<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `auth/src/lib.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>lib.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceSerif4-Regular-1f7d512b176f0f72.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/FiraSans-Regular-018c141bf0843ffd.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/FiraSans-Medium-8f9a781e4970d388.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceSerif4-Bold-124a1ca42af929b6.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2"><link rel="stylesheet" href="../../static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="../../static.files/rustdoc-6827029ac823cab7.css" id="mainThemeStyle"><link rel="stylesheet" id="themeStyle" href="../../static.files/light-ebce58d0a40c3431.css"><link rel="stylesheet" disabled href="../../static.files/dark-f23faae4a2daf9a6.css"><link rel="stylesheet" disabled href="../../static.files/ayu-8af5e100b21cd173.css"><script id="default-settings" ></script><script src="../../static.files/storage-d43fa987303ecbbb.js"></script><script defer src="../../static.files/source-script-5cf2e01a42cc9858.js"></script><script defer src="../../source-files.js"></script><script defer src="../../static.files/main-c55e1eb52e1886b4.js"></script><noscript><link rel="stylesheet" href="../../static.files/noscript-13285aec31fa243e.css"></noscript><link rel="alternate icon" type="image/png" href="../../static.files/favicon-16x16-8b506e7a72182f1c.png"><link rel="alternate icon" type="image/png" href="../../static.files/favicon-32x32-422f7d1d52889060.png"><link rel="icon" type="image/svg+xml" href="../../static.files/favicon-2c020d218678b618.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../auth/index.html"><img class="rust-logo" src="../../static.files/rust-logo-151179464ae7ed46.svg" alt="logo"></a><form class="search-form"><span></span><input class="search-input" name="search" aria-label="Run search in the documentation" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../static.files/wheel-5ec35bf9ca753509.svg"></a></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><a href="#1" id="1">1</a>
<a href="#2" id="2">2</a>
<a href="#3" id="3">3</a>
<a href="#4" id="4">4</a>
<a href="#5" id="5">5</a>
<a href="#6" id="6">6</a>
<a href="#7" id="7">7</a>
<a href="#8" id="8">8</a>
<a href="#9" id="9">9</a>
<a href="#10" id="10">10</a>
<a href="#11" id="11">11</a>
<a href="#12" id="12">12</a>
<a href="#13" id="13">13</a>
<a href="#14" id="14">14</a>
<a href="#15" id="15">15</a>
<a href="#16" id="16">16</a>
<a href="#17" id="17">17</a>
<a href="#18" id="18">18</a>
<a href="#19" id="19">19</a>
<a href="#20" id="20">20</a>
<a href="#21" id="21">21</a>
<a href="#22" id="22">22</a>
<a href="#23" id="23">23</a>
<a href="#24" id="24">24</a>
<a href="#25" id="25">25</a>
<a href="#26" id="26">26</a>
<a href="#27" id="27">27</a>
<a href="#28" id="28">28</a>
<a href="#29" id="29">29</a>
<a href="#30" id="30">30</a>
<a href="#31" id="31">31</a>
<a href="#32" id="32">32</a>
<a href="#33" id="33">33</a>
<a href="#34" id="34">34</a>
<a href="#35" id="35">35</a>
<a href="#36" id="36">36</a>
<a href="#37" id="37">37</a>
<a href="#38" id="38">38</a>
<a href="#39" id="39">39</a>
<a href="#40" id="40">40</a>
<a href="#41" id="41">41</a>
<a href="#42" id="42">42</a>
<a href="#43" id="43">43</a>
<a href="#44" id="44">44</a>
<a href="#45" id="45">45</a>
<a href="#46" id="46">46</a>
<a href="#47" id="47">47</a>
