feat: add config, certs, database, users, and jwt

Author: ReenigneArcher

.cargo/config.toml

@@ -27,3 +27,7 @@ linker = "arm-linux-gnueabihf-gcc"
 
 [target.arm-unknown-linux-musleabihf]
 linker = "arm-linux-gnueabihf-gcc"
+
+[target.x86_64-pc-windows-gnu]
+linker = "C:\\msys2\\ucrt64\\bin\\gcc.exe"
+ar = "C:\\msys2\\ucrt64\\bin\\ar.exe"

Cargo.toml

@@ -41,16 +41,29 @@ path = "src/main.rs"
 
 [dependencies]
 # ensure deps are compatible: https://www.gnu.org/licenses/license-list.en.html#GPLCompatibleLicenses
+base64 = "0.22.1"
+bcrypt = "0.17.0"
 cargo_metadata = "0.19.1"
 chrono = "0.4.39"
+config = "0.15.7"
+diesel = { version = "2.2.7", features = ["sqlite"] }
+diesel_migrations = "2.2.0"
+dirs = "6.0.0"
 fern = { version = "0.7.1", features = ["colored"] }
 image = "0.25.5"
+jsonwebtoken = "9.3.1"
+libsqlite3-sys = { version = "0.31", features = ["bundled"] }  # this is needed for proper linking
 log = "0.4.25"
+once_cell = "1.20.3"
+rand = "0.9.0"
+rcgen = "0.13.2"
 regex = "1.11.1"
-rocket = "0.5.1"
+rocket = { version = "0.5.1", features = ["tls"] }
 rocket_okapi = { version = "0.9.0", features = ["swagger", "rapidoc"] }
+rocket_sync_db_pools = { version = "0.1.0", features = ["diesel_sqlite_pool"] }
 schemars = "0.8.1"
 serde = "1.0.217"
+serde_json = "1.0.138"
 tao = "0.31.1"
 tray-icon = "0.19.2"
 webbrowser = "1.0.3"

