Login sessionn stuff?

This commit is contained in:
Daniel Flanagan 2023-11-14 16:43:49 -06:00
parent 61e3a2cc31
commit 10d57a83be
Signed by: lytedev
GPG key ID: 5B2020A0F9921EF4
7 changed files with 210 additions and 37 deletions

108
Cargo.lock generated
View file

@ -288,6 +288,26 @@ dependencies = [
"tower-service", "tower-service",
] ]
[[package]]
name = "axum-login"
version = "0.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6eee4df0cdb40a1d9fbc49b709bda6eb9e94f9b4b7ab6affe03582c180e6a5d9"
dependencies = [
"async-trait",
"axum",
"http",
"ring",
"serde",
"thiserror",
"tower-cookies",
"tower-layer",
"tower-service",
"tower-sessions",
"tracing",
"urlencoding",
]
[[package]] [[package]]
name = "axum-macros" name = "axum-macros"
version = "0.3.8" version = "0.3.8"
@ -309,7 +329,7 @@ dependencies = [
"async-trait", "async-trait",
"axum-core", "axum-core",
"base64ct", "base64ct",
"cookie", "cookie 0.18.0",
"hmac", "hmac",
"http", "http",
"rand", "rand",
@ -590,6 +610,17 @@ version = "0.9.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f"
[[package]]
name = "cookie"
version = "0.17.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7efb37c3e1ccb1ff97164ad95ac1606e8ccd35b3fa0a7d99a304c7f4a428cc24"
dependencies = [
"percent-encoding",
"time",
"version_check",
]
[[package]] [[package]]
name = "cookie" name = "cookie"
version = "0.18.0" version = "0.18.0"
@ -686,6 +717,19 @@ dependencies = [
"cipher", "cipher",
] ]
[[package]]
name = "dashmap"
version = "5.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856"
dependencies = [
"cfg-if",
"hashbrown 0.14.2",
"lock_api",
"once_cell",
"parking_lot_core",
]
[[package]] [[package]]
name = "der" name = "der"
version = "0.7.8" version = "0.7.8"
@ -911,6 +955,17 @@ version = "0.3.29"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8bf34a163b5c4c52d0478a4d757da8fb65cabef42ba90515efee0f6f9fa45aaa" checksum = "8bf34a163b5c4c52d0478a4d757da8fb65cabef42ba90515efee0f6f9fa45aaa"
[[package]]
name = "futures-macro"
version = "0.3.29"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "53b153fd91e4b0147f4aced87be237c98248656bb01050b96bf3ee89220a8ddb"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.39",
]
[[package]] [[package]]
name = "futures-sink" name = "futures-sink"
version = "0.3.29" version = "0.3.29"
@ -932,6 +987,7 @@ dependencies = [
"futures-channel", "futures-channel",
"futures-core", "futures-core",
"futures-io", "futures-io",
"futures-macro",
"futures-sink", "futures-sink",
"futures-task", "futures-task",
"memchr", "memchr",
@ -1325,6 +1381,7 @@ checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45"
dependencies = [ dependencies = [
"autocfg", "autocfg",
"scopeguard", "scopeguard",
"serde",
] ]
[[package]] [[package]]
@ -1340,11 +1397,12 @@ dependencies = [
"anyhow", "anyhow",
"argon2", "argon2",
"axum", "axum",
"axum-login",
"axum-macros", "axum-macros",
"axum_csrf", "axum_csrf",
"base64", "base64",
"color-eyre", "color-eyre",
"cookie", "cookie 0.18.0",
"maud", "maud",
"notify", "notify",
"password-hash", "password-hash",
@ -2927,6 +2985,23 @@ dependencies = [
"tracing", "tracing",
] ]
[[package]]
name = "tower-cookies"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "40f38d941a2ffd8402b36e02ae407637a9caceb693aaf2edc910437db0f36984"
dependencies = [
"async-trait",
"axum-core",
"cookie 0.17.0",
"futures-util",
"http",
"parking_lot",
"pin-project-lite",
"tower-layer",
"tower-service",
]
[[package]] [[package]]
name = "tower-http" name = "tower-http"
version = "0.4.4" version = "0.4.4"
@ -2978,6 +3053,29 @@ version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52" checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52"
[[package]]
name = "tower-sessions"
version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7f5468ed4acd72d325bd66f18decb233bd0d4bfce1aaa56544b148c999df4bef"
dependencies = [
"async-trait",
"axum-core",
"dashmap",
"futures",
"http",
"parking_lot",
"serde",
"serde_json",
"thiserror",
"time",
"tower-cookies",
"tower-layer",
"tower-service",
"tracing",
"uuid",
]
[[package]] [[package]]
name = "tracing" name = "tracing"
version = "0.1.40" version = "0.1.40"
@ -3131,6 +3229,12 @@ dependencies = [
"percent-encoding", "percent-encoding",
] ]
[[package]]
name = "urlencoding"
version = "2.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da"
[[package]] [[package]]
name = "utf8parse" name = "utf8parse"
version = "0.2.1" version = "0.2.1"

