migrated auth, account and meta to use const routes

src/api/v1/account/delete.rs

@@ -0,0 +1,60 @@
+/*
+* Copyright (C) 2021  Aravinth Manivannan <realaravinth@batsense.net>
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License as
+* published by the Free Software Foundation, either version 3 of the
+* License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+use actix_identity::Identity;
+use actix_web::{web, HttpResponse, Responder};
+
+use super::auth::Password;
+use crate::errors::*;
+use crate::Data;
+
+//#[post("/api/v1/account/delete", wrap = "CheckLogin")]
+pub async fn delete_account(
+    id: Identity,
+    payload: web::Json<Password>,
+    data: web::Data<Data>,
+) -> ServiceResult<impl Responder> {
+    use argon2_creds::Config;
+    use sqlx::Error::RowNotFound;
+
+    let username = id.identity().unwrap();
+
+    let rec = sqlx::query_as!(
+        Password,
+        r#"SELECT password  FROM mcaptcha_users WHERE name = ($1)"#,
+        &username,
+    )
+    .fetch_one(&data.db)
+    .await;
+
+    id.forget();
+
+    match rec {
+        Ok(s) => {
+            if Config::verify(&s.password, &payload.password)? {
+                sqlx::query!("DELETE FROM mcaptcha_users WHERE name = ($1)", &username)
+                    .execute(&data.db)
+                    .await?;
+                Ok(HttpResponse::Ok())
+            } else {
+                Err(ServiceError::WrongPassword)
+            }
+        }
+        Err(RowNotFound) => return Err(ServiceError::UsernameNotFound),
+        Err(_) => return Err(ServiceError::InternalServerError)?,
+    }
+}

src/api/v1/account/email.rs

@@ -0,0 +1,87 @@
+/*
+* Copyright (C) 2021  Aravinth Manivannan <realaravinth@batsense.net>
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License as
+* published by the Free Software Foundation, either version 3 of the
+* License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+use std::borrow::Cow;
+
+use actix_identity::Identity;
+use actix_web::{web, HttpResponse, Responder};
+use serde::{Deserialize, Serialize};
+
+use super::{AccountCheckPayload, AccountCheckResp};
+use crate::errors::*;
+use crate::Data;
+
+#[derive(Clone, Debug, Deserialize, Serialize)]
+pub struct Email {
+    pub email: String,
+}
+
+//#[post("/api/v1/account/email/exists")]
+pub async fn email_exists(
+    payload: web::Json<AccountCheckPayload>,
+    data: web::Data<Data>,
+) -> ServiceResult<impl Responder> {
+    let res = sqlx::query!(
+        "SELECT EXISTS (SELECT 1 from mcaptcha_users WHERE email = $1)",
+        &payload.val,
+    )
+    .fetch_one(&data.db)
+    .await?;
+
+    let mut resp = AccountCheckResp { exists: false };
+
+    if let Some(x) = res.exists {
+        if x {
+            resp.exists = true;
+        }
+    }
+
+    Ok(HttpResponse::Ok().json(resp))
+}
+
+/// update email
+//#[post("/api/v1/account/email/", wrap = "CheckLogin")]
+//#[post("/api/v1/", wrap = "CheckLogin")]
+pub async fn set_email(
+    id: Identity,
+    payload: web::Json<Email>,
+    data: web::Data<Data>,
+) -> ServiceResult<impl Responder> {
+    let username = id.identity().unwrap();
+
+    data.creds.email(&payload.email)?;
+
+    let res = sqlx::query!(
+        "UPDATE mcaptcha_users set email = $1
+        WHERE name = $2",
+        &payload.email,
+        &username,
+    )
+    .execute(&data.db)
+    .await;
+    if !res.is_ok() {
+        if let Err(sqlx::Error::Database(err)) = res {
+            if err.code() == Some(Cow::from("23505"))
+                && err.message().contains("mcaptcha_users_email_key")
+            {
+                Err(ServiceError::EmailTaken)?
+            } else {
+                Err(sqlx::Error::Database(err))?
+            }
+        };
+    }
+    Ok(HttpResponse::Ok())
+}

