summaryrefslogtreecommitdiffstats
path: root/src/handlers.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/handlers.rs')
-rw-r--r--src/handlers.rs34
1 files changed, 32 insertions, 2 deletions
diff --git a/src/handlers.rs b/src/handlers.rs
index b9df931..9d1bb10 100644
--- a/src/handlers.rs
+++ b/src/handlers.rs
@@ -1,3 +1,4 @@
1use base64;
1/// API handlers, the ends of each filter chain 2/// API handlers, the ends of each filter chain
2use blake2::{Blake2s, Digest}; 3use blake2::{Blake2s, Digest};
3use jsonwebtoken::errors::ErrorKind; 4use jsonwebtoken::errors::ErrorKind;
@@ -5,12 +6,16 @@ use jsonwebtoken::{decode, Algorithm, DecodingKey, TokenData, Validation};
5use log::{debug, warn}; 6use log::{debug, warn};
6use md5::Md5; 7use md5::Md5;
7use parking_lot::RwLockUpgradableReadGuard; 8use parking_lot::RwLockUpgradableReadGuard;
9use rsa::{PaddingScheme, RSAPrivateKey};
8use serde::Serialize; 10use serde::Serialize;
9use serde_json; 11use serde_json;
12use sha2;
10use std::convert::Infallible; 13use std::convert::Infallible;
11use std::fs; 14use std::fs;
12use warp::{http::StatusCode, reply}; 15use warp::{http::StatusCode, reply};
13 16
17use crate::PRIVATE_KEY;
18
14#[derive(Serialize, Debug)] 19#[derive(Serialize, Debug)]
15struct GradeCoinResponse { 20struct GradeCoinResponse {
16 res: ResponseType, 21 res: ResponseType,
@@ -23,7 +28,9 @@ enum ResponseType {
23 Error, 28 Error,
24} 29}
25 30
26use crate::schema::{AuthRequest, Block, Claims, Db, MetuId, NakedBlock, Transaction, User}; 31use crate::schema::{
32 AuthRequest, Block, Claims, Db, InitialAuthRequest, MetuId, NakedBlock, Transaction, User,
33};
27 34
28const BEARER: &str = "Bearer "; 35const BEARER: &str = "Bearer ";
29 36
@@ -32,11 +39,34 @@ const BEARER: &str = "Bearer ";
32/// Lets a [`User`] (=student) to authenticate themselves to the system 39/// Lets a [`User`] (=student) to authenticate themselves to the system
33/// This `request` can be rejected if the payload is malformed (= not authenticated properly) or if 40/// This `request` can be rejected if the payload is malformed (= not authenticated properly) or if
34/// the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account 41/// the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account
42/// The request first comes in encrypted
35pub async fn authenticate_user( 43pub async fn authenticate_user(
36 request: AuthRequest, 44 request: InitialAuthRequest,
37 db: Db, 45 db: Db,
38) -> Result<impl warp::Reply, warp::Rejection> { 46) -> Result<impl warp::Reply, warp::Rejection> {
39 debug!("POST request to /register, authenticate_user"); 47 debug!("POST request to /register, authenticate_user");
48
49 // TODO: lazyload or something <14-04-21, yigit> //
50 let der_encoded = PRIVATE_KEY
51 .lines()
52 .filter(|line| !line.starts_with("-"))
53 .fold(String::new(), |mut data, line| {
54 data.push_str(&line);
55 data
56 });
57 let der_bytes = base64::decode(&der_encoded).expect("failed to decode base64 content");
58 let private_key = RSAPrivateKey::from_pkcs1(&der_bytes).expect("failed to parse key");
59
60 let padding = PaddingScheme::new_oaep::<sha2::Sha256>();
61 let dec_key = private_key
62 .decrypt(padding, &request.key.as_bytes())
63 .expect("failed to decrypt");
64
65 // then decrypt c using key dec_key
66
67 // let request: AuthRequest = serde_json::from_str(&String::from_utf8(dec_data).unwrap()).unwrap();
68 let request;
69
40 let provided_id = request.student_id.clone(); 70 let provided_id = request.student_id.clone();
41 71
42 let priv_student_id = match MetuId::new(request.student_id, request.passwd) { 72 let priv_student_id = match MetuId::new(request.student_id, request.passwd) {