connor/calendar
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Implement lightweight auth system with SQLite

Browse Source 
Added SQLite database for session management and user preferences storage,
allowing users to have consistent settings across different sessions and devices.

Backend changes:
- Added SQLite database with users, sessions, and preferences tables
- Implemented session-based authentication alongside JWT tokens
- Created preference storage/retrieval API endpoints
- Database migrations for schema setup
- Session validation and cleanup functionality

Frontend changes:
- Added "Remember server" and "Remember username" checkboxes to login
- Created preferences service for syncing settings with backend
- Updated auth flow to handle session tokens and preferences
- Store remembered values in LocalStorage (not database) for convenience

Key features:
- User preferences persist across sessions and devices
- CalDAV passwords never stored, only passed through
- Sessions expire after 24 hours
- Remember checkboxes only affect local browser storage

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Connor Johnstone
2025-09-01 18:55:09 -04:00
parent 79f287ed61
commit 03c0011445
17 changed files with 888 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
backend/src/auth.rs
View File

@@ -1,10 +1,12 @@
use chrono::{Duration, Utc};
use jsonwebtoken::{decode, encode, Algorithm, DecodingKey, EncodingKey, Header, Validation};
use serde::{Deserialize, Serialize};
use uuid::Uuid;
use crate::calendar::CalDAVClient;
use crate::config::CalDAVConfig;
use crate::models::{ApiError, AuthResponse, CalDAVLoginRequest};
use crate::db::{Database, PreferencesRepository, Session, SessionRepository, UserRepository};
use crate::models::{ApiError, AuthResponse, CalDAVLoginRequest, UserPreferencesResponse};
#[derive(Debug, Serialize, Deserialize)]
pub struct Claims {
@@ -17,11 +19,12 @@ pub struct Claims {
#[derive(Clone)]
pub struct AuthService {
jwt_secret: String,
db: Database,
}
impl AuthService {
pub fn new(jwt_secret: String) -> Self {
Self { jwt_secret }
pub fn new(jwt_secret: String, db: Database) -> Self {
Self { jwt_secret, db }
}
/// Authenticate user directly against CalDAV server
@@ -49,13 +52,47 @@ impl AuthService {
"✅ Authentication successful! Found {} calendars",
calendars.len()
);
// Authentication successful, generate JWT token
let token = self.generate_token(&request.username, &request.server_url)?;
// Find or create user in database
let user_repo = UserRepository::new(&self.db);
let user = user_repo
.find_or_create(&request.username, &request.server_url)
.await
.map_err(|e| ApiError::Database(format!("Failed to create user: {}", e)))?;
// Generate JWT token
let jwt_token = self.generate_token(&request.username, &request.server_url)?;
// Generate session token
let session_token = format!("sess_{}", Uuid::new_v4());
// Create session in database
let session = Session::new(user.id.clone(), session_token.clone(), 24);
let session_repo = SessionRepository::new(&self.db);
session_repo
.create(&session)
.await
.map_err(|e| ApiError::Database(format!("Failed to create session: {}", e)))?;
// Get or create user preferences
let prefs_repo = PreferencesRepository::new(&self.db);
let preferences = prefs_repo
.get_or_create(&user.id)
.await
.map_err(|e| ApiError::Database(format!("Failed to get preferences: {}", e)))?;
Ok(AuthResponse {
token,
token: jwt_token,
session_token,
username: request.username,
server_url: request.server_url,
preferences: UserPreferencesResponse {
calendar_selected_date: preferences.calendar_selected_date,
calendar_time_increment: preferences.calendar_time_increment,
calendar_view_mode: preferences.calendar_view_mode,
calendar_theme: preferences.calendar_theme,
calendar_colors: preferences.calendar_colors,
},
})
}
Err(err) => {
@@ -143,4 +180,33 @@ impl AuthService {
Ok(token_data.claims)
}
/// Validate session token
pub async fn validate_session(&self, session_token: &str) -> Result<String, ApiError> {
let session_repo = SessionRepository::new(&self.db);
let session = session_repo
.find_by_token(session_token)
.await
.map_err(|e| ApiError::Database(format!("Failed to find session: {}", e)))?
.ok_or_else(|| ApiError::Unauthorized("Invalid session token".to_string()))?;
if session.is_expired() {
return Err(ApiError::Unauthorized("Session expired".to_string()));
}
Ok(session.user_id)
}
/// Logout user by deleting session
pub async fn logout(&self, session_token: &str) -> Result<(), ApiError> {
let session_repo = SessionRepository::new(&self.db);
session_repo
.delete(session_token)
.await
.map_err(|e| ApiError::Database(format!("Failed to delete session: {}", e)))?;
Ok(())
}
}

305
backend/src/db.rs Normal file
View File

@@ -0,0 +1,305 @@
use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use sqlx::sqlite::{SqlitePool, SqlitePoolOptions};
use sqlx::{FromRow, Result};
use std::sync::Arc;
use uuid::Uuid;
/// Database connection pool wrapper
#[derive(Clone)]
pub struct Database {
pool: Arc<SqlitePool>,
}
impl Database {
/// Create a new database connection pool
pub async fn new(database_url: &str) -> Result<Self> {
let pool = SqlitePoolOptions::new()
.max_connections(5)
.connect(database_url)
.await?;
// Run migrations
sqlx::migrate!("./migrations").run(&pool).await?;
Ok(Self {
pool: Arc::new(pool),
})
}
/// Get a reference to the connection pool
pub fn pool(&self) -> &SqlitePool {
&self.pool
}
}
/// User model representing a CalDAV user
#[derive(Debug, Clone, Serialize, Deserialize, FromRow)]
pub struct User {
pub id: String, // UUID as string for SQLite
pub username: String,
pub server_url: String,
pub created_at: DateTime<Utc>,
}
impl User {
/// Create a new user with generated UUID
pub fn new(username: String, server_url: String) -> Self {
Self {
id: Uuid::new_v4().to_string(),
username,
server_url,
created_at: Utc::now(),
}
}
}
/// Session model for user sessions
#[derive(Debug, Clone, Serialize, Deserialize, FromRow)]
pub struct Session {
pub id: String, // UUID as string
pub user_id: String, // Foreign key to User
pub token: String, // Session token
pub created_at: DateTime<Utc>,
pub expires_at: DateTime<Utc>,
pub last_accessed: DateTime<Utc>,
}
impl Session {
/// Create a new session for a user
pub fn new(user_id: String, token: String, expires_in_hours: i64) -> Self {
let now = Utc::now();
Self {
id: Uuid::new_v4().to_string(),
user_id,
token,
created_at: now,
expires_at: now + chrono::Duration::hours(expires_in_hours),
last_accessed: now,
}
}
/// Check if the session has expired
pub fn is_expired(&self) -> bool {
Utc::now() > self.expires_at
}
}
/// User preferences model
#[derive(Debug, Clone, Serialize, Deserialize, FromRow)]
pub struct UserPreferences {
pub user_id: String,
pub calendar_selected_date: Option<String>,
pub calendar_time_increment: Option<i32>,
pub calendar_view_mode: Option<String>,
pub calendar_theme: Option<String>,
pub calendar_colors: Option<String>, // JSON string
pub updated_at: DateTime<Utc>,
}
impl UserPreferences {
/// Create default preferences for a new user
pub fn default_for_user(user_id: String) -> Self {
Self {
user_id,
calendar_selected_date: None,
calendar_time_increment: Some(15),
calendar_view_mode: Some("month".to_string()),
calendar_theme: Some("light".to_string()),
calendar_colors: None,
updated_at: Utc::now(),
}
}
}
/// Repository for User operations
pub struct UserRepository<'a> {
db: &'a Database,
}
impl<'a> UserRepository<'a> {
pub fn new(db: &'a Database) -> Self {
Self { db }
}
/// Find or create a user by username and server URL
pub async fn find_or_create(
&self,
username: &str,
server_url: &str,
) -> Result<User> {
// Try to find existing user
let existing = sqlx::query_as::<_, User>(
"SELECT * FROM users WHERE username = ? AND server_url = ?",
)
.bind(username)
.bind(server_url)
.fetch_optional(self.db.pool())
.await?;
if let Some(user) = existing {
Ok(user)
} else {
// Create new user
let user = User::new(username.to_string(), server_url.to_string());
sqlx::query(
"INSERT INTO users (id, username, server_url, created_at) VALUES (?, ?, ?, ?)",
)
.bind(&user.id)
.bind(&user.username)
.bind(&user.server_url)
