<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `auth/src/lib.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>lib.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../normalize.css"><link rel="stylesheet" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../ayu.css" disabled><link rel="stylesheet" href="../../dark.css" disabled><link rel="stylesheet" href="../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../storage.js"></script><script defer src="../../source-script.js"></script><script defer src="../../source-files.js"></script><script defer src="../../main.js"></script><noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../auth/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../auth/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../auth/index.html"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="example-wrap"><pre class="line-numbers"><span id="1">1</span>
<span id="2">2</span>
<span id="3">3</span>
<span id="4">4</span>
<span id="5">5</span>
<span id="6">6</span>
<span id="7">7</span>
<span id="8">8</span>
<span id="9">9</span>
<span id="10">10</span>
<span id="11">11</span>
<span id="12">12</span>
<span id="13">13</span>
<span id="14">14</span>
<span id="15">15</span>
<span id="16">16</span>
<span id="17">17</span>
<span id="18">18</span>
<span id="19">19</span>
<span id="20">20</span>
<span id="21">21</span>
<span id="22">22</span>
<span id="23">23</span>
<span id="24">24</span>
<span id="25">25</span>
<span id="26">26</span>
<span id="27">27</span>
<span id="28">28</span>
<span id="29">29</span>
<span id="30">30</span>
<span id="31">31</span>
<span id="32">32</span>
<span id="33">33</span>
<span id="34">34</span>
<span id="35">35</span>
<span id="36">36</span>
<span id="37">37</span>
<span id="38">38</span>
<span id="39">39</span>
<span id="40">40</span>
<span id="41">41</span>
<span id="42">42</span>
<span id="43">43</span>
<span id="44">44</span>
<span id="45">45</span>
<span id="46">46</span>
<span id="47">47</span>
<span id="48">48</span>
<span id="49">49</span>
<span id="50">50</span>
<span id="51">51</span>
<span id="52">52</span>
<span id="53">53</span>
<span id="54">54</span>
<span id="55">55</span>
<span id="56">56</span>
<span id="57">57</span>
<span id="58">58</span>
<span id="59">59</span>
<span id="60">60</span>
<span id="61">61</span>
<span id="62">62</span>
<span id="63">63</span>
<span id="64">64</span>
<span id="65">65</span>
<span id="66">66</span>
<span id="67">67</span>
<span id="68">68</span>
<span id="69">69</span>
<span id="70">70</span>
<span id="71">71</span>
<span id="72">72</span>
<span id="73">73</span>
<span id="74">74</span>
<span id="75">75</span>
<span id="76">76</span>
<span id="77">77</span>
<span id="78">78</span>
<span id="79">79</span>
<span id="80">80</span>
<span id="81">81</span>
<span id="82">82</span>
<span id="83">83</span>
<span id="84">84</span>
<span id="85">85</span>
<span id="86">86</span>
<span id="87">87</span>
<span id="88">88</span>
<span id="89">89</span>
<span id="90">90</span>
<span id="91">91</span>
<span id="92">92</span>
<span id="93">93</span>
<span id="94">94</span>
<span id="95">95</span>
<span id="96">96</span>
<span id="97">97</span>
<span id="98">98</span>
<span id="99">99</span>
</pre><pre class="rust"><code><span class="kw">use </span>aes_gcm::aead::generic_array::GenericArray;
<span class="kw">use </span>aes_gcm::aead::Aead;
<span class="kw">use </span>aes_gcm::AeadInPlace;
<span class="kw">use </span>aes_gcm::Aes256Gcm;
<span class="kw">use </span>aes_gcm::NewAead;

<span class="kw">use </span>displaydoc::Display;
<span class="kw">use </span>once_cell::sync::OnceCell;
<span class="kw">use </span>rand::Rng;
<span class="kw">use </span>rand::RngCore;
<span class="kw">use </span>serde::Serialize;
<span class="kw">use </span>std::convert::TryInto;
<span class="kw">use </span>thiserror::Error;

<span class="kw">const </span>NONCE_LEN: usize = <span class="number">12</span>;
<span class="kw">const </span>TAG_LEN: usize = <span class="number">16</span>;

<span class="doccomment">/// This is the secret key with which we sign the cookies.
</span><span class="comment">// TODO: Generate this at first run to ensure security
</span><span class="kw">static </span>KEY: OnceCell&lt;[u8; <span class="number">32</span>]&gt; = OnceCell::new();

<span class="kw">pub fn </span>generate_key() -&gt; [u8; <span class="number">32</span>] {
    rand::thread_rng().gen()
}

<span class="kw">pub fn </span>set_key(k: [u8; <span class="number">32</span>]) {
    KEY.set(k).expect(<span class="string">&quot;Failed to set secret_key&quot;</span>)
}

