reidlab/gdps-server
reidlab/gdps-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

AUTH REWORK!!!! + add wip level

Browse source
This commit is contained in:
Reid 2023-09-04 03:16:11 -07:00
parent 542d23d7c7
commit ef0e48e673
Signed by: reidlab
GPG key ID: 6C9EAA3364F962C8
8 changed files with 144 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Cargo.lock generated
View file

@ -68,6 +68,12 @@ version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
[[package]]
name = "base64"
version = "0.21.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "414dcefbc63d77c526a76b3afcf6fbb9b5e2791c19c3aa2297733208750c6e53"
[[package]]
name = "base64ct"
version = "1.6.0"
@ -406,6 +412,7 @@ dependencies = [
name = "gdps-server"
version = "0.0.0"
dependencies = [
"base64",
"diesel",
"dotenvy",
"maplit",

1
Cargo.toml
View file

@ -4,6 +4,7 @@ version = "0.0.0"
edition = "2021"
[dependencies]
base64 = "0.21.3"
diesel = { version = "=2.1.0", features = ["postgres"] }
dotenvy = "0.15.7"
maplit = "1.0.2"

6
readme.md
View file

@ -34,7 +34,7 @@ _these features are implemented_
## todo
- when gjp2 is finally dropped we should 100% swap so it works in two point two
- green name users (fuck green names!!)
- move authorization logic to (./src/helpers/accounts.rs)[./src/helpers/accounts.rs]
- clean auth function (wtf is that!)
- add udid auth to auth function
- add level parsing
- maybe swap to timestamp type instead of `(TO_CHAR(CURRENT_TIMESTAMP, 'YYYY-MM-DD HH24:MI:SS.MS'))` (thats REALLY ugly!!)

35
src/endpoints/accounts/login_account.rs
View file

@ -1,4 +1,3 @@
use password_auth::verify_password;
use rocket::form::Form;
use rocket::http::Status;
use rocket::response::status;
@ -11,7 +10,10 @@ use crate::db;
#[derive(FromForm)]
pub struct FromLoginAccount {
userName: String,
password: String
password: Option<String>,
gjp: Option<String>,
gjp2: Option<String>,
}
#[post("/accounts/loginGJAccount.php", data = "<input>")]
@ -22,8 +24,14 @@ pub fn login_account(input: Form<FromLoginAccount>) -> status::Custom<&'static s
return status::Custom(Status::Ok, "-4")
}
if input.password.len() < 6 {
return status::Custom(Status::Ok, "-8")
// gjp2 checks dont matter, its hashed, gjp checks would break bc its base64, and why does this check exist if its just for logging in robtop this is useless it doesnt provide security we already did the security on the register account u fucking faggot im really bored of working on this but im also excited to see if it works deepwoken solos mid dash
match input.password.clone() {
Some(password_val) => {
if password_val.len() < 6 {
return status::Custom(Status::Ok, "-8")
}
},
None => {}
}
if input.userName.len() < 3 {
@ -35,23 +43,18 @@ pub fn login_account(input: Form<FromLoginAccount>) -> status::Custom<&'static s
use crate::schema::accounts::dsl::*;
let query_result = accounts
.select((id, password))
.select(id)
.filter(username.eq(input.userName.clone()))
.get_result::<(i32, String)>(connection);
.get_result::<i32>(connection);
match query_result {
Ok((
account_id_val,
password_val
)) => {
let user_id = helpers::accounts::get_user_id_from_account_id(account_id_val);
Ok(account_id_val) => {
let user_id_val = helpers::accounts::get_user_id_from_account_id(account_id_val);
match verify_password(input.password.clone().as_bytes(), password_val.as_str()) {
Ok(_) => return status::Custom(Status::Ok,
Box::leak(format!("{},{}", account_id_val, user_id).into_boxed_str())
),
match helpers::accounts::auth(account_id_val, input.password.clone(), input.gjp.clone(), input.gjp2.clone()) {
Ok(_) => return status::Custom(Status::Ok, Box::leak(format!("{},{}", user_id_val, account_id_val).into_boxed_str())),
Err(_) => return status::Custom(Status::Ok, "-11")
};
}
},
Err(_) => return status::Custom(Status::Ok, "-1")
}

1
src/endpoints/levels.rs
View file

@ -0,0 +1 @@
pub mod upload_level;

