diff --git a/app-service/Dockerfile b/app-service/Dockerfile index 66b518bda..7c647dc7f 100644 --- a/app-service/Dockerfile +++ b/app-service/Dockerfile @@ -1,10 +1,8 @@ # Start with image that has the Rust toolchain installed -FROM rust:1.90-alpine AS chef +FROM rust:1.91-alpine AS chef USER root # Add cargo-chef to cache dependencies -RUN apk add --no-cache musl-dev -RUN rustup update stable -RUN cargo install cargo-chef --locked +RUN apk add --no-cache musl-dev && cargo install cargo-chef --locked WORKDIR /app FROM chef AS planner @@ -27,4 +25,4 @@ WORKDIR /app COPY --from=builder /app/target/release/app-service /usr/local/bin COPY --from=builder /app/assets /app/assets ENV AUTH_SERVICE_HOST_NAME=auth-service -ENTRYPOINT ["/usr/local/bin/app-service"] \ No newline at end of file +ENTRYPOINT ["/usr/local/bin/app-service"] diff --git a/auth-service/Dockerfile b/auth-service/Dockerfile index e666b5513..e40355abd 100644 --- a/auth-service/Dockerfile +++ b/auth-service/Dockerfile @@ -1,10 +1,8 @@ # Start with image that has the Rust toolchain installed -FROM rust:1.90-alpine AS chef +FROM rust:1.91-alpine AS chef USER root # Add cargo-chef to cache dependencies -RUN apk add --no-cache musl-dev -RUN rustup update stable -RUN cargo install cargo-chef --locked +RUN apk add --no-cache musl-dev && cargo install cargo-chef --locked WORKDIR /app FROM chef AS planner @@ -26,4 +24,4 @@ FROM debian:buster-slim AS runtime WORKDIR /app COPY --from=builder /app/target/release/auth-service /usr/local/bin COPY --from=builder /app/assets /app/assets -ENTRYPOINT ["/usr/local/bin/auth-service"] \ No newline at end of file +ENTRYPOINT ["/usr/local/bin/auth-service"] diff --git a/auth-service/src/routes/login.rs b/auth-service/src/routes/login.rs index 5dbbd3f03..f69a2b5f1 100644 --- a/auth-service/src/routes/login.rs +++ b/auth-service/src/routes/login.rs @@ -12,26 +12,26 @@ pub async fn login( State(state): State, jar: CookieJar, Json(request): Json, -) -> (CookieJar, Result) { +) -> Result<(CookieJar, impl IntoResponse), AuthAPIError> { let password = match Password::parse(request.password) { Ok(password) => password, - Err(_) => return (jar, Err(AuthAPIError::InvalidCredentials)), + Err(_) => return Err(AuthAPIError::InvalidCredentials), }; let email = match Email::parse(request.email) { Ok(email) => email, - Err(_) => return (jar, Err(AuthAPIError::InvalidCredentials)), + Err(_) => return Err(AuthAPIError::InvalidCredentials), }; let user_store = &state.user_store.read().await; if user_store.validate_user(&email, &password).await.is_err() { - return (jar, Err(AuthAPIError::IncorrectCredentials)); + return Err(AuthAPIError::IncorrectCredentials); } let user = match user_store.get_user(&email).await { Ok(user) => user, - Err(_) => return (jar, Err(AuthAPIError::IncorrectCredentials)), + Err(_) => return Err(AuthAPIError::IncorrectCredentials), }; match user.requires_2fa { @@ -44,10 +44,7 @@ async fn handle_2fa( email: &Email, state: &AppState, jar: CookieJar, -) -> ( - CookieJar, - Result<(StatusCode, Json), AuthAPIError>, -) { +) -> Result<(CookieJar, (StatusCode, Json)), AuthAPIError> { let login_attempt_id = LoginAttemptId::default(); let two_fa_code = TwoFACode::default(); @@ -59,7 +56,7 @@ async fn handle_2fa( .await .is_err() { - return (jar, Err(AuthAPIError::UnexpectedError)); + return Err(AuthAPIError::UnexpectedError); } if state @@ -68,35 +65,33 @@ async fn handle_2fa( .await .is_err() { - return (jar, Err(AuthAPIError::UnexpectedError)); + return Err(AuthAPIError::UnexpectedError); } - let response = Json(LoginResponse::TwoFactorAuth(TwoFactorAuthResponse { - message: "2FA required".to_owned(), - login_attempt_id: login_attempt_id.as_ref().to_owned(), - })); + let response = ( + StatusCode::PARTIAL_CONTENT, + Json(LoginResponse::TwoFactorAuth(TwoFactorAuthResponse { + message: "2FA required".to_owned(), + login_attempt_id: login_attempt_id.as_ref().to_owned(), + })), + ); - (jar, Ok((StatusCode::PARTIAL_CONTENT, response))) + Ok((jar, response)) } async fn handle_no_2fa( email: &Email, jar: CookieJar, -) -> ( - CookieJar, - Result<(StatusCode, Json), AuthAPIError>, -) { +) -> Result<(CookieJar, (StatusCode, Json)), AuthAPIError> { let auth_cookie = match generate_auth_cookie(email) { Ok(cookie) => cookie, - Err(_) => return (jar, Err(AuthAPIError::UnexpectedError)), + Err(_) => return Err(AuthAPIError::UnexpectedError), }; let updated_jar = jar.add(auth_cookie); + let response = (StatusCode::OK, Json(LoginResponse::RegularAuth)); - ( - updated_jar, - Ok((StatusCode::OK, Json(LoginResponse::RegularAuth))), - ) + Ok((updated_jar, response)) } #[derive(Deserialize)] diff --git a/auth-service/src/routes/logout.rs b/auth-service/src/routes/logout.rs index 66de33789..9b1d4b5c0 100644 --- a/auth-service/src/routes/logout.rs +++ b/auth-service/src/routes/logout.rs @@ -10,17 +10,17 @@ use crate::{ pub async fn logout( State(state): State, jar: CookieJar, -) -> (CookieJar, Result) { +) -> Result<(CookieJar, impl IntoResponse), AuthAPIError> { let cookie = match jar.get(JWT_COOKIE_NAME) { Some(cookie) => cookie, - None => return (jar, Err(AuthAPIError::MissingToken)), + None => return Err(AuthAPIError::MissingToken), }; // Validate token let token = cookie.value().to_owned(); let _ = match validate_token(&token, state.banned_token_store.clone()).await { Ok(claims) => claims, - Err(_) => return (jar, Err(AuthAPIError::InvalidToken)), + Err(_) => return Err(AuthAPIError::InvalidToken), }; // Add token to banned list @@ -32,11 +32,11 @@ pub async fn logout( .await .is_err() { - return (jar, Err(AuthAPIError::UnexpectedError)); + return Err(AuthAPIError::UnexpectedError); } // Remove jwt cookie let jar = jar.remove(cookie::Cookie::from(JWT_COOKIE_NAME)); - (jar, Ok(StatusCode::OK)) + Ok((jar, StatusCode::OK)) } diff --git a/auth-service/src/routes/verify_2fa.rs b/auth-service/src/routes/verify_2fa.rs index a015b6501..8865ce4d4 100644 --- a/auth-service/src/routes/verify_2fa.rs +++ b/auth-service/src/routes/verify_2fa.rs @@ -12,45 +12,45 @@ pub async fn verify_2fa( State(state): State, jar: CookieJar, Json(request): Json, -) -> (CookieJar, Result) { +) -> Result<(CookieJar, impl IntoResponse), AuthAPIError> { let email = match Email::parse(request.email.clone()) { Ok(email) => email, - Err(_) => return (jar, Err(AuthAPIError::InvalidCredentials)), + Err(_) => return Err(AuthAPIError::InvalidCredentials), }; let login_attempt_id = match LoginAttemptId::parse(request.login_attempt_id.clone()) { Ok(login_attempt_id) => login_attempt_id, - Err(_) => return (jar, Err(AuthAPIError::InvalidCredentials)), + Err(_) => return Err(AuthAPIError::InvalidCredentials), }; let two_fa_code = match TwoFACode::parse(request.two_fa_code) { Ok(two_fa_code) => two_fa_code, - Err(_) => return (jar, Err(AuthAPIError::InvalidCredentials)), + Err(_) => return Err(AuthAPIError::InvalidCredentials), }; let mut two_fa_code_store = state.two_fa_code_store.write().await; let code_tuple = match two_fa_code_store.get_code(&email).await { Ok(code_tuple) => code_tuple, - Err(_) => return (jar, Err(AuthAPIError::IncorrectCredentials)), + Err(_) => return Err(AuthAPIError::IncorrectCredentials), }; if !code_tuple.0.eq(&login_attempt_id) || !code_tuple.1.eq(&two_fa_code) { - return (jar, Err(AuthAPIError::IncorrectCredentials)); + return Err(AuthAPIError::IncorrectCredentials); } if two_fa_code_store.remove_code(&email).await.is_err() { - return (jar, Err(AuthAPIError::UnexpectedError)); + return Err(AuthAPIError::UnexpectedError); } let cookie = match generate_auth_cookie(&email) { Ok(cookie) => cookie, - Err(_) => return (jar, Err(AuthAPIError::UnexpectedError)), + Err(_) => return Err(AuthAPIError::UnexpectedError), }; let updated_jar = jar.add(cookie); - (updated_jar, Ok(())) + Ok((updated_jar, ())) } #[derive(Debug, Deserialize)]