-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* refa: extracting set_otp_secret to a feature this is just a glimpse of a restructure into feature, db and router/service layers I will do in the future * feat: adding mfa info route, which returns the mfa url * random: adding comment with clippy reason example
- Loading branch information
1 parent
1f77a78
commit f0f98a9
Showing
8 changed files
with
114 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
use axum::{http::StatusCode, Json}; | ||
use serde::{Deserialize, Serialize}; | ||
use sqlx::{Pool, Postgres}; | ||
|
||
use crate::{auth::AuthSession, features::totp::set_otp_secret}; | ||
|
||
#[derive(Serialize, Deserialize)] | ||
pub struct MfaInfo { | ||
pub otp_url: String, | ||
} | ||
|
||
pub async fn mfa_info( | ||
auth_session: AuthSession, | ||
db_pool: &Pool<Postgres>, | ||
) -> Result<Json<MfaInfo>, StatusCode> { | ||
let Some(user) = auth_session.user else { | ||
return Err(StatusCode::UNAUTHORIZED); | ||
}; | ||
tracing::info!("User logged in"); | ||
|
||
// TODO: create logic for changing MFA method | ||
if user.otp_enabled { | ||
todo!("Create logic for changing MFA method"); | ||
} | ||
|
||
let totp = set_otp_secret(db_pool, user.id).await.map_err(|e| { | ||
tracing::error!(?user.id, "Error setting OTP secret: {e}"); | ||
return StatusCode::INTERNAL_SERVER_ERROR; | ||
})?; | ||
|
||
Ok(Json(MfaInfo { | ||
otp_url: totp.otp_url, | ||
})) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,2 @@ | ||
pub mod auth; | ||
pub mod expenses; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
pub mod totp; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
use crate::util::generate_otp_token; | ||
use anyhow::bail; | ||
use sqlx::{Pool, Postgres}; | ||
use totp_rs::{Algorithm, Secret, TOTP}; | ||
|
||
pub struct OtpData { | ||
/// `qr_code` is a base64 encoded image that can be rendered embedded in an <img> tag | ||
pub qr_code: String, | ||
/// `otp_url` is a otpauth:// url that can be rendered as a QR code | ||
pub otp_url: String, | ||
} | ||
|
||
pub async fn set_otp_secret(db_pool: &Pool<Postgres>, user_id: i32) -> anyhow::Result<OtpData> { | ||
let secret = Secret::Raw(generate_otp_token().as_bytes().to_vec()); | ||
let mut transaction = db_pool.begin().await?; | ||
|
||
let user_email = sqlx::query!( | ||
r#" | ||
UPDATE users SET otp_secret = $1 WHERE id = $2 | ||
RETURNING email | ||
"#, | ||
secret.to_encoded().to_string(), | ||
user_id | ||
) | ||
.fetch_one(&mut *transaction) | ||
.await?; | ||
|
||
let totp = TOTP::new( | ||
Algorithm::SHA1, | ||
6, | ||
1, | ||
30, | ||
secret.to_bytes().unwrap(), | ||
Some("Finnish".to_owned()), | ||
user_email.email, | ||
)?; | ||
|
||
transaction.commit().await?; | ||
|
||
let Ok(qr_code) = totp.get_qr_base64() else { | ||
bail!("Failed to generate QR code from totp"); | ||
}; | ||
|
||
Ok(OtpData { | ||
qr_code, | ||
otp_url: totp.get_url(), | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters