backend/src/api/user.rs

use sha2::{Sha256, Digest};
use rand::{prelude::Rng, distributions::Alphanumeric };
use oracle::{Connection, Error};
use log::{info, warn, error};
use actix_identity::Identity;
use actix_web::{web, Responder, HttpRequest, HttpMessage, HttpResponse, cookie};
use serde::{Deserialize, Serialize};
use crate::config::{ORACLE_USER, ORACLE_PASS, ORACLE_CON_STR};

static SALT_LEN: usize = 16;

#[derive(Deserialize, Serialize, Debug, Default)]
pub struct Entry {
    net_id: String,
    password: String
}

#[derive(Deserialize, Serialize, Debug, Default)]
pub struct User {
    id: String,
    first_name: String,
    last_name: String
}

#[derive(Deserialize, Serialize, Debug, Default)]
pub struct NewUser {
    net_id: String, 
    password: String,
    first_name: String,
    last_name: String
}


pub async fn login(request: HttpRequest, body: web::Json<Entry>) -> impl Responder {
    //TODO: finish login, for now will simply login for everyone
    let net_id: &str = body.net_id.as_str();
    let password: &str = body.password.as_str();
    
    //Identity::login(&request.extensions(), "User1".into());
    println!("{:?}", request);
    println!("{:?}", body);
    match authenticate(net_id, password) {
        Some(user) => {
            let id = Identity::login(&request.extensions(), net_id.into()).unwrap();
            web::Json(user);
            HttpResponse::Ok()
        },
        None => {
            web::Json(User::default());
            HttpResponse::Unauthorized()
        }
    }
}

pub async fn logout(user: Identity) -> impl Responder {
    user.logout();
    HttpResponse::Ok()
}

pub async fn signup(request: HttpRequest, body: web::Json<NewUser>) -> impl Responder {
    let body = body.into_inner();

    match create_user(body.net_id.as_str(), body.password.as_str(), body.first_name.as_str(), body.last_name.as_str()) {
        Ok(_) => {
            Identity::login(&request.extensions(), body.net_id.clone()).unwrap();
            web::Json(User { id: body.net_id, first_name: body.first_name, last_name: body.last_name});
            HttpResponse::Ok()
        }
        Err(e) => {
            error!("Error creating new user: {}", e);
            HttpResponse::InternalServerError()
        }
    }

}

fn authenticate(username: &str, password: &str) -> Option<User> {
    
    info!("Authenticating user: {}", username);

    let conn = match Connection::connect(ORACLE_USER,ORACLE_PASS, ORACLE_CON_STR){
        Ok(c) => c,
        Err(e) => {
            error!("unable to open connection to server: {}", e);
            return None;
        }
    };
    let mut stmt = match conn.statement("select * from student where net_id = :1").build(){
        Ok(s) => s,
        Err(e) => {
            error!("unable to build statement: {}", e);
            return None;
        }
    };

    let row = stmt.query_row_as::<(String, String, String, String, String)>(&[&username]).unwrap_or_default();
    
    let true_pword = row.3;
    let salt = row.4;

    let mut hasher = Sha256::new();
    hasher.update(password);
    hasher.update(salt);
    let hash = hasher.finalize();

    let mut tmp: String = String::new();
    for value in hash{
        tmp += &format!("{:x}", value); 
    }
    
    conn.close().unwrap_or_default();


    if true_pword.eq(&tmp) {
        info!("User {} successfully authenticated", username);
        Some( User { id: row.0, first_name: row.1,last_name: row.2} )
    }
    else{
        warn!("User {} failed authentication", username);
        None
    }

}


fn create_user(username: &str, password: &str, first_name: &str, last_name: &str) -> Result<(), Error> {

    info!("Creating user: {}", username); 
    let conn = Connection::connect(ORACLE_USER, ORACLE_PASS, ORACLE_CON_STR)?;
    let mut stmt = conn.statement("insert into student values(:net_id, :first_name, :last_name, :pswd, :salt)").build()?;

    let salt: String = rand::thread_rng().sample_iter(&Alphanumeric).take(SALT_LEN).map(char::from).collect();
    let mut hasher = Sha256::new();
    hasher.update(&password);
    hasher.update(&salt);
    let hash = hasher.finalize();
    
    let mut hash_string = String::new();

