refactor auth, maybe bug with hashing

2024-09-03 17:06:23 -04:00
parent cc74be72be
commit f0fd79bed8
25 changed files with 776 additions and 1340 deletions
--- a/service/src/auth/model.rs
+++ b/service/src/auth/model.rs
@@ -1,156 +1,29 @@
-use std::{
-  future::{ready, Ready},
-  env,
-};
+use std::future::Future;
+use std::pin::Pin;
+
 use actix_web::{FromRequest, Error as ActixError, HttpRequest, dev::Payload, http};
-use diesel::prelude::*;
-use log::error;
-use redis::Commands;
 use serde::{Serialize, Deserialize};
-use crate::error_handler::ServiceError;
+use crate::{
+  error::ApiError,
+  users::{User, UserResponse},
+};

-use crate::db::{schema::users, connection};
-
-use super::{hash_password, verify_token};
+use super::{Session, SESSION_COOKIE_NAME};

 #[derive(Debug, Serialize, Deserialize)]
-pub struct RegisterUser {
-  pub email: String,
-  pub password: String,
-  pub first_name: String,
-  pub last_name: String,
+pub struct Auth {
+  pub session_id: Option<String>,
+  pub user: UserResponse,
 }

-impl RegisterUser {
-  pub fn convert_to_insert(self) -> Result<InsertUser, ServiceError> {
-    let hash = hash_password(self.password.as_bytes())?;
-    Ok(InsertUser {
-      email: self.email.to_lowercase(),
-      hash,
-      role: "user".to_string(),
-      first_name: self.first_name,
-      last_name: self.last_name,
-      updated_at: chrono::Utc::now().naive_utc(),
-      created_at: chrono::Utc::now().naive_utc(),
-      profile_picture: None,
-      favorites: vec![],
-      verified: false,
-    })
-  }
-}
-
-#[derive(Debug, Serialize, Deserialize)]
-pub struct LoginRequest {
-  pub email: String,
-  pub password: String,
-}
-
-#[derive(Debug, Queryable, QueryableByName, Serialize, Deserialize)]
-#[diesel(table_name = users)]
-pub struct QueryUser {
-  pub email: String,
-  pub hash: String,
-  pub role: String,
-  pub first_name: String,
-  pub last_name: String,
-  pub updated_at: chrono::NaiveDateTime,
-  pub created_at: chrono::NaiveDateTime,
-  pub profile_picture: Option<String>,
-  pub favorites: Vec<String>,
-  pub verified: bool,
-}
-
-impl QueryUser {
-  pub fn get_by_email(email: &str) -> Result<QueryUser, ServiceError> {
-    let mut conn = connection()?;
-    // Check if the user exists by email, case insensitive
-
-    let user = users::table
-      .filter(users::email.eq(email.to_lowercase()))
-      .first(&mut conn)?;
-    Ok(user)
-  }
-}
-
-#[derive(Debug, Insertable, AsChangeset, Serialize, Deserialize)]
-#[diesel(table_name = users)]
-pub struct InsertUser {
-  pub email: String,
-  pub hash: String,
-  pub role: String,
-  pub first_name: String,
-  pub last_name: String,
-  pub updated_at: chrono::NaiveDateTime,
-  pub created_at: chrono::NaiveDateTime,
-  pub profile_picture: Option<String>,
-  pub favorites: Vec<String>,
-  pub verified: bool,
-}
-
-impl InsertUser {
-  pub fn insert(user: Self) -> Result<QueryUser, ServiceError> {
-    let mut conn = connection()?;
-    let user = diesel::insert_into(users::table)
-      .values(user)
-      .get_result(&mut conn)?;
-    Ok(user)
-  }
-
-  pub fn update_profile_picture(
-    email: &str,
-    profile_picture: Option<&str>,
-  ) -> Result<QueryUser, ServiceError> {
-    let mut conn = connection()?;
-    let user = diesel::update(users::table)
-      .filter(users::email.eq(&email))
-      .set(users::profile_picture.eq(profile_picture))
-      .get_result(&mut conn)?;
-    Ok(user)
-  }
-
-  pub fn update_favorites(email: &str, favorites: Vec<String>) -> Result<QueryUser, ServiceError> {
-    let mut conn = connection()?;
-    let user = diesel::update(users::table)
-      .filter(users::email.eq(&email))
-      .set(users::favorites.eq(favorites))
-      .get_result(&mut conn)?;
-    Ok(user)
-  }
-}
-
-#[derive(Debug, Serialize, Deserialize)]
-pub struct ResponseUser {
-  pub email: String,
-  pub role: String,
-  pub first_name: String,
-  pub last_name: String,
-  pub profile_picture: Option<String>,
-}
-
-impl From<QueryUser> for ResponseUser {
-  fn from(user: QueryUser) -> Self {
-    ResponseUser {
-      email: user.email,
-      role: user.role,
-      first_name: user.first_name,
-      last_name: user.last_name,
-      profile_picture: user.profile_picture,
-    }
-  }
-}
-
-#[derive(Debug, Serialize, Deserialize)]
-pub struct JwtAuth {
-  pub token: uuid::Uuid,
-  pub user: ResponseUser,
-}
-
-impl FromRequest for JwtAuth {
+impl FromRequest for Auth {
  type Error = ActixError;
-  type Future = Ready<Result<Self, Self::Error>>;
+  type Future = Pin<Box<dyn Future<Output = Result<Self, Self::Error>>>>;
+
  fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future {
-    let access_token = match req
-      .cookie("access_token")
+    // Get session ID from request
+    let session_id = match req
+      .cookie(SESSION_COOKIE_NAME)
      .map(|c| c.value().to_string())
      .or_else(|| {
        req
@@ -158,75 +31,37 @@ impl FromRequest for JwtAuth {
          .get(http::header::AUTHORIZATION)
          .map(|h| h.to_str().unwrap().split_at(7).1.to_string())
      }) {
-      Some(token) => token,
+      Some(id) => id,
      None => {
-        return ready(Err(ActixError::from(ServiceError {
-          status: 401,
-          message: "Unauthorized".to_string(),
-        })))
+        let fut = async {
+          Err(
+            ApiError {
+              status: 401,
+              message: "No session ID found in the request".to_string(),
+            }
+            .into(),
+          )
+        };
+        return Box::pin(fut);
      }
    };

