Merge pull request #12 from SakaDream/update-dependencies

SakaDream · web-flow · commit 5c5b0000c079 · 2020-03-02T22:58:17.000+07:00
Update dependencies
diff --git a/Cargo.toml b/Cargo.toml
@@ -7,21 +7,20 @@ edition = "2018"
 [dependencies]
 actix-web = "2.0.0"
 actix-rt = "1.0.0"
-actix-service = "1.0.1"
+actix-service = "1.0.5"
 actix-cors = "0.2.0"
 log = "0.4.8"
 env_logger = "0.7.1"
 diesel_migrations = "1.4.0"
 serde = "1.0.104"
 serde_derive = "1.0.104"
-serde_json = "1.0.44"
+serde_json = "1.0.48"
 dotenv = "0.15.0"
-futures = "0.3.1"
+futures = "0.3.4"
 failure = "0.1.6"
-derive_more = "0.99.2"
-jsonwebtoken = "6.0.1"
+derive_more = "0.99.3"
+jsonwebtoken = "7.1.0"
 bcrypt = "0.6.1"
-time = "0.2.1"
 
 [dependencies.diesel]
 version = "1.4.3"
diff --git a/README.md b/README.md
@@ -44,9 +44,12 @@ curl -X GET -i 'http://127.0.0.1:8000/api/ping'
 ### `POST /api/auth/signup`: Signup
 ```bash
 curl -X POST -i 'http://127.0.0.1:8000/api/auth/signup' \
--H "Content-Type: application/json" --data '{"username": "c",
-   "email": "c",
-   "password": "c" }'
+  -H "Content-Type: application/json" \
+  --data '{
+    "username": "user",
+    "email": "user@email.com",
+    "password": "4S3cr3tPa55w0rd"
+  }'
 ```
 
   - Request body:
@@ -76,7 +79,7 @@ curl -X POST -i 'http://127.0.0.1:8000/api/auth/signup' \
 ### `POST /api/auth/login`: Login
 ```bash
 curl -X POST -H 'Content-Type: application/json' -i 'http://127.0.0.1:8000/api/auth/login'  \
- --data '{"username_or_email":"c",  "password":"c"}'
+  --data '{"username_or_email":"user",  "password":"4S3cr3tPa55w0rd"}'
 ```
   - Request body:
   ```
@@ -104,14 +107,17 @@ curl -X POST -H 'Content-Type: application/json' -i 'http://127.0.0.1:8000/api/a
     ```
 
 ### `POST /api/auth/login`: Logout
-    ```bash
-    curl -X POST -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzcyNTc4NzksImV4cCI6MTU3Nzg2MjY3OSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiYzUxNWE3NTg3NGYzNGVjNGFmNDJmNWE2M2QxMDVjMGYifQ.B9w6FxFdypb5GCRMKXZ9CZWFxQLFjvmPSusMCtcE-Ac' -i 'http://127.0.0.1:8000/api/auth/logout'
-    ```
+```bash
+curl -X POST -H 'Content-Type: application/json' \
+  -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzcyNTc4NzksImV4cCI6MTU3Nzg2MjY3OSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiYzUxNWE3NTg3NGYzNGVjNGFmNDJmNWE2M2QxMDVjMGYifQ.B9w6FxFdypb5GCRMKXZ9CZWFxQLFjvmPSusMCtcE-Ac' \
+  -i 'http://127.0.0.1:8000/api/auth/logout'
+```
 
 ### `GET /api/address-book`: Get all people information
-```
-curl -X GET -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzU4NzM4MjksImV4cCI6MTU3NjQ3ODYyOSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiZjU5N2M3MTIxZTExNDBhMGE0ZjE0YmQ4N2NjM2Q4MWUifQ.6qppDfRgOw45eExJ7MUEwpcu3AUXXe9_ifj_mp7k22k' -i 'http://127.0.0.1:8000/api/address-book'
-'
+```bash
+curl -X GET -H 'Content-Type: application/json' \
+  -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzU4NzM4MjksImV4cCI6MTU3NjQ3ODYyOSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiZjU5N2M3MTIxZTExNDBhMGE0ZjE0YmQ4N2NjM2Q4MWUifQ.6qppDfRgOw45eExJ7MUEwpcu3AUXXe9_ifj_mp7k22k' \
+  -i 'http://127.0.0.1:8000/api/address-book'
 ```
   - Header:
     - Authorization: bearer \<token\>
@@ -135,8 +141,10 @@ curl -X GET -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0eX
     ```
 