assets/Koko.png

@@ -5,46 +5,22 @@
 </div>
 
 <div align="center">
-  <a href="https://github.com/LizardByte/Koko">
-    <img src="https://img.shields.io/github/stars/lizardbyte/koko.svg?logo=github&style=for-the-badge" alt="GitHub stars">
-  </a>
+  <a href="https://github.com/LizardByte/Koko"><img src="https://img.shields.io/github/stars/lizardbyte/koko.svg?logo=github&style=for-the-badge" alt="GitHub stars"></a>
 <!-- disabled for now
-  <a href="https://github.com/LizardByte/Koko/releases/latest">
-    <img src="https://img.shields.io/github/downloads/lizardbyte/koko/total.svg?style=for-the-badge&logo=github" alt="GitHub Releases">
-  </a>
-  <a href="https://hub.docker.com/r/lizardbyte/koko">
-    <img src="https://img.shields.io/docker/pulls/lizardbyte/koko.svg?style=for-the-badge&logo=docker" alt="Docker">
-  </a>
-  <a href="https://github.com/LizardByte/Koko/pkgs/container/koko">
-    <img src="https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fipitio.github.io%2Fbackage%2FLizardByte%Koko%2Fkoko.json&query=%24.downloads&label=ghcr%20pulls&style=for-the-badge&logo=github" alt="GHCR">
-  </a>
-  <a href="https://flathub.org/apps/dev.lizardbyte.app.Koko">
-    <img src="https://img.shields.io/flathub/downloads/dev.lizardbyte.app.Koko?style=for-the-badge&logo=flathub" alt="Flathub installs">
-  </a>
-  <a href="https://flathub.org/apps/dev.lizardbyte.app.Koko">
-    <img src="https://img.shields.io/flathub/v/dev.lizardbyte.app.Koko?style=for-the-badge&logo=flathub" alt="Flathub Version">
-  </a>
-  <a href="https://github.com/microsoft/winget-pkgs/tree/master/manifests/l/LizardByte/Koko">
-    <img src="https://img.shields.io/winget/v/LizardByte.Koko?style=for-the-badge&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAHuSURBVFhH7ZfNTtRQGIYZiMDwN/IrCAqIhMSNKxcmymVwG+5dcDVsWHgDrtxwCYQVl+BChzDEwSnPY+eQ0sxoOz1mQuBNnpyvTdvz9jun5/SrjfxnJUkyQbMEz2ELduF1l0YUA3QyTrMAa2AnPtyOXsELeAYNyKtV2EC3k3lYgTOwg09ghy/BTp7CKBRV844BOpmmMV2+ySb4BmInG7AKY7AHH+EYqqhZo9PPBG/BVDlOizAD/XQFmnoPXzxRQX8M/CCYS48L6RIc4ygGHK9WGg9HZSZMUNRPVwNJGg5Hg2Qgqh4N3FsDsb6EmgYm07iwwvUxstdxJTwgmILf4CfZ6bb5OHANX8GN5x20IVxnG8ge94pt2xpwU3GnCwayF4Q2G2vgFLzHndFzQdk4q77nNfCdwL28qNyMtmEf3A1/QV5FjDiPWo5jrwf8TWZChTlgJvL4F9QL50/A43qVidTvLcuoM2wDQ1+IkgefgUpLcYwMVBqCKNJA2b0gKNocOIITOIef8C/F/CdMbh/GklynsSawKLHS8d9/B1x2LUqsfFyy3TMsWj5A1cLkotDbYO4JjWWZlZEGv8EbOIR1CAVN2eG8W5oNKgxaeC6DmTJjZs7ixUxpznLPLT+v4sXpoMLcLI3mzFSonDXIEI/M3QCIO4YuimBJ/gAAAABJRU5ErkJggg==" alt="Winget Version">
-  </a>
-  <a href="https://gurubase.io/g/koko">
-    <img src="https://img.shields.io/badge/Gurubase-Ask%20Guru-ef1a1b?style=for-the-badge&logo=data:image/jpeg;base64,/9j/2wCEAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDIBCQkJDAsMGA0NGDIhHCEyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMv/AABEIABgAGAMBIgACEQEDEQH/xAGiAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgsQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+gEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoLEQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEAAhEDEQA/AOLqSO3mlilljido4QGkYDIQEgAn05IH41seFo7aS+uRKlrJci2Y2cd2QImlyOGyQPu7sA8ZxXapAlvpThbPRkv7nTQWhDoIZZRc/XaSAOmcZGOnFfP06XMr3P17F5iqE+Tl1uuvf9Lde55dRW74pit4r61EcdtFdG2U3kVqQY0lyeBgkD5duQOASawqykuV2O6jV9rTU0rXLNjf3Om3QubSXy5QCudoYEEYIIOQR7GnahqV3qk6zXk3mOqhFAUKqqOyqAAByeAKqUUXdrFezhz89lfv1+8KKKKRZ//Z" alt="Gurubase">
-  </a>
+  <a href="https://github.com/LizardByte/Koko/releases/latest"><img src="https://img.shields.io/github/downloads/lizardbyte/koko/total.svg?style=for-the-badge&logo=github" alt="GitHub Releases"></a>
+  <a href="https://hub.docker.com/r/lizardbyte/koko"><img src="https://img.shields.io/docker/pulls/lizardbyte/koko.svg?style=for-the-badge&logo=docker" alt="Docker"></a>
+  <a href="https://github.com/LizardByte/Koko/pkgs/container/koko"><img src="https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fipitio.github.io%2Fbackage%2FLizardByte%Koko%2Fkoko.json&query=%24.downloads&label=ghcr%20pulls&style=for-the-badge&logo=github" alt="GHCR"></a>
+  <a href="https://flathub.org/apps/dev.lizardbyte.app.Koko"><img src="https://img.shields.io/flathub/downloads/dev.lizardbyte.app.Koko?style=for-the-badge&logo=flathub" alt="Flathub installs"></a>
