mobile update
This commit is contained in:
arrelin
@@ -27,4 +27,6 @@ reqwest = { version = "0.13.1", features = ["json"] }
|
||||
rand = "0.9.2"
|
||||
uuid = { version = "1", features = ["v4"] }
|
||||
sha2 = "0.10"
|
||||
hex = "0.4"
|
||||
hex = "0.4"
|
||||
tracing = "0.1"
|
||||
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
|
||||
@@ -3,6 +3,13 @@ use sea_orm::DbErr;
|
||||
use sea_orm_migration::prelude::*;
|
||||
#[tokio::main]
|
||||
async fn main() -> Result<(), DbErr> {
|
||||
tracing_subscriber::fmt()
|
||||
.with_env_filter(
|
||||
tracing_subscriber::EnvFilter::try_from_default_env()
|
||||
.unwrap_or_else(|_| "family_budget=debug,info".parse().unwrap()),
|
||||
)
|
||||
.init();
|
||||
|
||||
let db = establish_connection().await?;
|
||||
println!("Successfully connected to database!");
|
||||
|
||||
|
||||
@@ -9,6 +9,7 @@ use sea_orm::{DatabaseConnection, EntityTrait};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use sha2::{Digest, Sha256};
|
||||
use tower_sessions::Session;
|
||||
use tracing::{info, warn};
|
||||
use utoipa::ToSchema;
|
||||
|
||||
use crate::auth::AuthBackend;
|
||||
@@ -116,6 +117,7 @@ pub async fn google_auth(
|
||||
let nonce = uuid::Uuid::new_v4().to_string();
|
||||
let mobile_state = make_mobile_csrf_state(&nonce);
|
||||
let auth_url = oauth_service.get_auth_url_with_state(mobile_state);
|
||||
info!("mobile google_auth: generated signed state for nonce={}", nonce);
|
||||
return Ok(Json(OAuthUrlResponse { url: auth_url }));
|
||||
}
|
||||
|
||||
@@ -152,6 +154,7 @@ pub async fn google_callback(
|
||||
Query(query): Query<GoogleCallbackQuery>,
|
||||
) -> Result<Response, StatusCode> {
|
||||
let is_mobile = verify_mobile_csrf_state(&query.state);
|
||||
info!("google_callback: state={} is_mobile={}", &query.state[..query.state.len().min(20)], is_mobile);
|
||||
|
||||
if !is_mobile {
|
||||
let session_csrf: Option<String> = session
|
||||
@@ -162,7 +165,10 @@ pub async fn google_callback(
|
||||
|
||||
match session_csrf {
|
||||
Some(csrf) if csrf == query.state => {}
|
||||
_ => return Err(StatusCode::UNAUTHORIZED),
|
||||
_ => {
|
||||
warn!("google_callback: CSRF mismatch, session_csrf={:?}", session_csrf.as_deref().map(|s| &s[..s.len().min(10)]));
|
||||
return Err(StatusCode::UNAUTHORIZED);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -191,6 +197,7 @@ pub async fn google_callback(
|
||||
|
||||
if is_mobile {
|
||||
let token = make_auth_token(user.id);
|
||||
info!("google_callback: mobile auth for user_id={}, token_prefix={}", user.id, &token[..token.len().min(20)]);
|
||||
let deep_link = format!("com.arrelin.family-budget-android://auth?token={}", token);
|
||||
let html = format!(
|
||||
r#"<!DOCTYPE html><html><head><meta http-equiv="refresh" content="0;url={0}"></head><body><script>window.location="{0}"</script></body></html>"#,
|
||||
@@ -231,7 +238,15 @@ pub async fn mobile_callback(
|
||||
State(db): State<DatabaseConnection>,
|
||||
Query(query): Query<MobileCallbackQuery>,
|
||||
) -> Result<Json<serde_json::Value>, StatusCode> {
|
||||
let user_id = verify_auth_token(&query.token).ok_or(StatusCode::UNAUTHORIZED)?;
|
||||
info!("mobile_callback: received token_prefix={}", &query.token[..query.token.len().min(20)]);
|
||||
let user_id = match verify_auth_token(&query.token) {
|
||||
Some(id) => id,
|
||||
None => {
|
||||
warn!("mobile_callback: token verification failed for token={}", &query.token[..query.token.len().min(40)]);
|
||||
return Err(StatusCode::UNAUTHORIZED);
|
||||
}
|
||||
};
|
||||
info!("mobile_callback: token valid for user_id={}", user_id);
|
||||
|
||||
let user = User::find_by_id(user_id)
|
||||
.one(&db)
|
||||
|
||||
@@ -30,18 +30,20 @@ export default function Login() {
|
||||
try {
|
||||
token = new URL(url).searchParams.get('token');
|
||||
} catch {
|
||||
setError(t('login.error'));
|
||||
setError(t('login.authError'));
|
||||
return;
|
||||
}
|
||||
if (!token) { setError(t('login.error')); return; }
|
||||
if (!token) { setError(t('login.authError')); return; }
|
||||
|
||||
try {
|
||||
setLoading(true);
|
||||
await authApi.mobileCallback(token);
|
||||
const me = await authApi.me();
|
||||
setUser(me.data);
|
||||
} catch {
|
||||
setError(t('login.error'));
|
||||
} catch (err: any) {
|
||||
const status = err?.response?.status;
|
||||
const msg = err?.response?.data ? JSON.stringify(err.response.data) : err?.message;
|
||||
setError(`${status ?? 'network'}: ${msg}`);
|
||||
setLoading(false);
|
||||
}
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user