add required authentication

author: niliara-edu <nil.jimeno@estudiant.fjaverianas.com> 2025-01-25 13:30:27 +0100
committer: niliara-edu <nil.jimeno@estudiant.fjaverianas.com> 2025-01-25 13:30:27 +0100
commit: ef604ccb6e86b77517a78547bb50cdf9b82e03f0 (patch)
tree: af490a61546a38ad1fbb40e43e985cc6ff82fd34
parent: c2786c4b9d704128da80ce4ed6513b9f5507b680 (diff)
6 files changed, 39 insertions, 8 deletions
diff --git a/curl_examples b/curl_examples
deleted file mode 100644
index 0c3ac05..0000000
--- a/curl_examples
+++ /dev/null
@@ -1,2 +0,0 @@
-curl localhost:8000/auth/protected -H "Accept: application/json" -H "Authorization: token_here"
-curlie  -f [POST/PUT/DELETE]  :8000/api/[song/album/artist]  argument=value
diff --git a/curlie_guide b/curlie_guide
new file mode 100644
index 0000000..40769b7
--- /dev/null
+++ b/curlie_guide
@@ -0,0 +1,5 @@
+curlie
+-f [POST/PUT/DELETE] (leave empty for GET)
+(:8000/api/[song/album/artist] || :8000/auth/[encode_token/decode_token/protected])
+argument=value (ex: id=2)
+header:value (for tokens: Accept:application/json Authorization:token_here)
diff --git a/src/api/album.rs b/src/api/album.rs
index 3f91cd0..b395010 100644
--- a/src/api/album.rs
+++ b/src/api/album.rs
@@ -1,5 +1,6 @@
 use crate::api::{get_response_from_query, Response};
 use crate::database::{Album, AlbumPost, AlbumPut, Delete};
+use crate::extractors::auth_token::AuthenticationToken;
 use crate::AppState;
 use actix_web::{delete, get, post, put, web, HttpResponse};
 use serde::Deserialize;
@@ -55,6 +56,7 @@ pub async fn get_album(
 pub async fn post_album(
     app_state: web::Data<AppState>,
     request_data: web::Json<AlbumPost>,
+    _auth_token: AuthenticationToken,
 ) -> HttpResponse {
     get_response_from_query(
         app_state
@@ -69,9 +71,13 @@ pub async fn post_album(
 pub async fn put_album(
     app_state: web::Data<AppState>,
     request_data: web::Json<AlbumPut>,
+    _auth_token: AuthenticationToken,
 ) -> HttpResponse {
     get_response_from_query(
-        app_state.database.edit_album(request_data.into_inner()).await,
+        app_state
+            .database
+            .edit_album(request_data.into_inner())
+            .await,
         "PUT".to_string(),
     )
 }
@@ -80,6 +86,7 @@ pub async fn put_album(
 pub async fn delete_album(
     app_state: web::Data<AppState>,
     request_data: web::Json<Delete>,
+    _auth_token: AuthenticationToken,
 ) -> HttpResponse {
     /* Check if ID is valid (return -1 if invalid) */
     let id: i32 = request_data
diff --git a/src/api/artist.rs b/src/api/artist.rs
index 155f982..6cc0f35 100644
--- a/src/api/artist.rs
+++ b/src/api/artist.rs
@@ -1,5 +1,6 @@
 use crate::api::{get_response_from_query, Response};
 use crate::database::{Artist, ArtistPost, ArtistPut, Delete};
+use crate::extractors::auth_token::AuthenticationToken;
 use crate::AppState;
 use actix_web::{delete, get, post, put, web, HttpResponse};
 use serde::Deserialize;
@@ -50,6 +51,7 @@ pub async fn get_artist(
 pub async fn post_artist(
     app_state: web::Data<AppState>,
     request_data: web::Json<ArtistPost>,
+    _auth_token: AuthenticationToken,
 ) -> HttpResponse {
     get_response_from_query(
         app_state
@@ -64,9 +66,13 @@ pub async fn post_artist(
 pub async fn put_artist(
     app_state: web::Data<AppState>,
     request_data: web::Json<ArtistPut>,
+    _auth_token: AuthenticationToken,
 ) -> HttpResponse {
     get_response_from_query(
-        app_state.database.edit_artist(request_data.into_inner()).await,
+        app_state
