Add token type to GraphQL requests

fix openssl
Merge pull request 'Update Rust crate hmac to 0.13.0' (#36 ) from renovate/hmac-0.x into main
2026-05-04 21:27:32 +02:00 · 2026-05-02 13:42:03 +02:00 · 2026-04-29 10:46:56 +02:00 · 2026-04-29 10:46:31 +02:00 · 2026-04-29 10:45:29 +02:00 · 2026-04-29 10:42:09 +02:00
7 changed files with 113 additions and 68 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -21,7 +21,7 @@ dependencies = [
 "gxhash",
 "hex",
 "hickory-resolver",
- "hmac",
+ "hmac 0.13.0",
 "juniper",
 "juniper_rocket",
 "k256",
@ -34,14 +34,14 @@ dependencies = [
 "p256",
 "prost",
 "quick-xml",
- "rand 0.8.5",
+ "rand 0.10.1",
 "reqwest",
 "rocket",
 "rocket_cors",
 "sentry",
 "serde",
 "serde_json",
- "sha2",
+ "sha2 0.11.0",
 "sha256",
 "sqlx",
 "thiserror 2.0.18",
@ -223,7 +223,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
 dependencies = [
 "cfg-if",
- "cipher 0.4.4",
+ "cipher",
 "cpufeatures 0.2.17",
 ]

@ -507,11 +507,11 @@ dependencies = [

 [[package]]
 name = "block-padding"
-version = "0.4.2"
+version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "710f1dd022ef4e93f8a438b4ba958de7f64308434fa6a87104481645cc30068b"
+checksum = "a8894febbff9f758034a5b8e12d87918f56dfc64a8e1fe757d65e29041538d93"
 dependencies = [
- "hybrid-array",
+ "generic-array",
 ]

 [[package]]
@ -521,7 +521,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7"
 dependencies = [
 "byteorder",
- "cipher 0.4.4",
+ "cipher",
 ]

 [[package]]
@ -582,11 +582,11 @@ dependencies = [

 [[package]]
 name = "cbc"
-version = "0.2.0"
+version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "98db6aeaef0eeef2c1e3ce9a27b739218825dae116076352ac3777076aa22225"
+checksum = "26b52a9543ae338f279b96b0b9fed9c8093744685043739079ce85cd58f289a6"
 dependencies = [
- "cipher 0.5.1",
+ "cipher",
 ]

 [[package]]
@ -645,17 +645,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
 dependencies = [
 "crypto-common 0.1.6",
- "inout 0.1.4",
-]
-
-[[package]]
-name = "cipher"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e34d8227fe1ba289043aeb13792056ff80fd6de1a9f49137a5f499de8e8c78ea"
-dependencies = [
- "crypto-common 0.2.1",
- "inout 0.2.2",
+ "inout",
 ]

 [[package]]
@ -667,6 +657,12 @@ dependencies = [
 "cc",
 ]

+[[package]]
+name = "cmov"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3f88a43d011fc4a6876cb7344703e297c71dda42494fee094d5f7c76bf13f746"
+
 [[package]]
 name = "combine"
 version = "4.6.7"
@ -837,6 +833,15 @@ dependencies = [
 "hybrid-array",
 ]

+[[package]]
+name = "ctutils"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7d5515a3834141de9eafb9717ad39eea8247b5674e6066c404e8c4b365d2a29e"
+dependencies = [
+ "cmov",
+]
+
 [[package]]
 name = "data-encoding"
 version = "2.11.0"
@ -969,6 +974,7 @@ dependencies = [
 "block-buffer 0.12.0",
 "const-oid 0.10.2",
 "crypto-common 0.2.1",
+ "ctutils",
 ]

 [[package]]
@ -999,7 +1005,7 @@ dependencies = [
 "num-traits",
 "pkcs8",
 "rfc6979",
- "sha2",
+ "sha2 0.10.9",
 "signature",
 "zeroize",
 ]
@ -1546,7 +1552,7 @@ version = "0.12.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7"
 dependencies = [
- "hmac",
+ "hmac 0.12.1",
 ]

 [[package]]
@ -1558,6 +1564,15 @@ dependencies = [
 "digest 0.10.7",
 ]

+[[package]]
+name = "hmac"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6303bc9732ae41b04cb554b844a762b4115a61bfaa81e3e83050991eeb56863f"
+dependencies = [
+ "digest 0.11.2",
+]
+
 [[package]]
 name = "home"
 version = "0.5.11"
@ -1954,18 +1969,9 @@ name = "inout"
 version = "0.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01"
-dependencies = [
- "generic-array",
-]
-
-[[package]]
-name = "inout"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4250ce6452e92010fdf7268ccc5d14faa80bb12fc741938534c58f16804e03c7"
 dependencies = [
 "block-padding",
- "hybrid-array",
+ "generic-array",
 ]

