mirror of
https://gitlab.com/comunic/comunicapiv3
synced 2025-09-22 21:08:46 +00:00
Upgrade user tokens system
This commit is contained in:
@@ -13,7 +13,7 @@ use crate::data::security_settings::SecuritySettings;
|
||||
use crate::data::user::{AccountImageVisibility, User, UserID, UserPageStatus};
|
||||
use crate::data::user_token::UserAccessToken;
|
||||
use crate::helpers::{comments_helper, conversations_helper, custom_emojies_helper, database, events_helper, friends_helper, groups_helper, likes_helper, notifications_helper, posts_helper, survey_helper, user_helper};
|
||||
use crate::helpers::database::{DeleteQuery, InsertQuery, QueryInfo};
|
||||
use crate::helpers::database::{DeleteQuery, InsertQuery, QueryInfo, UpdateInfo};
|
||||
use crate::helpers::events_helper::Event;
|
||||
use crate::helpers::likes_helper::LikeType;
|
||||
use crate::utils::crypt_utils::{legacy_crypt_pass, rand_str};
|
||||
@@ -47,56 +47,45 @@ pub fn login_user(email: &str, password: &str, client: &APIClient) -> ResultBoxE
|
||||
return Err(ExecError::boxed_new("The user gave an invalid password!"));
|
||||
}
|
||||
|
||||
// Check if we already have a login token for this user
|
||||
if let Ok(token) = get_client_tokens(&user.id, client) {
|
||||
return Ok(token.token);
|
||||
}
|
||||
|
||||
|
||||
// Create new login tokens
|
||||
let new_token = UserAccessToken {
|
||||
id: 0,
|
||||
user_id: user.id.clone(),
|
||||
client_id: client.id,
|
||||
token: rand_str(150),
|
||||
last_refresh: time(),
|
||||
timeout: client.default_expiration_time,
|
||||
};
|
||||
|
||||
// Save it
|
||||
database::insert(
|
||||
InsertQuery::new(USER_ACCESS_TOKENS_TABLE)
|
||||
.add_user_id("user_id", &new_token.user_id)
|
||||
.add_u32("service_id", client.id)
|
||||
.add_str("token1", &new_token.token)
|
||||
.add_str("token2", "dummy_data")
|
||||
)?;
|
||||
InsertQuery::new(USER_ACCESS_TOKENS_TABLE)
|
||||
.add_u64("client_id", client.id)
|
||||
.add_user_id("user_id", &new_token.user_id)
|
||||
.add_str("token", &new_token.token)
|
||||
.add_u64("last_refresh", new_token.last_refresh)
|
||||
.add_u64("timeout", new_token.timeout)
|
||||
.insert_drop_result()?;
|
||||
|
||||
Ok(new_token.token)
|
||||
}
|
||||
|
||||
/// Get user login tokens
|
||||
fn get_client_tokens(user_id: &UserID, client: &APIClient) -> ResultBoxError<UserAccessToken> {
|
||||
database::query_row(
|
||||
QueryInfo::new(USER_ACCESS_TOKENS_TABLE)
|
||||
.cond_user_id("user_id", user_id)
|
||||
.cond_u32("service_id", client.id),
|
||||
|res| {
|
||||
Ok(UserAccessToken {
|
||||
user_id: res.get_user_id("user_id")?,
|
||||
client_id: res.get_int64("service_id")? as u32,
|
||||
token: res.get_str("token1")?,
|
||||
})
|
||||
},
|
||||
)
|
||||
}
|
||||
|
||||
/// Find a user ID based on login token
|
||||
pub fn get_user_by_login_token(token: &str, client: &APIClient) -> ResultBoxError<UserID> {
|
||||
database::query_row(
|
||||
QueryInfo::new(USER_ACCESS_TOKENS_TABLE)
|
||||
.cond_u32("service_id", client.id)
|
||||
.cond("token1", token)
|
||||
.add_field("user_id"),
|
||||
|res| res.get_user_id("user_id"),
|
||||
)
|
||||
pub fn find_user_by_login_token(token: &str, client: &APIClient) -> ResultBoxError<UserAccessToken> {
|
||||
QueryInfo::new(USER_ACCESS_TOKENS_TABLE)
|
||||
.cond_u64("client_id", client.id)
|
||||
.cond("token", token)
|
||||
.set_custom_where("last_refresh + timeout > ?")
