Working on access/refresh tokens

service/src/auth/model.rs

@@ -1,10 +1,14 @@
+use std::{future::{ready, Ready}, env};
+use actix_web::{FromRequest, Error as ActixError, HttpRequest, dev::Payload, http};
 use diesel::prelude::*;
+use log::error;
+use redis::Commands;
 use serde::{Serialize, Deserialize};
 use siren::ServiceError;
 
 use crate::db::schema::users;
 
-use super::hash_password;
+use super::{hash_password, verify_token};
 
 #[derive(Debug, Serialize, Deserialize)]
 pub struct RegisterUser {
@@ -33,11 +37,6 @@ pub struct LoginRequest {
   pub password: String,
 }
 
-#[derive(Debug, Serialize, Deserialize)]
-pub struct LoginResponse {
-  pub token: String,
-}
-
 #[derive(Debug, Queryable, QueryableByName, Serialize, Deserialize)]
 #[diesel(table_name = users)]
 pub struct QueryUser {
@@ -79,3 +78,75 @@ impl InsertUser {
     Ok(user)
   }
 }
+
+#[derive(Debug, Serialize, Deserialize)]
+pub struct JwtAuth {
+  pub access_token_uuid: uuid::Uuid
+}
+
+impl FromRequest for JwtAuth {
+  type Error = ActixError;
+  type Future = Ready<Result<Self, Self::Error>>;
+  fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future {
+    let access_token = match req
+      .cookie("access_token")
+      .map(|c| c.value().to_string())
+      .or_else(|| {
+        req.headers().get(http::header::AUTHORIZATION)
+        .map(|h| h.to_str().unwrap().split_at(7).1.to_string())
+      }) {
+        Some(token) => token,
+        None => return ready(Err(ActixError::from(ServiceError {
+          status: 401,
+          message: "Unauthorized".to_string()
+        })))
+      };
+
+    let public_key = env::var("ACCESS_TOKEN_PUBLIC_KEY")
+      .expect("ACCESS_TOKEN_PUBLIC_KEY must be set");
+
+    let access_token_details = match verify_token(&access_token, &public_key) {
+      Ok(token_details) => token_details,
+      Err(err) => {
+        error!("Failed to verify access token: {}", err);
+        return ready(Err(ActixError::from(ServiceError {
+          status: 401,
+          message: format!("Failed to verify access token: {}", err)
+        })))
+      }
+    };
+
+    let access_token_uuid = uuid::Uuid::parse_str(&access_token_details.token_uuid.to_string()).unwrap();
+    
+    let mut conn = match crate::db::redis_connection() {
+      Ok(conn) => conn,
+      Err(err) => {
+        error!("Failed to get redis connection: {}", err);
+        return ready(Err(ActixError::from(ServiceError {
+          status: 500,
+          message: format!("Failed to get redis connection: {}", err)
+        })))
+      }
+    };
+    let user_email = match conn.get::<_, String>(access_token_uuid.clone().to_string()) {
+      Ok(result) => result,
+      Err(err) => {
+        error!("Failed to get access token from redis: {}", err);
+        return ready(Err(ActixError::from(ServiceError {
+          status: 500,
+          message: format!("Failed to get access token from redis: {}", err)
+        })))
+      }
+    };
+
+    match QueryUser::get_by_email(&user_email) {
+      Ok(_) => {
+        ready(Ok(JwtAuth { access_token_uuid }))
+      }
+      Err(err) => return ready(Err(ActixError::from(ServiceError {
+        status: 500,
+        message: format!("Failed to get user from db: {}", err)
+      })))
+    }
+  }
+}