Add an ApiToken model, and an endpoint to get one

This commit is contained in:
Baptiste Gelez
2018-10-22 14:30:04 +01:00
parent f2190adfc2
commit 2394ff424b
11 changed files with 148 additions and 12 deletions
+52
View File
@@ -1,2 +1,54 @@
use rocket_contrib::Json;
use serde_json;
use plume_common::utils::random_hex;
use plume_models::{
apps::App,
api_tokens::*,
db_conn::DbConn,
users::User,
};
#[derive(FromForm)]
struct OAuthRequest {
client_id: String,
client_secret: String,
password: String,
username: String,
scopes: String,
}
#[get("/oauth2?<query>")]
fn oauth(query: OAuthRequest, conn: DbConn) -> Json<serde_json::Value> {
let app = App::find_by_client_id(&*conn, query.client_id).expect("OAuth request from unknown client");
if app.client_secret == query.client_secret {
if let Some(user) = User::find_local(&*conn, query.username) {
if user.auth(query.password) {
let token = ApiToken::insert(&*conn, NewApiToken {
app_id: app.id,
user_id: user.id,
value: random_hex(),
scopes: query.scopes,
});
Json(json!({
"token": token.value
}))
} else {
Json(json!({
"error": "Wrong password"
}))
}
} else {
Json(json!({
"error": "Unknown user"
}))
}
} else {
Json(json!({
"error": "Invalid client_secret"
}))
}
}
pub mod apps;
pub mod posts;
+2
View File
@@ -156,6 +156,8 @@ fn main() {
routes::errors::csrf_violation
])
.mount("/api/v1", routes![
api::oauth,
api::apps::create,
api::posts::get,