2026-03-11 13:32:43 +00:00
10 changed files with 58 additions and 63 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -409,7 +409,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
 "libc",
- "windows-sys 0.59.0",
+ "windows-sys 0.61.1",
 ]
 [[package]]
@@ -672,6 +672,7 @@ dependencies = [
 "serde",
 "serde_json",
 "tokio",
 "tower-http",
 "uuid",
 ]
@@ -1469,7 +1470,7 @@ dependencies = [
 "errno",
 "libc",
 "linux-raw-sys",
- "windows-sys 0.59.0",
+ "windows-sys 0.61.1",
 ]
 [[package]]
@@ -1764,7 +1765,7 @@ dependencies = [
 "getrandom 0.3.3",
 "once_cell",
 "rustix",
- "windows-sys 0.59.0",
+ "windows-sys 0.61.1",
 ]
 [[package]]
@@ -1922,9 +1923,9 @@ dependencies = [
 [[package]]
 name = "tower-http"
-version = "0.6.6"
+version = "0.6.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "adc82fd73de2a9722ac5da747f12383d2bfdb93591ee6c58486e0097890f05f2"
+checksum = "9cf146f99d442e8e68e585f5d798ccd3cad9a7835b917e09728880a862706456"
 dependencies = [
 "bitflags",
 "bytes",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -30,6 +30,7 @@ futures-util = {version = "0.3.31"}
 uuid = {version = "1.18.1", features = ["serde"] }
 base64 = "0.22.1"
 reqwest = { version = "0.12.24", features = ["json","blocking"] }
 tower-http = { version = "0.6.7", features = ["cors"] }
--- a/db/1.sqlite
+++ b/db/1.sqlite
--- a/db/1.sqlite-shm
+++ b/db/1.sqlite-shm
--- a/db/1.sqlite-wal
+++ b/db/1.sqlite-wal
--- a/db/auth_copy_2.sqlite
+++ b/db/auth_copy_2.sqlite
--- a/db/auth_copy_2.sqlite-shm
+++ b/db/auth_copy_2.sqlite-shm
--- a/db/auth_copy_2.sqlite-wal
+++ b/db/auth_copy_2.sqlite-wal
--- a/src/main.rs
+++ b/src/main.rs
@@ -2,6 +2,8 @@ use axum::serve;
 use axum::Extension;
 use axum::extract::{ws::{Message, WebSocket, WebSocketUpgrade}, State};
 use jsonwebtoken::{DecodingKey, EncodingKey};
 use reqwest::header::AUTHORIZATION;
 use reqwest::header::CONTENT_TYPE;
 use tokio::net::TcpListener;
 use tokio::sync::mpsc;
@@ -24,6 +26,8 @@ use crate::utils::auth::JwtKeys;
 use std::env;
 use dotenvy::dotenv;
 use tower_http::cors::{CorsLayer, Any};
 use axum::http::{Method, HeaderValue};
 pub async fn notify_discord(msg: &str) -> Result<(), reqwest::Error> {
    let payload = serde_json::json!({
@@ -88,9 +92,15 @@ std::panic::set_hook(Box::new(|info| {
    };
    let cors = CorsLayer::new()
        .allow_origin("http://localhost:5173".parse::<HeaderValue>().unwrap())
        .allow_credentials(true)
        .allow_methods([Method::GET, Method::POST, Method::PUT , Method::OPTIONS])
        .allow_headers([CONTENT_TYPE, AUTHORIZATION]);
    let app = create_router(state)
-        .layer(Extension(jwt_keys));
+        .layer(Extension(jwt_keys))
        .layer(cors);
    let listener = TcpListener::bind("0.0.0.0:7080").await?;
    serve(listener, app).into_future().await?;
--- a/src/utils/auth.rs
+++ b/src/utils/auth.rs
@@ -6,14 +6,15 @@ use axum::{
 use axum_extra::extract::TypedHeader;
 //use axum_extra::TypedHeader;
-use headers::UserAgent;
+use headers::{UserAgent, Cookie};
 use axum::extract::FromRef;
 use axum::extract::Request as ExtractRequest;
 use jsonwebtoken::{decode, DecodingKey, Validation, encode, EncodingKey, Header, Algorithm};
 use reqwest::header::REFRESH;
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
-use chrono::{Utc};
+use chrono::{Utc, format};
 use rusqlite::{params, Connection, OptionalExtension};
 use rand_core::{RngCore, OsRng};
@@ -468,16 +469,15 @@ pub async fn create_refresh_token(
-    //TODO: get hotel name 
+    //TODO: get hotel name to return a map/tuple of hotel name 
    let mut stmt = match conn.prepare(
        "SELECt hotel_id FROM hotel_user_link WHERE user_id = ?1"
    ) {
        Ok(stmt) => stmt,
        Err(_) => return Err((StatusCode::INTERNAL_SERVER_ERROR, "error building user_id fetch stmt".to_string())),
    };
    //TODO: compiler les hotel id dans un vecteur pour le feed dans le refresh token
    //Deja fait ?
