mirror/mCaptcha
1
0
Fork 1
mirror of https://github.com/mCaptcha/mCaptcha.git synced 2026-02-13 02:55:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

domain verification

Browse Source
This commit is contained in:
realaravinth
2021-03-26 22:18:01 +05:30
parent ee548588a8
commit 51764817f9
17 changed files with 623 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

219
src/api/v1/mcaptcha/domains.rs
View File

@@ -17,10 +17,11 @@
use actix_identity::Identity;
use actix_web::{post, web, HttpResponse, Responder};
use awc::Client;
use serde::{Deserialize, Serialize};
use url::Url;
use super::is_authenticated;
use super::{get_random, is_authenticated};
use crate::errors::*;
use crate::Data;
@@ -37,25 +38,115 @@ pub async fn add_domain(
) -> ServiceResult<impl Responder> {
is_authenticated(&id)?;
let url = Url::parse(&payload.name)?;
if let Some(host) = url.host_str() {
let user = id.identity().unwrap();
let res = sqlx::query!(
"INSERT INTO mcaptcha_domains (name, ID) VALUES
($1, (SELECT ID FROM mcaptcha_users WHERE name = ($2) ));",
host,
user
)
.execute(&data.db)
.await;
match res {
Err(e) => Err(dup_error(e, ServiceError::HostnameTaken)),
Ok(_) => Ok(HttpResponse::Ok()),
}
} else {
Err(ServiceError::NotAUrl)
let host = url.host_str().ok_or(ServiceError::NotAUrl)?;
let user = id.identity().unwrap();
let challenge = get_random(32);
let res = sqlx::query!(
"INSERT INTO mcaptcha_domains_unverified (name, owner_id, verification_challenge) VALUES
($1, (SELECT ID FROM mcaptcha_users WHERE name = ($2) ), $3);",
host,
user,
challenge
)
.execute(&data.db)
.await;
match res {
Err(e) => Err(dup_error(e, ServiceError::HostnameTaken)),
Ok(_) => Ok(HttpResponse::Ok()),
}
}
#[derive(Clone, Debug, Deserialize, Serialize)]
pub struct Challenge {
verification_challenge: String,
}
#[post("/api/v1/mcaptcha/domain/verify/challenge/get")]
pub async fn get_challenge(
payload: web::Json<Domain>,
data: web::Data<Data>,
id: Identity,
client: web::Data<Client>,
) -> ServiceResult<impl Responder> {
is_authenticated(&id)?;
let url = Url::parse(&payload.name)?;
let host = url.host_str().ok_or(ServiceError::NotAUrl).unwrap();
let user = id.identity().unwrap();
let res = sqlx::query_as!(
Challenge,
"SELECT verification_challenge
FROM mcaptcha_domains_unverified where
name = $1 AND owner_id = (SELECT ID from mcaptcha_users where name = $2)",
host,
user,
)
.fetch_one(&data.db)
.await
.unwrap();
Ok(HttpResponse::Ok().json(res))
}
#[post("/api/v1/mcaptcha/domain/verify/challenge/prove")]
pub async fn verify(
payload: web::Json<Domain>,
data: web::Data<Data>,
client: web::Data<Client>,
id: Identity,
) -> ServiceResult<impl Responder> {
use futures::{future::TryFutureExt, try_join};
is_authenticated(&id).unwrap();
//let url = Url::parse(&payload.name).unwrap();
//let host = url.host_str().ok_or(ServiceError::NotAUrl).unwrap();
//let user = id.identity().unwrap();
//let challenge_fut = sqlx::query_as!(
// Challenge,
// "SELECT verification_challenge
// FROM mcaptcha_domains_unverified where
// name = $1 AND owner_id = (SELECT ID from mcaptcha_users where name = $2)",
// &host,
// &user,
//)
//.fetch_one(&data.db)
//.map_err(|e| {
// let r: ServiceError = e.into();
// r
//});
//let res_fut = client.get(host).send().map_err(|e| {
// let r: ServiceError = e.into();
// r
//});
//let (challenge, mut server_res) = try_join!(challenge_fut, res_fut).unwrap();
//let server_resp: Challenge = server_res
// .json()
// .await
// .map_err(|_| return ServiceError::ChallengeCourruption)
// .unwrap();
//if server_resp.verification_challenge == challenge.verification_challenge {
// sqlx::query!(
// "INSERT INTO mcaptcha_domains_verified (name, owner_id) VALUES
// ($1, (SELECT ID from mcaptcha_users WHERE name = $2))",
// &host,
// &user
// )
// .execute(&data.db)
// .await
// .unwrap();
// // TODO delete staging unverified
Ok(HttpResponse::Ok())
//} else {
// Err(ServiceError::ChallengeVerificationFailure)
//}
}
#[post("/api/v1/mcaptcha/domain/delete")]
pub async fn delete_domain(
payload: web::Json<Domain>,
@@ -64,14 +155,14 @@ pub async fn delete_domain(
) -> ServiceResult<impl Responder> {
is_authenticated(&id)?;
let url = Url::parse(&payload.name)?;
if let Some(host) = url.host_str() {
sqlx::query!("DELETE FROM mcaptcha_domains WHERE name = ($1)", host,)
.execute(&data.db)
.await?;
Ok(HttpResponse::Ok())
} else {
Err(ServiceError::NotAUrl)
}
let host = url.host_str().ok_or(ServiceError::NotAUrl)?;
sqlx::query!(
"DELETE FROM mcaptcha_domains_verified WHERE name = ($1)",
host,
)
.execute(&data.db)
.await?;
Ok(HttpResponse::Ok())
}
// Workflow:
@@ -150,4 +241,82 @@ mod tests {
)
.await;
}
#[actix_rt::test]
async fn domain_verification_works() {
use crate::api::v1::tests::*;
use awc::Client;
use std::sync::mpsc;
use std::thread;
const NAME: &str = "testdomainveri";
const PASSWORD: &str = "longpassworddomain";
const EMAIL: &str = "domainverification@a.com";
const DOMAIN: &str = "http://localhost:18001";
const IP: &str = "localhost:18001";
const CHALLENGE_GET: &str = "/api/v1/mcaptcha/domain/verify/challenge/get";
const CHALLENGE_VERIFY: &str = "/api/v1/mcaptcha/domain/verify/challenge/prove";
{
let data = Data::new().await;
delete_user(NAME, &data).await;
}
let (tx, rx) = mpsc::channel();
thread::spawn(move || {
rt::System::new("").block_on(server(IP, tx));
});
let srv = rx.recv().unwrap();
let client = Client::new();
let (data, _, signin_resp) = register_and_signin(NAME, EMAIL, PASSWORD).await;
let cookies = get_cookie!(signin_resp);
let mut app = test::init_service(
App::new()
.wrap(get_identity_service())
.configure(v1_services)
.data(data.clone())
.data(client.clone()),
)
.await;
let domain = Domain {
name: DOMAIN.into(),
};
let add_domain_resp = test::call_service(
&mut app,
post_request!(&domain, "/api/v1/mcaptcha/domain/add")
.cookie(cookies.clone())
.to_request(),
)
.await;
assert_eq!(add_domain_resp.status(), StatusCode::OK);
let get_challenge_resp = test::call_service(
&mut app,
post_request!(&domain, CHALLENGE_GET)
.cookie(cookies.clone())
.to_request(),
)
.await;
assert_eq!(get_challenge_resp.status(), StatusCode::OK);
let challenge: Challenge = test::read_body_json(get_challenge_resp).await;
client
.post(format!("{}/domain_verification_works/", DOMAIN))
.send_json(&challenge)
.await
.unwrap();
let verify_challenge_resp = test::call_service(
&mut app,
post_request!(&domain, CHALLENGE_VERIFY)
.cookie(cookies.clone())
.to_request(),
)
.await;
assert_eq!(verify_challenge_resp.status(), StatusCode::OK);
srv.stop(true).await;
}
}

