From 57563c6968510a219335fe8dd3d287ae99d652c1 Mon Sep 17 00:00:00 2001
From: Colin McKechney <cmckechn@nd.edu>
Date: Thu, 27 Apr 2023 17:34:08 +0000
Subject: [PATCH] moved security files to separate module

---
 src/main.rs     | 88 ++++---------------------------------------------
 src/security.rs | 81 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 87 insertions(+), 82 deletions(-)
 create mode 100644 src/security.rs

diff --git a/src/main.rs b/src/main.rs
index 3be4f43..760cf94 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,14 +1,9 @@
-use sha2::{Sha256, Digest};
-use rand::{prelude::Rng, distributions::Alphanumeric };
-use oracle::{Connection, Error};
 use log::{info, warn, error};
 use env_logger::Env;
 use actix_web::{web, get, post, web::Json, App, HttpResponse, HttpServer, Responder};
 use serde::{Deserialize, Serialize};
+mod security;
 
-static SQL_USERNAME: &str = "group09_user";
-static SQL_PASSWORD: &str = "group09_user";
-static SALT_LEN: usize = 16;
 static PORT: u16 = 8009;
 
 
@@ -26,14 +21,14 @@ async fn main() -> std::io::Result<()> {
     let env = Env::default().filter_or("LOG_LEVEL", "info");
     env_logger::init_from_env(env);
 
-    let result = HttpServer::new( || {
+    let _ = HttpServer::new( || {
         App::new()
             .service(index)
             .service(login)
             .service(homepage)
             .service(plan_page)
     })
-    .bind(("127.0.0.1", PORT))?
+    .bind(("0.0.0.0", PORT))?
     .run()
     .await;
     //Temporary for testing purposes, should write something to make a random salt
@@ -42,83 +37,12 @@ async fn main() -> std::io::Result<()> {
 
     //proof of concept tests, create_user should fail in this instance because user was already
     //created
-    //println!("{}",authenticate(username, password).unwrap());
-    //create_user("test", "test_create", "test_first", "test_last").unwrap();
-    //println!("{}", authenticate("test", "test_create").unwrap());
+    security::authenticate(username, password).unwrap();
+    security::create_user("test", "test_create", "test_first", "test_last").unwrap();
+    security::authenticate("test", "test_create").unwrap();
     Ok(())
 }
 
-
-fn authenticate(username: &str, password: &str) -> Result<bool, Error> {
-    
-    info!("Authenticating user: {}", username);
-
-    let conn = Connection::connect(SQL_USERNAME,SQL_PASSWORD, "")?;
-    let mut stmt = conn.statement("select password, salt from student where net_id = :1").build()?;
-    let row = stmt.query_row_as::<(String, String)>(&[&username])?;
-    
-    
-    let true_pword = row.0;
-    let salt = row.1;
-
-    let mut hasher = Sha256::new();
-    hasher.update(password);
-    hasher.update(salt);
-    let hash = hasher.finalize();
-
-    let mut tmp: String = String::new();
-    for value in hash{
-        tmp += &format!("{:x}", value); 
-    }
-    
-    conn.close()?;
-
-
-    if true_pword.eq(&tmp) {
-        info!("User {} successfully authenticated", username);
-        Ok(true)
-    }
-    else{
-        warn!("User {} failed authentication", username);
-        Ok(false)
-    }
-
-}
-
-fn create_user(username: &str, password: &str, first_name: &str, last_name: &str) -> Result<(), Error> {
-
-    info!("Creating user: {}", username); 
-    let conn = Connection::connect(SQL_USERNAME, SQL_PASSWORD, "")?;
-    let mut stmt = conn.statement("insert into student values(:net_id, :first_name, :last_name, :password, :salt)").build()?;
-
-    let salt: String = rand::thread_rng().sample_iter(&Alphanumeric).take(SALT_LEN).map(char::from).collect();
-    let mut hasher = Sha256::new();
-    hasher.update(&password);
-    hasher.update(&salt);
-    let hash = hasher.finalize();
-    
-    let mut hash_string = String::new();
-
-    for value in hash{
-        hash_string += &format!("{:x}", value);
-    }
-
-    match stmt.execute_named(&[("net_id", &username), ("first_name", &first_name), ("last_name", &last_name), ("password", &hash_string), ("salt", &salt)]) {
-        Ok(_) => {
-            info!("User {} successfully created", username); 
-            conn.commit()?;
-        },
-        Err(_) => {
-            warn!("Failed to create user {}", username);
-            conn.rollback()?;
-        }
-    };
-
-    conn.close()?;
-    Ok(())
-
-}
-
 #[get("/")]
 async fn index() -> impl Responder {
     HttpResponse::Ok().body("Hello world!")
diff --git a/src/security.rs b/src/security.rs
new file mode 100644
index 0000000..da8b1d7
--- /dev/null
+++ b/src/security.rs
@@ -0,0 +1,81 @@
+use sha2::{Sha256, Digest};
+use rand::{prelude::Rng, distributions::Alphanumeric };
+use oracle::{Connection, Error};
+use log::{info, warn};
+
+static SQL_USERNAME: &str = "group09_user";
+static SQL_PASSWORD: &str = "group09_user";
+static SALT_LEN: usize = 16;
+
+pub fn authenticate(username: &str, password: &str) -> Result<bool, Error> {
+    
+    info!("Authenticating user: {}", username);
+
+    let conn = Connection::connect(SQL_USERNAME,SQL_PASSWORD, "")?;
+    let mut stmt = conn.statement("select password, salt from student where net_id = :1").build()?;
+    let row = stmt.query_row_as::<(String, String)>(&[&username])?;
+    
+    
+    let true_pword = row.0;
+    let salt = row.1;
+
+    let mut hasher = Sha256::new();
+    hasher.update(password);
+    hasher.update(salt);
+    let hash = hasher.finalize();
+
+    let mut tmp: String = String::new();
+    for value in hash{
+        tmp += &format!("{:x}", value); 
+    }
+    
+    conn.close()?;
+
+
+    if true_pword.eq(&tmp) {
+        info!("User {} successfully authenticated", username);
+        Ok(true)
+    }
+    else{
+        warn!("User {} failed authentication", username);
+        Ok(false)
+    }
+
+}
+
+
+
+
+pub fn create_user(username: &str, password: &str, first_name: &str, last_name: &str) -> Result<(), Error> {
+
+    info!("Creating user: {}", username); 
+    let conn = Connection::connect(SQL_USERNAME, SQL_PASSWORD, "")?;
+    let mut stmt = conn.statement("insert into student values(:net_id, :first_name, :last_name, :password, :salt)").build()?;
+
+    let salt: String = rand::thread_rng().sample_iter(&Alphanumeric).take(SALT_LEN).map(char::from).collect();
+    let mut hasher = Sha256::new();
+    hasher.update(&password);
+    hasher.update(&salt);
+    let hash = hasher.finalize();
+    
+    let mut hash_string = String::new();
+
+    for value in hash{
+        hash_string += &format!("{:x}", value);
+    }
+
+    match stmt.execute_named(&[("net_id", &username), ("first_name", &first_name), ("last_name", &last_name), ("password", &hash_string), ("salt", &salt)]) {
+        Ok(_) => {
+            info!("User {} successfully created", username); 
+            conn.commit()?;
+        },
+        Err(_) => {
+            warn!("Failed to create user {}", username);
+            conn.rollback()?;
+        }
+    };
+
+    conn.close()?;
+    Ok(())
+
+}