 [[package]]
@ -2161,7 +2167,7 @@ dependencies = [
 "ecdsa",
 "elliptic-curve",
 "once_cell",
- "sha2",
+ "sha2 0.10.9",
 "signature",
 ]

@ -2546,6 +2552,15 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe"

+[[package]]
+name = "openssl-src"
+version = "300.6.0+3.6.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8e8cbfd3a4a8c8f089147fd7aaa33cf8c7450c4d09f8f80698a0cf093abeff4"
+dependencies = [
+ "cc",
+]
+
 [[package]]
 name = "openssl-sys"
 version = "0.9.114"
@ -2554,6 +2569,7 @@ checksum = "13ce1245cd07fcc4cfdb438f7507b0c7e4f3849a69fd84d52374c66d83741bb6"
 dependencies = [
 "cc",
 "libc",
+ "openssl-src",
 "pkg-config",
 "vcpkg",
 ]
@ -2584,7 +2600,7 @@ dependencies = [
 "ecdsa",
 "elliptic-curve",
 "primeorder",
- "sha2",
+ "sha2 0.10.9",
 ]

 [[package]]
@ -3091,7 +3107,7 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
 dependencies = [
- "hmac",
+ "hmac 0.12.1",
 "subtle",
 ]

@ -3653,6 +3669,17 @@ dependencies = [
 "digest 0.10.7",
 ]

+[[package]]
+name = "sha2"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4"
+dependencies = [
+ "cfg-if",
+ "cpufeatures 0.3.0",
+ "digest 0.11.2",
+]
+
 [[package]]
 name = "sha256"
 version = "1.6.0"
@ -3662,7 +3689,7 @@ dependencies = [
 "async-trait",
 "bytes",
 "hex",
- "sha2",
+ "sha2 0.10.9",
 "tokio",
 ]

@ -3814,7 +3841,7 @@ dependencies = [
 "percent-encoding",
 "serde",
 "serde_json",
- "sha2",
+ "sha2 0.10.9",
 "smallvec",
 "thiserror 2.0.18",
 "tokio",
@ -3851,7 +3878,7 @@ dependencies = [
 "quote",
 "serde",
 "serde_json",
- "sha2",
+ "sha2 0.10.9",
 "sqlx-core",
 "sqlx-mysql",
 "sqlx-postgres",
@ -3884,7 +3911,7 @@ dependencies = [
 "generic-array",
 "hex",
 "hkdf",
- "hmac",
+ "hmac 0.12.1",
 "itoa",
 "log",
 "md-5 0.10.6",
@ -3895,7 +3922,7 @@ dependencies = [
 "rsa",
 "serde",
 "sha1 0.10.6",
- "sha2",
+ "sha2 0.10.9",
 "smallvec",
 "sqlx-core",
 "stringprep",
@ -3923,7 +3950,7 @@ dependencies = [
 "futures-util",
 "hex",
 "hkdf",
- "hmac",
+ "hmac 0.12.1",
 "home",
 "ipnetwork",
 "itoa",
@ -3934,7 +3961,7 @@ dependencies = [
 "rand 0.8.5",
 "serde",
 "serde_json",
- "sha2",
+ "sha2 0.10.9",
 "smallvec",
 "sqlx-core",
 "stringprep",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -23,7 +23,7 @@ once_cell = "1.20.3"
 serde_json = "1.0.139"
 chrono = { version =  "0.4.39", features = ["serde"] }
 argon2 = "0.5.3"
-sha2 = "0.10.8"
+sha2 = "0.11.0"
 bytemuck = { version =  "1.21.0", features = ["derive"] }
 base64 = "0.22.1"
 hex = "0.4.3"
@ -31,9 +31,9 @@ thiserror = "2.0.11"
 bcrypt = "0.19.0"
 sqlx = { version = "0.8.3", features = [ "runtime-tokio", "tls-native-tls", "postgres", "chrono", "ipnetwork" ] }
 aes = "0.8.4"
-hmac = "0.12.1"
+hmac = "0.13.0"
 md-5 = "0.11.0"
-cbc = "0.2.0"
+cbc = "0.1.2"
 mii = { path = "./mii" }
 crc32fast = "1.4.2"
 gxhash = "3.4.1"
@ -45,7 +45,7 @@ juniper_rocket = "0.10.0"