+  <a href="https://flathub.org/apps/dev.lizardbyte.app.Koko"><img src="https://img.shields.io/flathub/v/dev.lizardbyte.app.Koko?style=for-the-badge&logo=flathub" alt="Flathub Version"></a>
+  <a href="https://github.com/microsoft/winget-pkgs/tree/master/manifests/l/LizardByte/Koko"><img src="https://img.shields.io/winget/v/LizardByte.Koko?style=for-the-badge&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAHuSURBVFhH7ZfNTtRQGIYZiMDwN/IrCAqIhMSNKxcmymVwG+5dcDVsWHgDrtxwCYQVl+BChzDEwSnPY+eQ0sxoOz1mQuBNnpyvTdvz9jun5/SrjfxnJUkyQbMEz2ELduF1l0YUA3QyTrMAa2AnPtyOXsELeAYNyKtV2EC3k3lYgTOwg09ghy/BTp7CKBRV844BOpmmMV2+ySb4BmInG7AKY7AHH+EYqqhZo9PPBG/BVDlOizAD/XQFmnoPXzxRQX8M/CCYS48L6RIc4ygGHK9WGg9HZSZMUNRPVwNJGg5Hg2Qgqh4N3FsDsb6EmgYm07iwwvUxstdxJTwgmILf4CfZ6bb5OHANX8GN5x20IVxnG8ge94pt2xpwU3GnCwayF4Q2G2vgFLzHndFzQdk4q77nNfCdwL28qNyMtmEf3A1/QV5FjDiPWo5jrwf8TWZChTlgJvL4F9QL50/A43qVidTvLcuoM2wDQ1+IkgefgUpLcYwMVBqCKNJA2b0gKNocOIITOIef8C/F/CdMbh/GklynsSawKLHS8d9/B1x2LUqsfFyy3TMsWj5A1cLkotDbYO4JjWWZlZEGv8EbOIR1CAVN2eG8W5oNKgxaeC6DmTJjZs7ixUxpznLPLT+v4sXpoMLcLI3mzFSonDXIEI/M3QCIO4YuimBJ/gAAAABJRU5ErkJggg==" alt="Winget Version"></a>
+  <a href="https://gurubase.io/g/koko"><img src="https://img.shields.io/badge/Gurubase-Ask%20Guru-ef1a1b?style=for-the-badge&logo=data:image/jpeg;base64,/9j/2wCEAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDIBCQkJDAsMGA0NGDIhHCEyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMv/AABEIABgAGAMBIgACEQEDEQH/xAGiAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgsQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+gEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoLEQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEAAhEDEQA/AOLqSO3mlilljido4QGkYDIQEgAn05IH41seFo7aS+uRKlrJci2Y2cd2QImlyOGyQPu7sA8ZxXapAlvpThbPRkv7nTQWhDoIZZRc/XaSAOmcZGOnFfP06XMr3P17F5iqE+Tl1uuvf9Lde55dRW74pit4r61EcdtFdG2U3kVqQY0lyeBgkD5duQOASawqykuV2O6jV9rTU0rXLNjf3Om3QubSXy5QCudoYEEYIIOQR7GnahqV3qk6zXk3mOqhFAUKqqOyqAAByeAKqUUXdrFezhz89lfv1+8KKKKRZ//Z" alt="Gurubase"></a>
 -->
-  <a href="https://github.com/LizardByte/Koko/actions/workflows/ci.yml?query=branch%3Amaster">
-    <img src="https://img.shields.io/github/actions/workflow/status/lizardbyte/koko/ci.yml.svg?branch=master&label=CI%20build&logo=github&style=for-the-badge" alt="GitHub Workflow Status (CI)">
-  </a>
+  <a href="https://github.com/LizardByte/Koko/actions/workflows/ci.yml?query=branch%3Amaster"><img src="https://img.shields.io/github/actions/workflow/status/lizardbyte/koko/ci.yml.svg?branch=master&label=CI%20build&logo=github&style=for-the-badge" alt="GitHub Workflow Status (CI)"></a>
 <!-- disabled for now
-  <a href="https://github.com/LizardByte/Koko/actions/workflows/localize.yml?query=branch%3Amaster">
-    <img src="https://img.shields.io/github/actions/workflow/status/lizardbyte/koko/localize.yml.svg?branch=master&label=localize%20build&logo=github&style=for-the-badge" alt="GitHub Workflow Status (localize)">
-  </a>
+  <a href="https://github.com/LizardByte/Koko/actions/workflows/localize.yml?query=branch%3Amaster"><img src="https://img.shields.io/github/actions/workflow/status/lizardbyte/koko/localize.yml.svg?branch=master&label=localize%20build&logo=github&style=for-the-badge" alt="GitHub Workflow Status (localize)"></a>
 -->
-  <a href="https://docs.lizardbyte.dev/projects/koko">
-    <img src="https://img.shields.io/readthedocs/koko.svg?label=Docs&style=for-the-badge&logo=readthedocs" alt="Read the Docs">
-  </a>
-  <a href="https://codecov.io/gh/LizardByte/Koko">
-    <img src="https://img.shields.io/codecov/c/gh/LizardByte/Koko?token=wkbk5nOLAr&style=for-the-badge&logo=codecov&label=codecov" alt="Codecov">
-  </a>
+  <a href="https://docs.lizardbyte.dev/projects/koko"><img src="https://img.shields.io/readthedocs/koko.svg?label=Docs&style=for-the-badge&logo=readthedocs" alt="Read the Docs"></a>
+  <a href="https://codecov.io/gh/LizardByte/Koko"><img src="https://img.shields.io/codecov/c/gh/LizardByte/Koko?token=wkbk5nOLAr&style=for-the-badge&logo=codecov&label=codecov" alt="Codecov"></a>
 </div>
 
