Arrelin/family_budget
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mobile update

Browse Source
This commit is contained in:
arrelin
2026-03-10 14:45:08 +03:00
parent 1832997ebe
commit 035e6b20c7
4 changed files with 33 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/Cargo.toml
View File

@@ -27,4 +27,6 @@ reqwest = { version = "0.13.1", features = ["json"] }
rand = "0.9.2" rand = "0.9.2"
uuid = { version = "1", features = ["v4"] } uuid = { version = "1", features = ["v4"] }
sha2 = "0.10" sha2 = "0.10"
hex = "0.4" hex = "0.4"
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }

7
backend/src/main.rs
View File

@@ -3,6 +3,13 @@ use sea_orm::DbErr;
use sea_orm_migration::prelude::*; use sea_orm_migration::prelude::*;
#[tokio::main] #[tokio::main]
async fn main() -> Result<(), DbErr> { async fn main() -> Result<(), DbErr> {
tracing_subscriber::fmt()
.with_env_filter(
tracing_subscriber::EnvFilter::try_from_default_env()
.unwrap_or_else(|_| "family_budget=debug,info".parse().unwrap()),
)
.init();
let db = establish_connection().await?; let db = establish_connection().await?;
println!("Successfully connected to database!"); println!("Successfully connected to database!");

19
backend/src/routes/oauth.rs
View File

@@ -9,6 +9,7 @@ use sea_orm::{DatabaseConnection, EntityTrait};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256}; use sha2::{Digest, Sha256};
use tower_sessions::Session; use tower_sessions::Session;
use tracing::{info, warn};
use utoipa::ToSchema; use utoipa::ToSchema;
use crate::auth::AuthBackend; use crate::auth::AuthBackend;
@@ -116,6 +117,7 @@ pub async fn google_auth(
let nonce = uuid::Uuid::new_v4().to_string(); let nonce = uuid::Uuid::new_v4().to_string();
let mobile_state = make_mobile_csrf_state(&nonce); let mobile_state = make_mobile_csrf_state(&nonce);
let auth_url = oauth_service.get_auth_url_with_state(mobile_state); let auth_url = oauth_service.get_auth_url_with_state(mobile_state);
info!("mobile google_auth: generated signed state for nonce={}", nonce);
return Ok(Json(OAuthUrlResponse { url: auth_url })); return Ok(Json(OAuthUrlResponse { url: auth_url }));
} }
@@ -152,6 +154,7 @@ pub async fn google_callback(
Query(query): Query<GoogleCallbackQuery>, Query(query): Query<GoogleCallbackQuery>,
) -> Result<Response, StatusCode> { ) -> Result<Response, StatusCode> {
let is_mobile = verify_mobile_csrf_state(&query.state); let is_mobile = verify_mobile_csrf_state(&query.state);
info!("google_callback: state={} is_mobile={}", &query.state[..query.state.len().min(20)], is_mobile);
if !is_mobile { if !is_mobile {
let session_csrf: Option<String> = session let session_csrf: Option<String> = session
@@ -162,7 +165,10 @@ pub async fn google_callback(
match session_csrf { match session_csrf {
Some(csrf) if csrf == query.state => {} Some(csrf) if csrf == query.state => {}
_ => return Err(StatusCode::UNAUTHORIZED), _ => {
warn!("google_callback: CSRF mismatch, session_csrf={:?}", session_csrf.as_deref().map(|s| &s[..s.len().min(10)]));
return Err(StatusCode::UNAUTHORIZED);
}
} }
} }
@@ -191,6 +197,7 @@ pub async fn google_callback(
if is_mobile { if is_mobile {
let token = make_auth_token(user.id); let token = make_auth_token(user.id);
info!("google_callback: mobile auth for user_id={}, token_prefix={}", user.id, &token[..token.len().min(20)]);
let deep_link = format!("com.arrelin.family-budget-android://auth?token={}", token); let deep_link = format!("com.arrelin.family-budget-android://auth?token={}", token);
let html = format!( let html = format!(
r#"<!DOCTYPE html><html><head><meta http-equiv="refresh" content="0;url={0}"></head><body><script>window.location="{0}"</script></body></html>"#, r#"<!DOCTYPE html><html><head><meta http-equiv="refresh" content="0;url={0}"></head><body><script>window.location="{0}"</script></body></html>"#,
@@ -231,7 +238,15 @@ pub async fn mobile_callback(
State(db): State<DatabaseConnection>, State(db): State<DatabaseConnection>,
Query(query): Query<MobileCallbackQuery>, Query(query): Query<MobileCallbackQuery>,
) -> Result<Json<serde_json::Value>, StatusCode> { ) -> Result<Json<serde_json::Value>, StatusCode> {
let user_id = verify_auth_token(&query.token).ok_or(StatusCode::UNAUTHORIZED)?; info!("mobile_callback: received token_prefix={}", &query.token[..query.token.len().min(20)]);
let user_id = match verify_auth_token(&query.token) {
Some(id) => id,
None => {
warn!("mobile_callback: token verification failed for token={}", &query.token[..query.token.len().min(40)]);
return Err(StatusCode::UNAUTHORIZED);
}
};
info!("mobile_callback: token valid for user_id={}", user_id);
let user = User::find_by_id(user_id) let user = User::find_by_id(user_id)
.one(&db) .one(&db)

10
frontend/src/pages/Login.tsx
View File

@@ -30,18 +30,20 @@ export default function Login() {
try { try {
token = new URL(url).searchParams.get('token'); token = new URL(url).searchParams.get('token');
} catch { } catch {
setError(t('login.error')); setError(t('login.authError'));
return; return;
} }
if (!token) { setError(t('login.error')); return; } if (!token) { setError(t('login.authError')); return; }
try { try {
setLoading(true); setLoading(true);
await authApi.mobileCallback(token); await authApi.mobileCallback(token);
const me = await authApi.me(); const me = await authApi.me();
setUser(me.data); setUser(me.data);
} catch { } catch (err: any) {
setError(t('login.error')); const status = err?.response?.status;
const msg = err?.response?.data ? JSON.stringify(err.response.data) : err?.message;
setError(`${status ?? 'network'}: ${msg}`);
setLoading(false); setLoading(false);
} }
}); });