diff options
-rw-r--r-- | src/handlers.rs | 33 | ||||
-rw-r--r-- | src/lib.rs | 42 | ||||
-rw-r--r-- | src/schema.rs | 1 |
3 files changed, 24 insertions, 52 deletions
diff --git a/src/handlers.rs b/src/handlers.rs index 251d970..5273324 100644 --- a/src/handlers.rs +++ b/src/handlers.rs | |||
@@ -7,6 +7,7 @@ use block_modes::{BlockMode, Cbc}; | |||
7 | use chrono::Utc; | 7 | use chrono::Utc; |
8 | use jsonwebtoken::errors::ErrorKind; | 8 | use jsonwebtoken::errors::ErrorKind; |
9 | use jsonwebtoken::{decode, Algorithm, DecodingKey, TokenData, Validation}; | 9 | use jsonwebtoken::{decode, Algorithm, DecodingKey, TokenData, Validation}; |
10 | use lazy_static::lazy_static; | ||
10 | use log::{debug, warn}; | 11 | use log::{debug, warn}; |
11 | use md5::Md5; | 12 | use md5::Md5; |
12 | use parking_lot::RwLockUpgradableReadGuard; | 13 | use parking_lot::RwLockUpgradableReadGuard; |
@@ -55,6 +56,21 @@ use crate::schema::{ | |||
55 | 56 | ||
56 | const BEARER: &str = "Bearer "; | 57 | const BEARER: &str = "Bearer "; |
57 | 58 | ||
59 | lazy_static! { | ||
60 | static ref DER_ENCODED: String = PRIVATE_KEY | ||
61 | .lines() | ||
62 | .filter(|line| !line.starts_with('-')) | ||
63 | .fold(String::new(), |mut data, line| { | ||
64 | data.push_str(&line); | ||
65 | data | ||
66 | }); | ||
67 | |||
68 | // base64(der(pem)) | ||
69 | // Our private key is saved in PEM (base64) format | ||
70 | static ref DER_BYTES: Vec<u8> = base64::decode(&*DER_ENCODED).expect("failed to decode base64 content"); | ||
71 | static ref GRADECOIN_PRIVATE_KEY: RSAPrivateKey = RSAPrivateKey::from_pkcs1(&DER_BYTES).expect("failed to parse key"); | ||
72 | } | ||
73 | |||
58 | /// POST request to /register endpoint | 74 | /// POST request to /register endpoint |
59 | /// | 75 | /// |
60 | /// Lets a [`User`] (=student) to authenticate themselves to the system | 76 | /// Lets a [`User`] (=student) to authenticate themselves to the system |
@@ -100,21 +116,6 @@ pub async fn authenticate_user( | |||
100 | // In essence PEM files are just base64 encoded versions of the DER encoded data. | 116 | // In essence PEM files are just base64 encoded versions of the DER encoded data. |
101 | // ~tls.mbed.org | 117 | // ~tls.mbed.org |
102 | 118 | ||
103 | // TODO: lazyload or something <14-04-21, yigit> // | ||
104 | // Load our RSA Private Key as DER | ||
105 | let der_encoded = PRIVATE_KEY | ||
