Add token type to GraphQL requests

Reviewed-on: #36

Cargo.lock

@@ -21,7 +21,7 @@ dependencies = [
  "gxhash",
  "hex",
  "hickory-resolver",
- "hmac",
+ "hmac 0.13.0",
  "juniper",
  "juniper_rocket",
  "k256",
@@ -34,14 +34,14 @@ dependencies = [
  "p256",
  "prost",
  "quick-xml",
- "rand 0.8.5",
+ "rand 0.10.1",
  "reqwest",
  "rocket",
  "rocket_cors",
  "sentry",
  "serde",
  "serde_json",
- "sha2",
+ "sha2 0.11.0",
  "sha256",
  "sqlx",
  "thiserror 2.0.18",
@@ -657,6 +657,12 @@ dependencies = [
  "cc",
 ]
 
+[[package]]
+name = "cmov"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3f88a43d011fc4a6876cb7344703e297c71dda42494fee094d5f7c76bf13f746"
+
 [[package]]
 name = "combine"
 version = "4.6.7"
@@ -827,6 +833,15 @@ dependencies = [
  "hybrid-array",
 ]
 
+[[package]]
+name = "ctutils"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7d5515a3834141de9eafb9717ad39eea8247b5674e6066c404e8c4b365d2a29e"
+dependencies = [
+ "cmov",
+]
+
 [[package]]
 name = "data-encoding"
 version = "2.11.0"
@@ -959,6 +974,7 @@ dependencies = [
  "block-buffer 0.12.0",
  "const-oid 0.10.2",
  "crypto-common 0.2.1",
+ "ctutils",
 ]
 
 [[package]]
@@ -989,7 +1005,7 @@ dependencies = [
  "num-traits",
  "pkcs8",
  "rfc6979",
- "sha2",
+ "sha2 0.10.9",
  "signature",
  "zeroize",
 ]
@@ -1536,7 +1552,7 @@ version = "0.12.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7"
 dependencies = [
- "hmac",
+ "hmac 0.12.1",
 ]
 
 [[package]]
@@ -1548,6 +1564,15 @@ dependencies = [
  "digest 0.10.7",
 ]
 
+[[package]]
+name = "hmac"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6303bc9732ae41b04cb554b844a762b4115a61bfaa81e3e83050991eeb56863f"
+dependencies = [
+ "digest 0.11.2",
+]
+
 [[package]]
 name = "home"
 version = "0.5.11"
@@ -2142,7 +2167,7 @@ dependencies = [
  "ecdsa",
  "elliptic-curve",
  "once_cell",
- "sha2",
+ "sha2 0.10.9",
  "signature",
 ]
 
@@ -2527,6 +2552,15 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe"
 
+[[package]]
+name = "openssl-src"
+version = "300.6.0+3.6.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8e8cbfd3a4a8c8f089147fd7aaa33cf8c7450c4d09f8f80698a0cf093abeff4"
+dependencies = [
+ "cc",
+]
+
 [[package]]
 name = "openssl-sys"
 version = "0.9.114"
@@ -2535,6 +2569,7 @@ checksum = "13ce1245cd07fcc4cfdb438f7507b0c7e4f3849a69fd84d52374c66d83741bb6"
 dependencies = [
  "cc",
  "libc",
+ "openssl-src",
  "pkg-config",
  "vcpkg",
 ]
@@ -2565,7 +2600,7 @@ dependencies = [
  "ecdsa",
  "elliptic-curve",
  "primeorder",
- "sha2",
+ "sha2 0.10.9",
 ]
 
 [[package]]
@@ -3072,7 +3107,7 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
 dependencies = [
- "hmac",
+ "hmac 0.12.1",
  "subtle",
 ]
 
@@ -3634,6 +3669,17 @@ dependencies = [
  "digest 0.10.7",
 ]
 
+[[package]]
+name = "sha2"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4"
+dependencies = [
+ "cfg-if",
+ "cpufeatures 0.3.0",
+ "digest 0.11.2",
+]
+
 [[package]]
 name = "sha256"
 version = "1.6.0"
@@ -3643,7 +3689,7 @@ dependencies = [
  "async-trait",
  "bytes",
  "hex",
- "sha2",
+ "sha2 0.10.9",
  "tokio",
 ]
 
