add auth_request_id newtype

5 days ago · 72b51e0082
parent 3d42b66a10
commit 72b51e0082
4 changed files with 43 additions and 21 deletions
--- a/src/api/core/accounts.rs
+++ b/src/api/core/accounts.rs
@ -1189,16 +1189,17 @@ async fn post_auth_request(
    })))
 }

-#[get("/auth-requests/<uuid>")]
-async fn get_auth_request(uuid: &str, headers: Headers, mut conn: DbConn) -> JsonResult {
-    let Some(auth_request) = AuthRequest::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await else {
+#[get("/auth-requests/<auth_request_id>")]
+async fn get_auth_request(auth_request_id: AuthRequestId, headers: Headers, mut conn: DbConn) -> JsonResult {
+    let Some(auth_request) = AuthRequest::find_by_uuid_and_user(&auth_request_id, &headers.user.uuid, &mut conn).await
+    else {
        err!("AuthRequest doesn't exist", "Record not found or user uuid does not match")
    };

    let response_date_utc = auth_request.response_date.map(|response_date| format_date(&response_date));

    Ok(Json(json!({
-        "id": uuid,
+        "id": &auth_request_id,
        "publicKey": auth_request.public_key,
        "requestDeviceType": DeviceType::from_i32(auth_request.device_type).to_string(),
        "requestIpAddress": auth_request.request_ip,
@ -1221,9 +1222,9 @@ struct AuthResponseRequest {
    request_approved: bool,
 }

-#[put("/auth-requests/<uuid>", data = "<data>")]
+#[put("/auth-requests/<auth_request_id>", data = "<data>")]
 async fn put_auth_request(
-    uuid: &str,
+    auth_request_id: AuthRequestId,
    data: Json<AuthResponseRequest>,
    headers: Headers,
    mut conn: DbConn,
@ -1231,7 +1232,9 @@ async fn put_auth_request(
    nt: Notify<'_>,
 ) -> JsonResult {
    let data = data.into_inner();
-    let Some(mut auth_request) = AuthRequest::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await else {
+    let Some(mut auth_request) =
+        AuthRequest::find_by_uuid_and_user(&auth_request_id, &headers.user.uuid, &mut conn).await
+    else {
        err!("AuthRequest doesn't exist", "Record not found or user uuid does not match")
    };

@ -1258,7 +1261,7 @@ async fn put_auth_request(
    }

    Ok(Json(json!({
-        "id": uuid,
+        "id": &auth_request_id,
        "publicKey": auth_request.public_key,
        "requestDeviceType": DeviceType::from_i32(auth_request.device_type).to_string(),
        "requestIpAddress": auth_request.request_ip,
@ -1272,14 +1275,14 @@ async fn put_auth_request(
    })))
 }

-#[get("/auth-requests/<uuid>/response?<code>")]
+#[get("/auth-requests/<auth_request_id>/response?<code>")]
 async fn get_auth_request_response(
-    uuid: &str,
+    auth_request_id: AuthRequestId,
    code: &str,
    client_headers: ClientHeaders,
    mut conn: DbConn,
 ) -> JsonResult {
-    let Some(auth_request) = AuthRequest::find_by_uuid(uuid, &mut conn).await else {
+    let Some(auth_request) = AuthRequest::find_by_uuid(&auth_request_id, &mut conn).await else {
        err!("AuthRequest doesn't exist", "User not found")
    };

@ -1293,7 +1296,7 @@ async fn get_auth_request_response(
    let response_date_utc = auth_request.response_date.map(|response_date| format_date(&response_date));

    Ok(Json(json!({
-        "id": uuid,
+        "id": &auth_request_id,
        "publicKey": auth_request.public_key,
        "requestDeviceType": DeviceType::from_i32(auth_request.device_type).to_string(),
        "requestIpAddress": auth_request.request_ip,
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@ -178,9 +178,8 @@ async fn _password_login(
    let password = data.password.as_ref().unwrap();