<span class="doccomment">/// This function should only be called from tests
</span><span class="kw">pub fn </span>set_key_fallible(k: [u8; <span class="number">32</span>]) {
    <span class="kw">let _ </span>= KEY.set(k);
}

<span class="kw">fn </span>get_key() -&gt; <span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>[u8; <span class="number">32</span>] {
    KEY.get().expect(<span class="string">&quot;key must be initialized&quot;</span>)
}

<span class="attribute">#[derive(Clone, Debug, Display, Error, Serialize)]
</span><span class="kw">pub enum </span>AuthError {
    <span class="doccomment">/// Token is not base64 encoded.
    </span>BadBase64,
    <span class="doccomment">/// Token data is too short.
    </span>ShortData,
    <span class="doccomment">/// Failed to decrypt token.
    </span>DecryptError,
    <span class="doccomment">/// Token plaintext does not contain a UserID.
    </span>PlainTextNoti64,
}

<span class="doccomment">/// Function encrypts a UserID with a nonce and returns it as a base64 string to be used as a cookie/token.
</span><span class="kw">pub fn </span>user_cookie_generate(user: i64) -&gt; String {
    <span class="comment">// Create a vec to hold the [nonce | cookie value].
    </span><span class="kw">let </span>cookie_val = <span class="kw-2">&amp;</span>user.to_be_bytes();
    <span class="kw">let </span><span class="kw-2">mut </span>data = <span class="macro">vec!</span>[<span class="number">0</span>; NONCE_LEN + cookie_val.len() + TAG_LEN];

    <span class="comment">// Split data into three: nonce, input/output, tag. Copy input.
    </span><span class="kw">let </span>(nonce, in_out) = data.split_at_mut(NONCE_LEN);
    <span class="kw">let </span>(in_out, tag) = in_out.split_at_mut(cookie_val.len());
    in_out.copy_from_slice(cookie_val);

    <span class="comment">// Fill nonce piece with random data.
    </span><span class="kw">let </span><span class="kw-2">mut </span>rng = rand::thread_rng();
    rng.try_fill_bytes(nonce)
        .expect(<span class="string">&quot;couldn&#39;t random fill nonce&quot;</span>);
    <span class="kw">let </span>nonce = GenericArray::clone_from_slice(nonce);

    <span class="comment">// Perform the actual sealing operation, using the cookie&#39;s name as
    // associated data to prevent value swapping.
    </span><span class="kw">let </span>aead = Aes256Gcm::new(GenericArray::from_slice(get_key()));
    <span class="kw">let </span>aad_tag = aead
        .encrypt_in_place_detached(<span class="kw-2">&amp;</span>nonce, <span class="string">b&quot;&quot;</span>, in_out)
        .expect(<span class="string">&quot;encryption failure!&quot;</span>);

    <span class="comment">// Copy the tag into the tag piece.
    </span>tag.copy_from_slice(<span class="kw-2">&amp;</span>aad_tag);

    <span class="comment">// Base64 encode [nonce | encrypted value | tag].
    </span>base64::encode(<span class="kw-2">&amp;</span>data)
}

<span class="doccomment">/// Function decrypts a UserID which was encrypted with `user_cookie_generate`
</span><span class="kw">pub fn </span>user_cookie_decode(cookie: String) -&gt; <span class="prelude-ty">Result</span>&lt;i64, AuthError&gt; {
    <span class="kw">let </span>data = base64::decode(cookie).map_err(|<span class="kw">_</span>| AuthError::BadBase64)<span class="question-mark">?</span>;
    <span class="kw">if </span>data.len() &lt;= NONCE_LEN {
        <span class="kw">return </span><span class="prelude-val">Err</span>(AuthError::ShortData);
    }
    <span class="kw">let </span>(nonce, cipher) = data.split_at(NONCE_LEN);
    <span class="kw">let </span>aead = Aes256Gcm::new(GenericArray::from_slice(get_key()));
    <span class="kw">let </span>plaintext = aead
        .decrypt(GenericArray::from_slice(nonce), cipher)
        .map_err(|<span class="kw">_</span>| AuthError::DecryptError)<span class="question-mark">?</span>;

    <span class="prelude-val">Ok</span>(i64::from_be_bytes(
        plaintext
            .try_into()
            .map_err(|<span class="kw">_</span>| AuthError::PlainTextNoti64)<span class="question-mark">?</span>,
    ))
}
</code></pre></div>
</section></div></main><div id="rustdoc-vars" data-root-path="../../" data-current-crate="auth" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (e7119a030 2022-09-22)" ></div></body></html>