diff --git a/geneit_backend/src/controllers/auth_controller.rs b/geneit_backend/src/controllers/auth_controller.rs index a95cd39..bccd011 100644 --- a/geneit_backend/src/controllers/auth_controller.rs +++ b/geneit_backend/src/controllers/auth_controller.rs @@ -50,3 +50,44 @@ pub async fn create_account(remote_ip: RemoteIP, req: web::Json, +) -> HttpResult { + // Rate limiting + if rate_limiter_service::should_block_action( + remote_ip.0, + RatedAction::CheckResetPasswordTokenFailed, + ) + .await? + { + return Ok(HttpResponse::TooManyRequests().finish()); + } + + let user = match users_service::get_by_pwd_reset_token(&req.token).await { + Ok(t) => t, + Err(e) => { + rate_limiter_service::record_action( + remote_ip.0, + RatedAction::CheckResetPasswordTokenFailed, + ) + .await?; + log::error!("Password reset token could not be used: {}", e); + return Ok(HttpResponse::NotFound().finish()); + } + }; + + Ok(HttpResponse::Ok().json(CheckResetPasswordTokenResponse { name: user.name })) +} diff --git a/geneit_backend/src/main.rs b/geneit_backend/src/main.rs index a408992..7961389 100644 --- a/geneit_backend/src/main.rs +++ b/geneit_backend/src/main.rs @@ -27,6 +27,10 @@ async fn main() -> std::io::Result<()> { "/auth/create_account", web::post().to(auth_controller::create_account), ) + .route( + "/auth/check_reset_password_token", + web::post().to(auth_controller::check_reset_password_token), + ) }) .bind(AppConfig::get().listen_address.as_str())? .run() diff --git a/geneit_backend/src/services/rate_limiter_service.rs b/geneit_backend/src/services/rate_limiter_service.rs index 5447bce..b4a3254 100644 --- a/geneit_backend/src/services/rate_limiter_service.rs +++ b/geneit_backend/src/services/rate_limiter_service.rs @@ -6,24 +6,28 @@ use std::time::Duration; #[derive(Debug, Copy, Clone)] pub enum RatedAction { CreateAccount, + CheckResetPasswordTokenFailed, } impl RatedAction { fn id(&self) -> &'static str { match self { RatedAction::CreateAccount => "create-account", + RatedAction::CheckResetPasswordTokenFailed => "check-reset-password-token", } } fn limit(&self) -> usize { match self { RatedAction::CreateAccount => 5, + RatedAction::CheckResetPasswordTokenFailed => 100, } } fn keep_seconds(&self) -> u64 { match self { RatedAction::CreateAccount => 3600, + RatedAction::CheckResetPasswordTokenFailed => 3600, } } diff --git a/geneit_backend/src/services/users_service.rs b/geneit_backend/src/services/users_service.rs index 5a49c80..caef213 100644 --- a/geneit_backend/src/services/users_service.rs +++ b/geneit_backend/src/services/users_service.rs @@ -10,11 +10,25 @@ use crate::utils::string_utils::rand_str; use crate::utils::time_utils::time; use diesel::prelude::*; -/// Get the information of the user +/// Get the information of the user, by its id pub async fn get_by_id(id: UserID) -> anyhow::Result { db_connection::execute(|conn| Ok(users::table.filter(users::dsl::id.eq(id.0)).first(conn)?)) } +/// Get the information of the user, by its password reset token +pub async fn get_by_pwd_reset_token(token: &str) -> anyhow::Result { + db_connection::execute(|conn| { + Ok(users::table + .filter( + users::dsl::reset_password_token.eq(token.to_string()).and( + users::dsl::time_gen_reset_token + .ge(time() as i64 - PASSWORD_RESET_TOKEN_DURATION.as_secs() as i64), + ), + ) + .first(conn)?) + }) +} + /// Create a new account pub async fn create_account(name: &str, email: &str) -> anyhow::Result { db_connection::execute(|conn| {