From 7ead9440ee3f7cc09a64777845d23d06f7d594a0 Mon Sep 17 00:00:00 2001 From: Spacebot Date: Wed, 29 Apr 2026 00:01:09 +0000 Subject: [PATCH 1/6] Update Rust crate sha2 to 0.11.0 --- Cargo.lock | 46 +++++++++++++++++++++++++++++++++------------- Cargo.toml | 2 +- 2 files changed, 34 insertions(+), 14 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 906c47f..8ed831b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -41,7 +41,7 @@ dependencies = [ "sentry", "serde", "serde_json", - "sha2", + "sha2 0.11.0", "sha256", "sqlx", "thiserror 2.0.18", @@ -224,7 +224,7 @@ checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" dependencies = [ "cfg-if", "cipher", - "cpufeatures", + "cpufeatures 0.2.17", ] [[package]] @@ -271,7 +271,7 @@ checksum = "3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072" dependencies = [ "base64ct", "blake2", - "cpufeatures", + "cpufeatures 0.2.17", "password-hash", ] @@ -668,6 +668,15 @@ dependencies = [ "libc", ] +[[package]] +name = "cpufeatures" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b2a41393f66f16b0823bb79094d54ac5fbd34ab292ddafb9a0456ac9f87d201" +dependencies = [ + "libc", +] + [[package]] name = "crc" version = "3.2.1" @@ -890,7 +899,7 @@ dependencies = [ "num-traits", "pkcs8", "rfc6979", - "sha2", + "sha2 0.10.9", "signature", "zeroize", ] @@ -1945,7 +1954,7 @@ dependencies = [ "ecdsa", "elliptic-curve", "once_cell", - "sha2", + "sha2 0.10.9", "signature", ] @@ -2372,7 +2381,7 @@ dependencies = [ "ecdsa", "elliptic-curve", "primeorder", - "sha2", + "sha2 0.10.9", ] [[package]] @@ -3267,7 +3276,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" dependencies = [ "cfg-if", - "cpufeatures", + "cpufeatures 0.2.17", "digest 0.10.7", ] @@ -3278,10 +3287,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" dependencies = [ "cfg-if", - "cpufeatures", + "cpufeatures 0.2.17", "digest 0.10.7", ] +[[package]] +name = "sha2" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4" +dependencies = [ + "cfg-if", + "cpufeatures 0.3.0", + "digest 0.11.2", +] + [[package]] name = "sha256" version = "1.6.0" @@ -3291,7 +3311,7 @@ dependencies = [ "async-trait", "bytes", "hex", - "sha2", + "sha2 0.10.9", "tokio", ] @@ -3427,7 +3447,7 @@ dependencies = [ "percent-encoding", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "smallvec", "thiserror 2.0.18", "tokio", @@ -3464,7 +3484,7 @@ dependencies = [ "quote", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "sqlx-core", "sqlx-mysql", "sqlx-postgres", @@ -3508,7 +3528,7 @@ dependencies = [ "rsa", "serde", "sha1", - "sha2", + "sha2 0.10.9", "smallvec", "sqlx-core", "stringprep", @@ -3547,7 +3567,7 @@ dependencies = [ "rand 0.8.5", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "smallvec", "sqlx-core", "stringprep", diff --git a/Cargo.toml b/Cargo.toml index 88aca0a..774b3a7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,7 +23,7 @@ once_cell = "1.20.3" serde_json = "1.0.139" chrono = { version = "0.4.39", features = ["serde"] } argon2 = "0.5.3" -sha2 = "0.10.8" +sha2 = "0.11.0" bytemuck = { version = "1.21.0", features = ["derive"] } base64 = "0.22.1" hex = "0.4.3" From a7910bb167173b94248159b525ab17d9b7bccd76 Mon Sep 17 00:00:00 2001 From: Spacebot Date: Wed, 29 Apr 2026 08:30:59 +0000 Subject: [PATCH 2/6] Update Rust crate hmac to 0.13.0 --- Cargo.lock | 35 ++++++++++++++++++++++++++++++----- Cargo.toml | 2 +- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6164b4f..e347ee6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -21,7 +21,7 @@ dependencies = [ "gxhash", "hex", "hickory-resolver", - "hmac", + "hmac 0.13.0", "juniper", "juniper_rocket", "k256", @@ -657,6 +657,12 @@ dependencies = [ "cc", ] +[[package]] +name = "cmov" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f88a43d011fc4a6876cb7344703e297c71dda42494fee094d5f7c76bf13f746" + [[package]] name = "combine" version = "4.6.7" @@ -827,6 +833,15 @@ dependencies = [ "hybrid-array", ] +[[package]] +name = "ctutils" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d5515a3834141de9eafb9717ad39eea8247b5674e6066c404e8c4b365d2a29e" +dependencies = [ + "cmov", +] + [[package]] name = "data-encoding" version = "2.11.0" @@ -959,6 +974,7 @@ dependencies = [ "block-buffer 0.12.0", "const-oid 0.10.2", "crypto-common 0.2.1", + "ctutils", ] [[package]] @@ -1536,7 +1552,7 @@ version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" dependencies = [ - "hmac", + "hmac 0.12.1", ] [[package]] @@ -1548,6 +1564,15 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "hmac" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6303bc9732ae41b04cb554b844a762b4115a61bfaa81e3e83050991eeb56863f" +dependencies = [ + "digest 0.11.2", +] + [[package]] name = "home" version = "0.5.11" @@ -3072,7 +3097,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" dependencies = [ - "hmac", + "hmac 0.12.1", "subtle", ] @@ -3865,7 +3890,7 @@ dependencies = [ "generic-array", "hex", "hkdf", - "hmac", + "hmac 0.12.1", "itoa", "log", "md-5 0.10.6", @@ -3904,7 +3929,7 @@ dependencies = [ "futures-util", "hex", "hkdf", - "hmac", + "hmac 0.12.1", "home", "ipnetwork", "itoa", diff --git a/Cargo.toml b/Cargo.toml index 597295c..99e0202 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -31,7 +31,7 @@ thiserror = "2.0.11" bcrypt = "0.19.0" sqlx = { version = "0.8.3", features = [ "runtime-tokio", "tls-native-tls", "postgres", "chrono", "ipnetwork" ] } aes = "0.8.4" -hmac = "0.12.1" +hmac = "0.13.0" md-5 = "0.11.0" cbc = "0.1.2" mii = { path = "./mii" } From aa0cd97faae608fc62df093b9c2b6697440cbe94 Mon Sep 17 00:00:00 2001 From: Spacebot Date: Wed, 29 Apr 2026 08:31:17 +0000 Subject: [PATCH 3/6] Update Rust crate sha2 to 0.11.0 --- Cargo.lock | 29 ++++++++++++++++++++--------- Cargo.toml | 2 +- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6164b4f..41a57f2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -41,7 +41,7 @@ dependencies = [ "sentry", "serde", "serde_json", - "sha2", + "sha2 0.11.0", "sha256", "sqlx", "thiserror 2.0.18", @@ -989,7 +989,7 @@ dependencies = [ "num-traits", "pkcs8", "rfc6979", - "sha2", + "sha2 0.10.9", "signature", "zeroize", ] @@ -2142,7 +2142,7 @@ dependencies = [ "ecdsa", "elliptic-curve", "once_cell", - "sha2", + "sha2 0.10.9", "signature", ] @@ -2565,7 +2565,7 @@ dependencies = [ "ecdsa", "elliptic-curve", "primeorder", - "sha2", + "sha2 0.10.9", ] [[package]] @@ -3634,6 +3634,17 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "sha2" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4" +dependencies = [ + "cfg-if", + "cpufeatures 0.3.0", + "digest 0.11.2", +] + [[package]] name = "sha256" version = "1.6.0" @@ -3643,7 +3654,7 @@ dependencies = [ "async-trait", "bytes", "hex", - "sha2", + "sha2 0.10.9", "tokio", ] @@ -3795,7 +3806,7 @@ dependencies = [ "percent-encoding", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "smallvec", "thiserror 2.0.18", "tokio", @@ -3832,7 +3843,7 @@ dependencies = [ "quote", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "sqlx-core", "sqlx-mysql", "sqlx-postgres", @@ -3876,7 +3887,7 @@ dependencies = [ "rsa", "serde", "sha1 0.10.6", - "sha2", + "sha2 0.10.9", "smallvec", "sqlx-core", "stringprep", @@ -3915,7 +3926,7 @@ dependencies = [ "rand 0.8.5", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "smallvec", "sqlx-core", "stringprep", diff --git a/Cargo.toml b/Cargo.toml index 597295c..e9f3a2b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,7 +23,7 @@ once_cell = "1.20.3" serde_json = "1.0.139" chrono = { version = "0.4.39", features = ["serde"] } argon2 = "0.5.3" -sha2 = "0.10.8" +sha2 = "0.11.0" bytemuck = { version = "1.21.0", features = ["derive"] } base64 = "0.22.1" hex = "0.4.3" From 8940b099e927152eb6e12104d712dd40d258d7c3 Mon Sep 17 00:00:00 2001 From: red binder Date: Wed, 29 Apr 2026 10:42:09 +0200 Subject: [PATCH 4/6] Update rand and sha --- Cargo.lock | 31 ++++++++++++++++++++++++++++++- Cargo.toml | 4 ++-- src/account/account.rs | 16 ++++++++-------- src/nnid/people.rs | 4 ++-- 4 files changed, 42 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8ed831b..d2fbc76 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -34,7 +34,7 @@ dependencies = [ "p256", "prost", "quick-xml", - "rand 0.8.5", + "rand 0.10.1", "reqwest", "rocket", "rocket_cors", @@ -573,6 +573,17 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "chacha20" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f8d983286843e49675a4b7a2d174efe136dc93a18d69130dd18198a6c167601" +dependencies = [ + "cfg-if", + "cpufeatures 0.3.0", + "rand_core 0.10.1", +] + [[package]] name = "chrono" version = "0.4.44" @@ -1254,6 +1265,7 @@ dependencies = [ "cfg-if", "libc", "r-efi", + "rand_core 0.10.1", "wasip2", "wasip3", ] @@ -2632,6 +2644,17 @@ dependencies = [ "rand_core 0.9.3", ] +[[package]] +name = "rand" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2e8e8bcc7961af1fdac401278c6a831614941f6164ee3bf4ce61b7edb162207" +dependencies = [ + "chacha20", + "getrandom 0.4.2", + "rand_core 0.10.1", +] + [[package]] name = "rand_chacha" version = "0.3.1" @@ -2670,6 +2693,12 @@ dependencies = [ "getrandom 0.3.1", ] +[[package]] +name = "rand_core" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63b8176103e19a2643978565ca18b50549f6101881c443590420e4dc998a3c69" + [[package]] name = "redox_syscall" version = "0.5.9" diff --git a/Cargo.toml b/Cargo.toml index 774b3a7..4a952cd 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -45,7 +45,7 @@ juniper_rocket = "0.10.0" prost = "0.13.4" lettre = "0.11.15" -rand = "0.8.5" +rand = { version = "0.10.0", features = ["std"] } reqwest = "0.12.12" binrw = "0.15.1" ecdsa = { version = "0.16.9", features = ["pem", "std", "verifying"] } @@ -55,4 +55,4 @@ k256 = "0.13.4" dsa = "0.6.3" openssl = "0.10.78" time = "0.3.47" -hickory-resolver = { version = "0.24", features = ["tokio-runtime"] } \ No newline at end of file +hickory-resolver = { version = "0.24", features = ["tokio-runtime"] } diff --git a/src/account/account.rs b/src/account/account.rs index 2d43166..fd58a1b 