View file

@ -33,3 +33,4 @@ sea-orm = { version = "0.12.6", features = ["sqlx-sqlite", "macros", "runtime-to
sea-orm-migration = { version = "0.12.6", features = ["sqlx-sqlite"] } sea-orm-migration = { version = "0.12.6", features = ["sqlx-sqlite"] }
uuid = { version = "1.5.0", features = ["v7", "atomic", "fast-rng", "macro-diagnostics"] } uuid = { version = "1.5.0", features = ["v7", "atomic", "fast-rng", "macro-diagnostics"] }
password-hash = "0.5.0" password-hash = "0.5.0"
axum-login = "0.7.3"

View file

@ -1,14 +1,25 @@
# Setup
```shell
$ direnv allow
```
# Running # Running
``` ```shell
nix shell $ cargo run
cargo run
``` ```
# Testing # Testing
``` ```shell
cargo test cargo test
cargo run cargo run
hurl contract.hurl --variable base='http://localhost:3000' --verbose hurl contract.hurl --variable base='http://localhost:3000' --verbose
``` ```
# Regenerate Entities
```shell
$ sea-orm-cli generate entity -u $DATABASE_URL -o src/entities
```

View file

@ -1,9 +1,10 @@
use maud::{html, Markup, PreEscaped}; use maud::{html, Markup, PreEscaped, DOCTYPE};
use crate::feather_icons; use crate::feather_icons;
pub fn header() -> Markup { pub fn header() -> Markup {
html! { html! {
(DOCTYPE)
head { head {
link rel="stylesheet" href="/assets/styles.css" {} link rel="stylesheet" href="/assets/styles.css" {}
link rel="icon" href="/assets/favicon.svg" {} link rel="icon" href="/assets/favicon.svg" {}

