel away the base64 layer from "key" field | 121 | // Peel away the base64 layer from "key" field |
| @@ -139,7 +140,7 @@ pub async fn authenticate_user( | |||
| 139 | }; | 140 | }; |
| 140 | 141 | ||
| 141 | // Decrypt the "key" field using Gradecoin's private key | 142 | // Decrypt the "key" field using Gradecoin's private key |
| 142 | let temp_key = match gradecoin_private_key.decrypt(padding, &key_ciphertext) { | 143 | let temp_key = match GRADECOIN_PRIVATE_KEY.decrypt(padding, &key_ciphertext) { |
| 143 | Ok(k) => k, | 144 | Ok(k) => k, |
| 144 | Err(err) => { | 145 | Err(err) => { |
| 145 | debug!( | 146 | debug!( |
| @@ -26,40 +26,10 @@ pub mod handlers; | |||
| 26 | pub mod routes; | 26 | pub mod routes; |
| 27 | pub mod schema; | 27 | pub mod schema; |
| 28 | 28 | ||
| 29 | pub const PRIVATE_KEY: &str = "-----BEGIN RSA PRIVATE KEY----- | 29 | use lazy_static::lazy_static; |
| 30 | MIIEogIBAAKCAQEAyGuqiCPGcguy+Y9TH7Bl7XlEsalyqb9bYlzpbV0dnqZ3lPkE | 30 | use std::fs; |
| 31 | PkuOhkN+GcuiV6iXtSwyh7nB+xTRXKJFRUBO/jbN8jfcxVwBu0JxjF3v1YRBxbOH | ||
| 32 | hz2A295mbKD9xHQCKxkfYBNkUXxj8gd+GaDvQiSW5NdrX/lEkvqfGtdEX1m2+Hdc | ||
| 33 | G0+3YW24Xg0znhCwLr+sorLuJaDy9Xa0Uo+DPWGC5s001U/BxkCIWJ+eJQCb7Bv+ | ||
| 34 | 9vXb8BGRK/ecMb/fb6h5O+8fgB64RCHMgcc2v+Q/dPt8kHX1OJdMuYUrUJGACppM | ||
| 35 | QY3W6e1HdlRIBcZKL2LMZ2CrIB/2D5LiJhPThQIDAQABAoIBABbHrg1lS5QA4mnd | ||
| 36 | MYyDh0JTq0wqP18t4dwvRVTp5Yj30NW87A+MlPmLyFR0QdKG1h+Ak4m7wmGgfx9x | ||
| 37 | TkBNy+y3G/dxBAXmrEe1iKR0tOLm8nbfLgNgKTpUb/3e2pkuumRdqaRI7/kXE2Ea | ||
| 38 | Guoc0bUJ5aDDH3A8K+As3lK1rw7LNxwxZdmqmpO+EAldP6NaLnXNP5BegjLK50xP | ||
| 39 | NXTDNx6pw+I2ZHHwC/A6+QVksSA6zPipI1poANaO0frHffwKhcEZ/VucuXlJGGq/ | ||
| 40 | aqXT/cc7IkKUVq8EZUwUqHi4SrnyDDq/mtuikSD0MazxumbeC6fBKRP98Kavy2rT | ||
| 41 | JItHSYECgYEA8H/yC9GDrR1bwBesD0pKdKBy18UMFQF3BrB04OjqdGzugdVafF4e | ||
| 42 | 7azYQQTQ0ZddLDvgYl0QYvQaZfv26L7o4VrN5XEg8WjUWKuww8XUYOCfPn4gOFL1 | ||
| 43 | ar8nQ0w3P65gYf/rw0rFMo3eB78rJMROYnG8nZ/3OdgQjVaYPJxFKmECgYEA1VZy | ||
| 44 | EQz8dHK3+F0EfQIFeXOSlYGUegmPZ9iYmh+yvW/zWKLYdXBEHNhAIRlBmfe7Yhj6 | ||