@@ -3795,7 +3841,7 @@ dependencies = [
  "percent-encoding",
  "serde",
  "serde_json",
- "sha2",
+ "sha2 0.10.9",
  "smallvec",
  "thiserror 2.0.18",
  "tokio",
@@ -3832,7 +3878,7 @@ dependencies = [
  "quote",
  "serde",
  "serde_json",
- "sha2",
+ "sha2 0.10.9",
  "sqlx-core",
  "sqlx-mysql",
  "sqlx-postgres",
@@ -3865,7 +3911,7 @@ dependencies = [
  "generic-array",
  "hex",
  "hkdf",
- "hmac",
+ "hmac 0.12.1",
  "itoa",
  "log",
  "md-5 0.10.6",
@@ -3876,7 +3922,7 @@ dependencies = [
  "rsa",
  "serde",
  "sha1 0.10.6",
- "sha2",
+ "sha2 0.10.9",
  "smallvec",
  "sqlx-core",
  "stringprep",
@@ -3904,7 +3950,7 @@ dependencies = [
  "futures-util",
  "hex",
  "hkdf",
- "hmac",
+ "hmac 0.12.1",
  "home",
  "ipnetwork",
  "itoa",
@@ -3915,7 +3961,7 @@ dependencies = [
  "rand 0.8.5",
  "serde",
  "serde_json",
- "sha2",
+ "sha2 0.10.9",
  "smallvec",
  "sqlx-core",
  "stringprep",

Cargo.toml

@@ -23,7 +23,7 @@ once_cell = "1.20.3"
 serde_json = "1.0.139"
 chrono = { version =  "0.4.39", features = ["serde"] }
 argon2 = "0.5.3"
-sha2 = "0.10.8"
+sha2 = "0.11.0"
 bytemuck = { version =  "1.21.0", features = ["derive"] }
 base64 = "0.22.1"
 hex = "0.4.3"
@@ -31,7 +31,7 @@ thiserror = "2.0.11"
 bcrypt = "0.19.0"
 sqlx = { version = "0.8.3", features = [ "runtime-tokio", "tls-native-tls", "postgres", "chrono", "ipnetwork" ] }
 aes = "0.8.4"
-hmac = "0.12.1"
+hmac = "0.13.0"
 md-5 = "0.11.0"
 cbc = "0.1.2"
 mii = { path = "./mii" }
@@ -45,7 +45,7 @@ juniper_rocket = "0.10.0"
 
 prost = "0.14.0"
 lettre = "0.11.15"
-rand = "0.8.5"
+rand = { version = "0.10.0", features = ["std"] }
 reqwest = "0.13.0"
 binrw = "0.15.1"
 ecdsa = { version = "0.16.9", features = ["pem", "std", "verifying"] }
@@ -53,6 +53,6 @@ sha256 = "1.6.0"
 p256 = "0.13.2"
 k256 = "0.13.4"
 dsa = "0.6.3"
-openssl = "0.10.78"
+openssl = {version = "0.10.78", features = ["vendored"]}
 time = "0.3.47"
-hickory-resolver = { version = "0.24", features = ["tokio-runtime"] }
+hickory-resolver = { version = "0.24", features = ["tokio-runtime"] }

Dockerfile

@@ -2,7 +2,7 @@
 
 FROM rust:alpine as builder
 
-RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static protobuf-dev lld
+RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static protobuf-dev lld perl make
 
 WORKDIR /app
 
@@ -16,7 +16,7 @@ COPY . .
 RUN touch src/main.rs
 
 ENV SQLX_OFFLINE=true
-RUN OPENSSL_LIB_DIR=/usr/lib OPENSSL_INCLUDE_DIR=/usr/include/openssl OPENSSL_STATIC=1 RUSTFLAGS="-C target-feature=+aes,+sse -C relocation-model=static -C linker=ld.lld" cargo build --profile prod --target x86_64-unknown-linux-musl
+RUN RUSTFLAGS="-C target-feature=+aes,+sse -C relocation-model=static -C linker=ld.lld" cargo build --profile prod --target x86_64-unknown-linux-musl
 
 FROM scratch AS final
 

src/account/account.rs

@@ -20,7 +20,7 @@ use openssl::ecdsa::EcdsaSig;
 use openssl::error::ErrorStack;
 use openssl::nid::Nid;
 use openssl::pkey::Public;
-use rand::Rng;
+use rand::prelude::*;
 use rocket::http::Status;
 use rocket::request::{FromRequest, Outcome};
 use rocket::{Request, async_trait};
@@ -81,9 +81,9 @@ pub struct _CertificatePid {
 fn generate_nintendo_hash(pid: i32, text_password: &str) -> String {
     let mut sha = Sha256::new();
 