View file

@ -4,9 +4,11 @@ use crate::{error::AppError, views};
use argon2::password_hash::rand_core::OsRng; use argon2::password_hash::rand_core::OsRng;
use argon2::password_hash::SaltString; use argon2::password_hash::SaltString;
use argon2::{Argon2, PasswordHasher}; use argon2::{Argon2, PasswordHasher};
use axum::async_trait;
use axum::extract::State; use axum::extract::State;
use axum::{http::StatusCode, response::Html, routing::get, Form, Router}; use axum::{http::StatusCode, response::Html, routing::get, Form, Router};
use axum_csrf::{CsrfConfig, CsrfLayer, CsrfToken}; use axum_csrf::{CsrfConfig, CsrfLayer, CsrfToken};
use axum_login::{AuthUser, AuthnBackend, UserId};
use base64::prelude::*; use base64::prelude::*;
use maud::html; use maud::html;
use notify::Watcher; use notify::Watcher;
@ -121,16 +123,68 @@ async fn register(
)) ))
} }
#[derive(Deserialize)] #[derive(Deserialize, Clone)]
struct Login { pub struct Login {
authenticity_token: String, authenticity_token: String,
username: String, username: String,
password: String, password: String,
} }
async fn login(c: CsrfToken, Form(f): Form<Login>) -> AppRes { type AuthSession = axum_login::AuthSession<state::State>;
impl AuthUser for user::Model {
type Id = uuid::Uuid;
fn id(&self) -> Self::Id {
uuid::Uuid::try_from(self.id.clone()).expect("failed to convert user ID to UUID")
}
fn session_auth_hash(&self) -> &[u8] {
self.password_digest.as_bytes()
}
}
#[async_trait]
impl AuthnBackend for state::State {
type User = user::Model;
type Credentials = Login;
type Error = AppError;
async fn authenticate(&self, l: Self::Credentials) -> Result<Option<Self::User>, Self::Error> {
Ok(User::find()
.filter(user::Column::Username.eq(l.username))
// TODO: will this have index problems since I'm searching over the password digest?
.filter(user::Column::PasswordDigest.eq(password_digest(l.password)?))
.one(&self.db)
.await?)
}
async fn get_user(&self, user_id: &UserId<Self>) -> Result<Option<Self::User>, Self::Error> {
Ok(User::find_by_id(*user_id).one(&self.db).await?)
}
}
async fn login(mut auth: AuthSession, c: CsrfToken, Form(f): Form<Login>) -> AppRes {
csrf_verify(c, &f.authenticity_token)?; csrf_verify(c, &f.authenticity_token)?;
let user = match auth.authenticate(f.clone()).await {
Ok(Some(user)) => user,
Ok(None) => return Ok((StatusCode::UNAUTHORIZED, Html("user not found".to_string()))),
Err(e) => {
return Ok((
StatusCode::INTERNAL_SERVER_ERROR,
Html(format!("failed to authenticate user: {}", e)),
))
}
};
if let Err(e) = auth.login(&user).await {
return Ok((
StatusCode::INTERNAL_SERVER_ERROR,
Html(format!("failed to login user: {}", e)),
));
}
Ok(( Ok((
StatusCode::OK, StatusCode::OK,
Html( Html(

View file

@ -5,6 +5,7 @@ use sea_orm_migration::MigratorTrait;
use crate::migrator::Migrator; use crate::migrator::Migrator;
#[derive(Clone)]
pub struct State { pub struct State {
pub db: DatabaseConnection, pub db: DatabaseConnection,
} }

View file

@ -90,11 +90,14 @@ pub async fn login(t: CsrfToken) -> impl IntoResponse {
form method="post" { form method="post" {
input type="hidden" name="authenticity_token" value=(token) {} input type="hidden" name="authenticity_token" value=(token) {}
label { label {
input {} "Username:"
input name="username" {}
} }
label { label {
input {} "Password:"
input type="password" name="password" {}
} }
button type="submit" { "Login" }
} }
} }
(footer()) (footer())
@ -105,21 +108,18 @@ pub async fn login(t: CsrfToken) -> impl IntoResponse {
.await .await
} }
pub async fn all_users(State(s): State<Arc<state::State>>) -> Result<Html<String>, AppError> { pub async fn all_users(State(s): State<Arc<state::State>>) -> AppRes {
let users: Vec<user::Model> = User::find().all(&s.db).await?; let users: Vec<user::Model> = User::find().all(&s.db).await?;
// @if let Some(name) = u.name { Ok((
// name StatusCode::OK,
// } @else { Html(
// "N/A"
// }
Ok(Html(
html! { html! {
(header()) (header())
main class="prose" { main class="prose" {
h1 { "Users" } h1 { "Users" }
ul { ul {
@if users.len() < 1 { @if users.is_empty() {
li { "It looks like there are no users yet!" } li { "It looks like there are no users yet!" }
} else { } else {
@for u in users { @for u in users {
@ -138,6 +138,7 @@ pub async fn all_users(State(s): State<Arc<state::State>>) -> Result<Html<String
(footer()) (footer())
} }
.into_string(), .into_string(),
),
)) ))
} }