|
||||
.add_custom_where_argument_u64(time())
|
||||
.query_row(|res| {
|
||||
Ok(UserAccessToken {
|
||||
id: res.get_u64("id")?,
|
||||
client_id: res.get_u64("client_id")?,
|
||||
user_id: res.get_user_id("user_id")?,
|
||||
token: res.get_str("token")?,
|
||||
last_refresh: res.get_u64("last_refresh")?,
|
||||
timeout: res.get_u64("timeout")?,
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
/// Check out whether an email address exists or not
|
||||
@@ -107,15 +96,22 @@ pub fn exists_mail(mail: &str) -> ResultBoxError<bool> {
|
||||
.map(|r| r > 0)
|
||||
}
|
||||
|
||||
/// Refresh a user access token
|
||||
pub fn refresh_access_token(token: &UserAccessToken) -> Res {
|
||||
UpdateInfo::new(USER_ACCESS_TOKENS_TABLE)
|
||||
.cond_u64("id", token.id)
|
||||
.set_u64("last_refresh", time())
|
||||
.exec()
|
||||
}
|
||||
|
||||
/// Destroy a given user login tokens
|
||||
pub fn destroy_login_tokens(id: &UserID, client: &APIClient) -> ResultBoxError<()> {
|
||||
database::delete(DeleteQuery::new(USER_ACCESS_TOKENS_TABLE)
|
||||
.cond_u32("service_id", client.id)
|
||||
.cond_user_id("user_id", id)
|
||||
)?;
|
||||
pub fn destroy_login_tokens(access_tokens: &UserAccessToken) -> Res {
|
||||
DeleteQuery::new(USER_ACCESS_TOKENS_TABLE)
|
||||
.cond_u64("id", access_tokens.id)
|
||||
.exec()?;
|
||||
|
||||
// Send an event (destroyed_login_tokens)
|
||||
events_helper::propagate_event(&Event::DestroyedLoginToken(id.clone(), client))?;
|
||||
events_helper::propagate_event(&Event::DestroyedLoginToken(access_tokens))?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
@@ -1,27 +1,23 @@
|
||||
use crate::constants::database_tables_names::CLIENTS_TABLE;
|
||||
use crate::data::api_client::APIClient;
|
||||
use crate::helpers::database;
|
||||
use crate::helpers::database::QueryInfo;
|
||||
use crate::constants::database_tables_names::SERVICES_TABLES;
|
||||
use crate::data::error::ResultBoxError;
|
||||
use crate::helpers::database::QueryInfo;
|
||||
|
||||
/// API helper
|
||||
///
|
||||
/// @author Pierre Hubert
|
||||
|
||||
/// Get information about a client
|
||||
pub fn get_client(name: &str, token: &str) -> ResultBoxError<APIClient> {
|
||||
database::query_row(
|
||||
QueryInfo::new(SERVICES_TABLES)
|
||||
.cond("service_name", name)
|
||||
.cond("token", token),
|
||||
|
||||
|res| {
|
||||
Ok(APIClient {
|
||||
id: res.get_int64("id")? as u32,
|
||||
name: res.get_str("service_name")?,
|
||||
token: res.get_str("token")?,
|
||||
domain: res.get_optional_str("client_domain")?,
|
||||
})
|
||||
}
|
||||
)
|
||||
pub fn get_client(name: &str) -> ResultBoxError<APIClient> {
|
||||
QueryInfo::new(CLIENTS_TABLE)
|
||||
.cond("name", name)
|
||||
.query_row(|res| {
|
||||
Ok(APIClient {
|
||||
id: res.get_u64("id")?,
|
||||
name: res.get_str("name")?,
|
||||
domain: res.get_optional_str("domain")?,
|
||||
comment: res.get_optional_str("comment")?,
|
||||
default_expiration_time: res.get_u64("default_expiration_time")?,
|
||||
})
|
||||
})
|
||||
}
|
||||
@@ -5,13 +5,13 @@
|
||||
|
||||
|
||||
use crate::controllers::{calls_controller, comments_controller, conversations_controller, notifications_controller, rtc_relay_controller, user_ws_controller};
|
||||
use crate::data::api_client::APIClient;
|
||||
use crate::data::call_signal::{CloseCallStream, NewRtcRelayMessage, NewUserCallSignal, UserCallOfferRequest};
|
||||
use crate::data::comment::Comment;
|
||||
use crate::data::conversation::ConvID;
|
||||
use crate::data::conversation_message::ConversationMessage;
|
||||
use crate::data::error::Res;
|
||||
use crate::data::user::UserID;
|
||||
use crate::data::user_token::UserAccessToken;
|
||||
use crate::data::user_ws_connection::UserWsConnection;
|
||||
|
||||
pub enum Event<'a> {
|
||||
@@ -21,7 +21,7 @@ pub enum Event<'a> {
|
||||
UserWsClosed(&'a UserWsConnection),
|
||||
|
||||
/// Destroyed a login token
|
||||
DestroyedLoginToken(UserID, &'a APIClient),
|
||||
DestroyedLoginToken(&'a UserAccessToken),
|
||||
|
||||
/// Updated the number of notifications of one of multiple users user
|
||||
UpdatedNotificationsNumber(&'a Vec<UserID>),
|
||||
|
||||
Reference in New Issue
Block a user