Temp updated
This commit is contained in:
Benjamin Sherriff
@@ -1,6 +1,6 @@
|
||||
use std::future::{ready, Ready};
|
||||
use std::{future::{ready, Ready, Future}, pin::Pin};
|
||||
use actix_identity::Identity;
|
||||
use actix_web::{FromRequest, Error as ActixError, HttpRequest, dev::Payload};
|
||||
use actix_web::{FromRequest, Error as ActixError, HttpRequest, dev::Payload, error::{ErrorUnauthorized, ErrorInternalServerError}};
|
||||
use argon2::{password_hash::{rand_core::OsRng, PasswordHasher, PasswordVerifier, SaltString, Error as HashError}, Argon2, PasswordHash};
|
||||
use diesel::prelude::*;
|
||||
use serde::{Serialize, Deserialize};
|
||||
@@ -42,25 +42,47 @@ pub struct LoggedUser {
|
||||
|
||||
impl FromRequest for LoggedUser {
|
||||
type Error = ActixError;
|
||||
type Future = Ready<Result<LoggedUser, ActixError>>;
|
||||
// type Future = Ready<Result<LoggedUser, ActixError>>;
|
||||
// type Future = std::pin::Pin<Box<dyn std::future::Future<Output = Result<LoggedUser, ActixError>>>>;
|
||||
type Future = Pin<Box<dyn Future<Output = Result<Self, Self::Error>>>>;
|
||||
|
||||
fn from_request(req: &HttpRequest, pl: &mut Payload) -> Self::Future {
|
||||
if let Ok(identity) = Identity::from_request(req, pl).into_inner() {
|
||||
if let Ok(user_json) = identity.id() {
|
||||
if let Ok(user) = serde_json::from_str(&user_json) {
|
||||
return ready(Ok(user));
|
||||
}
|
||||
}
|
||||
}
|
||||
std::future::ready(Err(
|
||||
ActixError::from(ServiceError {
|
||||
status: 401,
|
||||
message: "Unauthorized".to_string(),
|
||||
})
|
||||
))
|
||||
// if let Ok(identity) = Identity::from_request(req, pl).into_inner() {
|
||||
// if let Ok(user_json) = identity.id() {
|
||||
// if let Ok(user) = serde_json::from_str(&user_json) {
|
||||
// return ready(Ok(user));
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
// std::future::ready(Err(
|
||||
// ActixError::from(ServiceError {
|
||||
// status: 401,
|
||||
// message: "Unauthorized".to_string(),
|
||||
// })
|
||||
// ))
|
||||
let identity = Identity::extract(req).into_inner();
|
||||
Box::pin(async move {
|
||||
process_req_auth_data(identity).await
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
async fn process_req_auth_data(identity: Result<Identity, ActixError>) -> Result<LoggedUser, ActixError> {
|
||||
let id = identity
|
||||
.map_err(|_| ErrorUnauthorized("You are not logged in; 1"))?
|
||||
.id()
|
||||
.map_err(|_| ErrorUnauthorized("You are not logged in; 3"))?;
|
||||
let logged_user = match serde_json::from_str::<LoggedUser>(&id) {
|
||||
Ok(user) => user,
|
||||
Err(err) => return Err(ErrorInternalServerError(err))
|
||||
};
|
||||
|
||||
let user = QueryUser::get_by_email(&logged_user.email)
|
||||
.map_err(|_| ErrorUnauthorized("You are not logged in; 3"))?;
|
||||
|
||||
Ok(LoggedUser { email: user.email })
|
||||
}
|
||||
|
||||
#[derive(Debug, Queryable, QueryableByName, Serialize, Deserialize)]
|
||||
#[diesel(table_name = users)]
|
||||
pub struct QueryUser {
|
||||
|
||||
@@ -30,39 +30,38 @@ async fn register(user: web::Json<RegisterUser>) -> HttpResponse {
|
||||
async fn login(req: HttpRequest, auth: web::Json<LoginAuth>) -> HttpResponse {
|
||||
let email = auth.email.clone();
|
||||
|
||||
match QueryUser::get_by_email(&email) {
|
||||
Ok(query_user) => {
|
||||
let hash = query_user.hash;
|
||||
let password = auth.password.as_bytes();
|
||||
match verify(&hash, password) {
|
||||
Ok(_) => {
|
||||
let user = LoggedUser {
|
||||
email: email.clone()
|
||||
};
|
||||
let user_string = serde_json::to_string(&user).unwrap();
|
||||
match Identity::login(&req.extensions(), user_string) {
|
||||
Ok(_) => HttpResponse::Ok().finish(),
|
||||
Err(err) => return ResponseError::error_response(&err)
|
||||
}
|
||||
},
|
||||
Err(err) => ResponseError::error_response(&ServiceError {
|
||||
status: 401,
|
||||
message: err.to_string()
|
||||
})
|
||||
let query_user = match QueryUser::get_by_email(&email) {
|
||||
Ok(query_user) => query_user,
|
||||
Err(err) => return ResponseError::error_response(&err)
|
||||
};
|
||||
let hash = query_user.hash;
|
||||
let password = auth.password.as_bytes();
|
||||
match verify(&hash, password) {
|
||||
Ok(_) => {
|
||||
let user = LoggedUser {
|
||||
email: email.clone()
|
||||
};
|
||||
let user_string = serde_json::to_string(&user).unwrap();
|
||||
match Identity::login(&req.extensions(), user_string) {
|
||||
Ok(_) => HttpResponse::Ok().finish(),
|
||||
Err(err) => return ResponseError::error_response(&err)
|
||||
}
|
||||
},
|
||||
Err(err) => ResponseError::error_response(&err)
|
||||
Err(err) => ResponseError::error_response(&ServiceError {
|
||||
status: 401,
|
||||
message: err.to_string()
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
#[post("/logout")]
|
||||
async fn logout(id: Identity) -> HttpResponse {
|
||||
id.logout();
|
||||
async fn logout(identity: Identity) -> HttpResponse {
|
||||
identity.logout();
|
||||
HttpResponse::Ok().finish()
|
||||
}
|
||||
|
||||
#[get("/me")]
|
||||
async fn me(user: LoggedUser) -> HttpResponse {
|
||||
#[get("/ping")]
|
||||
async fn ping(user: LoggedUser) -> HttpResponse {
|
||||
HttpResponse::Ok().json(user)
|
||||
}
|
||||
|
||||
@@ -71,5 +70,5 @@ pub fn init_routes(config: &mut web::ServiceConfig) {
|
||||
.service(register)
|
||||
.service(login)
|
||||
.service(logout)
|
||||
.service(me));
|
||||
.service(ping));
|
||||
}
|
||||
Reference in New Issue
Block a user