forked from jmug/stoatchat
Add /login route.
This commit is contained in:
@@ -11,6 +11,13 @@ use bcrypt::{ hash, verify };
|
|||||||
use chrono::prelude::*;
|
use chrono::prelude::*;
|
||||||
use ulid::Ulid;
|
use ulid::Ulid;
|
||||||
|
|
||||||
|
fn gen_token(l: usize) -> String {
|
||||||
|
rand::thread_rng()
|
||||||
|
.sample_iter(&Alphanumeric)
|
||||||
|
.take(l)
|
||||||
|
.collect::<String>()
|
||||||
|
}
|
||||||
|
|
||||||
#[get("/")]
|
#[get("/")]
|
||||||
pub fn root(user: User) -> String {
|
pub fn root(user: User) -> String {
|
||||||
let User ( id, username, _doc ) = user;
|
let User ( id, username, _doc ) = user;
|
||||||
@@ -65,16 +72,15 @@ pub fn create(info: Json<Create>) -> JsonValue {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if let Ok(hashed) = hash(info.password.clone(), 10) {
|
if let Ok(hashed) = hash(info.password.clone(), 10) {
|
||||||
let code = rand::thread_rng()
|
let access_token = gen_token(64);
|
||||||
.sample_iter(&Alphanumeric)
|
let code = gen_token(48);
|
||||||
.take(48)
|
|
||||||
.collect::<String>();
|
|
||||||
|
|
||||||
match col.insert_one(doc! {
|
match col.insert_one(doc! {
|
||||||
"_id": Ulid::new().to_string(),
|
"_id": Ulid::new().to_string(),
|
||||||
"email": info.email.clone(),
|
"email": info.email.clone(),
|
||||||
"username": info.username.clone(),
|
"username": info.username.clone(),
|
||||||
"password": hashed,
|
"password": hashed,
|
||||||
|
"access_token": access_token,
|
||||||
"email_verification": {
|
"email_verification": {
|
||||||
"verified": false,
|
"verified": false,
|
||||||
"target": info.email.clone(),
|
"target": info.email.clone(),
|
||||||
@@ -182,11 +188,7 @@ pub fn resend_email(info: Json<Resend>) -> JsonValue {
|
|||||||
"error": "Hit rate limit! Please try again in a minute or so."
|
"error": "Hit rate limit! Please try again in a minute or so."
|
||||||
})
|
})
|
||||||
} else {
|
} else {
|
||||||
let code = rand::thread_rng()
|
let code = gen_token(48);
|
||||||
.sample_iter(&Alphanumeric)
|
|
||||||
.take(48)
|
|
||||||
.collect::<String>();
|
|
||||||
|
|
||||||
col.update_one(
|
col.update_one(
|
||||||
doc! { "_id": u.get_str("_id").expect("Failed to retrieve user id.") },
|
doc! { "_id": u.get_str("_id").expect("Failed to retrieve user id.") },
|
||||||
doc! {
|
doc! {
|
||||||
@@ -219,3 +221,54 @@ pub fn resend_email(info: Json<Resend>) -> JsonValue {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(Serialize, Deserialize)]
|
||||||
|
pub struct Login {
|
||||||
|
email: String,
|
||||||
|
password: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// login to a Revolt account
|
||||||
|
/// (1) find user by email
|
||||||
|
/// (2) verify password
|
||||||
|
/// (3) return access token
|
||||||
|
#[post("/login", data = "<info>")]
|
||||||
|
pub fn login(info: Json<Login>) -> JsonValue {
|
||||||
|
let col = database::get_db().collection("users");
|
||||||
|
|
||||||
|
if let Some(u) =
|
||||||
|
col.find_one(doc! { "email": info.email.clone() }, None).expect("Failed user lookup") {
|
||||||
|
match verify(info.password.clone(), u.get_str("password").expect("Missing password in user object!"))
|
||||||
|
.expect("Failed to check hash of password.") {
|
||||||
|
true => {
|
||||||
|
let token =
|
||||||
|
match u.get_str("access_token") {
|
||||||
|
Ok(t) => t.to_string(),
|
||||||
|
Err(_) => {
|
||||||
|
let token = gen_token(64);
|
||||||
|
col.update_one(
|
||||||
|
doc! { "_id": u.get_str("_id").expect("Missing id in user object!") },
|
||||||
|
doc! { "$set": { "access_token": token.clone() } },
|
||||||
|
None
|
||||||
|
).expect("Failed to update user object");
|
||||||
|
token
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
json!({
|
||||||
|
"success": true,
|
||||||
|
"access_token": token
|
||||||
|
})
|
||||||
|
},
|
||||||
|
false => json!({
|
||||||
|
"success": false,
|
||||||
|
"error": "Invalid password."
|
||||||
|
})
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
json!({
|
||||||
|
"success": false,
|
||||||
|
"error": "Email is not registered.",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -4,5 +4,5 @@ mod account;
|
|||||||
|
|
||||||
pub fn mount(rocket: Rocket) -> Rocket {
|
pub fn mount(rocket: Rocket) -> Rocket {
|
||||||
rocket
|
rocket
|
||||||
.mount("/api/account", routes![ account::root, account::create, account::verify_email, account::resend_email ])
|
.mount("/api/account", routes![ account::root, account::create, account::verify_email, account::resend_email, account::login ])
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user