    for value in hash{
        hash_string += &format!("{:x}", value);
    }

    match stmt.execute_named(&[("net_id", &username), ("first_name", &first_name), ("last_name", &last_name), ("pswd", &hash_string), ("salt", &salt)]) {
        Ok(_) => {
            info!("User {} successfully created", username); 
            conn.commit()?;
        },
        Err(_) => {
            warn!("Failed to create user {}", username);
            conn.rollback()?;
        }
    };
    
    let mut new_table = conn.statement("create table :net_id ( item_id number(5), foreign key (item_id) references menu_item (id))").build()?;

    match new_table.execute_named(&[("net_id", &username)]) {
        Ok(_) => {
            info!("User {} week table created", username);
            conn.commit()?;
        },
        Err(_) => {
            warn!("Failed to create week table for {}", username);
            conn.rollback()?;
        }
    };

    conn.close()?;
    Ok(())

}
beginnings of authentication 2023-04-27 23:59:14 -04:00			`use sha2::{Sha256, Digest};`
			`use rand::{prelude::Rng, distributions::Alphanumeric };`
			`use oracle::{Connection, Error};`
			`use log::{info, warn, error};`
			`use actix_identity::Identity;`
added table creation 2023-04-29 22:10:54 -04:00			`use actix_web::{web, Responder, HttpRequest, HttpMessage, HttpResponse, cookie};`
beginnings of authentication 2023-04-27 23:59:14 -04:00			`use serde::{Deserialize, Serialize};`
added config + plan 2023-04-30 17:33:47 -04:00			`use crate::config::{ORACLE_USER, ORACLE_PASS, ORACLE_CON_STR};`
beginnings of authentication 2023-04-27 23:59:14 -04:00
			`static SALT_LEN: usize = 16;`

			`#[derive(Deserialize, Serialize, Debug, Default)]`
			`pub struct Entry {`
			`net_id: String,`
			`password: String`
			`}`

			`#[derive(Deserialize, Serialize, Debug, Default)]`
			`pub struct User {`
			`id: String,`
			`first_name: String,`
			`last_name: String`
			`}`

added signup api 2023-04-28 00:46:47 -04:00			`#[derive(Deserialize, Serialize, Debug, Default)]`
			`pub struct NewUser {`
added table creation 2023-04-29 22:10:54 -04:00			`net_id: String,`
added signup api 2023-04-28 00:46:47 -04:00			`password: String,`
			`first_name: String,`
			`last_name: String`
			`}`

beginnings of authentication 2023-04-27 23:59:14 -04:00
			`pub async fn login(request: HttpRequest, body: web::Json<Entry>) -> impl Responder {`
			`//TODO: finish login, for now will simply login for everyone`
			`let net_id: &str = body.net_id.as_str();`
			`let password: &str = body.password.as_str();`

			`//Identity::login(&request.extensions(), "User1".into());`
			`println!("{:?}", request);`
			`println!("{:?}", body);`
			`match authenticate(net_id, password) {`
			`Some(user) => {`
added table creation 2023-04-29 22:10:54 -04:00			`let id = Identity::login(&request.extensions(), net_id.into()).unwrap();`
failed login results in 401 2023-04-28 00:19:45 -04:00			`web::Json(user);`
			`HttpResponse::Ok()`
beginnings of authentication 2023-04-27 23:59:14 -04:00			`},`
failed login results in 401 2023-04-28 00:19:45 -04:00			`None => {`
			`web::Json(User::default());`
			`HttpResponse::Unauthorized()`
			`}`
beginnings of authentication 2023-04-27 23:59:14 -04:00			`}`
			`}`

			`pub async fn logout(user: Identity) -> impl Responder {`
			`user.logout();`
			`HttpResponse::Ok()`
			`}`

added signup api 2023-04-28 00:46:47 -04:00			`pub async fn signup(request: HttpRequest, body: web::Json<NewUser>) -> impl Responder {`
			`let body = body.into_inner();`

added table creation 2023-04-29 22:10:54 -04:00			`match create_user(body.net_id.as_str(), body.password.as_str(), body.first_name.as_str(), body.last_name.as_str()) {`
added signup api 2023-04-28 00:46:47 -04:00			`Ok(_) => {`
added table creation 2023-04-29 22:10:54 -04:00			`Identity::login(&request.extensions(), body.net_id.clone()).unwrap();`
			`web::Json(User { id: body.net_id, first_name: body.first_name, last_name: body.last_name});`
added signup api 2023-04-28 00:46:47 -04:00			`HttpResponse::Ok()`
			`}`
			`Err(e) => {`
			`error!("Error creating new user: {}", e);`
			`HttpResponse::InternalServerError()`
			`}`
			`}`