 ### `GET /api/address-book/{id}`: Get person information by id
-```
-curl -X GET -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzU4NzM4MjksImV4cCI6MTU3NjQ3ODYyOSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiZjU5N2M3MTIxZTExNDBhMGE0ZjE0YmQ4N2NjM2Q4MWUifQ.6qppDfRgOw45eExJ7MUEwpcu3AUXXe9_ifj_mp7k22k' -i 'http://127.0.0.1:8000/api/address-book/2'
+```bash
+curl -X GET -H 'Content-Type: application/json' \
+  -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzU4NzM4MjksImV4cCI6MTU3NjQ3ODYyOSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiZjU5N2M3MTIxZTExNDBhMGE0ZjE0YmQ4N2NjM2Q4MWUifQ.6qppDfRgOw45eExJ7MUEwpcu3AUXXe9_ifj_mp7k22k' \
+  -i 'http://127.0.0.1:8000/api/address-book/2'
 ```
   - Param path:
     - id: int32
@@ -167,6 +175,11 @@ curl -X GET -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0eX
     ```
 
 ### `GET /api/address-book/{query}`: Search for person information by keyword
+```bash
+curl -X GET -H 'Content-Type: application/json' \
+  -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzU4NzM4MjksImV4cCI6MTU3NjQ3ODYyOSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiZjU5N2M3MTIxZTExNDBhMGE0ZjE0YmQ4N2NjM2Q4MWUifQ.6qppDfRgOw45eExJ7MUEwpcu3AUXXe9_ifj_mp7k22k' \
+  -i 'http://127.0.0.1:8000/api/address-book/user'
+```
   - Param path:
     - query: string
   - Header:
@@ -191,15 +204,18 @@ curl -X GET -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0eX
     ```
 
 ### `POST /api/address-book`: Add person information
-```
-curl -X POST -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzU4NzM4MjksImV4cCI6MTU3NjQ3ODYyOSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiZjU5N2M3MTIxZTExNDBhMGE0ZjE0YmQ4N2NjM2Q4MWUifQ.6qppDfRgOw45eExJ7MUEwpcu3AUXXe9_ifj_mp7k22k' -i 'http://127.0.0.1:8000/api/address-book' --data '{
-  "name": "a",
-  "gender": true,
-  "age": 32,
-  "address": "addr",
-  "phone": "133",
-  "email": "e@q.com"
-}
+```bash
+curl -X POST -H 'Content-Type: application/json' \
+  -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzU4NzM4MjksImV4cCI6MTU3NjQ3ODYyOSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiZjU5N2M3MTIxZTExNDBhMGE0ZjE0YmQ4N2NjM2Q4MWUifQ.6qppDfRgOw45eExJ7MUEwpcu3AUXXe9_ifj_mp7k22k' \
+  -i 'http://127.0.0.1:8000/api/address-book' \
+  --data '{
+    "name": "c",
+    "gender": true,
+    "age": 32,
+    "address": "addr",
+    "phone": "133",
+    "email": "e@q.com"
+  }
 '
 ```
   - Header:
@@ -232,6 +248,20 @@ curl -X POST -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0e
     ```  
 
 ### `PUT /api/address-book/{id}`: Update person information by id
+```bash
+curl -X PUT -H 'Content-Type: application/json' \
+  -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzU4NzM4MjksImV4cCI6MTU3NjQ3ODYyOSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiZjU5N2M3MTIxZTExNDBhMGE0ZjE0YmQ4N2NjM2Q4MWUifQ.6qppDfRgOw45eExJ7MUEwpcu3AUXXe9_ifj_mp7k22k' \
+  -i 'http://127.0.0.1:8000/api/address-book/2' \
+  --data '{
+    "name": "b",
+    "gender": true,
+    "age": 32,
+    "address": "addr",
+    "phone": "133",
+    "email": "b@q.com"
+  }
+'
+```
   - Param path:
     - id: int32
   - Header:
@@ -264,6 +294,11 @@ curl -X POST -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0e
     ```
 
 ### `DELETE /api/address-book/{id}`: Delete person information by id
+```bash
+curl -X DELETE -H 'Content-Type: application/json' \
+  -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzU4NzM4MjksImV4cCI6MTU3NjQ3ODYyOSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiZjU5N2M3MTIxZTExNDBhMGE0ZjE0YmQ4N2NjM2Q4MWUifQ.6qppDfRgOw45eExJ7MUEwpcu3AUXXe9_ifj_mp7k22k' \
+  -i 'http://127.0.0.1:8000/api/address-book/2'
+```
   - Param path:
     - id: int32
   - Header:
@@ -284,6 +319,22 @@ curl -X POST -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0e
     }
     ```
 
