ntr/mnml
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

great victory

Browse Source
This commit is contained in:
Mashy 2019-07-20 11:15:47 +10:00
parent c44cd44933
commit 4db44e0b59
2 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/src/account.rs
View File

@ -76,7 +76,7 @@ pub fn from_token(db: &Db, token: String) -> Result<Account, Error> {
Ok(Account { id, name, balance, subscribed })
}
pub fn login(tx: &mut Transaction, name: &String, password: &String) -> Result<Account, Error> {
pub fn login(tx: &mut Transaction, name: &String, password: &String) -> Result<Account, MnmlHttpError> {
let query = "
SELECT id, password, name, balance, subscribed
FROM accounts
@ -97,7 +97,7 @@ pub fn login(tx: &mut Transaction, name: &String, password: &String) -> Result<A
// verify garbage to prevent timing attacks
verify(garbage.clone(), &garbage).ok();
return Err(err_msg("account not found"));
return Err(MnmlHttpError::AccountNameNotFound);
},
};
@ -108,7 +108,7 @@ pub fn login(tx: &mut Transaction, name: &String, password: &String) -> Result<A
let subscribed: bool = row.get(4);
if !verify(password, &hash)? {
return Err(err_msg("password does not match"));
return Err(MnmlHttpError::PasswordNotMatch);
}
let balance = u32::try_from(db_balance)

27
server/src/net.rs
View File

@ -34,9 +34,15 @@ pub enum MnmlHttpError {
#[fail(display="account name taken or invalid")]
AccountNameNotProvided,
#[fail(display="account name not provided")]
AccountNameNotFound,
#[fail(display="account name not found")]
AccountNameTaken,
#[fail(display="incorrect password")]
PasswordNotMatch,
#[fail(display="password unacceptable. must be > 11 characters")]
PasswordUnacceptable,
#[fail(display="incorrect token. refresh or logout of existing sessions")]
TokenDoesNotMatch,
#[fail(display="invalid code. https://discord.gg/YJJgurM")]
InvalidCode,
}
@ -89,14 +95,19 @@ fn iron_response (status: status::Status, message: String) -> Response {
impl From<MnmlHttpError> for IronError {
fn from(m_err: MnmlHttpError) -> Self {
let (err, res) = match m_err {
MnmlHttpError::ServerError => (m_err.compat(), status::InternalServerError),
MnmlHttpError::ServerError |
MnmlHttpError::DbError => (m_err.compat(), status::InternalServerError),
MnmlHttpError::Unauthorized => (m_err.compat(), status::Unauthorized),
MnmlHttpError::BadRequest => (m_err.compat(), status::BadRequest),
MnmlHttpError::AccountNameNotProvided => (m_err.compat(), status::BadRequest),
MnmlHttpError::AccountNameTaken => (m_err.compat(), status::BadRequest),
MnmlHttpError::AccountNameNotProvided |
MnmlHttpError::AccountNameTaken |
MnmlHttpError::AccountNameNotFound |
MnmlHttpError::BadRequest |
MnmlHttpError::PasswordUnacceptable => (m_err.compat(), status::BadRequest),
MnmlHttpError::InvalidCode => (m_err.compat(), status::Unauthorized),
MnmlHttpError::PasswordNotMatch |
MnmlHttpError::InvalidCode |
MnmlHttpError::TokenDoesNotMatch |
MnmlHttpError::Unauthorized => (m_err.compat(), status::Unauthorized),
};
IronError { error: Box::new(err), response: iron_response(res, m_err.to_string()) }
}
@ -119,7 +130,7 @@ impl BeforeMiddleware for AuthMiddleware {
if cookie.name() == TOKEN_HEADER {
match account::from_token(&db, cookie.value().to_string()) {
Ok(a) => req.extensions.insert::<account::Account>(a),
Err(_) => return Err(IronError::from(MnmlHttpError::Unauthorized)),
Err(_) => return Err(IronError::from(MnmlHttpError::TokenDoesNotMatch)),
};
}
}
@ -219,7 +230,7 @@ fn login(req: &mut Request) -> IronResult<Response> {
},
Err(e) => {
warn!("{:?}", e);
Err(IronError::from(MnmlHttpError::Unauthorized))
Err(IronError::from(e))
}
}
}