			`}`

beginnings of authentication 2023-04-27 23:59:14 -04:00			`fn authenticate(username: &str, password: &str) -> Option<User> {`

			`info!("Authenticating user: {}", username);`

added config + plan 2023-04-30 17:33:47 -04:00			`let conn = match Connection::connect(ORACLE_USER,ORACLE_PASS, ORACLE_CON_STR){`
beginnings of authentication 2023-04-27 23:59:14 -04:00			`Ok(c) => c,`
			`Err(e) => {`
			`error!("unable to open connection to server: {}", e);`
			`return None;`
			`}`
			`};`
			`let mut stmt = match conn.statement("select * from student where net_id = :1").build(){`
			`Ok(s) => s,`
			`Err(e) => {`
			`error!("unable to build statement: {}", e);`
			`return None;`
			`}`
			`};`

			`let row = stmt.query_row_as::<(String, String, String, String, String)>(&[&username]).unwrap_or_default();`

			`let true_pword = row.3;`
			`let salt = row.4;`

			`let mut hasher = Sha256::new();`
			`hasher.update(password);`
			`hasher.update(salt);`
			`let hash = hasher.finalize();`

			`let mut tmp: String = String::new();`
			`for value in hash{`
			`tmp += &format!("{:x}", value);`
			`}`

			`conn.close().unwrap_or_default();`


			`if true_pword.eq(&tmp) {`
			`info!("User {} successfully authenticated", username);`
			`Some( User { id: row.0, first_name: row.1,last_name: row.2} )`
			`}`
			`else{`
			`warn!("User {} failed authentication", username);`
			`None`
			`}`

			`}`




			`fn create_user(username: &str, password: &str, first_name: &str, last_name: &str) -> Result<(), Error> {`

			`info!("Creating user: {}", username);`
added config + plan 2023-04-30 17:33:47 -04:00			`let conn = Connection::connect(ORACLE_USER, ORACLE_PASS, ORACLE_CON_STR)?;`
added table creation 2023-04-29 22:10:54 -04:00			`let mut stmt = conn.statement("insert into student values(:net_id, :first_name, :last_name, :pswd, :salt)").build()?;`
beginnings of authentication 2023-04-27 23:59:14 -04:00
			`let salt: String = rand::thread_rng().sample_iter(&Alphanumeric).take(SALT_LEN).map(char::from).collect();`
			`let mut hasher = Sha256::new();`
			`hasher.update(&password);`
			`hasher.update(&salt);`
			`let hash = hasher.finalize();`

			`let mut hash_string = String::new();`

			`for value in hash{`
			`hash_string += &format!("{:x}", value);`
			`}`

added table creation 2023-04-29 22:10:54 -04:00			`match stmt.execute_named(&[("net_id", &username), ("first_name", &first_name), ("last_name", &last_name), ("pswd", &hash_string), ("salt", &salt)]) {`
beginnings of authentication 2023-04-27 23:59:14 -04:00			`Ok(_) => {`
			`info!("User {} successfully created", username);`
			`conn.commit()?;`
			`},`
			`Err(_) => {`
			`warn!("Failed to create user {}", username);`
			`conn.rollback()?;`
			`}`
			`};`
added table creation 2023-04-29 22:10:54 -04:00
adding menu items 2023-04-30 16:01:13 -04:00			`let mut new_table = conn.statement("create table :net_id ( item_id number(5), foreign key (item_id) references menu_item (id))").build()?;`
added table creation 2023-04-29 22:10:54 -04:00
			`match new_table.execute_named(&[("net_id", &username)]) {`
			`Ok(_) => {`
			`info!("User {} week table created", username);`
			`conn.commit()?;`
			`},`
			`Err(_) => {`
			`warn!("Failed to create week table for {}", username);`
			`conn.rollback()?;`
			`}`
			`};`
beginnings of authentication 2023-04-27 23:59:14 -04:00
			`conn.close()?;`
			`Ok(())`

			`}`