<a href="#48" id="48">48</a>
<a href="#49" id="49">49</a>
<a href="#50" id="50">50</a>
<a href="#51" id="51">51</a>
<a href="#52" id="52">52</a>
<a href="#53" id="53">53</a>
<a href="#54" id="54">54</a>
<a href="#55" id="55">55</a>
<a href="#56" id="56">56</a>
<a href="#57" id="57">57</a>
<a href="#58" id="58">58</a>
<a href="#59" id="59">59</a>
<a href="#60" id="60">60</a>
<a href="#61" id="61">61</a>
<a href="#62" id="62">62</a>
<a href="#63" id="63">63</a>
<a href="#64" id="64">64</a>
<a href="#65" id="65">65</a>
<a href="#66" id="66">66</a>
<a href="#67" id="67">67</a>
<a href="#68" id="68">68</a>
<a href="#69" id="69">69</a>
<a href="#70" id="70">70</a>
<a href="#71" id="71">71</a>
<a href="#72" id="72">72</a>
<a href="#73" id="73">73</a>
<a href="#74" id="74">74</a>
<a href="#75" id="75">75</a>
<a href="#76" id="76">76</a>
<a href="#77" id="77">77</a>
<a href="#78" id="78">78</a>
<a href="#79" id="79">79</a>
<a href="#80" id="80">80</a>
<a href="#81" id="81">81</a>
<a href="#82" id="82">82</a>
<a href="#83" id="83">83</a>
<a href="#84" id="84">84</a>
<a href="#85" id="85">85</a>
<a href="#86" id="86">86</a>
<a href="#87" id="87">87</a>
<a href="#88" id="88">88</a>
<a href="#89" id="89">89</a>
<a href="#90" id="90">90</a>
<a href="#91" id="91">91</a>
<a href="#92" id="92">92</a>
<a href="#93" id="93">93</a>
<a href="#94" id="94">94</a>
<a href="#95" id="95">95</a>
<a href="#96" id="96">96</a>
<a href="#97" id="97">97</a>
<a href="#98" id="98">98</a>
<a href="#99" id="99">99</a>
</pre><pre class="rust"><code><span class="kw">use </span>aes_gcm::aead::generic_array::GenericArray;
<span class="kw">use </span>aes_gcm::aead::Aead;
<span class="kw">use </span>aes_gcm::AeadInPlace;
<span class="kw">use </span>aes_gcm::Aes256Gcm;
<span class="kw">use </span>aes_gcm::NewAead;
<span class="kw">use </span>displaydoc::Display;
<span class="kw">use </span>once_cell::sync::OnceCell;
<span class="kw">use </span>rand::Rng;
<span class="kw">use </span>rand::RngCore;
<span class="kw">use </span>serde::Serialize;
<span class="kw">use </span>std::convert::TryInto;
<span class="kw">use </span>thiserror::Error;
<span class="kw">const </span>NONCE_LEN: usize = <span class="number">12</span>;
<span class="kw">const </span>TAG_LEN: usize = <span class="number">16</span>;
<span class="doccomment">/// This is the secret key with which we sign the cookies.
</span><span class="comment">// TODO: Generate this at first run to ensure security
</span><span class="kw">static </span>KEY: OnceCell<[u8; <span class="number">32</span>]> = OnceCell::new();
<span class="kw">pub fn </span>generate_key() -> [u8; <span class="number">32</span>] {
rand::thread_rng().gen()
}
<span class="kw">pub fn </span>set_key(k: [u8; <span class="number">32</span>]) {
KEY.set(k).expect(<span class="string">"Failed to set secret_key"</span>)
}
<span class="doccomment">/// This function should only be called from tests
</span><span class="kw">pub fn </span>set_key_fallible(k: [u8; <span class="number">32</span>]) {
<span class="kw">let _ </span>= KEY.set(k);
}
<span class="kw">fn </span>get_key() -> <span class="kw-2">&</span><span class="lifetime">'static </span>[u8; <span class="number">32</span>] {
KEY.get().expect(<span class="string">"key must be initialized"</span>)
}
<span class="attr">#[derive(Clone, Debug, Display, Error, Serialize)]
</span><span class="kw">pub enum </span>AuthError {
<span class="doccomment">/// Token is not base64 encoded.