.bind(&user.created_at)
.execute(self.db.pool())
.await?;
Ok(user)
}
}
/// Find a user by ID
pub async fn find_by_id(&self, user_id: &str) -> Result<Option<User>> {
sqlx::query_as::<_, User>("SELECT * FROM users WHERE id = ?")
.bind(user_id)
.fetch_optional(self.db.pool())
.await
}
}
/// Repository for Session operations
pub struct SessionRepository<'a> {
db: &'a Database,
}
impl<'a> SessionRepository<'a> {
pub fn new(db: &'a Database) -> Self {
Self { db }
}
/// Create a new session
pub async fn create(&self, session: &Session) -> Result<()> {
sqlx::query(
"INSERT INTO sessions (id, user_id, token, created_at, expires_at, last_accessed)
VALUES (?, ?, ?, ?, ?, ?)",
)
.bind(&session.id)
.bind(&session.user_id)
.bind(&session.token)
.bind(&session.created_at)
.bind(&session.expires_at)
.bind(&session.last_accessed)
.execute(self.db.pool())
.await?;
Ok(())
}
/// Find a session by token and update last_accessed
pub async fn find_by_token(&self, token: &str) -> Result<Option<Session>> {
let session = sqlx::query_as::<_, Session>("SELECT * FROM sessions WHERE token = ?")
.bind(token)
.fetch_optional(self.db.pool())
.await?;
if let Some(ref s) = session {
if !s.is_expired() {
// Update last_accessed time
sqlx::query("UPDATE sessions SET last_accessed = ? WHERE id = ?")
.bind(Utc::now())
.bind(&s.id)
.execute(self.db.pool())
.await?;
}
}
Ok(session)
}
/// Delete a session (logout)
pub async fn delete(&self, token: &str) -> Result<()> {
sqlx::query("DELETE FROM sessions WHERE token = ?")
.bind(token)
.execute(self.db.pool())
.await?;
Ok(())
}
/// Clean up expired sessions
pub async fn cleanup_expired(&self) -> Result<u64> {
let result = sqlx::query("DELETE FROM sessions WHERE expires_at < ?")
.bind(Utc::now())
.execute(self.db.pool())
.await?;
Ok(result.rows_affected())
}
}
/// Repository for UserPreferences operations
pub struct PreferencesRepository<'a> {
db: &'a Database,
}
impl<'a> PreferencesRepository<'a> {
pub fn new(db: &'a Database) -> Self {
Self { db }
}
/// Get user preferences, creating defaults if not exist
pub async fn get_or_create(&self, user_id: &str) -> Result<UserPreferences> {
let existing = sqlx::query_as::<_, UserPreferences>(
"SELECT * FROM user_preferences WHERE user_id = ?",
)
.bind(user_id)
.fetch_optional(self.db.pool())
.await?;
if let Some(prefs) = existing {
Ok(prefs)
} else {
// Create default preferences
let prefs = UserPreferences::default_for_user(user_id.to_string());
sqlx::query(
"INSERT INTO user_preferences
(user_id, calendar_selected_date, calendar_time_increment,
calendar_view_mode, calendar_theme, calendar_colors, updated_at)
VALUES (?, ?, ?, ?, ?, ?, ?)",
)
.bind(&prefs.user_id)
.bind(&prefs.calendar_selected_date)
.bind(&prefs.calendar_time_increment)
.bind(&prefs.calendar_view_mode)
.bind(&prefs.calendar_theme)
.bind(&prefs.calendar_colors)
.bind(&prefs.updated_at)
.execute(self.db.pool())
.await?;
Ok(prefs)
}
}
/// Update user preferences
pub async fn update(&self, prefs: &UserPreferences) -> Result<()> {
sqlx::query(
"UPDATE user_preferences
SET calendar_selected_date = ?, calendar_time_increment = ?,
calendar_view_mode = ?, calendar_theme = ?,
calendar_colors = ?, updated_at = ?
WHERE user_id = ?",
)
.bind(&prefs.calendar_selected_date)
.bind(&prefs.calendar_time_increment)
.bind(&prefs.calendar_view_mode)
.bind(&prefs.calendar_theme)
.bind(&prefs.calendar_colors)
.bind(Utc::now())
.bind(&prefs.user_id)
.execute(self.db.pool())
.await?;
Ok(())
}
}