 prost = "0.14.0"
 lettre = "0.11.15"
-rand = "0.8.5"
+rand = { version = "0.10.0", features = ["std"] }
 reqwest = "0.13.0"
 binrw = "0.15.1"
 ecdsa = { version = "0.16.9", features = ["pem", "std", "verifying"] }
@ -53,6 +53,6 @@ sha256 = "1.6.0"
 p256 = "0.13.2"
 k256 = "0.13.4"
 dsa = "0.6.3"
-openssl = "0.10.78"
+openssl = {version = "0.10.78", features = ["vendored"]}
 time = "0.3.47"
-hickory-resolver = { version = "0.24", features = ["tokio-runtime"] }
+hickory-resolver = { version = "0.24", features = ["tokio-runtime"] }
--- a/4
+++ b/4
@ -2,7 +2,7 @@

 FROM rust:alpine as builder

-RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static protobuf-dev lld
+RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static protobuf-dev lld perl make

 WORKDIR /app

@ -16,7 +16,7 @@ COPY . .
 RUN touch src/main.rs

 ENV SQLX_OFFLINE=true
-RUN OPENSSL_LIB_DIR=/usr/lib OPENSSL_INCLUDE_DIR=/usr/include/openssl OPENSSL_STATIC=1 RUSTFLAGS="-C target-feature=+aes,+sse -C relocation-model=static -C linker=ld.lld" cargo build --profile prod --target x86_64-unknown-linux-musl
+RUN RUSTFLAGS="-C target-feature=+aes,+sse -C relocation-model=static -C linker=ld.lld" cargo build --profile prod --target x86_64-unknown-linux-musl

 FROM scratch AS final

--- a/src/account/account.rs
+++ b/src/account/account.rs
@ -20,7 +20,7 @@ use openssl::ecdsa::EcdsaSig;
 use openssl::error::ErrorStack;
 use openssl::nid::Nid;
 use openssl::pkey::Public;
-use rand::Rng;
+use rand::prelude::*;
 use rocket::http::Status;
 use rocket::request::{FromRequest, Outcome};
 use rocket::{Request, async_trait};
@ -81,9 +81,9 @@ pub struct _CertificatePid {
 fn generate_nintendo_hash(pid: i32, text_password: &str) -> String {
    let mut sha = Sha256::new();

-    sha.write_all(&bytes_of(&pid)).unwrap();
-    sha.write_all(&[0x02, 0x65, 0x43, 0x46]).unwrap();
-    sha.write_all(text_password.as_bytes()).unwrap();
+    sha.update(&bytes_of(&pid));
+    sha.update(&[0x02, 0x65, 0x43, 0x46]);
+    sha.update(text_password.as_bytes());

    hex::encode(&sha.finalize()[..])
 }
@ -193,18 +193,18 @@ pub async fn read_bearer_auth_token(connection: &Pool, token: &str) -> Option<Us
 }

 pub fn generate_nex_password() -> String {
-    let mut rng = rand::thread_rng();
+    let mut rng = rand::rng(); 
    let mut output = String::with_capacity(16);

    while output.len() < 16 {
-        let offset: u8 = rng.gen_range(0..62);
+        let offset: u8 = rng.random_range(0..62);

        let character = if offset < 10 {
            (offset + b'0') as char
        } else if offset < 36 {
-            (offset + 55) as char
+            (offset + 55) as char // A-Z
        } else {
-            (offset + 61) as char
+            (offset + 61) as char // a-z
        };

        output.push(character);
--- a/src/graphql/mod.rs
+++ b/src/graphql/mod.rs
@ -48,7 +48,8 @@ impl juniper::Context for Context {}
 struct TokenInfo {
    pid: i32,
    expire_date: NaiveDateTime,
-    title_id: Option<String>
+    title_id: Option<String>,
+    token_type: i32
 }

 #[derive(GraphQLObject)]
@ -60,6 +61,16 @@ struct UserInfo {
    mii_data: String,
 }

+#[derive(GraphQLObject)]
+#[graphql(description = "User information from a token")]
+struct TokenUserInfo {
+    username: String,
+    account_level: i32,
+    nex_password: String,
+    mii_data: String,
+    token_type: i32,
+}
+
 #[derive(GraphQLObject)]
 #[graphql(description = "User information from a username")]
 pub struct UserInfoWithPId {
@ -96,13 +107,14 @@ impl Query {
            pid: data.pid,
            expire_date: token_info.expires,
            title_id: token_info.title_id,
+            token_type: token_info.token_type,
        })
    }

    async fn user_from_token(
        token_data: String,
        context: &Context,
-    ) -> Option<UserInfo> {
+    ) -> Option<TokenUserInfo> {
        let data = match TokenData::decode(&token_data) {
            Some(data) => data,
            None => {
@ -111,6 +123,13 @@ impl Query {
            }
        };