 ## ℹ️ About
@@ -56,11 +32,40 @@ If you are interested in this project, please leave a star and watch the reposit
 
 If you would like to contribute, please reach out on our [discord](https://app.lizardbyte.dev/discord) server.
 
+## Configuration
+
+Koko uses a YAML configuration file to set up the server.
+
+The file must be named `settings.yml` and be placed in the following location, depending on your OS.
+
+| OS      | Location                                 |
+|---------|------------------------------------------|
+| Linux   | `$XDG_CONFIG_HOME/Koko`                  |
+| macOS   | `$HOME/Library/Application Support/Koko` |
+| Windows | `%LOCALAPPDATA%\Koko`                    |
+
+Only the non default values need to be set in the configuration file.
+An example with all the default values is shown below.
+
+```yml
+---
+general:
+  data_dir: 'data'
+
+server:
+  use_https: true
+  address: '127.0.0.1'
+  port: 9191
+  cert_path: 'cert.pem'
+  key_path: 'key.pem'
+  use_custom_certs: false
+```
+
 ## 📝 TODO
 This list is not all-inclusive, and just meant to be a very high level for the initial design.
 
 - [ ] Branding
-  - [ ] Koko logo
+  - [x] Koko logo
   - [ ] Koko banner
   - [ ] Tray icons for different states/activity
 - [ ] Publishing (enabling readme badges as required)
@@ -74,15 +79,16 @@ This list is not all-inclusive, and just meant to be a very high level for the i
 - [x] Unit Testing
   - [ ] doc tests
   - [x] Coverage
-- [ ] Settings/Config
+- [x] Settings/Config
 - [ ] Notification System
   - [ ] System Notifications
   - [ ] Discord
   - [ ] Webhooks
-- [ ] Database
+- [x] Database
 - [ ] Backend
-  - [ ] Authentication
+  - [x] Authentication
   - [ ] API
+  - [x] Certs/SSL
   - [ ] Media Scanner
   - [ ] Media Player
   - [x] Legal/Licensing info on dependencies

assets/Koko.svg

@@ -0,0 +1 @@
+DROP TABLE IF EXISTS users;