2
backend/src/handlers.rs
View File

@@ -2,9 +2,11 @@
mod auth;
mod calendar;
mod events;
mod preferences;
mod series;
pub use auth::{get_user_info, login, verify_token};
pub use calendar::{create_calendar, delete_calendar};
pub use events::{create_event, delete_event, get_calendar_events, refresh_event, update_event};
pub use preferences::{get_preferences, logout, update_preferences};
pub use series::{create_event_series, delete_event_series, update_event_series};

37
backend/src/handlers/auth.rs
View File

@@ -46,41 +46,12 @@ pub async fn login(
println!(" Username: {}", request.username);
println!(" Password length: {}", request.password.len());
// Basic validation
if request.username.is_empty() || request.password.is_empty() || request.server_url.is_empty() {
return Err(ApiError::BadRequest(
"Username, password, and server URL are required".to_string(),
));
}
// Use the auth service login method which now handles database, sessions, and preferences
let response = state.auth_service.login(request).await?;
println!("Input validation passed");
println!("Login successful with session management");
// Create a token using the auth service
println!("📝 Created CalDAV config");
// First verify the credentials are valid by attempting to discover calendars
let config = CalDAVConfig::new(
request.server_url.clone(),
request.username.clone(),
request.password.clone(),
);
let client = CalDAVClient::new(config);
client
.discover_calendars()
.await
.map_err(|e| ApiError::Unauthorized(format!("Authentication failed: {}", e)))?;
let token = state
.auth_service
.generate_token(&request.username, &request.server_url)?;
println!("🔗 Created CalDAV client, attempting to discover calendars...");
Ok(Json(AuthResponse {
token,
username: request.username,
server_url: request.server_url,
}))
Ok(Json(response))
}
pub async fn verify_token(

123
backend/src/handlers/preferences.rs Normal file
View File

@@ -0,0 +1,123 @@
use axum::{
extract::State,
http::{HeaderMap, StatusCode},
response::IntoResponse,
Json,
};
use std::sync::Arc;
use crate::{
db::PreferencesRepository,
models::{ApiError, UpdatePreferencesRequest, UserPreferencesResponse},
AppState,
};
/// Get user preferences
pub async fn get_preferences(
State(state): State<Arc<AppState>>,
headers: HeaderMap,
) -> Result<impl IntoResponse, ApiError> {
// Extract session token from headers
let session_token = headers
.get("X-Session-Token")
.and_then(|h| h.to_str().ok())
.ok_or_else(|| ApiError::Unauthorized("Missing session token".to_string()))?;
// Validate session and get user ID
let user_id = state.auth_service.validate_session(session_token).await?;
// Get preferences from database
let prefs_repo = PreferencesRepository::new(&state.db);
let preferences = prefs_repo
.get_or_create(&user_id)
.await
.map_err(|e| ApiError::Database(format!("Failed to get preferences: {}", e)))?;
Ok(Json(UserPreferencesResponse {
calendar_selected_date: preferences.calendar_selected_date,
calendar_time_increment: preferences.calendar_time_increment,
calendar_view_mode: preferences.calendar_view_mode,
calendar_theme: preferences.calendar_theme,
calendar_colors: preferences.calendar_colors,
}))
}
/// Update user preferences
pub async fn update_preferences(
State(state): State<Arc<AppState>>,
headers: HeaderMap,
Json(request): Json<UpdatePreferencesRequest>,
) -> Result<impl IntoResponse, ApiError> {
// Extract session token from headers
let session_token = headers
.get("X-Session-Token")
.and_then(|h| h.to_str().ok())
.ok_or_else(|| ApiError::Unauthorized("Missing session token".to_string()))?;
// Validate session and get user ID
let user_id = state.auth_service.validate_session(session_token).await?;
// Update preferences in database
let prefs_repo = PreferencesRepository::new(&state.db);
let mut preferences = prefs_repo
.get_or_create(&user_id)
.await
.map_err(|e| ApiError::Database(format!("Failed to get preferences: {}", e)))?;
// Update only provided fields
if request.calendar_selected_date.is_some() {
preferences.calendar_selected_date = request.calendar_selected_date;
}
if request.calendar_time_increment.is_some() {
preferences.calendar_time_increment = request.calendar_time_increment;
}
if request.calendar_view_mode.is_some() {
preferences.calendar_view_mode = request.calendar_view_mode;
}
if request.calendar_theme.is_some() {
preferences.calendar_theme = request.calendar_theme;
}
if request.calendar_colors.is_some() {
preferences.calendar_colors = request.calendar_colors;
}
prefs_repo
.update(&preferences)
.await
.map_err(|e| ApiError::Database(format!("Failed to update preferences: {}", e)))?;
Ok((
StatusCode::OK,
Json(UserPreferencesResponse {
calendar_selected_date: preferences.calendar_selected_date,
calendar_time_increment: preferences.calendar_time_increment,
calendar_view_mode: preferences.calendar_view_mode,
calendar_theme: preferences.calendar_theme,
calendar_colors: preferences.calendar_colors,
}),
))
}
/// Logout user
pub async fn logout(
State(state): State<Arc<AppState>>,
headers: HeaderMap,
) -> Result<impl IntoResponse, ApiError> {
// Extract session token from headers
let session_token = headers
.get("X-Session-Token")
.and_then(|h| h.to_str().ok())
.ok_or_else(|| ApiError::Unauthorized("Missing session token".to_string()))?;
// Delete session
state.auth_service.logout(session_token).await?;
Ok((
StatusCode::OK,
Json(serde_json::json!({
"success": true,
"message": "Logged out successfully"
})),
))
}

