mobile update
This commit is contained in:
arrelin
@@ -9,6 +9,7 @@ use sea_orm::{DatabaseConnection, EntityTrait};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use sha2::{Digest, Sha256};
|
||||
use tower_sessions::Session;
|
||||
use tracing::{info, warn};
|
||||
use utoipa::ToSchema;
|
||||
|
||||
use crate::auth::AuthBackend;
|
||||
@@ -116,6 +117,7 @@ pub async fn google_auth(
|
||||
let nonce = uuid::Uuid::new_v4().to_string();
|
||||
let mobile_state = make_mobile_csrf_state(&nonce);
|
||||
let auth_url = oauth_service.get_auth_url_with_state(mobile_state);
|
||||
info!("mobile google_auth: generated signed state for nonce={}", nonce);
|
||||
return Ok(Json(OAuthUrlResponse { url: auth_url }));
|
||||
}
|
||||
|
||||
@@ -152,6 +154,7 @@ pub async fn google_callback(
|
||||
Query(query): Query<GoogleCallbackQuery>,
|
||||
) -> Result<Response, StatusCode> {
|
||||
let is_mobile = verify_mobile_csrf_state(&query.state);
|
||||
info!("google_callback: state={} is_mobile={}", &query.state[..query.state.len().min(20)], is_mobile);
|
||||
|
||||
if !is_mobile {
|
||||
let session_csrf: Option<String> = session
|
||||
@@ -162,7 +165,10 @@ pub async fn google_callback(
|
||||
|
||||
match session_csrf {
|
||||
Some(csrf) if csrf == query.state => {}
|
||||
_ => return Err(StatusCode::UNAUTHORIZED),
|
||||
_ => {
|
||||
warn!("google_callback: CSRF mismatch, session_csrf={:?}", session_csrf.as_deref().map(|s| &s[..s.len().min(10)]));
|
||||
return Err(StatusCode::UNAUTHORIZED);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -191,6 +197,7 @@ pub async fn google_callback(
|
||||
|
||||
if is_mobile {
|
||||
let token = make_auth_token(user.id);
|
||||
info!("google_callback: mobile auth for user_id={}, token_prefix={}", user.id, &token[..token.len().min(20)]);
|
||||
let deep_link = format!("com.arrelin.family-budget-android://auth?token={}", token);
|
||||
let html = format!(
|
||||
r#"<!DOCTYPE html><html><head><meta http-equiv="refresh" content="0;url={0}"></head><body><script>window.location="{0}"</script></body></html>"#,
|
||||
@@ -231,7 +238,15 @@ pub async fn mobile_callback(
|
||||
State(db): State<DatabaseConnection>,
|
||||
Query(query): Query<MobileCallbackQuery>,
|
||||
) -> Result<Json<serde_json::Value>, StatusCode> {
|
||||
let user_id = verify_auth_token(&query.token).ok_or(StatusCode::UNAUTHORIZED)?;
|
||||
info!("mobile_callback: received token_prefix={}", &query.token[..query.token.len().min(20)]);
|
||||
let user_id = match verify_auth_token(&query.token) {
|
||||
Some(id) => id,
|
||||
None => {
|
||||
warn!("mobile_callback: token verification failed for token={}", &query.token[..query.token.len().min(40)]);
|
||||
return Err(StatusCode::UNAUTHORIZED);
|
||||
}
|
||||
};
|
||||
info!("mobile_callback: token valid for user_id={}", user_id);
|
||||
|
||||
let user = User::find_by_id(user_id)
|
||||
.one(&db)
|
||||
|
||||
Reference in New Issue
Block a user