assets/icon.ico

@@ -0,0 +1,9 @@
+CREATE TABLE IF NOT EXISTS users (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    username TEXT NOT NULL UNIQUE,
+    password TEXT NOT NULL,
+    password_salt TEXT NOT NULL,
+    pin TEXT DEFAULT NULL,
+    pin_salt TEXT DEFAULT NULL,
+    admin BOOLEAN NOT NULL DEFAULT FALSE
+);

assets/icon.png

@@ -0,0 +1,117 @@
+#![doc = "Authentication utilities for the application."]
+
+// lib imports
+use base64::{engine::general_purpose, Engine as _};
+use bcrypt::{hash, DEFAULT_COST};
+use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation};
+use once_cell::sync::Lazy;
+use rand::distr::Alphanumeric;
+use rand::{rng, Rng};
+use rocket::outcome::Outcome;
+use rocket::request::{self, FromRequest, Request};
+use rocket_okapi::request::{OpenApiFromRequest, RequestHeaderInput};
+use serde::{Deserialize, Serialize};
+
+/// Claims for the JWT.
+#[derive(Debug, Serialize, Deserialize)]
+pub struct Claims {
+    sub: String,
+    exp: usize,
+}
+
+const BEARER: &str = "Bearer ";
+
+/// Create a JWT token.
+pub fn create_token(
+    user_id: &str,
+    secret: &str,
+) -> String {
+    let expiration = chrono::Utc::now()
+        .checked_add_signed(chrono::Duration::seconds(60))
+        .expect("valid timestamp")
+        .timestamp();
+
+    let claims = Claims {
+        sub: user_id.to_owned(),
+        exp: expiration as usize,
+    };
+
+    encode(
+        &Header::default(),
+        &claims,
+        &EncodingKey::from_secret(secret.as_ref()),
+    )
+    .unwrap()
+}
+
+/// Decode a JWT token.
+pub fn decode_token(
+    token: &str,
+    secret: &str,
+) -> Result<Claims, jsonwebtoken::errors::Error> {
+    decode::<Claims>(
+        token,
+        &DecodingKey::from_secret(secret.as_ref()),
+        &Validation::default(),
+    )
+    .map(|data| data.claims)
+}
+
+#[rocket::async_trait]
+impl<'r> FromRequest<'r> for Claims {
+    type Error = ();
+
+    async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
+        let keys: Vec<_> = request.headers().get("Authorization").collect();
+        if keys.len() != 1 {
+            return Outcome::Error((rocket::http::Status::Unauthorized, ()));
+        }
+
+        if !keys[0].starts_with(BEARER) {
+            return Outcome::Error((rocket::http::Status::Unauthorized, ()));
+        }
+
+        let token = &keys[0][BEARER.len()..];
+        let secret = get_jwt_secret();
+
+        match decode_token(token, secret) {
+            Ok(claims) => Outcome::Success(claims),
+            Err(_) => Outcome::Error((rocket::http::Status::Unauthorized, ())),
+        }
+    }
+}
+
+impl OpenApiFromRequest<'_> for Claims {
+    fn from_request_input(
+        _gen: &mut rocket_okapi::gen::OpenApiGenerator,
+        _name: String,
+        _required: bool,
+    ) -> rocket_okapi::Result<RequestHeaderInput> {
+        Ok(RequestHeaderInput::None)
+    }
+}
+
+static JWT_SECRET: Lazy<String> = Lazy::new(|| {
+    let random_bytes: [u8; 32] = rand::rng().random();
+    general_purpose::STANDARD.encode(random_bytes)
+});
+
+fn get_jwt_secret() -> &'static str {
+    &JWT_SECRET
+}
+
+pub(crate) fn generate_salt() -> String {
+    rng()
+        .sample_iter(&Alphanumeric)
+        .take(16)
+        .map(char::from)
+        .collect()
+}
+
+pub(crate) fn hash_with_salt(
+    salt: String,
+    string: &str,
+) -> String {
+    let salted_input = format!("{}{}", salt, string);
+    hash(salted_input, DEFAULT_COST).unwrap()
+}