From 1bffdf0861aef7870e13eaeaa692306554f8b872 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lauren=C8=9Biu=20Nicola?= <lnicola@dend.ro>
Date: Wed, 7 Aug 2019 18:31:09 +0300
Subject: [PATCH] Provide secret key to Rocket

---
 Cargo.lock                                    |  7 +++++++
 Cargo.toml                                    |  1 +
 .../down.sql                                  | 15 +++++++++++++
 .../2019-08-08-042731_blob_auth_secret/up.sql | 15 +++++++++++++
 src/api_tests.rs                              | 11 ++++++----
 src/config.rs                                 | 21 ++++++++++++++++++-
 src/db/schema.rs                              |  2 +-
 src/main.rs                                   |  2 ++
 src/server.rs                                 |  9 ++++++--
 src/test.rs                                   |  1 +
 10 files changed, 76 insertions(+), 8 deletions(-)
 create mode 100644 migrations/2019-08-08-042731_blob_auth_secret/down.sql
 create mode 100644 migrations/2019-08-08-042731_blob_auth_secret/up.sql

diff --git a/Cargo.lock b/Cargo.lock
index 1e2b8c6..3f7bbed 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -711,6 +711,11 @@ dependencies = [
  "tokio-io 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "hex"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
 [[package]]
 name = "hmac"
 version = "0.7.1"
@@ -1454,6 +1459,7 @@ dependencies = [
  "diesel_migrations 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "error-chain 0.12.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "getopts 0.2.19 (registry+https://github.com/rust-lang/crates.io-index)",
+ "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "id3 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "image 0.22.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "lewton 0.9.4 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -2627,6 +2633,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum getrandom 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "34f33de6f0ae7c9cb5e574502a562e2b512799e32abb801cd1e79ad952b62b49"
 "checksum gif 0.10.2 (registry+https://github.com/rust-lang/crates.io-index)" = "86c2f2b597d6e05c86ee5947b2223bda468fe8dad3e88e2a6520869322aaf568"
 "checksum h2 0.1.26 (registry+https://github.com/rust-lang/crates.io-index)" = "a5b34c246847f938a410a03c5458c7fee2274436675e76d8b903c08efc29c462"
+"checksum hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "805026a5d0141ffc30abb3be3173848ad46a1b1664fe632428479619a3644d77"
 "checksum hmac 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)" = "5dcb5e64cda4c23119ab41ba960d1e170a774c8e4b9d9e6a9bc18aabf5e59695"
 "checksum http 0.1.18 (registry+https://github.com/rust-lang/crates.io-index)" = "372bcb56f939e449117fb0869c2e8fd8753a8223d92a172c6e808cf123a5b6e4"
 "checksum http-body 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "6741c859c1b2463a423a1dbce98d418e6c3c3fc720fb0d45528657320920292d"
diff --git a/Cargo.toml b/Cargo.toml
index 49b7616..b6ae301 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -15,6 +15,7 @@ diesel = { version = "1.4", features = ["sqlite"] }
 diesel_migrations = { version = "1.4", features = ["sqlite"] }
 error-chain = "0.12.0"
 getopts = "0.2.15"
+hex = "0.3"
 id3 = "0.3"
 image = "0.22"
 rustfm-scrobble = { git = "https://github.com/agersant/rustfm-scrobble" }
diff --git a/migrations/2019-08-08-042731_blob_auth_secret/down.sql b/migrations/2019-08-08-042731_blob_auth_secret/down.sql
new file mode 100644
index 0000000..8dc48c9
--- /dev/null
+++ b/migrations/2019-08-08-042731_blob_auth_secret/down.sql
@@ -0,0 +1,15 @@
+CREATE TEMPORARY TABLE misc_settings_backup(id, index_sleep_duration_seconds, index_album_art_pattern, prefix_url);
+INSERT INTO misc_settings_backup
+SELECT id, index_sleep_duration_seconds, index_album_art_pattern, prefix_url
+FROM misc_settings;
+DROP TABLE misc_settings;
+CREATE TABLE misc_settings (
+	   id INTEGER PRIMARY KEY NOT NULL CHECK(id = 0),
+	   auth_secret BLOB NOT NULL DEFAULT (hex(randomblob(32))),
+	   index_sleep_duration_seconds INTEGER NOT NULL,
+	   index_album_art_pattern TEXT NOT NULL,
+       prefix_url TEXT NOT NULL DEFAULT ""
+);
+INSERT INTO misc_settings(id, index_sleep_duration_seconds, index_album_art_pattern, prefix_url)
+SELECT * FROM misc_settings_backup;
+DROP TABLE misc_settings_backup;
diff --git a/migrations/2019-08-08-042731_blob_auth_secret/up.sql b/migrations/2019-08-08-042731_blob_auth_secret/up.sql
new file mode 100644
index 0000000..9f15588
--- /dev/null
+++ b/migrations/2019-08-08-042731_blob_auth_secret/up.sql
@@ -0,0 +1,15 @@
+CREATE TEMPORARY TABLE misc_settings_backup(id, index_sleep_duration_seconds, index_album_art_pattern, prefix_url);
+INSERT INTO misc_settings_backup
+SELECT id, index_sleep_duration_seconds, index_album_art_pattern, prefix_url
+FROM misc_settings;
+DROP TABLE misc_settings;
+CREATE TABLE misc_settings (
+	   id INTEGER PRIMARY KEY NOT NULL CHECK(id = 0),
+	   auth_secret BLOB NOT NULL DEFAULT (randomblob(32)),
+	   index_sleep_duration_seconds INTEGER NOT NULL,
+	   index_album_art_pattern TEXT NOT NULL,
+       prefix_url TEXT NOT NULL DEFAULT ""
+);
+INSERT INTO misc_settings(id, index_sleep_duration_seconds, index_album_art_pattern, prefix_url)
+SELECT * FROM misc_settings_backup;
+DROP TABLE misc_settings_backup;
diff --git a/src/api_tests.rs b/src/api_tests.rs
index 5f3077c..be8efa1 100644
--- a/src/api_tests.rs
+++ b/src/api_tests.rs
@@ -421,7 +421,9 @@ fn serve() {
 	env.update_index();
 