</span>BadBase64,
<span class="doccomment">/// Token data is too short.
</span>ShortData,
<span class="doccomment">/// Failed to decrypt token.
</span>DecryptError,
<span class="doccomment">/// Token plaintext does not contain a UserID.
</span>PlainTextNoti64,
}
<span class="doccomment">/// Function encrypts a UserID with a nonce and returns it as a base64 string to be used as a cookie/token.
</span><span class="kw">pub fn </span>user_cookie_generate(user: i64) -> String {
<span class="comment">// Create a vec to hold the [nonce | cookie value].
</span><span class="kw">let </span>cookie_val = <span class="kw-2">&</span>user.to_be_bytes();
<span class="kw">let </span><span class="kw-2">mut </span>data = <span class="macro">vec!</span>[<span class="number">0</span>; NONCE_LEN + cookie_val.len() + TAG_LEN];
<span class="comment">// Split data into three: nonce, input/output, tag. Copy input.
</span><span class="kw">let </span>(nonce, in_out) = data.split_at_mut(NONCE_LEN);
<span class="kw">let </span>(in_out, tag) = in_out.split_at_mut(cookie_val.len());
in_out.copy_from_slice(cookie_val);
<span class="comment">// Fill nonce piece with random data.
</span><span class="kw">let </span><span class="kw-2">mut </span>rng = rand::thread_rng();
rng.try_fill_bytes(nonce)
.expect(<span class="string">"couldn't random fill nonce"</span>);
<span class="kw">let </span>nonce = GenericArray::clone_from_slice(nonce);
<span class="comment">// Perform the actual sealing operation, using the cookie's name as
// associated data to prevent value swapping.
</span><span class="kw">let </span>aead = Aes256Gcm::new(GenericArray::from_slice(get_key()));
<span class="kw">let </span>aad_tag = aead
.encrypt_in_place_detached(<span class="kw-2">&</span>nonce, <span class="string">b""</span>, in_out)
.expect(<span class="string">"encryption failure!"</span>);
<span class="comment">// Copy the tag into the tag piece.
</span>tag.copy_from_slice(<span class="kw-2">&</span>aad_tag);
<span class="comment">// Base64 encode [nonce | encrypted value | tag].
</span>base64::encode(<span class="kw-2">&</span>data)
}
<span class="doccomment">/// Function decrypts a UserID which was encrypted with `user_cookie_generate`
</span><span class="kw">pub fn </span>user_cookie_decode(cookie: String) -> <span class="prelude-ty">Result</span><i64, AuthError> {
<span class="kw">let </span>data = base64::decode(cookie).map_err(|<span class="kw">_</span>| AuthError::BadBase64)<span class="question-mark">?</span>;
<span class="kw">if </span>data.len() <= NONCE_LEN {
<span class="kw">return </span><span class="prelude-val">Err</span>(AuthError::ShortData);
}
<span class="kw">let </span>(nonce, cipher) = data.split_at(NONCE_LEN);
<span class="kw">let </span>aead = Aes256Gcm::new(GenericArray::from_slice(get_key()));
<span class="kw">let </span>plaintext = aead
.decrypt(GenericArray::from_slice(nonce), cipher)
.map_err(|<span class="kw">_</span>| AuthError::DecryptError)<span class="question-mark">?</span>;
<span class="prelude-val">Ok</span>(i64::from_be_bytes(
plaintext
.try_into()
.map_err(|<span class="kw">_</span>| AuthError::PlainTextNoti64)<span class="question-mark">?</span>,
))
}
</code></pre></div>
</section></div></main><div id="rustdoc-vars" data-root-path="../../" data-static-root-path="../../static.files/" data-current-crate="auth" data-themes="" data-resource-suffix="" data-rustdoc-version="1.67.1 (d5a82bbd2 2023-02-07)" data-search-js="search-444266647c4dba98.js" data-settings-js="settings-bebeae96e00e4617.js" data-settings-css="settings-af96d9e2fc13e081.css" ></div></body></html>