From edfab6ae2f97a7288ff456265050c01ff397ea8c Mon Sep 17 00:00:00 2001
From: Yigit Sever
Date: Wed, 14 Apr 2021 03:27:27 +0300
Subject: [WIP] Initial implementation of user auth

There is a dance involved and everything

Write down specs for RSA and AES, padding scheme, ugh.
---
 src/handlers.rs | 34 ++++++++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

(limited to 'src/handlers.rs')

diff --git a/src/handlers.rs b/src/handlers.rs
index b9df931..9d1bb10 100644
--- a/src/handlers.rs
+++ b/src/handlers.rs
@@ -1,3 +1,4 @@
+use base64;
 /// API handlers, the ends of each filter chain
 use blake2::{Blake2s, Digest};
 use jsonwebtoken::errors::ErrorKind;
@@ -5,12 +6,16 @@ use jsonwebtoken::{decode, Algorithm, DecodingKey, TokenData, Validation};
 use log::{debug, warn};
 use md5::Md5;
 use parking_lot::RwLockUpgradableReadGuard;
+use rsa::{PaddingScheme, RSAPrivateKey};
 use serde::Serialize;
 use serde_json;
+use sha2;
 use std::convert::Infallible;
 use std::fs;
 use warp::{http::StatusCode, reply};
 
+use crate::PRIVATE_KEY;
+
 #[derive(Serialize, Debug)]
 struct GradeCoinResponse {
     res: ResponseType,
@@ -23,7 +28,9 @@ enum ResponseType {
     Error,
 }
 
-use crate::schema::{AuthRequest, Block, Claims, Db, MetuId, NakedBlock, Transaction, User};
+use crate::schema::{
+    AuthRequest, Block, Claims, Db, InitialAuthRequest, MetuId, NakedBlock, Transaction, User,
+};
 
 const BEARER: &str = "Bearer ";
 
@@ -32,11 +39,34 @@ const BEARER: &str = "Bearer ";
 /// Lets a [`User`] (=student) to authenticate themselves to the system
 /// This `request` can be rejected if the payload is malformed (= not authenticated properly) or if
 /// the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account
+/// The request first comes in encrypted
 pub async fn authenticate_user(
-    request: AuthRequest,
+    request: InitialAuthRequest,
     db: Db,
 ) -> Result<impl warp::Reply, warp::Rejection> {
     debug!("POST request to /register, authenticate_user");
+
+    // TODO: lazyload or something <14-04-21, yigit> //
+    let der_encoded = PRIVATE_KEY
+        .lines()
+        .filter(|line| !line.starts_with("-"))
+        .fold(String::new(), |mut data, line| {
+            data.push_str(&line);
+            data
+        });
+    let der_bytes = base64::decode(&der_encoded).expect("failed to decode base64 content");
+    let private_key = RSAPrivateKey::from_pkcs1(&der_bytes).expect("failed to parse key");
+
+    let padding = PaddingScheme::new_oaep::<sha2::Sha256>();
+    let dec_key = private_key
+        .decrypt(padding, &request.key.as_bytes())
+        .expect("failed to decrypt");
+
+    // then decrypt c using key dec_key
+
+    // let request: AuthRequest = serde_json::from_str(&String::from_utf8(dec_data).unwrap()).unwrap();
+    let request;
+
     let provided_id = request.student_id.clone();
 
     let priv_student_id = match MetuId::new(request.student_id, request.passwd) {
-- 
cgit v1.2.3-70-g09d2