56
src/api/v1/mcaptcha/mcaptcha.rs
View File

@@ -20,7 +20,7 @@ use actix_web::{post, web, HttpResponse, Responder};
use serde::{Deserialize, Serialize};
use url::Url;
use super::is_authenticated;
use super::{get_random, is_authenticated};
use crate::errors::*;
use crate::Data;
@@ -46,32 +46,30 @@ pub async fn add_mcaptcha(
let key = get_random(32);
let url = Url::parse(&payload.domain)?;
println!("got req");
if let Some(host) = url.host_str() {
let res = sqlx::query!(
"INSERT INTO mcaptcha_config
let host = url.host_str().ok_or(ServiceError::NotAUrl)?;
let res = sqlx::query!(
"INSERT INTO mcaptcha_config
(name, key, domain_name)
VALUES ($1, $2, (
SELECT name FROM mcaptcha_domains WHERE name = ($3)))",
&payload.name,
&key,
&host,
)
.execute(&data.db)
.await;
SELECT name FROM mcaptcha_domains_verified WHERE name = ($3)))",
&payload.name,
&key,
&host,
)
.execute(&data.db)
.await;
match res {
Err(e) => Err(dup_error(e, ServiceError::TokenNameTaken)),
Ok(_) => {
let resp = MCaptchaDetails {
key,
name: payload.into_inner().name,
};
match res {
Err(e) => Err(dup_error(e, ServiceError::TokenNameTaken)),
Ok(_) => {
let resp = MCaptchaDetails {
key,
name: payload.into_inner().name,
};
Ok(HttpResponse::Ok().json(resp))
}
Ok(HttpResponse::Ok().json(resp))
}
} else {
Err(ServiceError::NotAUrl)
}
}
@@ -91,20 +89,6 @@ pub async fn delete_mcaptcha(
Ok(HttpResponse::Ok())
}
fn get_random(len: usize) -> String {
use std::iter;
use rand::{distributions::Alphanumeric, rngs::ThreadRng, thread_rng, Rng};
let mut rng: ThreadRng = thread_rng();
iter::repeat(())
.map(|()| rng.sample(Alphanumeric))
.map(char::from)
.take(len)
.collect::<String>()
}
// Workflow:
// 1. Sign up
// 2. Sign in

14
src/api/v1/mcaptcha/mod.rs
View File

@@ -21,3 +21,17 @@ pub mod levels;
pub mod mcaptcha;
pub use super::auth::is_authenticated;
pub fn get_random(len: usize) -> String {
use std::iter;
use rand::{distributions::Alphanumeric, rngs::ThreadRng, thread_rng, Rng};
let mut rng: ThreadRng = thread_rng();
iter::repeat(())
.map(|()| rng.sample(Alphanumeric))
.map(char::from)
.take(len)
.collect::<String>()
}