src/api/v1/account/mod.rs

@@ -0,0 +1,116 @@
+/*
+* Copyright (C) 2021  Aravinth Manivannan <realaravinth@batsense.net>
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License as
+* published by the Free Software Foundation, either version 3 of the
+* License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+use serde::{Deserialize, Serialize};
+
+pub mod delete;
+pub mod email;
+pub mod secret;
+#[cfg(test)]
+pub mod test;
+pub mod username;
+
+pub use super::auth;
+pub use super::mcaptcha;
+
+pub mod routes {
+
+    pub struct Account {
+        pub delete: &'static str,
+        pub email_exists: &'static str,
+        pub update_email: &'static str,
+        pub get_secret: &'static str,
+        pub update_secret: &'static str,
+        pub username_exists: &'static str,
+    }
+
+    impl Account {
+        pub const fn new() -> Account {
+            let get_secret = "/api/v1/account/secret/get";
+            let update_secret = "/api/v1/account/secret/update";
+            let delete = "/api/v1/account/delete";
+            let email_exists = "/api/v1/account/email/exists";
+            let username_exists = "/api/v1/account/username/exists";
+            let update_email = "/api/v1/account/email/update";
+            Account {
+                get_secret,
+                update_secret,
+                username_exists,
+                update_email,
+                delete,
+                email_exists,
+            }
+        }
+    }
+}
+
+#[derive(Clone, Debug, Deserialize, Serialize)]
+pub struct AccountCheckPayload {
+    pub val: String,
+}
+
+#[derive(Clone, Debug, Deserialize, Serialize)]
+pub struct AccountCheckResp {
+    pub exists: bool,
+}
+
+pub fn service(cfg: &mut actix_web::web::ServiceConfig) {
+    use crate::define_resource;
+    use crate::V1_API_ROUTES;
+
+    define_resource!(
+        cfg,
+        V1_API_ROUTES.account.delete,
+        Methods::ProtectPost,
+        delete::delete_account
+    );
+
+    define_resource!(
+        cfg,
+        V1_API_ROUTES.account.username_exists,
+        Methods::Post,
+        username::username_exists
+    );
+
+    define_resource!(
+        cfg,
+        V1_API_ROUTES.account.email_exists,
+        Methods::Post,
+        email::email_exists
+    );
+
+    define_resource!(
+        cfg,
+        V1_API_ROUTES.account.update_email,
+        Methods::Post,
+        email::set_email
+    );
+
+    define_resource!(
+        cfg,
+        V1_API_ROUTES.account.get_secret,
+        Methods::ProtectGet,
+        secret::get_secret
+    );
+
+    define_resource!(
+        cfg,
+        V1_API_ROUTES.account.update_secret,
+        Methods::ProtectPost,
+        secret::update_user_secret
+    );
+}

src/api/v1/account/secret.rs

@@ -0,0 +1,81 @@
+/*
+* Copyright (C) 2021  Aravinth Manivannan <realaravinth@batsense.net>
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License as
+* published by the Free Software Foundation, either version 3 of the
+* License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+use std::borrow::Cow;
+
+use actix_identity::Identity;
+use actix_web::{web, HttpResponse, Responder};
+use serde::{Deserialize, Serialize};
+
+use crate::api::v1::mcaptcha::get_random;
+use crate::errors::*;
+use crate::Data;
+
+#[derive(Clone, Debug, Deserialize, Serialize)]
+pub struct Secret {
+    pub secret: String,
+}
+
+//#[get("/api/v1/account/secret/", wrap = "CheckLogin")]
+pub async fn get_secret(id: Identity, data: web::Data<Data>) -> ServiceResult<impl Responder> {
+    let username = id.identity().unwrap();
+
+    let secret = sqlx::query_as!(
+        Secret,
+        r#"SELECT secret  FROM mcaptcha_users WHERE name = ($1)"#,
+        &username,
+    )
+    .fetch_one(&data.db)
+    .await?;
+
+    Ok(HttpResponse::Ok().json(secret))
+}
+
+//#[post("/api/v1/account/secret/", wrap = "CheckLogin")]
+pub async fn update_user_secret(
+    id: Identity,
+    data: web::Data<Data>,
+) -> ServiceResult<impl Responder> {
+    let username = id.identity().unwrap();
+
+    let mut secret;
+
+    loop {
+        secret = get_random(32);
+        let res = sqlx::query!(
+            "UPDATE mcaptcha_users set secret = $1
+        WHERE name = $2",
+            &secret,
+            &username,
+        )
+        .execute(&data.db)
+        .await;
+        if res.is_ok() {
+            break;
+        } else {
+            if let Err(sqlx::Error::Database(err)) = res {
+                if err.code() == Some(Cow::from("23505"))
+                    && err.message().contains("mcaptcha_users_secret_key")
+                {
+                    continue;
+                } else {
+                    Err(sqlx::Error::Database(err))?;
+                }
+            };
+        }
+    }
+    Ok(HttpResponse::Ok())
+}

