diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/api.rs | 23 | ||||
| -rw-r--r-- | src/api/album.rs | 60 | ||||
| -rw-r--r-- | src/api/artist.rs | 59 | ||||
| -rw-r--r-- | src/api/mod.rs | 43 | ||||
| -rw-r--r-- | src/api/search_results.rs | 2 | ||||
| -rw-r--r-- | src/api/song.rs | 52 | ||||
| -rw-r--r-- | src/auth.rs | 68 | ||||
| -rw-r--r-- | src/database.rs | 2 | ||||
| -rw-r--r-- | src/extractors/auth_token.rs | 43 | ||||
| -rw-r--r-- | src/extractors/mod.rs | 1 | ||||
| -rw-r--r-- | src/main.rs | 16 | ||||
| -rw-r--r-- | src/structs.rs | 35 |
12 files changed, 250 insertions, 154 deletions
diff --git a/src/api.rs b/src/api.rs deleted file mode 100644 index 1810f24..0000000 --- a/src/api.rs +++ /dev/null @@ -1,23 +0,0 @@ -use actix_web::{web, Scope}; - -pub mod song; -pub mod album; -pub mod artist; -pub mod search_results; - -pub fn api_scope() -> Scope { - web::scope("/api") - .service(song::get_song) - .service(song::post_song) - .service(song::put_song) - .service(song::delete_song) - .service(album::get_album) - .service(album::post_album) - .service(album::put_album) - .service(album::delete_album) - .service(artist::get_artist) - .service(artist::post_artist) - .service(artist::put_artist) - .service(artist::delete_artist) - .service(search_results::search_results) -} diff --git a/src/api/album.rs b/src/api/album.rs index d9d0d52..3f91cd0 100644 --- a/src/api/album.rs +++ b/src/api/album.rs @@ -1,8 +1,10 @@ +use crate::api::{get_response_from_query, Response}; use crate::database::{Album, AlbumPost, AlbumPut, Delete}; use crate::AppState; use actix_web::{delete, get, post, put, web, HttpResponse}; use serde::Deserialize; +/* Possible arguments ( /album?arg=value ) */ #[derive(Deserialize)] struct AlbumQueryOptions { id: Option<String>, @@ -15,19 +17,23 @@ pub async fn get_album( app_state: web::Data<AppState>, get_args: web::Query<AlbumQueryOptions>, ) -> HttpResponse { - let default = String::from(""); + /* Avoid lifespan issues */ + let default = String::default(); + /* Handle individual result for search-by-id */ if get_args.id.is_some() { let id: &str = get_args.id.as_ref().unwrap_or(&default); - let search_attempt: sqlx::Result<Option<Album>> = + let query_result: sqlx::Result<Option<Album>> = app_state.database.select_album_by_id(id).await; - return match search_attempt { + return match query_result { Ok(song_list) => HttpResponse::Ok().json(song_list), Err(e) => HttpResponse::Ok().body(format!("{}", e)), }; } - let search_attempt: sqlx::Result<Vec<Album>, sqlx::Error> = match true { + + /* Handle N results */ + let query_result: sqlx::Result<Vec<Album>, sqlx::Error> = match true { _ if get_args.name.is_some() => { let name: &str = &get_args.name.as_ref().unwrap_or(&default); app_state.database.select_albums_by_name(name).await @@ -39,7 +45,7 @@ pub async fn get_album( _ => app_state.database.select_albums().await, }; - match search_attempt { + match query_result { Ok(album_list) => HttpResponse::Ok().json(album_list), Err(e) => HttpResponse::Ok().body(format!("{}", e)), } @@ -48,35 +54,35 @@ pub async fn get_album( #[post("/album")] pub async fn post_album( app_state: web::Data<AppState>, - post_data: web::Json<AlbumPost>, + request_data: web::Json<AlbumPost>, ) -> HttpResponse { - match app_state - .database - .create_album(post_data.into_inner()) - .await - { - Ok(_) => HttpResponse::Ok().body("Post succeeded\n"), - Err(e) => HttpResponse::Ok().body(format!("{}", e)), - } + get_response_from_query( + app_state + .database + .create_album(request_data.into_inner()) + .await, + "POST".to_string(), + ) } #[put("/album")] pub async fn put_album( app_state: web::Data<AppState>, - post_data: web::Json<AlbumPut>, + request_data: web::Json<AlbumPut>, ) -> HttpResponse { - match app_state.database.edit_album(post_data.into_inner()).await { - Ok(_) => HttpResponse::Ok().body("Put succeeded\n"), - Err(e) => HttpResponse::Ok().body(format!("{}", e)), - } + get_response_from_query( + app_state.database.edit_album(request_data.into_inner()).await, + "PUT".to_string(), + ) } #[delete("/album")] pub async fn delete_album( app_state: web::Data<AppState>, - post_data: web::Json<Delete>, + request_data: web::Json<Delete>, ) -> HttpResponse { - let id: i32 = post_data + /* Check if ID is valid (return -1 if invalid) */ + let id: i32 = request_data .into_inner() .id .unwrap_or(String::default()) @@ -84,11 +90,13 @@ pub async fn delete_album( .unwrap_or(-1); if id == -1 { - return HttpResponse::Ok().body("Invalid id value, code not executed\n"); + return HttpResponse::BadRequest().json(Response { + message: "Invalid id value, code not executed\n".to_owned(), + }); } - match app_state.database.delete_album(id).await { - Ok(_) => HttpResponse::Ok().body("Deletion succeeded\n".to_owned()), - Err(e) => HttpResponse::Ok().body(format!