Working with httpauth, trying to use extractors

2023-10-18 10:24:43 -04:00
parent d3965efd28
commit d245e41978
9 changed files with 199 additions and 209 deletions
--- a/service/src/auth/routes.rs
+++ b/service/src/auth/routes.rs
@@ -0,0 +1,73 @@
+use actix_web::{get, post, web, HttpResponse, ResponseError};
+use actix_web_httpauth::middleware::HttpAuthentication;
+use siren::ServiceError;
+
+use crate::auth::{LoginRequest, RegisterUser, InsertUser, QueryUser, verify_password, create_token, LoginResponse};
+
+use super::validator;
+
+#[post("/register")]
+async fn register(user: web::Json<RegisterUser>) -> HttpResponse {
+  let register_user = user.0;
+  let insert_user: InsertUser = match register_user.convert_to_insert() {
+    Ok(user) => user,
+    Err(err) => return ResponseError::error_response(&err)
+  };
+  match InsertUser::insert(insert_user) {
+    Ok(_) => {
+      HttpResponse::Created().finish()
+    },
+    Err(err) => {
+      // Obfuscate the service error message to prevent leaking database details
+      if err.status == 409 {
+        return HttpResponse::Conflict().finish();
+      } else {
+        return ResponseError::error_response(&err);
+      }
+    }
+  }
+}
+
+#[post("/login")]
+async fn login(request: web::Json<LoginRequest>) -> HttpResponse {
+  let email = request.email.clone();
+
+  let query_user = match QueryUser::get_by_email(&email) {
+    Ok(query_user) => query_user,
+    Err(err) => return ResponseError::error_response(&err)
+  };
+  let hash = query_user.hash;
+  let password = request.password.as_bytes();
+  match verify_password(&hash, password) {
+    Ok(_) => {
+      let token = create_token(&email);
+      HttpResponse::Ok().json(LoginResponse { token })
+    },
+    Err(err) => ResponseError::error_response(&ServiceError {
+      status: 401,
+      message: err.to_string()
+    })
+  }
+}
+
+#[post("/logout")]
+async fn logout() -> HttpResponse {
+  HttpResponse::Ok().finish()
+}
+
+#[get("/ping")]
+async fn ping() -> HttpResponse {
+  HttpResponse::Ok().finish()
+}
+
+pub fn init_routes(config: &mut web::ServiceConfig) {
+  let auth = HttpAuthentication::bearer(validator);
+  config.service(web::scope("auth")
+    .service(register)
+    .service(login)
+    .service(web::scope("")
+      .wrap(auth)
+      .service(logout)
+      .service(ping)
+    ));
+}