-    let keys_dir = env::var("KEYS_DIR_PATH").expect("KEYS_DIR_PATH must be set");
-    let public_key = std::fs::read_to_string(format!("{}/access_public_key.pem", keys_dir))
-      .expect("Failed to read access public key");
+    // Get IP address from request
+    let ip_address = req.peer_addr().unwrap().ip().to_string();

-    let access_token_details = match verify_token(&access_token, &public_key) {
-      Ok(token_details) => token_details,
-      Err(err) => {
-        error!("Failed to verify access token: {}", err);
-        return ready(Err(ActixError::from(ServiceError {
-          status: 401,
-          message: format!("Failed to verify access token: {}", err),
-        })));
+    // Verify the session
+    let fut = async move {
+      match Session::verify(&session_id, &ip_address).await {
+        Ok(session) => match User::get_by_email(&session.email) {
+          Ok(user) => Ok(Auth {
+            session_id: Some(session_id),
+            user: user.into(),
+          }),
+          Err(err) => Err(err.into()),
+        },
+        Err(err) => Err(err.into()),
      }
    };
-
-    let access_token_uuid =
-      uuid::Uuid::parse_str(&access_token_details.token_uuid.to_string()).unwrap();
-
-    let mut conn = match crate::db::redis_connection() {
-      Ok(conn) => conn,
-      Err(err) => {
-        error!("Failed to get redis connection: {}", err);
-        return ready(Err(ActixError::from(ServiceError {
-          status: 500,
-          message: format!("Failed to get redis connection: {}", err),
-        })));
-      }
-    };
-    let user_email = match conn.get::<_, String>(access_token_uuid.clone().to_string()) {
-      Ok(result) => result,
-      Err(_) => {
-        return ready(Err(ActixError::from(ServiceError {
-          status: 401,
-          message: format!("Access token was not found"),
-        })))
-      }
-    };
-
-    match QueryUser::get_by_email(&user_email) {
-      Ok(user) => ready(Ok(JwtAuth {
-        token: access_token_uuid,
-        user: user.into(),
-      })),
-      Err(_) => {
-        return ready(Err(ActixError::from(ServiceError {
-          status: 401,
-          message: format!("User was not found"),
-        })))
-      }
-    }
-  }
-}
-
-pub fn verify_role(auth: &JwtAuth, role: &str) -> Result<(), ServiceError> {
-  if auth.user.role == role {
-    Ok(())
-  } else {
-    Err(ServiceError {
-      status: 403,
-      message: "Forbidden".to_string(),
-    })
+    Box::pin(fut)
  }
 }