college_archive/advanced_db
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

moved security files to separate module

Browse Source
This commit is contained in:
Colin McKechney
2023-04-27 17:34:08 +00:00
parent 54b4a30f90
commit 57563c6968
2 changed files with 87 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
src/main.rs
View File

@@ -1,14 +1,9 @@
use sha2::{Sha256, Digest};
use rand::{prelude::Rng, distributions::Alphanumeric };
use oracle::{Connection, Error};
use log::{info, warn, error}; use log::{info, warn, error};
use env_logger::Env; use env_logger::Env;
use actix_web::{web, get, post, web::Json, App, HttpResponse, HttpServer, Responder}; use actix_web::{web, get, post, web::Json, App, HttpResponse, HttpServer, Responder};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
mod security;
static SQL_USERNAME: &str = "group09_user";
static SQL_PASSWORD: &str = "group09_user";
static SALT_LEN: usize = 16;
static PORT: u16 = 8009; static PORT: u16 = 8009;
@@ -26,14 +21,14 @@ async fn main() -> std::io::Result<()> {
let env = Env::default().filter_or("LOG_LEVEL", "info"); let env = Env::default().filter_or("LOG_LEVEL", "info");
env_logger::init_from_env(env); env_logger::init_from_env(env);
let result = HttpServer::new( || { let _ = HttpServer::new( || {
App::new() App::new()
.service(index) .service(index)
.service(login) .service(login)
.service(homepage) .service(homepage)
.service(plan_page) .service(plan_page)
}) })
.bind(("127.0.0.1", PORT))? .bind(("0.0.0.0", PORT))?
.run() .run()
.await; .await;
//Temporary for testing purposes, should write something to make a random salt //Temporary for testing purposes, should write something to make a random salt
@@ -42,83 +37,12 @@ async fn main() -> std::io::Result<()> {
//proof of concept tests, create_user should fail in this instance because user was already //proof of concept tests, create_user should fail in this instance because user was already
//created //created
//println!("{}",authenticate(username, password).unwrap()); security::authenticate(username, password).unwrap();
//create_user("test", "test_create", "test_first", "test_last").unwrap(); security::create_user("test", "test_create", "test_first", "test_last").unwrap();
//println!("{}", authenticate("test", "test_create").unwrap()); security::authenticate("test", "test_create").unwrap();
Ok(()) Ok(())
} }
fn authenticate(username: &str, password: &str) -> Result<bool, Error> {
info!("Authenticating user: {}", username);
let conn = Connection::connect(SQL_USERNAME,SQL_PASSWORD, "")?;
let mut stmt = conn.statement("select password, salt from student where net_id = :1").build()?;
let row = stmt.query_row_as::<(String, String)>(&[&username])?;
let true_pword = row.0;
let salt = row.1;
let mut hasher = Sha256::new();
hasher.update(password);
hasher.update(salt);
let hash = hasher.finalize();
let mut tmp: String = String::new();
for value in hash{
tmp += &format!("{:x}", value);
}
conn.close()?;
if true_pword.eq(&tmp) {
info!("User {} successfully authenticated", username);
Ok(true)
}
else{
warn!("User {} failed authentication", username);
Ok(false)
}
}
fn create_user(username: &str, password: &str, first_name: &str, last_name: &str) -> Result<(), Error> {
info!("Creating user: {}", username);
let conn = Connection::connect(SQL_USERNAME, SQL_PASSWORD, "")?;
let mut stmt = conn.statement("insert into student values(:net_id, :first_name, :last_name, :password, :salt)").build()?;
let salt: String = rand::thread_rng().sample_iter(&Alphanumeric).take(SALT_LEN).map(char::from).collect();
let mut hasher = Sha256::new();
hasher.update(&password);
hasher.update(&salt);
let hash = hasher.finalize();
let mut hash_string = String::new();
for value in hash{
hash_string += &format!("{:x}", value);
}
match stmt.execute_named(&[("net_id", &username), ("first_name", &first_name), ("last_name", &last_name), ("password", &hash_string), ("salt", &salt)]) {
Ok(_) => {
info!("User {} successfully created", username);
conn.commit()?;
},
Err(_) => {
warn!("Failed to create user {}", username);
conn.rollback()?;
}
};
conn.close()?;
Ok(())
}
#[get("/")] #[get("/")]
async fn index() -> impl Responder { async fn index() -> impl Responder {
HttpResponse::Ok().body("Hello world!") HttpResponse::Ok().body("Hello world!")

81
src/security.rs Normal file
View File

@@ -0,0 +1,81 @@
use sha2::{Sha256, Digest};
use rand::{prelude::Rng, distributions::Alphanumeric };
use oracle::{Connection, Error};
use log::{info, warn};
static SQL_USERNAME: &str = "group09_user";
static SQL_PASSWORD: &str = "group09_user";
static SALT_LEN: usize = 16;
pub fn authenticate(username: &str, password: &str) -> Result<bool, Error> {
info!("Authenticating user: {}", username);
let conn = Connection::connect(SQL_USERNAME,SQL_PASSWORD, "")?;
let mut stmt = conn.statement("select password, salt from student where net_id = :1").build()?;
let row = stmt.query_row_as::<(String, String)>(&[&username])?;
let true_pword = row.0;
let salt = row.1;
let mut hasher = Sha256::new();
hasher.update(password);
hasher.update(salt);
let hash = hasher.finalize();
let mut tmp: String = String::new();
for value in hash{
tmp += &format!("{:x}", value);
}
conn.close()?;
if true_pword.eq(&tmp) {
info!("User {} successfully authenticated", username);
Ok(true)
}
else{
warn!("User {} failed authentication", username);
Ok(false)
}
}
pub fn create_user(username: &str, password: &str, first_name: &str, last_name: &str) -> Result<(), Error> {
info!("Creating user: {}", username);
let conn = Connection::connect(SQL_USERNAME, SQL_PASSWORD, "")?;
let mut stmt = conn.statement("insert into student values(:net_id, :first_name, :last_name, :password, :salt)").build()?;
let salt: String = rand::thread_rng().sample_iter(&Alphanumeric).take(SALT_LEN).map(char::from).collect();
let mut hasher = Sha256::new();
hasher.update(&password);
hasher.update(&salt);
let hash = hasher.finalize();
let mut hash_string = String::new();
for value in hash{
hash_string += &format!("{:x}", value);
}
match stmt.execute_named(&[("net_id", &username), ("first_name", &first_name), ("last_name", &last_name), ("password", &hash_string), ("salt", &salt)]) {
Ok(_) => {
info!("User {} successfully created", username);
conn.commit()?;
},
Err(_) => {
warn!("Failed to create user {}", username);
conn.rollback()?;
}
};
conn.close()?;
Ok(())
}