diff --git a/Cargo.lock b/Cargo.lock index 6164b4f..fd6a9c5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -21,7 +21,7 @@ dependencies = [ "gxhash", "hex", "hickory-resolver", - "hmac", + "hmac 0.13.0", "juniper", "juniper_rocket", "k256", @@ -34,14 +34,14 @@ dependencies = [ "p256", "prost", "quick-xml", - "rand 0.8.5", + "rand 0.10.1", "reqwest", "rocket", "rocket_cors", "sentry", "serde", "serde_json", - "sha2", + "sha2 0.11.0", "sha256", "sqlx", "thiserror 2.0.18", @@ -657,6 +657,12 @@ dependencies = [ "cc", ] +[[package]] +name = "cmov" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f88a43d011fc4a6876cb7344703e297c71dda42494fee094d5f7c76bf13f746" + [[package]] name = "combine" version = "4.6.7" @@ -827,6 +833,15 @@ dependencies = [ "hybrid-array", ] +[[package]] +name = "ctutils" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d5515a3834141de9eafb9717ad39eea8247b5674e6066c404e8c4b365d2a29e" +dependencies = [ + "cmov", +] + [[package]] name = "data-encoding" version = "2.11.0" @@ -959,6 +974,7 @@ dependencies = [ "block-buffer 0.12.0", "const-oid 0.10.2", "crypto-common 0.2.1", + "ctutils", ] [[package]] @@ -989,7 +1005,7 @@ dependencies = [ "num-traits", "pkcs8", "rfc6979", - "sha2", + "sha2 0.10.9", "signature", "zeroize", ] @@ -1536,7 +1552,7 @@ version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" dependencies = [ - "hmac", + "hmac 0.12.1", ] [[package]] @@ -1548,6 +1564,15 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "hmac" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6303bc9732ae41b04cb554b844a762b4115a61bfaa81e3e83050991eeb56863f" +dependencies = [ + "digest 0.11.2", +] + [[package]] name = "home" version = "0.5.11" @@ -2142,7 +2167,7 @@ dependencies = [ "ecdsa", "elliptic-curve", "once_cell", - "sha2", + "sha2 0.10.9", "signature", ] @@ -2527,6 +2552,15 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe" +[[package]] +name = "openssl-src" +version = "300.6.0+3.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8e8cbfd3a4a8c8f089147fd7aaa33cf8c7450c4d09f8f80698a0cf093abeff4" +dependencies = [ + "cc", +] + [[package]] name = "openssl-sys" version = "0.9.114" @@ -2535,6 +2569,7 @@ checksum = "13ce1245cd07fcc4cfdb438f7507b0c7e4f3849a69fd84d52374c66d83741bb6" dependencies = [ "cc", "libc", + "openssl-src", "pkg-config", "vcpkg", ] @@ -2565,7 +2600,7 @@ dependencies = [ "ecdsa", "elliptic-curve", "primeorder", - "sha2", + "sha2 0.10.9", ] [[package]] @@ -3072,7 +3107,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" dependencies = [ - "hmac", + "hmac 0.12.1", "subtle", ] @@ -3634,6 +3669,17 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "sha2" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4" +dependencies = [ + "cfg-if", + "cpufeatures 0.3.0", + "digest 0.11.2", +] + [[package]] name = "sha256" version = "1.6.0" @@ -3643,7 +3689,7 @@ dependencies = [ "async-trait", "bytes", "hex", - "sha2", + "sha2 0.10.9", "tokio", ] @@ -3795,7 +3841,7 @@ dependencies = [ "percent-encoding", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "smallvec", "thiserror 2.0.18", "tokio", @@ -3832,7 +3878,7 @@ dependencies = [ "quote", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "sqlx-core", "sqlx-mysql", "sqlx-postgres", @@ -3865,7 +3911,7 @@ dependencies = [ "generic-array", "hex", "hkdf", - "hmac", + "hmac 0.12.1", "itoa", "log", "md-5 0.10.6", @@ -3876,7 +3922,7 @@ dependencies = [ "rsa", "serde", "sha1 0.10.6", - "sha2", + "sha2 0.10.9", "smallvec", "sqlx-core", "stringprep", @@ -3904,7 +3950,7 @@ dependencies = [ "futures-util", "hex", "hkdf", - "hmac", + "hmac 0.12.1", "home", "ipnetwork", "itoa", @@ -3915,7 +3961,7 @@ dependencies = [ "rand 0.8.5", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "smallvec", "sqlx-core", "stringprep", diff --git a/Cargo.toml b/Cargo.toml index 597295c..efa0706 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,7 +23,7 @@ once_cell = "1.20.3" serde_json = "1.0.139" chrono = { version = "0.4.39", features = ["serde"] } argon2 = "0.5.3" -sha2 = "0.10.8" +sha2 = "0.11.0" bytemuck = { version = "1.21.0", features = ["derive"] } base64 = "0.22.1" hex = "0.4.3" @@ -31,7 +31,7 @@ thiserror = "2.0.11" bcrypt = "0.19.0" sqlx = { version = "0.8.3", features = [ "runtime-tokio", "tls-native-tls", "postgres", "chrono", "ipnetwork" ] } aes = "0.8.4" -hmac = "0.12.1" +hmac = "0.13.0" md-5 = "0.11.0" cbc = "0.1.2" mii = { path = "./mii" } @@ -45,7 +45,7 @@ juniper_rocket = "0.10.0" prost = "0.14.0" lettre = "0.11.15" -rand = "0.8.5" +rand = { version = "0.10.0", features = ["std"] } reqwest = "0.13.0" binrw = "0.15.1" ecdsa = { version = "0.16.9", features = ["pem", "std", "verifying"] } @@ -53,6 +53,6 @@ sha256 = "1.6.0" p256 = "0.13.2" k256 = "0.13.4" dsa = "0.6.3" -openssl = "0.10.78" +openssl = {version = "0.10.78", features = ["vendored"]} time = "0.3.47" -hickory-resolver = { version = "0.24", features = ["tokio-runtime"] } \ No newline at end of file +hickory-resolver = { version = "0.24", features = ["tokio-runtime"] } diff --git a/Dockerfile b/Dockerfile index d868a5c..7c1b107 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM rust:alpine as builder -RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static protobuf-dev lld +RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static protobuf-dev lld perl make WORKDIR /app @@ -16,7 +16,7 @@ COPY . . RUN touch src/main.rs ENV SQLX_OFFLINE=true -RUN OPENSSL_LIB_DIR=/usr/lib OPENSSL_INCLUDE_DIR=/usr/include/openssl OPENSSL_STATIC=1 RUSTFLAGS="-C target-feature=+aes,+sse -C relocation-model=static -C linker=ld.lld" cargo build --profile prod --target x86_64-unknown-linux-musl +RUN RUSTFLAGS="-C target-feature=+aes,+sse -C relocation-model=static -C linker=ld.lld" cargo build --profile prod --target x86_64-unknown-linux-musl FROM scratch AS final diff --git a/src/account/account.rs b/src/account/account.rs index 2d43166..fd58a1b 100644 --- a/src/account/account.rs +++ b/src/account/account.rs @@ -20,7 +20,7 @@ use openssl::ecdsa::EcdsaSig; use openssl::error::ErrorStack; use openssl::nid::Nid; use openssl::pkey::Public; -use rand::Rng; +use rand::prelude::*; use rocket::http::Status; use rocket::request::{FromRequest, Outcome}; use rocket::{Request, async_trait}; @@ -81,9 +81,9 @@ pub struct _CertificatePid { fn generate_nintendo_hash(pid: i32, text_password: &str) -> String { let mut sha = Sha256::new(); - sha.write_all(&bytes_of(&pid)).unwrap(); - sha.write_all(&[0x02, 0x65, 0x43, 