src/api/v1/account/test.rs

@@ -0,0 +1,149 @@
+/*
+* Copyright (C) 2021  Aravinth Manivannan <realaravinth@batsense.net>
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License as
+* published by the Free Software Foundation, either version 3 of the
+* License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+use actix_web::http::{header, StatusCode};
+use actix_web::test;
+
+use super::email::*;
+use super::*;
+use crate::api::v1::auth::*;
+use crate::api::v1::ROUTES;
+use crate::data::Data;
+use crate::*;
+
+use crate::tests::*;
+
+#[actix_rt::test]
+async fn uname_email_exists_works() {
+    const NAME: &str = "testuserexists";
+    const PASSWORD: &str = "longpassword2";
+    const EMAIL: &str = "testuserexists@a.com2";
+
+    {
+        let data = Data::new().await;
+        delete_user(NAME, &data).await;
+    }
+
+    let (data, _, signin_resp) = register_and_signin(NAME, EMAIL, PASSWORD).await;
+    let cookies = get_cookie!(signin_resp);
+    let mut app = get_app!(data).await;
+
+    // chech if get user secret works
+    let resp = test::call_service(
+        &mut app,
+        test::TestRequest::get()
+            .cookie(cookies.clone())
+            .uri(ROUTES.account.get_secret)
+            .to_request(),
+    )
+    .await;
+    assert_eq!(resp.status(), StatusCode::OK);
+
+    let mut payload = AccountCheckPayload { val: NAME.into() };
+
+    let user_exists_resp = test::call_service(
+        &mut app,
+        post_request!(&payload, ROUTES.account.username_exists)
+            .cookie(cookies.clone())
+            .to_request(),
+    )
+    .await;
+    assert_eq!(user_exists_resp.status(), StatusCode::OK);
+    let mut resp: AccountCheckResp = test::read_body_json(user_exists_resp).await;
+    assert!(resp.exists);
+
+    payload.val = PASSWORD.into();
+
+    let user_doesnt_exist = test::call_service(
+        &mut app,
+        post_request!(&payload, ROUTES.account.username_exists)
+            .cookie(cookies.clone())
+            .to_request(),
+    )
+    .await;
+    assert_eq!(user_doesnt_exist.status(), StatusCode::OK);
+    resp = test::read_body_json(user_doesnt_exist).await;
+    assert!(!resp.exists);
+
+    let email_doesnt_exist = test::call_service(
+        &mut app,
+        post_request!(&payload, ROUTES.account.email_exists)
+            .cookie(cookies.clone())
+            .to_request(),
+    )
+    .await;
+    assert_eq!(email_doesnt_exist.status(), StatusCode::OK);
+    resp = test::read_body_json(email_doesnt_exist).await;
+    assert!(!resp.exists);
+
+    payload.val = EMAIL.into();
+
+    let email_exist = test::call_service(
+        &mut app,
+        post_request!(&payload, ROUTES.account.email_exists)
+            .cookie(cookies.clone())
+            .to_request(),
+    )
+    .await;
+    assert_eq!(email_exist.status(), StatusCode::OK);
+    resp = test::read_body_json(email_exist).await;
+    assert!(resp.exists);
+}
+
+#[actix_rt::test]
+async fn email_udpate_password_validation_del_userworks() {
+    const NAME: &str = "testuser2";
+    const PASSWORD: &str = "longpassword2";
+    const EMAIL: &str = "testuser1@a.com2";
+
+    {
+        let data = Data::new().await;
+        delete_user(NAME, &data).await;
+    }
+
+    let (data, creds, signin_resp) = register_and_signin(NAME, EMAIL, PASSWORD).await;
+    let cookies = get_cookie!(signin_resp);
+    let mut app = get_app!(data).await;
+
+    let email_payload = Email {
+        email: EMAIL.into(),
+    };
+    let email_update_resp = test::call_service(
+        &mut app,
+        post_request!(&email_payload, ROUTES.account.update_email)
+            //post_request!(&email_payload, EMAIL_UPDATE)
+            .cookie(cookies.clone())
+            .to_request(),
+    )
+    .await;
+
+    assert_eq!(email_update_resp.status(), StatusCode::OK);
+
+    let payload = Password {
+        password: creds.password,
+    };
+
+    let delete_user_resp = test::call_service(
+        &mut app,
+        post_request!(&payload, ROUTES.account.delete)
+            .cookie(cookies)
+            .to_request(),
+    )
+    .await;
+
+    assert_eq!(delete_user_resp.status(), StatusCode::OK);
+}

src/api/v1/account/username.rs

@@ -0,0 +1,44 @@
+/*
+* Copyright (C) 2021  Aravinth Manivannan <realaravinth@batsense.net>
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License as
+* published by the Free Software Foundation, either version 3 of the
+* License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+use actix_web::{web, HttpResponse, Responder};
+
+use super::{AccountCheckPayload, AccountCheckResp};
+use crate::errors::*;
+use crate::Data;
+
+//#[post("/api/v1/account/username/exists")]
+pub async fn username_exists(
+    payload: web::Json<AccountCheckPayload>,
+    data: web::Data<Data>,
+) -> ServiceResult<impl Responder> {
+    let res = sqlx::query!(
+        "SELECT EXISTS (SELECT 1 from mcaptcha_users WHERE name = $1)",
+        &payload.val,
+    )
+    .fetch_one(&data.db)
+    .await?;
+
+    let mut resp = AccountCheckResp { exists: false };
+
+    if let Some(x) = res.exists {
+        if x {
+            resp.exists = true;
+        }
+    }
+
+    Ok(HttpResponse::Ok().json(resp))
+}