Setup new persistent session and cookie on auth.

Author: adsnaider

src/controllers/user/session.rs

@@ -1,14 +1,29 @@
 use crate::controllers::frontend_prelude::*;
 
-use conduit_cookie::RequestSession;
+use conduit_cookie::{RequestCookies, RequestSession};
+use cookie::{Cookie, SameSite};
 use oauth2::reqwest::http_client;
 use oauth2::{AuthorizationCode, Scope, TokenResponse};
 
 use crate::email::Emails;
 use crate::github::GithubUser;
-use crate::models::{NewUser, User};
+use crate::models::{NewUser, PersistentSession, User};
 use crate::schema::users;
 use crate::util::errors::ReadOnlyMode;
+use crate::util::token::NewSecureToken;
+use crate::util::token::SecureToken;
+use crate::Env;
+
+pub const SESSION_COOKIE_NAME: &str = "crates_auth";
+
+fn session_cookie(token: &NewSecureToken, secure: bool) -> Cookie<'static> {
+    Cookie::build(SESSION_COOKIE_NAME, token.plaintext().to_string())
+        .http_only(true)
+        .secure(secure)
+        .same_site(SameSite::Strict)
+        .path("/")
+        .finish()
+}
 
 /// Handles the `GET /api/private/session/begin` route.
 ///
@@ -97,7 +112,24 @@ pub fn authorize(req: &mut dyn RequestExt) -> EndpointResult {
     let ghuser = req.app().github.current_user(token)?;
     let user = save_user_to_database(&ghuser, token.secret(), &req.app().emails, &*req.db_conn()?)?;
 
+    let user_agent = req
+        .headers()
+        .get(header::USER_AGENT)
+        .and_then(|value| value.to_str().ok())
+        .map(|value| value.to_string())
+        .unwrap_or_default();
+
+    // Setup a session for the newly logged in user.
+    let token = SecureToken::generate(crate::util::token::SecureTokenKind::Session);
+    let session = PersistentSession::create(user.id, &token, req.remote_addr().ip(), &user_agent);
+    session.insert(&*req.db_conn()?)?;
+
+    // Setup session cookie.
+    let secure = req.app().config.env() == Env::Production;
+    req.cookies_mut().add(session_cookie(&token, secure));
+
     // Log in by setting a cookie and the middleware authentication
+    // TODO(adsnaider): Remove.
     req.session_mut()
         .insert("user_id".to_string(), user.id.to_string());
 

src/models.rs

@@ -1,7 +1,6 @@
 pub use self::action::{insert_version_owner_action, VersionAction, VersionOwnerAction};
 pub use self::badge::{Badge, CrateBadge, MaintenanceStatus};
 pub use self::category::{Category, CrateCategory, NewCategory};
-pub use self::persistent_session::PersistentSession;
 pub use self::crate_owner_invitation::{CrateOwnerInvitation, NewCrateOwnerInvitationOutcome};
 pub use self::dependency::{Dependency, DependencyKind, ReverseDependency};
 pub use self::download::VersionDownload;
@@ -10,6 +9,7 @@ pub use self::follow::Follow;
 pub use self::keyword::{CrateKeyword, Keyword};
 pub use self::krate::{Crate, CrateVersions, NewCrate, RecentCrateDownloads};
 pub use self::owner::{CrateOwner, Owner, OwnerKind};
+pub use self::persistent_session::{NewPersistentSession, PersistentSession};
 pub use self::rights::Rights;
 pub use self::team::{NewTeam, Team};
 pub use self::token::{ApiToken, CreatedApiToken};
@@ -21,7 +21,6 @@ pub mod helpers;
 mod action;
 mod badge;
 pub mod category;
-mod persistent_session;
 mod crate_owner_invitation;
 pub mod dependency;
 mod download;
@@ -30,6 +29,7 @@ mod follow;
 mod keyword;
 pub mod krate;
 mod owner;
+mod persistent_session;
 mod rights;
 mod team;
 mod token;

src/models/persistent_session.rs

@@ -1,16 +1,53 @@
-use crate::schema::persistent_sessions;
 use chrono::NaiveDateTime;
+use diesel::prelude::*;
 use ipnetwork::IpNetwork;
+use std::net::IpAddr;
+
+use crate::schema::persistent_sessions;
+use crate::util::token::SecureToken;
 
 #[derive(Clone, Debug, PartialEq, Eq, Identifiable, Queryable)]
 #[table_name = "persistent_sessions"]
 pub struct PersistentSession {
     pub id: i32,
     pub user_id: i32,
-    pub hashed_token: Vec<u8>,
+    pub hashed_token: SecureToken,
     pub created_at: NaiveDateTime,
     pub last_used_at: NaiveDateTime,
     pub revoked: bool,
     pub last_ip_address: IpNetwork,
     pub last_user_agent: String,
 }
+
+impl PersistentSession {
+    pub fn create<'a, 'b>(
+        user_id: i32,
+        token: &'a SecureToken,
+        last_ip_address: IpAddr,
+        last_user_agent: &'b str,
+    ) -> NewPersistentSession<'a, 'b> {
+        NewPersistentSession {
+            user_id,
+            hashed_token: token,
+            last_ip_address: last_ip_address.into(),
+            last_user_agent,
+        }
+    }
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Insertable)]
+#[table_name = "persistent_sessions"]
+pub struct NewPersistentSession<'a, 'b> {
+    user_id: i32,
+    hashed_token: &'a SecureToken,
+    last_ip_address: IpNetwork,
+    last_user_agent: &'b str,
+}
+
+impl NewPersistentSession<'_, '_> {
+    pub fn insert(self, conn: &PgConnection) -> Result<PersistentSession, diesel::result::Error> {
+        diesel::insert_into(persistent_sessions::table)
+            .values(self)
+            .get_result(conn)
+    }
+}

src/util/token.rs

@@ -84,7 +84,7 @@ impl std::ops::Deref for NewSecureToken {
     }
 }
 
-fn generate_secure_alphanumeric_string(len: usize) -> String {
+pub(crate) fn generate_secure_alphanumeric_string(len: usize) -> String {
     const CHARS: &[u8] = b"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
 
     OsRng
@@ -122,6 +122,7 @@ secure_token_kind! {
     #[derive(Debug, Copy, Clone, Eq, PartialEq, Hash)]
     pub(crate) enum SecureTokenKind {
         Api => "cio", // Crates.IO
+        Session => "ses", // Session tokens.
     }
 }
 
@@ -172,6 +173,7 @@ mod tests {
         };
 
         ensure(SecureTokenKind::Api, "cio");
+        ensure(SecureTokenKind::Session, "ses");
 
         assert!(
             remaining.is_empty(),