diff --git a/Cargo.lock b/Cargo.lock
index 0a93b9a..aa19066 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -68,12 +68,6 @@ version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
-[[package]]
-name = "base64"
-version = "0.21.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "414dcefbc63d77c526a76b3afcf6fbb9b5e2791c19c3aa2297733208750c6e53"
-
[[package]]
name = "base64ct"
version = "1.6.0"
@@ -412,7 +406,6 @@ dependencies = [
name = "gdps-server"
version = "0.0.0"
dependencies = [
- "base64",
"diesel",
"dotenvy",
"maplit",
diff --git a/Cargo.toml b/Cargo.toml
index acf5aa9..7b492b9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -4,7 +4,6 @@ version = "0.0.0"
edition = "2021"
[dependencies]
-base64 = "0.21.3"
diesel = { version = "=2.1.0", features = ["postgres"] }
dotenvy = "0.15.7"
maplit = "1.0.2"
diff --git a/readme.md b/readme.md
index 9d7eb6f..4a42832 100644
--- a/readme.md
+++ b/readme.md
@@ -34,7 +34,6 @@ _these features are implemented_
## todo
-- probably work on the code warnings we get hehe
-- green name users... (add udid auth to auth function, use userName instead of accountID in uploading levels, and it goes on and on and on and on...)
-- add level parsing
+- green name users (fuck green names!!)
+- move authorization logic to (./src/helpers/accounts.rs)[./src/helpers/accounts.rs]
- maybe swap to timestamp type instead of `(TO_CHAR(CURRENT_TIMESTAMP, 'YYYY-MM-DD HH24:MI:SS.MS'))` (thats REALLY ugly!!)
\ No newline at end of file
diff --git a/src/endpoints/accounts/login_account.rs b/src/endpoints/accounts/login_account.rs
index bda02e3..f84fa50 100644
--- a/src/endpoints/accounts/login_account.rs
+++ b/src/endpoints/accounts/login_account.rs
@@ -1,3 +1,4 @@
+use password_auth::verify_password;
use rocket::form::Form;
use rocket::http::Status;
use rocket::response::status;
@@ -10,10 +11,7 @@ use crate::db;
#[derive(FromForm)]
pub struct FromLoginAccount {
userName: String,
-
- password: Option,
- gjp: Option,
- gjp2: Option,
+ password: String
}
#[post("/accounts/loginGJAccount.php", data = "")]
@@ -24,14 +22,8 @@ pub fn login_account(input: Form) -> status::Custom<&'static s
return status::Custom(Status::Ok, "-4")
}
- // gjp2 checks dont matter, its hashed, gjp checks would break bc its base64, and why does this check exist if its just for logging in robtop this is useless it doesnt provide security we already did the security on the register account u fucking faggot im really bored of working on this but im also excited to see if it works deepwoken solos mid dash
- match input.password.clone() {
- Some(password_val) => {
- if password_val.len() < 6 {
- return status::Custom(Status::Ok, "-8")
- }
- },
- None => {}
+ if input.password.len() < 6 {
+ return status::Custom(Status::Ok, "-8")
}
if input.userName.len() < 3 {
@@ -42,19 +34,21 @@ pub fn login_account(input: Form) -> status::Custom<&'static s
{
use crate::schema::accounts::dsl::*;
- let query_result = accounts
- .select(id)
+ let account_id_password_result = accounts
+ .select((id, password))
.filter(username.eq(input.userName.clone()))
- .get_result::(connection);
+ .get_result::<(i32, String)>(connection);
- match query_result {
- Ok(account_id_val) => {
- let user_id_val = helpers::accounts::get_user_id_from_account_id(account_id_val);
+ match account_id_password_result {
+ Ok(account_id_password) => {
+ let user_id = helpers::accounts::get_user_id_from_account_id(account_id_password.0);
- match helpers::accounts::auth(account_id_val, input.password.clone(), input.gjp.clone(), input.gjp2.clone()) {
- Ok(_) => return status::Custom(Status::Ok, Box::leak(format!("{},{}", user_id_val, account_id_val).into_boxed_str())),
+ match verify_password(input.password.clone().as_bytes(), account_id_password.1.as_str()) {
+ Ok(_) => return status::Custom(Status::Ok,
+ Box::leak(format!("{},{}", account_id_password.0, user_id).into_boxed_str())
+ ),
Err(_) => return status::Custom(Status::Ok, "-11")
- }
+ };
},
Err(_) => return status::Custom(Status::Ok, "-1")
}
diff --git a/src/endpoints/accounts/register_account.rs b/src/endpoints/accounts/register_account.rs
index 92c02f5..c754a52 100644
--- a/src/endpoints/accounts/register_account.rs
+++ b/src/endpoints/accounts/register_account.rs
@@ -66,7 +66,6 @@ pub fn register_account(input: Form) -> status::Custom<&'st
gjp2: generate_hash(helpers::encryption::get_gjp2(input.password.clone())),
email: input.email.clone()
};
-
inserted_account = diesel::insert_into(accounts)
.values(&new_account)
.get_result::(connection)
@@ -84,7 +83,6 @@ pub fn register_account(input: Form) -> status::Custom<&'st
username: input.userName.clone(),
registered: 1
};
