fix: improve the RSA encryption so that it can parse hex strings

zvms · May 1, 2024 · 3c4be71 · 3c4be71
1 parent d840274
commit 3c4be71
Show file tree

Hide file tree

Showing 11 changed files with 197 additions and 27 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -32,6 +32,7 @@ socketioxide = { version = "0.12.0", features = ["state", "extensions", "tracing
 tokio = { version = "1.37.0", features = ["full"] }
 tower = "0.4.13"
 tower-http = "0.5.2"
+tracing = { version = "0.1.40", features = ["log"] }
 tracing-subscriber = { version = "0.3.18", features = ["tracing", "time", "serde", "serde_json", "json", "regex"] }
 uuid = "1.8.0"
 zerocopy = "0.7.32"

diff --git a/README.md b/README.md
@@ -1,19 +1,15 @@
-# ZVMS 4 Backend Implementation with Rust
-
-The first version of backend of ZVMS 4 is a `shit mountain` of code.
-
-Since I am learning `Rust`, I decided to rewrite the backend in `Rust`.
-
-Technologies used:
-
-- `axum`: Web framework
-- `tokio`: Async runtime
-- `mongodb`: Database
-
-> You should have `Rust` installed in your system to run this project.
-
-> You need to create `src/config.rs` with following code:
-
-```rust
-pub const MONGO_URL: &str = "<MONGO_URL>";
-```
+# ZVMS 4 Backend Implementation with Rust
+
+[![JWT](https://jwt.io/img/badge-compatible.svg)](https://jwt.io/)
+
+![Test](https://github.com/zvms/zvms4-backend-rust/actions/workflows/test.yml/badge.svg) ![Build](https://github.com/zvms/zvms4-backend-rust/actions/workflows/release.yml/badge.svg)
+
+The first version of backend of ZVMS 4 is a `shit mountain` of code.
+
+Since I am learning `Rust`, I decided to rewrite the backend in `Rust`.
+
+Technologies used:
+
+- `axum`: Web framework
+- `tokio`: Async runtime
+- `mongodb`: Database
diff --git a/aes256.key b/aes256.key
diff --git a/src/main.rs b/src/main.rs
@@ -38,7 +38,7 @@ fn on_connect(socket: SocketRef, Data(data): Data<Value>) {
 
 #[tokio::main]
 async fn main() {
-    tracing_subscriber::fmt::init();
+    tracing_subscriber::fmt().init();
 
     let client = database::create_client()
         .await
@@ -64,6 +64,10 @@ async fn main() {
             post(routers::activities::insert::insert_activity),
         )
         .route("/activity/:id", get(routers::activities::read::read_one))
+        .route(
+            "/activity/:id",
+            delete(routers::activities::remove::remove_activity),
+        )
         .route(
             "/activity/:id/name",
             put(routers::activities::update::update_activity_name),
@@ -73,8 +77,8 @@ async fn main() {
             put(routers::activities::update::update_activity_description),
         )
         .route(
-            "/activity/:id",
-            delete(routers::activities::remove::remove_activity),
+            "/activity/:id/member",
+            post(routers::activities::members::insert::insert_member_into_activity),
         )
         .route("/user/auth", post(routers::auth::login))
         .layer(Extension(shared_client.clone()));