106 | .lines() | ||
107 | .filter(|line| !line.starts_with('-')) | ||
108 | .fold(String::new(), |mut data, line| { | ||
109 | data.push_str(&line); | ||
110 | data | ||
111 | }); | ||
112 | |||
113 | // base64(der(pem)) | ||
114 | // Our private key is saved in PEM (base64) format | ||
115 | let der_bytes = base64::decode(&der_encoded).expect("failed to decode base64 content"); | ||
116 | let gradecoin_private_key = RSAPrivateKey::from_pkcs1(&der_bytes).expect("failed to parse key"); | ||
117 | |||
118 | let padding = PaddingScheme::new_oaep::<sha2::Sha256>(); | 119 | let padding = PaddingScheme::new_oaep::<sha2::Sha256>(); |
119 | 120 | ||
120 | // Peel away the base64 layer from "key" field | 121 | // Peel away the base64 layer from "key" field |
@@ -139,7 +140,7 @@ pub async fn authenticate_user( | |||
139 | }; | 140 | }; |
140 | 141 | ||
141 | // Decrypt the "key" field using Gradecoin's private key | 142 | // Decrypt the "key" field using Gradecoin's private key |
142 | let temp_key = match gradecoin_private_key.decrypt(padding, &key_ciphertext) { | 143 | let temp_key = match GRADECOIN_PRIVATE_KEY.decrypt(padding, &key_ciphertext) { |
143 | Ok(k) => k, | 144 | Ok(k) => k, |
144 | Err(err) => { | 145 | Err(err) => { |
145 | debug!( | 146 | debug!( |
@@ -26,40 +26,10 @@ pub mod handlers; | |||
26 | pub mod routes; | 26 | pub mod routes; |
27 | pub mod schema; | 27 | pub mod schema; |
28 | 28 | ||
29 | pub const PRIVATE_KEY: &str = "-----BEGIN RSA PRIVATE KEY----- | 29 | use lazy_static::lazy_static; |
30 | MIIEogIBAAKCAQEAyGuqiCPGcguy+Y9TH7Bl7XlEsalyqb9bYlzpbV0dnqZ3lPkE | 30 | use std::fs; |
31 | PkuOhkN+GcuiV6iXtSwyh7nB+xTRXKJFRUBO/jbN8jfcxVwBu0JxjF3v1YRBxbOH | ||
32 | hz2A295mbKD9xHQCKxkfYBNkUXxj8gd+GaDvQiSW5NdrX/lEkvqfGtdEX1m2+Hdc | ||
33 | G0+3YW24Xg0znhCwLr+sorLuJaDy9Xa0Uo+DPWGC5s001U/BxkCIWJ+eJQCb7Bv+ | ||
34 | 9vXb8BGRK/ecMb/fb6h5O+8fgB64RCHMgcc2v+Q/dPt8kHX1OJdMuYUrUJGACppM | ||
35 | QY3W6e1HdlRIBcZKL2LMZ2CrIB/2D5LiJhPThQIDAQABAoIBABbHrg1lS5QA4mnd | ||
36 | MYyDh0JTq0wqP18t4dwvRVTp5Yj30NW87A+MlPmLyFR0QdKG1h+Ak4m7wmGgfx9x | ||
37 | TkBNy+y3G/dxBAXmrEe1iKR0tOLm8nbfLgNgKTpUb/3e2pkuumRdqaRI7/kXE2Ea | ||
38 | Guoc0bUJ5aDDH3A8K+As3lK1rw7LNxwxZdmqmpO+EAldP6NaLnXNP5BegjLK50xP | ||
39 | NXTDNx6pw+I2ZHHwC/A6+QVksSA6zPipI1poANaO0frHffwKhcEZ/VucuXlJGGq/ | ||
40 | aqXT/cc7IkKUVq8EZUwUqHi4SrnyDDq/mtuikSD0MazxumbeC6fBKRP98Kavy2rT | ||
41 | JItHSYECgYEA8H/yC9GDrR1bwBesD0pKdKBy18UMFQF3BrB04OjqdGzugdVafF4e | ||
42 | 7azYQQTQ0ZddLDvgYl0QYvQaZfv26L7o4VrN5XEg8WjUWKuww8XUYOCfPn4gOFL1 | ||
43 | ar8nQ0w3P65gYf/rw0rFMo3eB78rJMROYnG8nZ/3OdgQjVaYPJxFKmECgYEA1VZy | ||
44 | EQz8dHK3+F0EfQIFeXOSlYGUegmPZ9iYmh+yvW/zWKLYdXBEHNhAIRlBmfe7Yhj6 | ||
45 | 1FNluNGjFqZYuRnP0RuiBxt2RCd+AL90Lqq+O6jem4XNgr3cOKoaV0FbaU49sI4s | ||
46 | /B6iiYBFdVuPBiknz+Wf1KEF9lQ+w2VYSLucY6UCgYAWPe73ste3sehjWo0aGOfL | ||
47 | 427bj6ivZKRKZRVaG5BbVhu0vDOTHu1DU+HoGXbqe1ItnhgBYNP8ItEyL1xFaCqH | ||
48 | dOtn1c+TI/vHe5FseaZLk1qG4AlAzENQLP+HlMvjQtA9H/sA47BbHY20L7TgwJrz | ||
49 | NcuY1Et7+QSG3cRUjqtC4QKBgGuP+VUVehfwW0dzBrdMlJwGpGqS+dyKA271awOS | ||
50 | ZdlTn5saCA82OnFcqwDFLilGGYk9VQJGxivoLtVVq7gwBnLE/u2ccAWu773KyfZZ | ||
51 | ii6kVxCM5vA7b9R2F2/U+RTgKQRiutWnUIYJUXv5XORbTcJpYSugwFPRaA+2gkux | ||
52 | pAktAoGABRyVs5LOhQ/oeXe2H2kvuaUq9c7f/dTtnyMNdNxK0uZcQn4jcB2eK9kB | ||
53 | PDYHM9dfQ8xn51U0fTeaXjy/8Km8fyX2Jtxntlm6puyhSTJ8AX+FEgJkC4ajNEvA | ||
54 | mJ1Gsy2fXKUyyZdI2b74MLqOpzr9cvS60tmTIScuiHFzg/SJgiA= | ||
55 | -----END RSA PRIVATE KEY-----"; | ||
56 | 31 | ||
57 | pub const PUB_KEY: &str = "-----BEGIN PUBLIC KEY----- | 32 | lazy_static! { |
58 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGuqiCPGcguy+Y9TH7Bl | 33 | static ref PRIVATE_KEY: String = |
59 | 7XlEsalyqb9bYlzpbV0dnqZ3lPkEPkuOhkN+GcuiV6iXtSwyh7nB+xTRXKJFRUBO | 34 | fs::read_to_string("secrets/gradecoin.pem").expect("error reading 'secrets/gradecoin.pem'"); |
60 | /jbN8jfcxVwBu0JxjF3v1YRBxbOHhz2A295mbKD9xHQCKxkfYBNkUXxj8gd+GaDv | 35 | } |
61 | QiSW5NdrX/lEkvqfGtdEX1m2+HdcG0+3YW24Xg0znhCwLr+sorLuJaDy9Xa0Uo+D | ||
62 | PWGC5s001U/BxkCIWJ+eJQCb7Bv+9vXb8BGRK/ecMb/fb6h5O+8fgB64RCHMgcc2 | ||
63 | v+Q/dPt8kHX1OJdMuYUrUJGACppMQY3W6e1HdlRIBcZKL2LMZ2CrIB/2D5LiJhPT | ||
64 | hQIDAQAB | ||
65 | -----END PUBLIC KEY-----"; | ||
diff --git a/src/schema.rs b/src/schema.rs index 77e22c1..bbd4628 100644 --- a/src/schema.rs +++ b/src/schema.rs | |||
@@ -315,6 +315,7 @@ pub struct InitialAuthRequest { | |||
315 | pub key: String, | 315 | pub key: String, |
316 | } | 316 | } |
317 | 317 | ||
318 | // Students who are authorized to have Gradecoin accounts | ||
318 | lazy_static! { | 319 | lazy_static! { |
319 | static ref OUR_STUDENTS: HashSet<(&'static str, &'static str)> = { | 320 | static ref OUR_STUDENTS: HashSet<(&'static str, &'static str)> = { |
320 | [ | 321 | [ |