Rominou/hotel_api
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

multi-hotel-refactor #3

Merged
Rominou merged 27 commits from multi-hotel-refactor into master 2026-03-11 13:32:43 +00:00
Conversation 0 Commits 27 Files Changed 46 +33 -15
3 changed files with 33 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit f7d99f0fb9 - Show all commits

BIN
db/auth_copy_2.sqlite-shm
View File

Binary file not shown.

BIN
db/auth_copy_2.sqlite-wal
View File

Binary file not shown.

44
src/utils/auth.rs
View File

@@ -156,6 +156,9 @@ where S: Send + Sync,
}
}
//TODO: Validate all hotel_ids first + Use a transaction + Batch query hotel names with IN (...)
pub async fn register_user (
State(state): State<AppState>,
RegisterPayload(payload): RegisterPayload
@@ -168,29 +171,33 @@ pub async fn register_user (
.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB connection error"))?;
conn.execute(
"INSERT INTO users (username, password, displayname) VALUES (?1, ?2, ?3)",
"INSERT INTO users (username, password, displayname)
VALUES (?1, ?2, ?3)",
params![payload.username, hashed_password, payload.displayname],
)
.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB insert error"))?;
let user_id = conn.last_insert_rowid();
for hotel_id in payload.hotel_ids {
for &hotel_id in &payload.hotel_ids {
// more logic for security here
//FIXME: needs to be the display name in the DB, scheme is currently wrong
let hotel_name = conn.execute(
"SELECT hotel_name
FROM hotels
let hotel_name: String = conn
.query_row(
"SELECT hotel_name FROM hotels
WHERE id = ?1 ",
params![hotel_id],
).map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB insert error"))?;
|row| row.get(0),
).map_err(|_| (StatusCode::BAD_REQUEST, "Invalid hotel ids"))?;
conn.execute(
"INSERT INTO hotel_user_link (user_id, hotel_id, username, hotel_name) VALUES (?1, ?2, ?3, ?4)",
"INSERT INTO hotel_user_link (user_id, hotel_id, username, hotel_name)
VALUES (?1, ?2, ?3, ?4)",
params![user_id, hotel_id, payload.username, hotel_name],
)
.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB insert error"))?;
.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "Link insert error"))?;
}
@@ -455,6 +462,11 @@ pub async fn create_refresh_token(
let device_id_str = payload.device_id.to_string();
let conn = state.logs_pool.get()
.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB connection error".to_string()))?;
let argon2 = Argon2::default();
let salt = SaltString::generate(&mut OsRng);
let mut bytes = [0u8; 64];
@@ -466,11 +478,6 @@ pub async fn create_refresh_token(
.map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?
.to_string();
let conn = state.logs_pool.get()
.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB connection error".to_string()))?;
// let mut stmt = conn.prepare(
// "SELECT id, password FROM users WHERE username = ?1"
@@ -527,6 +534,16 @@ pub async fn create_refresh_token(
/*.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "Error mapping hotel_ids".to_string())); */
let mut exist_stmt = conn.prepare("SELECT id FROM refresh_token WHERE device_id = ?1 AND user_agent = ?2"
) .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
let existing_token_id: i32 = match exist_stmt.query_one(params![device_id_str,user_agent_str], |row| row.get (0)) {
Ok(id) => id,
Err(_) => return Err((StatusCode::INTERNAL_SERVER_ERROR, "error fetching credentials".to_string())),
};
conn.execute(
"INSERT INTO refresh_token (user_id, token_hash, device_id, user_agent, hotel_id_list)
VALUES (?1, ?2, ?3, ?4, ?5)",
@@ -668,6 +685,7 @@ pub async fn login_refresh_token (
};
//FIXME: still problems when corrupted token exist
if hotel_ids.is_empty() {
return (StatusCode::UNAUTHORIZED, "No matching device").into_response();
}