-
diesel::insert_into(users)
.values(&new_user)
.get_result::(connection)
diff --git a/src/endpoints/levels.rs b/src/endpoints/levels.rs
index 9d965be..e69de29 100644
--- a/src/endpoints/levels.rs
+++ b/src/endpoints/levels.rs
@@ -1 +0,0 @@
-pub mod upload_level;
\ No newline at end of file
diff --git a/src/endpoints/levels/.keep b/src/endpoints/levels/.keep
new file mode 100644
index 0000000..e69de29
diff --git a/src/endpoints/levels/upload_level.rs b/src/endpoints/levels/upload_level.rs
deleted file mode 100644
index 2444bca..0000000
--- a/src/endpoints/levels/upload_level.rs
+++ /dev/null
@@ -1,36 +0,0 @@
-use password_auth::verify_password;
-use rocket::form::Form;
-use rocket::http::Status;
-use rocket::response::status;
-
-use diesel::prelude::*;
-
-use crate::helpers;
-use crate::db;
-
-#[derive(FromForm)]
-pub struct FormUploadLevel {
- accountID: i32,
-
- password: Option,
- gjp: Option,
- gjp2: Option,
-}
-
-#[post("/uploadGJLevel21.php", data = "")]
-pub fn upload_level(input: Form) -> status::Custom<&'static str> {
- let connection = &mut db::establish_connection_pg();
-
- // account verification
- let (user_id_val, account_id_val): (i32, i32);
-
- match helpers::accounts::auth(input.accountID.clone(), input.password.clone(), input.gjp.clone(), input.gjp2.clone()) {
- Ok((user_id, account_id)) => {
- user_id_val = user_id;
- account_id_val = account_id;
- },
- Err(_) => return status::Custom(Status::Ok, "-1")
- };
-
- return status::Custom(Status::Ok, "1")
-}
\ No newline at end of file
diff --git a/src/helpers/accounts.rs b/src/helpers/accounts.rs
index 2f22c9e..2cd1b08 100644
--- a/src/helpers/accounts.rs
+++ b/src/helpers/accounts.rs
@@ -1,60 +1,6 @@
use diesel::prelude::*;
-use password_auth::verify_password;
-use crate::{db, helpers};
-
-// returns userid, accountid
-pub enum AuthError {
- WrongPassword,
- AccountNotFound
-}
-
-pub fn auth(account_id: i32, password_val: Option, gjp_val: Option, gjp2_val: Option) -> Result<(i32, i32), AuthError> {
- use crate::schema::accounts::dsl::*;
-
- let connection = &mut db::establish_connection_pg();
-
- let query_result = accounts
- .select((password, gjp2))
- .filter(id.eq(account_id))
- .get_result::<(String, String)>(connection);
-
- match query_result {
- Ok((
- password_queried_val,
- gjp2_queried_val
- )) => {
- match password_val {
- Some(password_val) => {
- match verify_password(password_val, &password_queried_val) {
- Ok(_) => return Ok((get_user_id_from_account_id(account_id), account_id)),
- Err(_) => return Err(AuthError::WrongPassword)
- }
- },
- None => match gjp_val {
- Some(gjp_val) => {
- match verify_password(helpers::encryption::decode_gjp(gjp_val), &password_queried_val) {
- Ok(_) => return Ok((get_user_id_from_account_id(account_id), account_id)),
- Err(_) => return Err(AuthError::WrongPassword)
- }
- },
- None => match gjp2_val {
- Some(gjp2_val) => {
- match verify_password(gjp2_val, &gjp2_queried_val) {
- Ok(_) => return Ok((get_user_id_from_account_id(account_id), account_id)),
- Err(_) => return Err(AuthError::WrongPassword)
- }
- },
- None => {
- return Err(AuthError::WrongPassword)
- }
- }
- }
- }
- },
- Err(_) => return Err(AuthError::AccountNotFound)
- }
-}
+use crate::db;
pub fn get_user_id_from_account_id(ext_id: i32) -> i32 {
use crate::schema::users::dsl::*;
diff --git a/src/helpers/encryption.rs b/src/helpers/encryption.rs
index ab4ef12..fb3f088 100644
--- a/src/helpers/encryption.rs
+++ b/src/helpers/encryption.rs
@@ -1,7 +1,7 @@
use sha::sha1::Sha1;
use sha::utils::{Digest, DigestExt};
-use base64::{Engine as _, engine::general_purpose};
+use password_auth::generate_hash;
pub fn cyclic_xor(data: &[u8], key: &[u8]) -> Vec {
data.iter()
@@ -21,10 +21,4 @@ pub fn cyclic_xor_string(string: &str, key: &str) -> String {
pub fn get_gjp2(password: String) -> String {
return Sha1::default().digest(String::from(password + "mI29fmAnxgTs").as_bytes()).to_hex();
-}
-
-pub fn decode_gjp(gjp: String) -> String {
- let base64_decoded = String::from_utf8(general_purpose::STANDARD.decode(gjp).expect("couldn't decode base64")).expect("invalid UTF-8 sequence (how)");
- let xor_decoded = cyclic_xor_string(&base64_decoded, "37526");
- return xor_decoded
}
\ No newline at end of file
diff --git a/src/main.rs b/src/main.rs
index 6c30eb8..bc0551e 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -32,8 +32,6 @@ fn rocket() -> _ {
endpoints::accounts::login_account::login_account,
endpoints::accounts::register_account::register_account,
- endpoints::users::get_users::get_users,
-
- endpoints::levels::upload_level::upload_level
+ endpoints::users::get_users::get_users
])
}
\ No newline at end of file