-    sha.write_all(&bytes_of(&pid)).unwrap();
-    sha.write_all(&[0x02, 0x65, 0x43, 0x46]).unwrap();
-    sha.write_all(text_password.as_bytes()).unwrap();
+    sha.update(&bytes_of(&pid));
+    sha.update(&[0x02, 0x65, 0x43, 0x46]);
+    sha.update(text_password.as_bytes());
 
     hex::encode(&sha.finalize()[..])
 }
@@ -193,18 +193,18 @@ pub async fn read_bearer_auth_token(connection: &Pool, token: &str) -> Option<Us
 }
 
 pub fn generate_nex_password() -> String {
-    let mut rng = rand::thread_rng();
+    let mut rng = rand::rng(); 
     let mut output = String::with_capacity(16);
 
     while output.len() < 16 {
-        let offset: u8 = rng.gen_range(0..62);
+        let offset: u8 = rng.random_range(0..62);
 
         let character = if offset < 10 {
             (offset + b'0') as char
         } else if offset < 36 {
-            (offset + 55) as char
+            (offset + 55) as char // A-Z
         } else {
-            (offset + 61) as char
+            (offset + 61) as char // a-z
         };
 
         output.push(character);

src/graphql/mod.rs

@@ -48,7 +48,8 @@ impl juniper::Context for Context {}
 struct TokenInfo {
     pid: i32,
     expire_date: NaiveDateTime,
-    title_id: Option<String>
+    title_id: Option<String>,
+    token_type: i32
 }
 
 #[derive(GraphQLObject)]
@@ -60,6 +61,16 @@ struct UserInfo {
     mii_data: String,
 }
 
+#[derive(GraphQLObject)]
+#[graphql(description = "User information from a token")]
+struct TokenUserInfo {
+    username: String,
+    account_level: i32,
+    nex_password: String,
+    mii_data: String,
+    token_type: i32,
+}
+
 #[derive(GraphQLObject)]
 #[graphql(description = "User information from a username")]
 pub struct UserInfoWithPId {
@@ -96,13 +107,14 @@ impl Query {
             pid: data.pid,
             expire_date: token_info.expires,
             title_id: token_info.title_id,
+            token_type: token_info.token_type,
         })
     }
 
     async fn user_from_token(
         token_data: String,
         context: &Context,
-    ) -> Option<UserInfo> {
+    ) -> Option<TokenUserInfo> {
         let data = match TokenData::decode(&token_data) {
             Some(data) => data,
             None => {
@@ -111,6 +123,13 @@ impl Query {
             }
         };
 
+        let token_info =
+            sqlx::query!(
+            "select * from tokens where pid = $1 and token_id = $2 and random = $3",
+            data.pid, data.token_id, data.random
+        ).
+                fetch_one(&context.pool).await.ok()?;
+
         let user = match sqlx::query!(
         "SELECT username, account_level, nex_password, mii_data FROM users WHERE pid = $1",
         data.pid
@@ -127,11 +146,12 @@ impl Query {
         
         let nex_password = user.nex_password;
 
-        Some(UserInfo {
+        Some(TokenUserInfo {
             username: user.username,
             account_level: user.account_level,
             nex_password,
             mii_data: user.mii_data.replace('\n', "").replace('\r', ""),
+            token_type: token_info.token_type
         })
     }
 

src/nnid/people.rs

@@ -11,7 +11,7 @@ use crate::nnid::timezones::{OFFSET_FROM_TIMEZONE};
 use crate::Pool;
 use crate::xml::{Xml, YesNoVal};
 use crate::email::send_verification_email;
-use rand::Rng;
+use rand::prelude::*;
 // Not in use currently.
 //use mii::{get_image_png, get_image_tga};
 use crate::mii_util::get_mii_img_url;
@@ -118,7 +118,7 @@ pub async fn create_account(database: &State<Pool>, data: Xml<AccountCreationDat
 
     let pid = next_pid(database).await;
 
-    let verification_code: i32 = rand::thread_rng().gen_range(100_000..1_000_000);
+    let verification_code: i32 = rand::rng().random_range(100_000..1_000_000);
 
     let AccountCreationData {
         user_id,

src/nnid/provider.rs

@@ -57,8 +57,6 @@ pub async fn get_service_token(pool: &State<Pool>, auth: Auth<true, false>) -> R
 
     let token = create_token(pool, auth.pid, NEX_TOKEN, None).await;
 
-
-
     Ok(
         Xml(
             ServiceToken{
@@ -114,4 +112,4 @@ pub async fn get_nex_token(pool: &State<Pool>, auth: Auth<true, false>, game_ser
             }
         )
     )
-}
+}