 	{
-		let mut response = client.get("/api/serve/collection%2FKhemmis%2FHunted%2F02%20-%20Candlelight.mp3").dispatch();
+		let mut response = client
+			.get("/api/serve/collection%2FKhemmis%2FHunted%2F02%20-%20Candlelight.mp3")
+			.dispatch();
 		assert_eq!(response.status(), Status::Ok);
 		let body = response.body().unwrap();
 		let body = body.into_bytes().unwrap();
@@ -429,9 +431,10 @@ fn serve() {
 	}
 
 	{
-		let mut response = client.get("/api/serve/collection%2FKhemmis%2FHunted%2F02%20-%20Candlelight.mp3")
-							.header(Range::bytes(100, 299))
-							.dispatch();
+		let mut response = client
+			.get("/api/serve/collection%2FKhemmis%2FHunted%2F02%20-%20Candlelight.mp3")
+			.header(Range::bytes(100, 299))
+			.dispatch();
 		assert_eq!(response.status(), Status::PartialContent);
 		let body = response.body().unwrap();
 		let body = body.into_bytes().unwrap();
diff --git a/src/config.rs b/src/config.rs
index 0778eea..b969160 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -21,7 +21,7 @@ use crate::vfs::MountPoint;
 #[derive(Debug, Queryable)]
 pub struct MiscSettings {
 	id: i32,
-	pub auth_secret: String,
+	pub auth_secret: Vec<u8>,
 	pub index_sleep_duration_seconds: i32,
 	pub index_album_art_pattern: String,
 	pub prefix_url: String,
@@ -98,6 +98,7 @@ where
 			prefix_url,
 		))
 		.get_result(connection.deref())?;
+
 	config.album_art_pattern = Some(art_pattern);
 	config.reindex_every_n_seconds = Some(sleep_duration);
 	config.prefix_url = if url != "" { Some(url) } else { None };
@@ -276,6 +277,24 @@ where
 	Ok(())
 }
 
+pub fn get_auth_secret<T>(db: &T) -> Result<Vec<u8>>
+where
+	T: ConnectionSource,
+{
+	use self::misc_settings::dsl::*;
+
+	let connection = db.get_connection();
+
+	match misc_settings
+		.select(auth_secret)
+		.get_result(connection.deref())
+	{
+		Err(diesel::result::Error::NotFound) => bail!("Cannot find authentication secret"),
+		Ok(secret) => Ok(secret),
+		Err(e) => Err(e.into()),
+	}
+}
+
 fn clean_path_string(path_string: &str) -> path::PathBuf {
 	let separator_regex = Regex::new(r"\\|/").unwrap();
 	let mut correct_separator = String::new();
diff --git a/src/db/schema.rs b/src/db/schema.rs
index 7ea047a..4ca18b7 100644
--- a/src/db/schema.rs
+++ b/src/db/schema.rs
@@ -23,7 +23,7 @@ table! {
 table! {
 	misc_settings (id) {
 		id -> Integer,
-		auth_secret -> Text,
+		auth_secret -> Binary,
 		index_sleep_duration_seconds -> Integer,
 		index_album_art_pattern -> Text,
 		prefix_url -> Text,
diff --git a/src/main.rs b/src/main.rs
index d6d4b6e..ea55569 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -196,6 +196,7 @@ fn run() -> Result<()> {
 		config::overwrite(db.deref(), &config)?;
 	}
 	let config = config::read(db.deref())?;
+	let auth_secret = config::get_auth_secret(db.deref())?;
 
 	// Init index
 	info!("Initializing index");
@@ -245,6 +246,7 @@ fn run() -> Result<()> {
 
 	let server = server::get_server(
 		port,
+		Some(auth_secret.as_slice()),
 		&api_url,
 		&web_url,
 		&web_dir_path,
diff --git a/src/server.rs b/src/server.rs
index cdaf255..a83297f 100644
--- a/src/server.rs
+++ b/src/server.rs
@@ -13,6 +13,7 @@ pub struct StaticDirs {
 
 pub fn get_server(
 	port: u16,
+	auth_secret: Option<&[u8]>,
 	api_url: &str,
 	web_url: &str,
 	web_dir_path: &PathBuf,
@@ -21,11 +22,15 @@ pub fn get_server(
 	db: Arc<DB>,
 	command_sender: Arc<CommandSender>,
 ) -> Result<rocket::Rocket, errors::Error> {
-
-	let config = rocket::Config::build(rocket::config::Environment::Production)
+	let mut config = rocket::Config::build(rocket::config::Environment::Production)
 		.port(port)
 		.finalize()?;
 
+	if let Some(secret) = auth_secret {
+		let encoded = base64::encode(secret);
+		config.set_secret_key(encoded)?;
+	}
+
 	let static_dirs = Arc::new(StaticDirs {
 		web_dir_path: web_dir_path.to_path_buf(),
 		swagger_dir_path: swagger_dir_path.to_path_buf(),
diff --git a/src/test.rs b/src/test.rs
index 668de13..72487ae 100644
--- a/src/test.rs
+++ b/src/test.rs
@@ -44,6 +44,7 @@ pub fn get_test_environment(db_name: &str) -> TestEnvironment {
 
 	let server = server::get_server(
 		5050,
+		None,
 		"/api",
 		"/",
 		&web_dir_path,