jackz/storage
1
0
Fork 0
mirror of https://github.com/Jackzmc/storage.git synced 2025-05-05 20:33:20 +00:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

Add login bypass for dev

Browse source
This commit is contained in:
Jackzie 2025-04-20 13:08:39 -05:00
parent 2f6c729dc3
commit ed5cbfa848
5 changed files with 18 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.env.sample Normal file
View file

@ -0,0 +1 @@
DATABASE_URL=postgresql://server:5432/database?user=user&password=password&connectTimeout=30&currentSchema=storage;

10
src/consts.rs
View file

@ -1,4 +1,6 @@
use std::cell::OnceCell;
use std::env;
use std::sync::OnceLock;
use std::time::Duration;
use rocket::data::ByteUnit;
use rocket::serde::Serialize;
@ -14,7 +16,6 @@ pub const SESSION_LIFETIME_SECONDS: u64 = 3600 * 24 * 14; // 14 days
pub const SESSION_COOKIE_NAME: &'static str = "storage-session";
#[derive(Serialize)]
pub struct FileConstants<'a> {
pub display_options: &'a[&'a str],
@ -25,3 +26,10 @@ pub const FILE_CONSTANTS: FileConstants = FileConstants {
sort_keys: &["name", "last_modified", "size"],
};
/// Disables CSRF & password verification for login
/// Used for development due to no session persistence
pub static DISABLE_LOGIN_CHECK: OnceLock<bool> = OnceLock::new();
pub fn init_statics() {
DISABLE_LOGIN_CHECK.set(env::var("DANGER_DISABLE_LOGIN_CHECKS").is_ok()).unwrap();
}

3
src/main.rs
View file

@ -24,7 +24,7 @@ use crate::managers::repos::RepoManager;
use crate::objs::library::Library;
use crate::util::{setup_logger, JsonErrorResponse, ResponseError};
use routes::api;
use crate::consts::{SESSION_COOKIE_NAME, SESSION_LIFETIME_SECONDS};
use crate::consts::{init_statics, SESSION_COOKIE_NAME, SESSION_LIFETIME_SECONDS};
use crate::models::user::UserModel;
use crate::routes::ui;
@ -70,6 +70,7 @@ pub struct GlobalMetadata {
async fn rocket() -> _ {
setup_logger();
dotenvy::dotenv().ok();
init_statics();
trace!("trace");
debug!("debug");

4
src/models/user.rs
View file

@ -10,7 +10,7 @@ use rocket::response::Responder;
use rocket::serde::Serialize;
use rocket::serde::uuid::Uuid;
use sqlx::{query_as, FromRow};
use crate::consts::ENCRYPTION_ROUNDS;
use crate::consts::{DISABLE_LOGIN_CHECK, ENCRYPTION_ROUNDS};
use crate::{LoginSessionData, SessionData, DB};
use crate::models::repo::RepoModel;
use crate::util::JsonErrorResponse;
@ -124,7 +124,7 @@ pub async fn validate_user(pool: &DB, email_or_usrname: &str, password: &str) ->
return Err(UserAuthError::UserNotFound);
};
if let Some(db_password) = user.password {
if bcrypt::verify(password, &db_password).map_err(|e| UserAuthError::EncryptionError(e))? {
if !DISABLE_LOGIN_CHECK.get().unwrap() || bcrypt::verify(password, &db_password).map_err(|e| UserAuthError::EncryptionError(e))? {
return Ok(UserModel {
id: user.id,
email: user.email,

5
src/routes/ui/auth/login.rs
View file

@ -6,6 +6,7 @@ use rocket::http::{Header, Status};
use rocket_dyn_templates::{context, Template};
use rocket_session_store::Session;
use crate::{GlobalMetadata, LoginSessionData, SessionData, DB};
use crate::consts::DISABLE_LOGIN_CHECK;
use crate::models::user::validate_user_form;
use crate::util::{set_csrf, validate_csrf_form};
@ -60,7 +61,9 @@ pub async fn handler(
return_to: Option<String>,
) -> Result<HackyRedirectBecauseRocketBug, Template> {
trace!("handler");
validate_csrf_form(&mut form.context, &session).await;
if !DISABLE_LOGIN_CHECK.get().unwrap() {
validate_csrf_form(&mut form.context, &session).await;
}
let user = validate_user_form(&mut form.context, &pool).await;
trace!("check form");
if form.context.status() == Status::Ok {