51
src/endpoints/levels/upload_level.rs Normal file
View file

@ -0,0 +1,51 @@
// use password_auth::verify_password;
// use rocket::form::Form;
// use rocket::http::Status;
// use rocket::response::status;
// use diesel::prelude::*;
// use crate::helpers;
// use crate::db;
// #[derive(FromForm)]
// pub struct FromLoginAccount {
// accountID: i32,
// gjp: String
// }
// #[post("/accounts/loginGJAccount.php", data = "<input>")]
// pub fn login_account(input: Form<FromLoginAccount>) -> status::Custom<&'static str> {
// let connection = &mut db::establish_connection_pg();
// // account verification
// let (user_id, account_id): (i32, i32);
// {
// use crate::schema::accounts::dsl::*;
// let query_result = accounts
// .select((id, password))
// .filter(username.eq(input.userName.clone()))
// .get_result::<(i32, String)>(connection);
// match query_result {
// Ok((
// account_id_val,
// password_val
// )) => {
// user_id = helpers::accounts::get_user_id_from_account_id(account_id_val);
// match verify_password(input.password.clone().as_bytes(), password_val.as_str()) {
// Ok(_) => return status::Custom(Status::Ok,
// Box::leak(format!("{},{}", account_id_val, user_id).into_boxed_str())
// ),
// Err(_) => return status::Custom(Status::Ok, "-11")
// };
// },
// Err(_) => return status::Custom(Status::Ok, "-1")
// }
// }
// return status::Custom(Status::Ok, "1")
// }

56
src/helpers/accounts.rs
View file

@ -1,6 +1,60 @@
use diesel::prelude::*;
use password_auth::verify_password;
use crate::db;
use crate::{db, helpers};
// returns userid, accountid
pub enum AuthError {
WrongPassword,
AccountNotFound
}
pub fn auth(account_id: i32, password_val: Option<String>, gjp_val: Option<String>, gjp2_val: Option<String>) -> Result<(i32, i32), AuthError> {
use crate::schema::accounts::dsl::*;
let connection = &mut db::establish_connection_pg();
let query_result = accounts
.select((password, gjp2))
.filter(id.eq(account_id))
.get_result::<(String, String)>(connection);
match query_result {
Ok((
password_queried_val,
gjp2_queried_val
)) => {
match password_val {
Some(password_val) => {
match verify_password(password_val, &password_queried_val) {
Ok(_) => return Ok((get_user_id_from_account_id(account_id), account_id)),
Err(_) => return Err(AuthError::WrongPassword)
}
},
None => match gjp_val {
Some(gjp_val) => {
match verify_password(helpers::encryption::decode_gjp(gjp_val), &password_queried_val) {
Ok(_) => return Ok((get_user_id_from_account_id(account_id), account_id)),
Err(_) => return Err(AuthError::WrongPassword)
}
},
None => match gjp2_val {
Some(gjp2_val) => {
match verify_password(gjp2_val, &gjp2_queried_val) {
Ok(_) => return Ok((get_user_id_from_account_id(account_id), account_id)),
Err(_) => return Err(AuthError::WrongPassword)
}
},
None => {
return Err(AuthError::WrongPassword)
}
}
}
}
},
Err(_) => return Err(AuthError::AccountNotFound)
}
}
pub fn get_user_id_from_account_id(ext_id: i32) -> i32 {
use crate::schema::users::dsl::*;

8
src/helpers/encryption.rs
View file

@ -1,7 +1,7 @@
use sha::sha1::Sha1;
use sha::utils::{Digest, DigestExt};
use password_auth::generate_hash;
use base64::{Engine as _, engine::general_purpose};
pub fn cyclic_xor(data: &[u8], key: &[u8]) -> Vec<u8> {
data.iter()
@ -22,3 +22,9 @@ pub fn cyclic_xor_string(string: &str, key: &str) -> String {
pub fn get_gjp2(password: String) -> String {
return Sha1::default().digest(String::from(password + "mI29fmAnxgTs").as_bytes()).to_hex();
}
pub fn decode_gjp(gjp: String) -> String {
let base64_decoded = String::from_utf8(general_purpose::STANDARD_NO_PAD.decode(gjp).expect("couldn't decode base64")).expect("invalid UTF-8 sequence (how)");
let xor_decoded = cyclic_xor_string(&base64_decoded, "37526");
return xor_decoded
}