1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#![forbid(unsafe_code)]
use digest::InvalidLength;
use hmac::{Hmac, Mac};
use jwt::{SignWithKey, VerifyWithKey};
pub use jwt::Error as JwtError;
pub use serde_json::{Value, to_value, from_value};
use sha2::{Sha256, Digest};
use std::collections::BTreeMap;
use thiserror::Error;
#[derive(Debug, Error)]
pub enum Error {
#[error("invalid length")]
InvalidLength(#[from] InvalidLength),
#[error("signing error")]
SignErr(#[from] JwtError),
}
fn hash_password(pass: &str, salt: &str) -> String {
let mut hasher = Sha256::new();
hasher.update(format!("{}:{}", salt, pass));
hex::encode(hasher.finalize().as_slice())
}
pub fn to_hash(pass: &str) -> String {
let salt = uuid::Uuid::new_v4().to_string();
let mut hasher = Sha256::new();
hasher.update(format!("{}:{}", salt, pass));
format!("{}:{}", salt, hash_password(pass, &salt))
}
pub fn verify(pass: &str, safe_pass: &str) -> bool {
let split: Vec<&str> = safe_pass.split(":").collect();
let req_hash = hash_password(pass, split[0]);
if req_hash == split[1] { true } else { false }
}
pub fn to_token(app_secret: &str, claims: BTreeMap<String, Value>) -> Result<String, Error> {
let key: Hmac<Sha256> = Hmac::new_from_slice(app_secret.as_bytes())?;
let token = claims.sign_with_key(&key)?;
Ok(token)
}
pub fn from_token(app_secret: &str, token: &str) -> Result<BTreeMap<String, Value>, Error> {
let key: Hmac<Sha256> = Hmac::new_from_slice(app_secret.as_bytes())?;
let claims = token.verify_with_key(&key)?;
Ok(claims)
}
#[cfg(test)]
pub mod tests {
use super::*;
use serde_json::{from_value, to_value};
#[test]
fn hash_test() {
let pass = "foo";
let hash = to_hash(pass);
assert!(verify(pass, &hash));
assert!(!verify("bar", &hash));
}
#[test]
fn sign_test() {
let app_secret = "my-secret";
let user_id = 1;
let jwt = to_token(app_secret, [
("id".into(), to_value(user_id).unwrap())
].into()).unwrap();
let mut claims = from_token(app_secret, &jwt).unwrap();
assert_eq!(1, from_value::<i32>(claims.remove("id").unwrap()).unwrap());
}
}