diff --git a/src/routers/activities/members/insert.rs b/src/routers/activities/members/insert.rs
@@ -0,0 +1,111 @@
+use crate::{
+    models::{
+        activities::{Activity, ActivityMember},
+        groups::GroupPermission,
+        response::{ErrorResponse, ResponseStatus, SuccessResponse},
+    },
+    utils::jwt::UserData,
+};
+use axum::{
+    extract::{Extension, Json, Path},
+    http::StatusCode,
+    response::IntoResponse,
+};
+use bson::{doc, oid::ObjectId};
+use mongodb::Database;
+use std::{str::FromStr, sync::Arc};
+use tokio::sync::Mutex;
+
+pub async fn insert_member_into_activity(
+    Extension(db): Extension<Arc<Mutex<Database>>>,
+    user: UserData,
+    Path(id): Path<String>,
+    Json(activity_member): Json<ActivityMember>,
+) -> impl IntoResponse {
+    let db = db.lock().await;
+    let collection = db.collection("activities");
+    let activity_id = ObjectId::from_str(&id).unwrap();
+    let activity = collection.find_one(doc! {"_id": activity_id}, None).await;
+    if let Err(_) = activity {
+        let response = ErrorResponse {
+            status: ResponseStatus::Error,
+            code: 404,
+            message: "Activity not found".to_string(),
+        };
+        let response = serde_json::to_string(&response).unwrap();
+        return (StatusCode::NOT_FOUND, Json(response));
+    }
+    let activity = activity.unwrap();
+    if let None = activity {
+        let response = ErrorResponse {
+            status: ResponseStatus::Error,
+            code: 404,
+            message: "Activity not found".to_string(),
+        };
+        let response = serde_json::to_string(&response).unwrap();
+        return (StatusCode::NOT_FOUND, Json(response));
+    }
+    let activity: Activity = bson::from_document(activity.unwrap()).unwrap();
+    let members = activity.members.unwrap_or_default();
+    // Check if the activity contains the member
+    if members
+        .iter()
+        .any(|member| member._id == ObjectId::from_str(&activity_member._id.to_hex()).unwrap())
+    {
+        let response = ErrorResponse {
+            status: ResponseStatus::Error,
+            code: 400,
+            message: "Member already exists".to_string(),
+        };
+        let response = serde_json::to_string(&response).unwrap();
+        return (StatusCode::BAD_REQUEST, Json(response));
+    }
+    if user.perms.contains(&GroupPermission::Admin) || user.perms.contains(&GroupPermission::Department) {} else {
+        let response = ErrorResponse {
+            status: ResponseStatus::Error,
+            code: 403,
+            message: "Permission denied".to_string(),
+        };
+        let response = serde_json::to_string(&response).unwrap();
+        return (StatusCode::FORBIDDEN, Json(response));
+    }
+    let member = bson::to_document(&activity_member);
+    if let Err(_) = member {
+        let response = ErrorResponse {
+            status: ResponseStatus::Error,
+            code: 400,
+            message: "Invalid member".to_string(),
+        };
+        let response = serde_json::to_string(&response).unwrap();
+        return (StatusCode::BAD_REQUEST, Json(response));
+    }
+    let result = collection
+        .update_one(
+            doc! {"_id": activity_id},
+            doc! {
+                "$push": {
+                    "members": member.unwrap()
+                }
+            },
+            None,
+        )
+        .await;
+    if let Ok(_) = result {
+        let response: SuccessResponse<_, ()> = SuccessResponse {
+            status: ResponseStatus::Success,
+            code: 200,
+            data: (),
+            metadata: None,
+        };
+        let response = serde_json::to_string(&response).unwrap();
+        (StatusCode::OK, Json(response))
+    } else {
+        let response = ErrorResponse {
+            status: ResponseStatus::Error,
+            code: 500,
+            message: "Failed to insert member".to_string(),
+        };
+        let response = serde_json::to_string(&response).unwrap();
+        (StatusCode::INTERNAL_SERVER_ERROR, Json(response))
+    }
+}
diff --git a/src/routers/activities/members/mod.rs b/src/routers/activities/members/mod.rs
@@ -0,0 +1 @@
+pub mod insert;
diff --git a/src/routers/activities/members/read.rs b/src/routers/activities/members/read.rs
@@ -0,0 +1 @@
+use crate::{models::{activities::Activity}};
diff --git a/src/routers/auth/mod.rs b/src/routers/auth/mod.rs
@@ -37,7 +37,6 @@ pub struct LoginCredentials {
 pub async fn login(
     Extension(client): Extension<Arc<Mutex<Database>>>,
     Json(body): Json<LoginRequest>,
-
 ) -> impl IntoResponse {
     let client = client.lock().await;
     let collection = client.collection("users");
@@ -67,7 +66,18 @@ pub async fn login(
     let user: Option<User> = user.unwrap();
     if let Some(user) = user {
         let keypair = load_keypair().await;
-        let credentials = decrypt(&keypair.0, &body.credentials.as_bytes()).await;
+        let credentials = hex::decode(&body.credentials);
+        if let Err(_) = credentials {
+            let response = ErrorResponse {
+                status: ResponseStatus::Error,
+                code: 400,
+                message: "Invalid credentials".to_string(),
+            };
+            let response = json!(response);
+            return (StatusCode::BAD_REQUEST, Json(response));
+        }
+        let credentials = credentials.unwrap();
+        let credentials = decrypt(&keypair.0, &credentials).await;
         let credentials = serde_json::from_str(&credentials);
         if let Err(_) = credentials {
             let response = ErrorResponse {
@@ -92,6 +102,7 @@ pub async fn login(
                 return (StatusCode::INTERNAL_SERVER_ERROR, Json(response));
             }
             let token = token.unwrap();
+            println!("{:?}", token.clone());
             let response: SuccessResponse<String, ()> = SuccessResponse {
                 status: ResponseStatus::Success,
                 code: 200,

diff --git a/src/tests/apis/auth.rs b/src/tests/apis/auth.rs
@@ -0,0 +1,45 @@
+/*
+Use user: 105
+password: 105
+ObjectId: 65e6fa210edc81d012ec483a
+*/
+
+#[cfg(test)]
+mod tests {
+    use crate::database::create_client;
+    use crate::routers::auth::{login, LoginCredentials, LoginRequest};
+    use crate::utils::jwt::TokenType;
+    use crate::utils::rsa::{encrypt, load_keypair};
+    use axum::extract::Extension;
+    use axum::response::IntoResponse;
+    use axum::Json;
+    use std::sync::Arc;
+    use std::time::SystemTime;
+    use tokio::sync::Mutex;
+
+    #[tokio::test]
+    async fn test_login() {
+        let client = create_client().await.unwrap();
+        let client = Arc::new(Mutex::new(client));
+        let client = Extension(client);
+        let credential = LoginCredentials {
+            password: "105".to_string(),
+            timestamp: SystemTime::now()
+                .duration_since(SystemTime::UNIX_EPOCH)
+                .unwrap()
+                .as_millis() as u64,
+        };
+        let credential = serde_json::to_string(&credential).unwrap();
+        let (_, public_key) = load_keypair().await;
+        let credential = encrypt(&public_key, credential.as_str());
+        let credential = hex::encode(credential);
+        let request = LoginRequest {
+            credentials: credential,
+            userid: "65e6fa210edc81d012ec483a".to_string(),
+            term: TokenType::LongTerm
+        };
+        let result = login(client, Json(request)).await;
+        let result = result.into_response();
+        assert!(result.status().is_success())
+    }
+}
diff --git a/src/utils/aes.rs b/src/utils/aes.rs
@@ -7,10 +7,10 @@ pub fn generate_aes256_key() -> String {
 }
 
 pub fn read_aes256_key() -> String {
-    let key = std::fs::read_to_string("aes256.key");
+    let key = std::fs::read_to_string("aes.key");
     if let Err(_) = key {
         let key = generate_aes256_key();
-        let _ = std::fs::write("aes256.key", key.as_bytes());
+        let _ = std::fs::write("aes.key", key.as_bytes());
         return key;
     }
     key.unwrap()