    // If we get an auth request, we don't check the user's password, but the access code of the auth request
-    if let Some(ref auth_request_uuid) = data.auth_request {
-        let Some(auth_request) = AuthRequest::find_by_uuid_and_user(auth_request_uuid.as_str(), &user.uuid, conn).await
-        else {
+    if let Some(ref auth_request_id) = data.auth_request {
+        let Some(auth_request) = AuthRequest::find_by_uuid_and_user(auth_request_id, &user.uuid, conn).await else {
            err!(
                "Auth request not found. Try again.",
                format!("IP: {}. Username: {}.", ip.ip, username),
@ -770,7 +769,7 @@ struct ConnectData {
    #[field(name = uncased("twofactorremember"))]
    two_factor_remember: Option<i32>,
    #[field(name = uncased("authrequest"))]
-    auth_request: Option<String>,
+    auth_request: Option<AuthRequestId>,
 }

 fn _check_is_some<T>(value: &Option<T>, msg: &str) -> EmptyResult {
--- a/src/db/models/auth_request.rs
+++ b/src/db/models/auth_request.rs
@ -1,6 +1,8 @@
 use super::{DeviceId, OrganizationId, UserId};
 use crate::crypto::ct_eq;
 use chrono::{NaiveDateTime, Utc};
+use derive_more::{AsRef, Deref, Display, From};
+use rocket::request::FromParam;

 db_object! {
    #[derive(Debug, Identifiable, Queryable, Insertable, AsChangeset, Deserialize, Serialize)]
@ -8,7 +10,7 @@ db_object! {
    #[diesel(treat_none_as_null = true)]
    #[diesel(primary_key(uuid))]
    pub struct AuthRequest {
-        pub uuid: String,
+        pub uuid: AuthRequestId,
        pub user_uuid: UserId,
        pub organization_uuid: Option<OrganizationId>,

@ -44,7 +46,7 @@ impl AuthRequest {
        let now = Utc::now().naive_utc();

        Self {
-            uuid: crate::util::get_uuid(),
+            uuid: AuthRequestId(crate::util::get_uuid()),
            user_uuid,
            organization_uuid: None,

@ -102,7 +104,7 @@ impl AuthRequest {
        }
    }

-    pub async fn find_by_uuid(uuid: &str, conn: &mut DbConn) -> Option<Self> {
+    pub async fn find_by_uuid(uuid: &AuthRequestId, conn: &mut DbConn) -> Option<Self> {
        db_run! {conn: {
            auth_requests::table
                .filter(auth_requests::uuid.eq(uuid))
@ -112,7 +114,7 @@ impl AuthRequest {
        }}
    }

-    pub async fn find_by_uuid_and_user(uuid: &str, user_uuid: &UserId, conn: &mut DbConn) -> Option<Self> {
+    pub async fn find_by_uuid_and_user(uuid: &AuthRequestId, user_uuid: &UserId, conn: &mut DbConn) -> Option<Self> {
        db_run! {conn: {
            auth_requests::table
                .filter(auth_requests::uuid.eq(uuid))
@ -158,3 +160,21 @@ impl AuthRequest {
        }
    }
 }
+
+#[derive(
+    Clone, Debug, AsRef, Deref, DieselNewType, Display, From, FromForm, Hash, PartialEq, Eq, Serialize, Deserialize,
+)]
+pub struct AuthRequestId(String);
+
+impl<'r> FromParam<'r> for AuthRequestId {
+    type Error = ();
+
+    #[inline(always)]
+    fn from_param(param: &'r str) -> Result<Self, Self::Error> {
+        if param.chars().all(|c| matches!(c, 'a'..='z' | 'A'..='Z' |'0'..='9' | '-')) {
+            Ok(Self(param.to_string()))
+        } else {
+            Err(())
+        }
+    }
+}
--- a/src/db/models/mod.rs
+++ b/src/db/models/mod.rs
@ -17,7 +17,7 @@ mod two_factor_incomplete;
 mod user;

 pub use self::attachment::{Attachment, AttachmentId};
-pub use self::auth_request::AuthRequest;
+pub use self::auth_request::{AuthRequest, AuthRequestId};
 pub use self::cipher::{Cipher, CipherId, RepromptType};
 pub use self::collection::{Collection, CollectionCipher, CollectionId, CollectionUser};
 pub use self::device::{Device, DeviceId, DeviceType};