0x46]).unwrap(); - sha.write_all(text_password.as_bytes()).unwrap(); + sha.update(&bytes_of(&pid)); + sha.update(&[0x02, 0x65, 0x43, 0x46]); + sha.update(text_password.as_bytes()); hex::encode(&sha.finalize()[..]) } @@ -193,18 +193,18 @@ pub async fn read_bearer_auth_token(connection: &Pool, token: &str) -> Option String { - let mut rng = rand::thread_rng(); + let mut rng = rand::rng(); let mut output = String::with_capacity(16); while output.len() < 16 { - let offset: u8 = rng.gen_range(0..62); + let offset: u8 = rng.random_range(0..62); let character = if offset < 10 { (offset + b'0') as char } else if offset < 36 { - (offset + 55) as char + (offset + 55) as char // A-Z } else { - (offset + 61) as char + (offset + 61) as char // a-z }; output.push(character); diff --git a/src/graphql/mod.rs b/src/graphql/mod.rs index 633be82..b8ce114 100644 --- a/src/graphql/mod.rs +++ b/src/graphql/mod.rs @@ -48,7 +48,8 @@ impl juniper::Context for Context {} struct TokenInfo { pid: i32, expire_date: NaiveDateTime, - title_id: Option + title_id: Option, + token_type: i32 } #[derive(GraphQLObject)] @@ -60,6 +61,16 @@ struct UserInfo { mii_data: String, } +#[derive(GraphQLObject)] +#[graphql(description = "User information from a token")] +struct TokenUserInfo { + username: String, + account_level: i32, + nex_password: String, + mii_data: String, + token_type: i32, +} + #[derive(GraphQLObject)] #[graphql(description = "User information from a username")] pub struct UserInfoWithPId { @@ -96,13 +107,14 @@ impl Query { pid: data.pid, expire_date: token_info.expires, title_id: token_info.title_id, + token_type: token_info.token_type, }) } async fn user_from_token( token_data: String, context: &Context, - ) -> Option { + ) -> Option { let data = match TokenData::decode(&token_data) { Some(data) => data, None => { @@ -111,6 +123,13 @@ impl Query { } }; + let token_info = + sqlx::query!( + "select * from tokens where pid = $1 and token_id = $2 and random = $3", + data.pid, data.token_id, data.random + ). + fetch_one(&context.pool).await.ok()?; + let user = match sqlx::query!( "SELECT username, account_level, nex_password, mii_data FROM users WHERE pid = $1", data.pid @@ -127,11 +146,12 @@ impl Query { let nex_password = user.nex_password; - Some(UserInfo { + Some(TokenUserInfo { username: user.username, account_level: user.account_level, nex_password, mii_data: user.mii_data.replace('\n', "").replace('\r', ""), + token_type: token_info.token_type }) } diff --git a/src/nnid/people.rs b/src/nnid/people.rs index 7d5f721..db9e690 100644 --- a/src/nnid/people.rs +++ b/src/nnid/people.rs @@ -11,7 +11,7 @@ use crate::nnid::timezones::{OFFSET_FROM_TIMEZONE}; use crate::Pool; use crate::xml::{Xml, YesNoVal}; use crate::email::send_verification_email; -use rand::Rng; +use rand::prelude::*; // Not in use currently. //use mii::{get_image_png, get_image_tga}; use crate::mii_util::get_mii_img_url; @@ -118,7 +118,7 @@ pub async fn create_account(database: &State, data: Xml, auth: Auth) -> R let token = create_token(pool, auth.pid, NEX_TOKEN, None).await; - - Ok( Xml( ServiceToken{ @@ -114,4 +112,4 @@ pub async fn get_nex_token(pool: &State, auth: Auth, game_ser } ) ) -} \ No newline at end of file +}