+            .database
+            .edit_artist(request_data.into_inner())
+            .await,
         "PUT".to_string(),
     )
 }
@@ -75,6 +81,7 @@ pub async fn put_artist(
 pub async fn delete_artist(
     app_state: web::Data<AppState>,
     request_data: web::Json<Delete>,
+    _auth_token: AuthenticationToken,
 ) -> HttpResponse {
     /* Check if ID is valid (return -1 if invalid) */
     let id: i32 = request_data
diff --git a/src/api/song.rs b/src/api/song.rs
index 698f27a..3748210 100644
--- a/src/api/song.rs
+++ b/src/api/song.rs
@@ -1,5 +1,6 @@
 use crate::api::{get_response_from_query, Response};
 use crate::database::{Delete, Song, SongPost, SongPut};
+use crate::extractors::auth_token::AuthenticationToken;
 use crate::AppState;
 use actix_web::{delete, get, post, put, web, HttpResponse};
 use serde::Deserialize;
@@ -60,9 +61,13 @@ pub async fn get_song(
 pub async fn post_song(
     app_state: web::Data<AppState>,
     request_data: web::Json<SongPost>,
+    _auth_token: AuthenticationToken,
 ) -> HttpResponse {
     get_response_from_query(
-        app_state.database.create_song(request_data.into_inner()).await,
+        app_state
+            .database
+            .create_song(request_data.into_inner())
+            .await,
         "POST".to_string(),
     )
 }
@@ -71,9 +76,13 @@ pub async fn post_song(
 pub async fn put_song(
     app_state: web::Data<AppState>,
     request_data: web::Json<SongPut>,
+    _auth_token: AuthenticationToken,
 ) -> HttpResponse {
     get_response_from_query(
-        app_state.database.edit_song(request_data.into_inner()).await,
+        app_state
+            .database
+            .edit_song(request_data.into_inner())
+            .await,
         "PUT".to_owned(),
     )
 }
@@ -82,6 +91,7 @@ pub async fn put_song(
 pub async fn delete_song(
     app_state: web::Data<AppState>,
     request_data: web::Json<Delete>,
+    _auth_token: AuthenticationToken,
 ) -> HttpResponse {
     /* Check if ID is valid (return -1 if invalid) */
     let id: i32 = request_data
diff --git a/src/extractors/auth_token.rs b/src/extractors/auth_token.rs
index c505fdf..6ad2a45 100644
--- a/src/extractors/auth_token.rs
+++ b/src/extractors/auth_token.rs
@@ -16,8 +16,12 @@ impl FromRequest for AuthenticationToken {
 
     fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future {
         // get auth token from the authorization header
-        let auth_header: Option<&HeaderValue> = req.headers().get(http::header::AUTHORIZATION);
-        let auth_token: String = auth_header.unwrap().to_str().unwrap_or("").to_string(); // check errors later
+        let auth_header: &HeaderValue = match req.headers().get(http::header::AUTHORIZATION) {
+            Some(res) => res,
+            None => { return ready(Err(ErrorUnauthorized("No authorization token given")))},
+        };
+
+        let auth_token: String = auth_header.to_str().unwrap_or("").to_string(); // check errors later
         // stop empty and weird (ascii, chinese...) auth_token strings:
         if auth_token.is_empty() { return ready(Err(ErrorUnauthorized("Invalid auth token!")))}
         let secret: String = req.app_data::<web::Data<AppState>>().unwrap().secret.to_string();
author	niliara-edu <nil.jimeno@estudiant.fjaverianas.com>	2025-01-25 13:30:27 +0100
committer	niliara-edu <nil.jimeno@estudiant.fjaverianas.com>	2025-01-25 13:30:27 +0100
commit	ef604ccb6e86b77517a78547bb50cdf9b82e03f0 (patch)
tree	af490a61546a38ad1fbb40e43e985cc6ff82fd34
parent	c2786c4b9d704128da80ce4ed6513b9f5507b680 (diff)