get user secret

src/api/v1/auth.rs

@@ -17,7 +17,7 @@
 use std::borrow::Cow;
 
 use actix_identity::Identity;
-use actix_web::{post, web, HttpResponse, Responder};
+use actix_web::{get, post, web, HttpResponse, Responder};
 use log::debug;
 use serde::{Deserialize, Serialize};
 
@@ -56,7 +56,16 @@ pub async fn signup(
 
     loop {
         secret = get_random(32);
-        let res = add_user_helper(&username, &hash, &payload.email, &secret, &data).await;
+        let res = sqlx::query!(
+            "INSERT INTO mcaptcha_users 
+        (name , password, email, secret) VALUES ($1, $2, $3, $4)",
+            &username,
+            &hash,
+            &payload.email,
+            &secret,
+        )
+        .execute(&data.db)
+        .await;
         if res.is_ok() {
             break;
         } else {
@@ -79,27 +88,6 @@ pub async fn signup(
     Ok(HttpResponse::Ok())
 }
 
-pub async fn add_user_helper(
-    username: &str,
-    hash: &str,
-    email: &str,
-    secret: &str,
-    data: &Data,
-) -> Result<(), sqlx::Error> {
-    sqlx::query!(
-        "INSERT INTO mcaptcha_users 
-        (name , password, email, secret) VALUES ($1, $2, $3, $4)",
-        username,
-        hash,
-        email,
-        //get_random(32),
-        secret,
-    )
-    .execute(&data.db)
-    .await?;
-    Ok(())
-}
-
 #[post("/api/v1/signin")]
 pub async fn signin(
     id: Identity,
@@ -132,6 +120,28 @@ pub async fn signin(
     }
 }
 
+#[derive(Clone, Debug, Deserialize, Serialize)]
+pub struct Secret {
+    pub secret: String,
+}
+
+#[get("/api/v1/account/secret/")]
+pub async fn get_secret(id: Identity, data: web::Data<Data>) -> ServiceResult<impl Responder> {
+    is_authenticated(&id)?;
+
+    let username = id.identity().unwrap();
+
+    let secret = sqlx::query_as!(
+        Secret,
+        r#"SELECT secret  FROM mcaptcha_users WHERE name = ($1)"#,
+        &username,
+    )
+    .fetch_one(&data.db)
+    .await?;
+
+    Ok(HttpResponse::Ok().json(secret))
+}
+
 #[post("/api/v1/signout")]
 pub async fn signout(id: Identity) -> impl Responder {
     if let Some(_) = id.identity() {

src/api/v1/mcaptcha/levels.rs

@@ -219,7 +219,6 @@ mod tests {
         const NAME: &str = "testuserlevelroutes";
         const PASSWORD: &str = "longpassworddomain";
         const EMAIL: &str = "testuserlevelrouts@a.com";
-        const ADD_URL: &str = "/api/v1/mcaptcha/levels/add";
         const UPDATE_URL: &str = "/api/v1/mcaptcha/levels/update";
         const DEL_URL: &str = "/api/v1/mcaptcha/levels/delete";
         const GET_URL: &str = "/api/v1/mcaptcha/levels/get";

src/api/v1/mcaptcha/mcaptcha.rs

@@ -189,7 +189,6 @@ mod tests {
         const NAME: &str = "testusermcaptcha";
         const PASSWORD: &str = "longpassworddomain";
         const EMAIL: &str = "testusermcaptcha@a.com";
-        const ADD_URL: &str = "/api/v1/mcaptcha/add";
         const DEL_URL: &str = "/api/v1/mcaptcha/delete";
 
         {

src/api/v1/mod.rs

@@ -33,6 +33,7 @@ pub fn services(cfg: &mut ServiceConfig) {
     cfg.service(auth::delete_account);
     cfg.service(auth::username_exists);
     cfg.service(auth::email_exists);
+    cfg.service(auth::get_secret);
 
     // mcaptcha
     cfg.service(mcaptcha::mcaptcha::add_mcaptcha);

src/api/v1/tests/auth.rs

@@ -34,6 +34,7 @@ async fn auth_works() {
     const EMAIL: &str = "testuser1@a.com";
     const SIGNIN: &str = "/api/v1/signin";
     const SIGNUP: &str = "/api/v1/signup";
+    const GET_SECRET: &str = "/api/v1/account/secret/";
 
     let mut app = get_app!(data).await;
 
@@ -43,6 +44,16 @@ async fn auth_works() {
     let (_, _, signin_resp) = register_and_signin(NAME, EMAIL, PASSWORD).await;
     let cookies = get_cookie!(signin_resp);
 
+    let resp = test::call_service(
+        &mut app,
+        test::TestRequest::get()
+            .cookie(cookies.clone())
+            .uri(GET_SECRET)
+            .to_request(),
+    )
+    .await;
+    assert_eq!(resp.status(), StatusCode::OK);
+
     // 2. check if duplicate username is allowed
     let msg = Register {
         username: NAME.into(),