    //TODO: compiler les hotel id dans un vecteur pour le feed dans le refresh token
    let hotel_ids: Vec<i32> = match stmt
        .query_map(params![&user_id],|row| row.get (0))
        {
@@ -539,7 +539,9 @@ pub async fn create_refresh_token(
    */
-    let cookie_value = format!("refresh_token={}; HttpOnly; Secure; Path=/", raw_token);
+    //TODO: add a map/tupple of of the allowed hotels and their id+name, maybe update the token ?
    let cookie_value = format!("refresh_token={}; HttpOnly; Secure; Max-Age=60480000000;Path=/", raw_token);
    let mut response = (StatusCode::CREATED, "Refresh token created successfully").into_response();
    response.headers_mut().insert(
@@ -553,7 +555,7 @@ pub async fn create_refresh_token(
 #[derive(Deserialize)]
 pub struct LoginRefreshTokenValues{
    device_id: Uuid,
-    refresh_token: String,    
+    //refresh_token: String,    
 }
 //TODO: LATER : implement hotel-id-selected to allow user to only get part hotels ?
@@ -561,29 +563,39 @@ pub async fn login_refresh_token (
    State(state): State<AppState>,
    Extension(keys): Extension<JwtKeys>,
    user_agent: Option<TypedHeader<UserAgent>>,
    cookie_header: Option<TypedHeader<headers::Cookie>>,
    Json(payload): Json<LoginRefreshTokenValues>
 ) -> impl IntoResponse {
    println!("login_refresh_token called");
    // Log cookies
    let cookies = match cookie_header {
        Some(token) => token,
        None => return (StatusCode::UNAUTHORIZED, "Missing refresh token cookie").into_response(),
    };
    let refresh_token = match cookies.get("refresh_token") {
        Some(token) => token.to_string(),
        None => return (StatusCode::UNAUTHORIZED, "Missing refresh token cookie").into_response(),
    };
    println!("Cookies: {:?}", &refresh_token);
    let conn = match state.logs_pool.get() {
        Ok(c) => c,
        Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "DB connection error").into_response(),
    };
    /*let user_agent_str = user_agent
        .map(|ua| ua.to_string())
        .unwrap_or_else(|| "Unknown".to_string());
    let device_id_str = payload.device_id.to_string();
 */
    let user_agent_str = match user_agent {
        Some(ua) => ua.to_string(),
        None => return (StatusCode::INTERNAL_SERVER_ERROR, "user agent unknown").into_response(),
    };
-    
+    println!("UA {:?}", &user_agent_str);
    let device_id_str = payload.device_id.to_string();
    println!("device id: {:?}", &device_id_str);
    //"SELECT user_id, token_hash, hotel_id FROM refresh_token WHERE device_id = ?1 AND user_agent = ?2",
@@ -593,10 +605,11 @@ pub async fn login_refresh_token (
    let mut stmt = match conn.prepare(
        "SELECT user_id, token_hash, hotel_id_list
        FROM refresh_token
-        WHERE device_id = ?1 AND user_agent = ?2 "
+        WHERE device_id = ?1 AND user_agent = ?2 
        LIMIT 1;"
    ) {
        Ok(s) => s,
-        Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "DB query error").into_response(),
+        Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "Error prepatring hotel_id_list stmt").into_response(),
    };
    let rows = match stmt.query_one(params![&device_id_str, &user_agent_str], |row| {
@@ -607,7 +620,10 @@ pub async fn login_refresh_token (
        ))
    }) {
        Ok(r) => r,
-        Err(_) =>  return (StatusCode::INTERNAL_SERVER_ERROR, "DB query error").into_response(),
+        Err(e) => {
            eprintln!("DB ERROR: {:?}", e); 
            return (StatusCode::INTERNAL_SERVER_ERROR, format!("DB query error: {}", e)).into_response()
        }
    };
    //TODO: extraction of the blob 
    //let json_hotel_ids = rows.2;
@@ -619,21 +635,11 @@ pub async fn login_refresh_token (
    };
 /*
    let mut entries = Vec::new();
    for r in rows {
        match r {
            Ok(t) => entries.push(t),
            Err(_) => continue, // ignore corrupt rows
        }
    }
 */
    if hotel_ids.is_empty() {
        return (StatusCode::UNAUTHORIZED, "No matching device").into_response();
    }
-    if !verify_password(&payload.refresh_token, &saved_hash) {
+    if !verify_password(&refresh_token, &saved_hash) {
        // skip rows with wrong hash
        return (StatusCode::UNAUTHORIZED, "Invelid credentials").into_response();
    }
@@ -663,31 +669,6 @@ pub async fn login_refresh_token (
        tokens.push(token);
    }
    /* OLD ITERATION OVER MULTIPLE REFRESH TOKEN
    // swap to "for hotel_id in entries" // interator over vector list 
    for (user_id, token_hash, hotel_id) in entries {
        if !verify_password(&payload.refresh_token, &token_hash) {
            // skip rows with wrong hash
            continue;
        }
        //FIXME: single expiration
        let claims = serde_json::json!({
            "id": user_id,
            "hotel_id": hotel_id,
            "exp": expiration
        });
        let token = match encode(&Header::default(), &claims, &keys.encoding) {
            Ok(t) => t,
            Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "JWT creation failed").into_response(),
        };
        tokens.push(token);
    }
 */
    if tokens.is_empty() {
        return (StatusCode::UNAUTHORIZED, "Invalid or mismatched token").into_response();
    }
@@ -736,10 +717,12 @@ pub async fn logout_from_single_device (
        None => return (StatusCode::UNAUTHORIZED, "No matching device").into_response(),
    };
    //FIXME: need to chang the way we get refresh token from the cookies instead
    /*
    if !verify_password(&payload.refresh_token, &token_hash) {
        return (StatusCode::UNAUTHORIZED, "Invalid or mismatched token").into_response();
    }
-
+*/
    let revoked: Result<String, rusqlite::Error> = conn.query_row(
        "UPDATE refresh_token SET revoked = 1 WHERE id = ?1 RETURNING device_id",
        params![&token_id],