100644 --- a/src/account/account.rs +++ b/src/account/account.rs @@ -20,7 +20,7 @@ use openssl::ecdsa::EcdsaSig; use openssl::error::ErrorStack; use openssl::nid::Nid; use openssl::pkey::Public; -use rand::Rng; +use rand::prelude::*; use rocket::http::Status; use rocket::request::{FromRequest, Outcome}; use rocket::{Request, async_trait}; @@ -81,9 +81,9 @@ pub struct _CertificatePid { fn generate_nintendo_hash(pid: i32, text_password: &str) -> String { let mut sha = Sha256::new(); - sha.write_all(&bytes_of(&pid)).unwrap(); - sha.write_all(&[0x02, 0x65, 0x43, 0x46]).unwrap(); - sha.write_all(text_password.as_bytes()).unwrap(); + sha.update(&bytes_of(&pid)); + sha.update(&[0x02, 0x65, 0x43, 0x46]); + sha.update(text_password.as_bytes()); hex::encode(&sha.finalize()[..]) } @@ -193,18 +193,18 @@ pub async fn read_bearer_auth_token(connection: &Pool, token: &str) -> Option String { - let mut rng = rand::thread_rng(); + let mut rng = rand::rng(); let mut output = String::with_capacity(16); while output.len() < 16 { - let offset: u8 = rng.gen_range(0..62); + let offset: u8 = rng.random_range(0..62); let character = if offset < 10 { (offset + b'0') as char } else if offset < 36 { - (offset + 55) as char + (offset + 55) as char // A-Z } else { - (offset + 61) as char + (offset + 61) as char // a-z }; output.push(character); diff --git a/src/nnid/people.rs b/src/nnid/people.rs index 7d5f721..db9e690 100644 --- a/src/nnid/people.rs +++ b/src/nnid/people.rs @@ -11,7 +11,7 @@ use crate::nnid::timezones::{OFFSET_FROM_TIMEZONE}; use crate::Pool; use crate::xml::{Xml, YesNoVal}; use crate::email::send_verification_email; -use rand::Rng; +use rand::prelude::*; // Not in use currently. //use mii::{get_image_png, get_image_tga}; use crate::mii_util::get_mii_img_url; @@ -118,7 +118,7 @@ pub async fn create_account(database: &State, data: Xml Date: Sat, 2 May 2026 13:42:03 +0200 Subject: [PATCH 5/6] fix openssl --- Cargo.lock | 8 +++++++- Cargo.toml | 2 +- Dockerfile | 4 ++-- src/nnid/provider.rs | 4 +--- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 05c6365..5050606 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -607,6 +607,12 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "cfg_aliases" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" + [[package]] name = "chacha20" version = "0.10.0" @@ -3905,7 +3911,7 @@ dependencies = [ "rand 0.8.5", "rsa", "serde", - "sha1", + "sha1 0.10.6", "sha2 0.10.9", "smallvec", "sqlx-core", diff --git a/Cargo.toml b/Cargo.toml index 89dd73f..efa0706 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -53,6 +53,6 @@ sha256 = "1.6.0" p256 = "0.13.2" k256 = "0.13.4" dsa = "0.6.3" -openssl = "0.10.78" +openssl = {version = "0.10.78", features = ["vendored"]} time = "0.3.47" hickory-resolver = { version = "0.24", features = ["tokio-runtime"] } diff --git a/Dockerfile b/Dockerfile index d868a5c..7c1b107 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM rust:alpine as builder -RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static protobuf-dev lld +RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static protobuf-dev lld perl make WORKDIR /app @@ -16,7 +16,7 @@ COPY . . RUN touch src/main.rs ENV SQLX_OFFLINE=true -RUN OPENSSL_LIB_DIR=/usr/lib OPENSSL_INCLUDE_DIR=/usr/include/openssl OPENSSL_STATIC=1 RUSTFLAGS="-C