From c187b078b02a1b6c66cf1f0f376f509596a77894 Mon Sep 17 00:00:00 2001 From: veypi Date: Fri, 13 Oct 2023 19:51:38 +0800 Subject: [PATCH] oab key fix --- oab/src/api/token.rs | 8 ++++++-- oab/src/api/user.rs | 2 +- oab/src/cfg.rs | 8 +++++++- oab/src/libs/auth.rs | 23 +++++++++++++---------- oab/src/libs/fs.rs | 2 +- oab/src/main.rs | 4 +++- oab/src/models/user_plugin.rs | 16 ++++++++++++---- 7 files changed, 43 insertions(+), 20 deletions(-) diff --git a/oab/src/api/token.rs b/oab/src/api/token.rs index d3c451b..8a6c167 100644 --- a/oab/src/api/token.rs +++ b/oab/src/api/token.rs @@ -37,14 +37,18 @@ pub async fn get( "select access.name, access.rid, access.level from access, user_role, role WHERE user_role.user_id = ? && access.role_id=user_role.role_id && role.id=user_role.role_id && role.app_id = ?", ) .bind(&t.id) - .bind(n) + .bind(&n) .fetch_all(stat.sqlx()) .await?; + let appobj = models::app::Entity::find_by_id(&n) + .one(stat.db()) + .await? + .unwrap(); let u = models::user::Entity::find_by_id(&t.id) .one(stat.db()) .await? .unwrap(); - let str = u.token(result).to_string()?; + let str = u.token(result).to_string(&appobj.key)?; // tokio::spawn(async move { // let mut interval = tokio::time::interval(Duration::from_secs(5)); // interval.tick().await; diff --git a/oab/src/api/user.rs b/oab/src/api/user.rs index 3eb61ba..19811a8 100644 --- a/oab/src/api/user.rs +++ b/oab/src/api/user.rs @@ -143,7 +143,7 @@ pub async fn login( .fetch_all(stat.sqlx()) .await?; Ok(HttpResponse::build(http::StatusCode::OK) - .insert_header(("auth_token", u.token(result).to_string()?)) + .insert_header(("auth_token", u.token(result).to_string(&stat.key)?)) .body("".to_string())) } else { Ok(HttpResponse::build(http::StatusCode::FORBIDDEN) diff --git a/oab/src/cfg.rs b/oab/src/cfg.rs index 79f6349..3f45a90 100644 --- a/oab/src/cfg.rs +++ b/oab/src/cfg.rs @@ -26,6 +26,7 @@ lazy_static! { pub static ref CLI: AppCli = AppCli::new(); } +pub static mut KEY: String = String::new(); // lazy_static! { // pub static ref CONFIG: ApplicationConfig = ApplicationConfig::new(); // } @@ -135,6 +136,9 @@ impl AppState { Ok(f) => f, Err(ref e) if e.kind() == io::ErrorKind::NotFound => { // res.connect_sqlx().unwrap(); + unsafe { + KEY = res.key.clone(); + } return res; } Err(e) => panic!("{}", e), @@ -150,7 +154,9 @@ impl AppState { } else { println!("release_mode is enable!") } - info!("asd"); + unsafe { + KEY = res.key.clone(); + } res } pub fn defaut() -> Self { diff --git a/oab/src/libs/auth.rs b/oab/src/libs/auth.rs index fca0fab..b26ad4a 100644 --- a/oab/src/libs/auth.rs +++ b/oab/src/libs/auth.rs @@ -21,7 +21,9 @@ use tracing::warn; use crate::models; // custom request auth middleware -pub struct Auth; +pub struct Auth { + pub key: String, +} impl Transform for Auth where @@ -37,6 +39,7 @@ where fn new_transform(&self, service: S) -> Self::Future { ok(AuthMiddleware { + key: self.key.clone(), service: Rc::new(RefCell::new(service)), }) } @@ -44,6 +47,7 @@ where pub struct AuthMiddleware { service: Rc>, + key: String, } impl Service for AuthMiddleware @@ -62,18 +66,17 @@ where fn call(&self, req: ServiceRequest) -> Self::Future { let svc = self.service.clone(); + let key = self.key.clone(); Box::pin(async move { match req.headers().get("auth_token") { - Some(h) => { - match models::Token::from(h.to_str().unwrap_or("")){ - Ok(t) => { - req.extensions_mut().insert(t.id.clone()); - req.extensions_mut().insert(t); - } - Err(e) => warn!("{}", e), - } - } + Some(h) => match models::Token::from(h.to_str().unwrap_or(""), &key) { + Ok(t) => { + req.extensions_mut().insert(t.id.clone()); + req.extensions_mut().insert(t); + } + Err(e) => warn!("{}", e), + }, None => {} } // let value = HeaderValue::from_str("").unwrap(); diff --git a/oab/src/libs/fs.rs b/oab/src/libs/fs.rs index a99d25b..b1cb410 100644 --- a/oab/src/libs/fs.rs +++ b/oab/src/libs/fs.rs @@ -131,7 +131,7 @@ async fn handle_file(req: &DavRequest, stat: web::Data) -> Result "", }; match auth_token { - Some(t) => match models::Token::from(t.to_str().unwrap_or("")) { + Some(t) => match models::Token::from(t.to_str().unwrap_or(""), &stat.key) { Ok(t) => { if t.is_valid() { if app_id != "" { diff --git a/oab/src/main.rs b/oab/src/main.rs index 02dbd6c..47cc647 100644 --- a/oab/src/main.rs +++ b/oab/src/main.rs @@ -74,7 +74,9 @@ async fn web(data: AppState) -> Result<()> { ErrorHandlers::new() .handler(StatusCode::INTERNAL_SERVER_ERROR, add_error_header), ) - .wrap(libs::auth::Auth) + .wrap(libs::auth::Auth { + key: data.key.clone(), + }) .app_data(json_config) .configure(api::routes), ) diff --git a/oab/src/models/user_plugin.rs b/oab/src/models/user_plugin.rs index 49f9b20..c7673ce 100644 --- a/oab/src/models/user_plugin.rs +++ b/oab/src/models/user_plugin.rs @@ -178,10 +178,10 @@ pub struct Token { } impl Token { - pub fn from(t: &str) -> Result { + pub fn from(t: &str, key: &str) -> Result { let token = decode::( t, - &DecodingKey::from_secret("secret".as_ref()), + &DecodingKey::from_secret(key.as_ref()), &Validation::default(), )?; if token.claims.is_valid() { @@ -197,14 +197,22 @@ impl Token { false } } - pub fn to_string(&self) -> Result { + pub fn to_string(&self, key: &str) -> Result { let token = encode( &Header::default(), self, - &EncodingKey::from_secret("secret".as_ref()), + &EncodingKey::from_secret(key.as_ref()), )?; Ok(token) } + // pub fn to_string(&self) -> Result { + // let token = encode( + // &Header::default(), + // self, + // &EncodingKey::from_secret(self._key.as_ref()), + // )?; + // Ok(token) + // } fn check(&self, domain: &str, did: &str, l: AccessLevel) -> bool { match &self.access {