18
backend/src/lib.rs
View File

@@ -9,27 +9,37 @@ use tower_http::cors::{Any, CorsLayer};
pub mod auth;
pub mod calendar;
pub mod config;
pub mod db;
pub mod handlers;
pub mod models;
use auth::AuthService;
use db::Database;
#[derive(Clone)]
pub struct AppState {
pub auth_service: AuthService,
pub db: Database,
}
pub async fn run_server() -> Result<(), Box<dyn std::error::Error>> {
// Initialize logging
println!("🚀 Starting Calendar Backend Server");
// Initialize database
let database_url = std::env::var("DATABASE_URL")
.unwrap_or_else(|_| "sqlite:calendar.db".to_string());
let db = Database::new(&database_url).await?;
println!("✅ Database initialized");
// Create auth service
let jwt_secret = std::env::var("JWT_SECRET")
.unwrap_or_else(|_| "your-super-secret-jwt-key-change-in-production".to_string());
let auth_service = AuthService::new(jwt_secret);
let auth_service = AuthService::new(jwt_secret, db.clone());
let app_state = AppState { auth_service };
let app_state = AppState { auth_service, db };
// Build our application with routes
let app = Router::new()
@@ -58,6 +68,10 @@ pub async fn run_server() -> Result<(), Box<dyn std::error::Error>> {
"/api/calendar/events/series/delete",
post(handlers::delete_event_series),
)
// User preferences endpoints
.route("/api/preferences", get(handlers::get_preferences))
.route("/api/preferences", post(handlers::update_preferences))
.route("/api/auth/logout", post(handlers::logout))
.layer(
CorsLayer::new()
.allow_origin(Any)

20
backend/src/models.rs
View File

@@ -16,8 +16,28 @@ pub struct CalDAVLoginRequest {
#[derive(Debug, Serialize)]
pub struct AuthResponse {
pub token: String,
pub session_token: String,
pub username: String,
pub server_url: String,
pub preferences: UserPreferencesResponse,
}
#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct UserPreferencesResponse {
pub calendar_selected_date: Option<String>,
pub calendar_time_increment: Option<i32>,
pub calendar_view_mode: Option<String>,
pub calendar_theme: Option<String>,
pub calendar_colors: Option<String>,
}
#[derive(Debug, Deserialize)]
pub struct UpdatePreferencesRequest {
pub calendar_selected_date: Option<String>,
pub calendar_time_increment: Option<i32>,
pub calendar_view_mode: Option<String>,
pub calendar_theme: Option<String>,
pub calendar_colors: Option<String>,
}
#[derive(Debug, Serialize)]