target-feature=+aes,+sse -C relocation-model=static -C linker=ld.lld" cargo build --profile prod --target x86_64-unknown-linux-musl +RUN RUSTFLAGS="-C target-feature=+aes,+sse -C relocation-model=static -C linker=ld.lld" cargo build --profile prod --target x86_64-unknown-linux-musl FROM scratch AS final diff --git a/src/nnid/provider.rs b/src/nnid/provider.rs index a178b53..973916a 100644 --- a/src/nnid/provider.rs +++ b/src/nnid/provider.rs @@ -57,8 +57,6 @@ pub async fn get_service_token(pool: &State, auth: Auth) -> R let token = create_token(pool, auth.pid, NEX_TOKEN, None).await; - - Ok( Xml( ServiceToken{ @@ -114,4 +112,4 @@ pub async fn get_nex_token(pool: &State, auth: Auth, game_ser } ) ) -} \ No newline at end of file +} From ac7cb0ddeeebfad2d5df579b4e1518eda2a8cf22 Mon Sep 17 00:00:00 2001 From: red binder Date: Mon, 4 May 2026 21:27:32 +0200 Subject: [PATCH 6/6] Add token type to GraphQL requests --- Cargo.lock | 10 ++++++++++ src/graphql/mod.rs | 26 +++++++++++++++++++++++--- 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5050606..fd6a9c5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2552,6 +2552,15 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe" +[[package]] +name = "openssl-src" +version = "300.6.0+3.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8e8cbfd3a4a8c8f089147fd7aaa33cf8c7450c4d09f8f80698a0cf093abeff4" +dependencies = [ + "cc", +] + [[package]] name = "openssl-sys" version = "0.9.114" @@ -2560,6 +2569,7 @@ checksum = "13ce1245cd07fcc4cfdb438f7507b0c7e4f3849a69fd84d52374c66d83741bb6" dependencies = [ "cc", "libc", + "openssl-src", "pkg-config", "vcpkg", ] diff --git a/src/graphql/mod.rs b/src/graphql/mod.rs index 633be82..b8ce114 100644 --- a/src/graphql/mod.rs +++ b/src/graphql/mod.rs @@ -48,7 +48,8 @@ impl juniper::Context for Context {} struct TokenInfo { pid: i32, expire_date: NaiveDateTime, - title_id: Option + title_id: Option, + token_type: i32 } #[derive(GraphQLObject)] @@ -60,6 +61,16 @@ struct UserInfo { mii_data: String, } +#[derive(GraphQLObject)] +#[graphql(description = "User information from a token")] +struct TokenUserInfo { + username: String, + account_level: i32, + nex_password: String, + mii_data: String, + token_type: i32, +} + #[derive(GraphQLObject)] #[graphql(description = "User information from a username")] pub struct UserInfoWithPId { @@ -96,13 +107,14 @@ impl Query { pid: data.pid, expire_date: token_info.expires, title_id: token_info.title_id, + token_type: token_info.token_type, }) } async fn user_from_token( token_data: String, context: &Context, - ) -> Option { + ) -> Option { let data = match TokenData::decode(&token_data) { Some(data) => data, None => { @@ -111,6 +123,13 @@ impl Query { } }; + let token_info = + sqlx::query!( + "select * from tokens where pid = $1 and token_id = $2 and random = $3", + data.pid, data.token_id, data.random + ). + fetch_one(&context.pool).await.ok()?; + let user = match sqlx::query!( "SELECT username, account_level, nex_password, mii_data FROM users WHERE pid = $1", data.pid @@ -127,11 +146,12 @@ impl Query { let nex_password = user.nex_password; - Some(UserInfo { + Some(TokenUserInfo { username: user.username, account_level: user.account_level, nex_password, mii_data: user.mii_data.replace('\n', "").replace('\r', ""), + token_type: token_info.token_type }) }