diff --git a/src/api/v1/auth.rs b/src/api/v1/auth.rs index 39cc8656..6689b1bf 100644 --- a/src/api/v1/auth.rs +++ b/src/api/v1/auth.rs @@ -17,7 +17,7 @@ use std::borrow::Cow; use actix_identity::Identity; -use actix_web::{post, web, HttpResponse, Responder}; +use actix_web::{get, post, web, HttpResponse, Responder}; use log::debug; use serde::{Deserialize, Serialize}; @@ -56,7 +56,16 @@ pub async fn signup( loop { secret = get_random(32); - let res = add_user_helper(&username, &hash, &payload.email, &secret, &data).await; + let res = sqlx::query!( + "INSERT INTO mcaptcha_users + (name , password, email, secret) VALUES ($1, $2, $3, $4)", + &username, + &hash, + &payload.email, + &secret, + ) + .execute(&data.db) + .await; if res.is_ok() { break; } else { @@ -79,27 +88,6 @@ pub async fn signup( Ok(HttpResponse::Ok()) } -pub async fn add_user_helper( - username: &str, - hash: &str, - email: &str, - secret: &str, - data: &Data, -) -> Result<(), sqlx::Error> { - sqlx::query!( - "INSERT INTO mcaptcha_users - (name , password, email, secret) VALUES ($1, $2, $3, $4)", - username, - hash, - email, - //get_random(32), - secret, - ) - .execute(&data.db) - .await?; - Ok(()) -} - #[post("/api/v1/signin")] pub async fn signin( id: Identity, @@ -132,6 +120,28 @@ pub async fn signin( } } +#[derive(Clone, Debug, Deserialize, Serialize)] +pub struct Secret { + pub secret: String, +} + +#[get("/api/v1/account/secret/")] +pub async fn get_secret(id: Identity, data: web::Data) -> ServiceResult { + is_authenticated(&id)?; + + let username = id.identity().unwrap(); + + let secret = sqlx::query_as!( + Secret, + r#"SELECT secret FROM mcaptcha_users WHERE name = ($1)"#, + &username, + ) + .fetch_one(&data.db) + .await?; + + Ok(HttpResponse::Ok().json(secret)) +} + #[post("/api/v1/signout")] pub async fn signout(id: Identity) -> impl Responder { if let Some(_) = id.identity() { diff --git a/src/api/v1/mcaptcha/levels.rs b/src/api/v1/mcaptcha/levels.rs index 0b0396eb..fc1fdd45 100644 --- a/src/api/v1/mcaptcha/levels.rs +++ b/src/api/v1/mcaptcha/levels.rs @@ -219,7 +219,6 @@ mod tests { const NAME: &str = "testuserlevelroutes"; const PASSWORD: &str = "longpassworddomain"; const EMAIL: &str = "testuserlevelrouts@a.com"; - const ADD_URL: &str = "/api/v1/mcaptcha/levels/add"; const UPDATE_URL: &str = "/api/v1/mcaptcha/levels/update"; const DEL_URL: &str = "/api/v1/mcaptcha/levels/delete"; const GET_URL: &str = "/api/v1/mcaptcha/levels/get"; diff --git a/src/api/v1/mcaptcha/mcaptcha.rs b/src/api/v1/mcaptcha/mcaptcha.rs index 888849af..57d8aeaf 100644 --- a/src/api/v1/mcaptcha/mcaptcha.rs +++ b/src/api/v1/mcaptcha/mcaptcha.rs @@ -189,7 +189,6 @@ mod tests { const NAME: &str = "testusermcaptcha"; const PASSWORD: &str = "longpassworddomain"; const EMAIL: &str = "testusermcaptcha@a.com"; - const ADD_URL: &str = "/api/v1/mcaptcha/add"; const DEL_URL: &str = "/api/v1/mcaptcha/delete"; { diff --git a/src/api/v1/mod.rs b/src/api/v1/mod.rs index 3d818b1b..dd9bb1a3 100644 --- a/src/api/v1/mod.rs +++ b/src/api/v1/mod.rs @@ -33,6 +33,7 @@ pub fn services(cfg: &mut ServiceConfig) { cfg.service(auth::delete_account); cfg.service(auth::username_exists); cfg.service(auth::email_exists); + cfg.service(auth::get_secret); // mcaptcha cfg.service(mcaptcha::mcaptcha::add_mcaptcha); diff --git a/src/api/v1/tests/auth.rs b/src/api/v1/tests/auth.rs index acbff9b3..a2bc4f22 100644 --- a/src/api/v1/tests/auth.rs +++ b/src/api/v1/tests/auth.rs @@ -34,6 +34,7 @@ async fn auth_works() { const EMAIL: &str = "testuser1@a.com"; const SIGNIN: &str = "/api/v1/signin"; const SIGNUP: &str = "/api/v1/signup"; + const GET_SECRET: &str = "/api/v1/account/secret/"; let mut app = get_app!(data).await; @@ -43,6 +44,16 @@ async fn auth_works() { let (_, _, signin_resp) = register_and_signin(NAME, EMAIL, PASSWORD).await; let cookies = get_cookie!(signin_resp); + let resp = test::call_service( + &mut app, + test::TestRequest::get() + .cookie(cookies.clone()) + .uri(GET_SECRET) + .to_request(), + ) + .await; + assert_eq!(resp.status(), StatusCode::OK); + // 2. check if duplicate username is allowed let msg = Register { username: NAME.into(),