+        let token_info =
+            sqlx::query!(
+            "select * from tokens where pid = $1 and token_id = $2 and random = $3",
+            data.pid, data.token_id, data.random
+        ).
+                fetch_one(&context.pool).await.ok()?;
+
        let user = match sqlx::query!(
        "SELECT username, account_level, nex_password, mii_data FROM users WHERE pid = $1",
        data.pid
@ -127,11 +146,12 @@ impl Query {
        
        let nex_password = user.nex_password;

-        Some(UserInfo {
+        Some(TokenUserInfo {
            username: user.username,
            account_level: user.account_level,
            nex_password,
            mii_data: user.mii_data.replace('\n', "").replace('\r', ""),
+            token_type: token_info.token_type
        })
    }

--- a/src/nnid/people.rs
+++ b/src/nnid/people.rs
@ -11,7 +11,7 @@ use crate::nnid::timezones::{OFFSET_FROM_TIMEZONE};
 use crate::Pool;
 use crate::xml::{Xml, YesNoVal};
 use crate::email::send_verification_email;
-use rand::Rng;
+use rand::prelude::*;
 // Not in use currently.
 //use mii::{get_image_png, get_image_tga};
 use crate::mii_util::get_mii_img_url;
@ -118,7 +118,7 @@ pub async fn create_account(database: &State<Pool>, data: Xml<AccountCreationDat

    let pid = next_pid(database).await;

-    let verification_code: i32 = rand::thread_rng().gen_range(100_000..1_000_000);
+    let verification_code: i32 = rand::rng().random_range(100_000..1_000_000);

    let AccountCreationData {
        user_id,
--- a/src/nnid/provider.rs
+++ b/src/nnid/provider.rs
@ -57,8 +57,6 @@ pub async fn get_service_token(pool: &State<Pool>, auth: Auth<true, false>) -> R

    let token = create_token(pool, auth.pid, NEX_TOKEN, None).await;

-
-
    Ok(
        Xml(
            ServiceToken{
@ -114,4 +112,4 @@ pub async fn get_nex_token(pool: &State<Pool>, auth: Auth<true, false>, game_ser
            }
        )
    )
-}
+}
Author	SHA1	Message	Date
red binder	ac7cb0ddee	Add token type to GraphQL requests All checks were successful Build and Test / account (push) Successful in 7m45s Details	2026-05-04 21:27:32 +02:00
Maple Nebel	8d6a90df79	fix openssl All checks were successful Build and Test / account (push) Successful in 8m0s Details	2026-05-02 13:42:03 +02:00
redbinder0526	9c13fa267d	Merge pull request 'Update Rust crate hmac to 0.13.0' (#36 ) from renovate/hmac-0.x into main All checks were successful Build and Test / account (push) Successful in 6m18s Details Reviewed-on: #36	2026-04-29 10:46:56 +02:00
redbinder0526	bd85e5905d	Merge pull request 'Update Rust crate sha2 to 0.11.0' (#32 ) from renovate/sha2-0.x into main Some checks failed Build and Test / account (push) Has been cancelled Details Reviewed-on: #32	2026-04-29 10:46:31 +02:00
red binder	229cd16bdd	Merge branch 'renovate/sha2-0.x' of https://git.spbr.net/spacebar/account into renovate/sha2-0.x All checks were successful Build and Test / account (push) Successful in 5m52s Details	2026-04-29 10:45:29 +02:00
red binder	8940b099e9	Update rand and sha	2026-04-29 10:42:09 +02:00
Spacebot	aa0cd97faa	Update Rust crate sha2 to 0.11.0 Some checks failed Build and Test / account (push) Failing after 4m3s Details	2026-04-29 08:31:17 +00:00
Spacebot	a7910bb167	Update Rust crate hmac to 0.13.0 All checks were successful Build and Test / account (push) Successful in 8m22s Details	2026-04-29 08:30:59 +00:00
Spacebot	7ead9440ee	Update Rust crate sha2 to 0.11.0 Some checks failed Build and Test / account (push) Failing after 2m28s Details	2026-04-29 00:01:09 +00:00