| 45 | 1FNluNGjFqZYuRnP0RuiBxt2RCd+AL90Lqq+O6jem4XNgr3cOKoaV0FbaU49sI4s | ||
| 46 | /B6iiYBFdVuPBiknz+Wf1KEF9lQ+w2VYSLucY6UCgYAWPe73ste3sehjWo0aGOfL | ||
| 47 | 427bj6ivZKRKZRVaG5BbVhu0vDOTHu1DU+HoGXbqe1ItnhgBYNP8ItEyL1xFaCqH | ||
| 48 | dOtn1c+TI/vHe5FseaZLk1qG4AlAzENQLP+HlMvjQtA9H/sA47BbHY20L7TgwJrz | ||
| 49 | NcuY1Et7+QSG3cRUjqtC4QKBgGuP+VUVehfwW0dzBrdMlJwGpGqS+dyKA271awOS | ||
| 50 | ZdlTn5saCA82OnFcqwDFLilGGYk9VQJGxivoLtVVq7gwBnLE/u2ccAWu773KyfZZ | ||
| 51 | ii6kVxCM5vA7b9R2F2/U+RTgKQRiutWnUIYJUXv5XORbTcJpYSugwFPRaA+2gkux | ||
| 52 | pAktAoGABRyVs5LOhQ/oeXe2H2kvuaUq9c7f/dTtnyMNdNxK0uZcQn4jcB2eK9kB | ||
| 53 | PDYHM9dfQ8xn51U0fTeaXjy/8Km8fyX2Jtxntlm6puyhSTJ8AX+FEgJkC4ajNEvA | ||
| 54 | mJ1Gsy2fXKUyyZdI2b74MLqOpzr9cvS60tmTIScuiHFzg/SJgiA= | ||
| 55 | -----END RSA PRIVATE KEY-----"; | ||
| 56 | 31 | ||
| 57 | pub const PUB_KEY: &str = "-----BEGIN PUBLIC KEY----- | 32 | lazy_static! { |
| 58 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGuqiCPGcguy+Y9TH7Bl | 33 | static ref PRIVATE_KEY: String = |
| 59 | 7XlEsalyqb9bYlzpbV0dnqZ3lPkEPkuOhkN+GcuiV6iXtSwyh7nB+xTRXKJFRUBO | 34 | fs::read_to_string("secrets/gradecoin.pem").expect("error reading 'secrets/gradecoin.pem'"); |
| 60 | /jbN8jfcxVwBu0JxjF3v1YRBxbOHhz2A295mbKD9xHQCKxkfYBNkUXxj8gd+GaDv | 35 | } |
| 61 | QiSW5NdrX/lEkvqfGtdEX1m2+HdcG0+3YW24Xg0znhCwLr+sorLuJaDy9Xa0Uo+D | ||
| 62 | PWGC5s001U/BxkCIWJ+eJQCb7Bv+9vXb8BGRK/ecMb/fb6h5O+8fgB64RCHMgcc2 | ||
| 63 | v+Q/dPt8kHX1OJdMuYUrUJGACppMQY3W6e1HdlRIBcZKL2LMZ2CrIB/2D5LiJhPT | ||
| 64 | hQIDAQAB | ||
| 65 | -----END PUBLIC KEY-----"; | ||
diff --git a/src/schema.rs b/src/schema.rs index 77e22c1..bbd4628 100644 --- a/src/schema.rs +++ b/src/schema.rs | |||
| @@ -315,6 +315,7 @@ pub struct InitialAuthRequest { | |||
| 315 | pub key: String, | 315 | pub key: String, |
| 316 | } | 316 | } |
| 317 | 317 | ||
| 318 | // Students who are authorized to have Gradecoin accounts | ||
| 318 | lazy_static! { | 319 | lazy_static! { |
| 319 | static ref OUR_STUDENTS: HashSet<(&'static str, &'static str)> = { | 320 | static ref OUR_STUDENTS: HashSet<(&'static str, &'static str)> = { |
| 320 | [ | 321 | [ |