+### brower OPTIONS curl request example
+```bash
+curl -X OPTIONS -i 'http://127.0.0.1:8000/api/login' \
+  -H "Origin: http://example.com" -H "Access-Control-Request-Method: POST"
+```
+  - Response
+  ```
+  HTTP/1.1 200 OK
+  content-length: 0
+  access-control-max-age: 3600
+  access-control-allow-methods: POST,DELETE,GET,PUT
+  access-control-allow-origin: *
+  access-control-allow-headers: authorization,content-type,accept
+  date: Tue, 07 Jan 2020 15:17:48 GMT
+  ```
+
 ### Errors:
   - Invalid or missing token
     - Status code: 401 Unauthorized
@@ -294,15 +345,3 @@ curl -X POST -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0e
       "data": ""
     }
     ```
-### brower OPTIONS curl request example
-```
-curl -X OPTIONS -i 'http://127.0.0.1:8000/api/login' -H "Origin: http://example.com" -H "Access-Control-Request-Method: POST"
-```
-  - Response  
-  HTTP/1.1 200 OK
-  content-length: 0
-  access-control-max-age: 3600
-  access-control-allow-methods: POST,DELETE,GET,PUT
-  access-control-allow-origin: *
-  access-control-allow-headers: authorization,content-type,accept
-  date: Tue, 07 Jan 2020 15:17:48 GMT
diff --git a/src/main.rs b/src/main.rs
@@ -23,7 +23,6 @@ extern crate derive_more;
 extern crate jsonwebtoken;
 extern crate uuid;
 extern crate bcrypt;
-extern crate time;
 
 mod api;
 mod config;
diff --git a/src/middleware/authen_middleware.rs b/src/middleware/authen_middleware.rs
@@ -57,7 +57,6 @@ where
         let mut authenticate_pass: bool = false;
 
         // Bypass some account routes
-        debug!("{:?}",req.head_mut().headers());
         let headers = req.headers_mut();
         headers.append(HeaderName::from_static("content-length"),HeaderValue::from_static("true"));
         if Method::OPTIONS == *req.method() {
diff --git a/src/models/user_token.rs b/src/models/user_token.rs
@@ -1,9 +1,12 @@
 use crate::models::user::LoginInfoDTO;
-use jsonwebtoken::Header;
-use time::PrimitiveDateTime;
+use chrono::Utc;
+use jsonwebtoken::{
+    EncodingKey,
+    Header
+};
 
 pub static KEY: [u8; 16] = *include_bytes!("../secret.key");
-static ONE_WEEK: i64 = 60 * 60 * 24 * 7;
+static ONE_WEEK: i64 = 60 * 60 * 24 * 7; // in seconds
 
 #[derive(Serialize, Deserialize)]
 pub struct UserToken {
@@ -18,14 +21,14 @@ pub struct UserToken {
 
 impl UserToken {
     pub fn generate_token(login: LoginInfoDTO) -> String {
-        let now = PrimitiveDateTime::now().timestamp();
+        let now = Utc::now().timestamp_nanos() / 1_000_000_000; // nanosecond -> second
         let payload = UserToken {
             iat: now,
             exp: now + ONE_WEEK,
             user: login.username,
             login_session: login.login_session,
         };
 
-        jsonwebtoken::encode(&Header::default(), &payload, &KEY).unwrap()
+        jsonwebtoken::encode(&Header::default(), &payload, &EncodingKey::from_secret(&KEY)).unwrap()
     }
 }
diff --git a/src/utils/token_utils.rs b/src/utils/token_utils.rs
@@ -6,10 +6,10 @@ use crate::{
     },
 };
 use actix_web::web;
-use jsonwebtoken::{TokenData, Validation};
+use jsonwebtoken::{DecodingKey, TokenData, Validation};
 
 pub fn decode_token(token: String) -> jsonwebtoken::errors::Result<TokenData<UserToken>> {
-    jsonwebtoken::decode::<UserToken>(&token, &KEY, &Validation::default())
+    jsonwebtoken::decode::<UserToken>(&token, &DecodingKey::from_secret(&KEY), &Validation::default())
 }
 
 pub fn verify_token(token_data: &TokenData<UserToken>, pool: &web::Data<Pool>) -> Result<String, String> {
