wip: initial TOTP support

fossable · Jan 9, 2025 · 0fbf8c2 · 0fbf8c2
1 parent 9af2548
commit 0fbf8c2
Show file tree

Hide file tree

Showing 6 changed files with 182 additions and 28 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/sandpolis/Cargo.toml b/sandpolis/Cargo.toml
@@ -49,6 +49,7 @@ axum = { version = "0.8.0", optional = true, features = ["ws", "json"] }
 jsonwebtoken = { version = "9.3.0", optional = true }
 rcgen = { version = "0.13.1", optional = true }
 ring = { version = "0.17.8", optional = true }
+totp-rs = { version = "5.6.0", optional = true, features = ["otpauth", "qr", "gen_secret", "zeroize"] } # TODO client QR support
 
 # Client dependencies
 bevy = { version = "0.15.0", optional = true }
@@ -61,7 +62,7 @@ sysinfo = { version = "0.33.0", optional = true }
 
 [features]
 # Instances
-server = [ "dep:axum", "dep:axum-server", "dep:axum-macros", "dep:axum-extra", "dep:rcgen", "dep:ring", "dep:jsonwebtoken" ]
+server = [ "dep:axum", "dep:axum-server", "dep:axum-macros", "dep:axum-extra", "dep:rcgen", "dep:ring", "dep:jsonwebtoken", "dep:totp-rs" ]
 agent = [ "dep:axum", "dep:axum-server", "dep:axum-macros", "dep:sysinfo" ]
 client = [ "dep:bevy", "dep:bevy_rapier2d", "dep:bevy_egui", "dep:egui" ]
 

diff --git a/sandpolis/src/core/database.rs b/sandpolis/src/core/database.rs
@@ -256,6 +256,7 @@ impl<T: Serialize + DeserializeOwned> Document<T> {
         Ok(Document {
             db: self.db.clone(),
             data: if let Some(data) = self.db.get(&oid)? {
+                trace!(oid = %oid, "Loading document");
                 serde_cbor::from_slice::<U>(&data)?
             } else {
                 trace!(oid = %oid, "Creating new document");
@@ -265,6 +266,12 @@ impl<T: Serialize + DeserializeOwned> Document<T> {
         })
     }
 
+    pub fn create_document<F>(&mut self, mutator: F) -> Result<()>
+    where
+        F: Fn() -> Result<T>,
+    {
+    }
+
     pub fn collection<U>(&self, oid: impl TryInto<Oid>) -> Result<Collection<U>>
     where
         U: Serialize + DeserializeOwned,

diff --git a/sandpolis/src/core/layer/server/user.rs b/sandpolis/src/core/layer/server/user.rs
@@ -1,3 +1,5 @@
+use std::net::SocketAddr;
+
 use serde::{Deserialize, Serialize};
 use validator::Validate;
 
@@ -21,6 +23,14 @@ pub struct UserData {
     pub expiration: Option<i64>,
 }
 
+#[derive(Serialize, Deserialize)]
+#[cfg_attr(feature = "client", derive(bevy::prelude::Component))]
+pub struct LoginAttempt {
+    pub timestamp: u64,
+
+    pub address: SocketAddr,
+}
+
 /// Create a new user account.
 #[derive(Serialize, Deserialize, Validate)]
 pub struct CreateUserRequest {
@@ -29,13 +39,16 @@ pub struct CreateUserRequest {
     /// Password as unsalted hash
     pub password: String,
 
-    /// TOTP secret URL
-    pub totp_secret: Option<String>,
+    /// Whether a TOTP secret should be generated
+    pub totp: bool,
 }
 
 #[derive(Serialize, Deserialize)]
 pub enum CreateUserResponse {
-    Ok,
+    Ok {
+        /// TOTP secret URL
+        totp_secret: Option<String>,
+    },
 }
 
 #[derive(Serialize, Deserialize)]
@@ -50,6 +63,7 @@ pub struct GetUsersRequest {
 #[derive(Serialize, Deserialize)]
 pub enum GetUsersResponse {
     Ok(Vec<UserData>),
+    PermissionDenied,
 }
 
 /// Update an existing user account.

diff --git a/sandpolis/src/server/layer/server/mod.rs b/sandpolis/src/server/layer/server/mod.rs
@@ -38,6 +38,7 @@ impl ServerLayer {
             .route("/banner", get(banner))
             .route("/users", get(user::get_users))
             .route("/users", post(user::create_user))
+            .route("/login", post(user::login))
     }
 }