("There was an issue in the request:\n{}", e)), - } + get_response_from_query( + app_state.database.delete_album(id).await, + "POST".to_string(), + ) } diff --git a/src/api/artist.rs b/src/api/artist.rs index 81ae773..155f982 100644 --- a/src/api/artist.rs +++ b/src/api/artist.rs @@ -1,8 +1,10 @@ +use crate::api::{get_response_from_query, Response}; use crate::database::{Artist, ArtistPost, ArtistPut, Delete}; use crate::AppState; use actix_web::{delete, get, post, put, web, HttpResponse}; use serde::Deserialize; +/* Possible arguments ( /artist?arg=value ) */ #[derive(Deserialize)] struct ArtistQueryOptions { id: Option<String>, @@ -14,20 +16,23 @@ pub async fn get_artist( app_state: web::Data<AppState>, get_args: web::Query<ArtistQueryOptions>, ) -> HttpResponse { - let default = String::from(""); + /* Avoid lifespan issues */ + let default = String::default(); + /* Handle individual result for search-by-id */ if get_args.id.is_some() { let id: &str = get_args.id.as_ref().unwrap_or(&default); - let search_attempt: sqlx::Result<Option<Artist>> = + let query_result: sqlx::Result<Option<Artist>> = app_state.database.select_artist_by_id(id).await; - return match search_attempt { + return match query_result { Ok(song_list) => HttpResponse::Ok().json(song_list), Err(e) => HttpResponse::Ok().body(format!("{}", e)), }; } - let search_attempt: sqlx::Result<Vec<Artist>, sqlx::Error> = match true { + /* Handle N results */ + let query_result: sqlx::Result<Vec<Artist>, sqlx::Error> = match true { _ if get_args.name.is_some() => { let name: &str = &get_args.name.as_ref().unwrap_or(&default); app_state.database.select_artists_by_name(name).await @@ -35,7 +40,7 @@ pub async fn get_artist( _ => app_state.database.select_artists().await, }; - match search_attempt { + match query_result { Ok(artist_list) => HttpResponse::Ok().json(artist_list), Err(e) => HttpResponse::Ok().body(format!("{}", e)), } @@ -44,35 +49,35 @@ pub async fn get_artist( #[post("/artist")] pub async fn post_artist( app_state: web::Data<AppState>, - post_data: web::Json<ArtistPost>, + request_data: web::Json<ArtistPost>, ) -> HttpResponse { - match app_state - .database - .create_artist(post_data.into_inner()) - .await - { - Ok(_) => HttpResponse::Ok().body("Post succeeded\n"), - Err(e) => HttpResponse::Ok().body(format!("{}", e)), - } + get_response_from_query( + app_state + .database + .create_artist(request_data.into_inner()) + .await, + "POST".to_string(), + ) } #[put("/artist")] pub async fn put_artist( app_state: web::Data<AppState>, - post_data: web::Json<ArtistPut>, + request_data: web::Json<ArtistPut>, ) -> HttpResponse { - match app_state.database.edit_artist(post_data.into_inner()).await { - Ok(_) => HttpResponse::Ok().body("Put succeeded\n"), - Err(e) => HttpResponse::Ok().body(format!("{}", e)), - } + get_response_from_query( + app_state.database.edit_artist(request_data.into_inner()).await, + "PUT".to_string(), + ) } #[delete("/artist")] pub async fn delete_artist( app_state: web::Data<AppState>, - post_data: web::Json<Delete>, + request_data: web::Json<Delete>, ) -> HttpResponse { - let id: i32 = post_data + /* Check if ID is valid (return -1 if invalid) */ + let id: i32 = request_data .into_inner() .id .unwrap_or(String::default()) @@ -80,11 +85,13 @@ pub async fn delete_artist( .unwrap_or(-1); if id == -1 { - return HttpResponse::Ok().body("Invalid id value, code not executed\n"); + return HttpResponse::BadRequest().json(Response { + message: "Invalid id value, code not executed\n".to_owned(), + }); } - match app_state.database.delete_artist(id).await { - Ok(_) => HttpResponse::Ok().body("Deletion succeeded\n\n"), - Err(e) => HttpResponse::Ok().body(format!("There was an issue in the request:\n{}", e)), - } + get_response_from_query( + app_state.database.delete_artist(id).await, + "DELETE".to_string(), + ) } diff --git a/src/api/mod.rs b/src/api/mod.rs new file mode 100644 index 0000000..d07079a --- /dev/null +++ b/src/api/mod.rs @@ -0,0 +1,43 @@ +use actix_web::{web, HttpResponse, Scope}; +use serde::{Deserialize, Serialize}; + +pub mod album; +pub mod artist; +pub mod search_results; +pub mod song; + +pub fn api_scope() -> Scope { + web::scope("/api") + .service(song::get_song) + .service(song::post_song) + .service(song::put_song) + .service(song::delete_song) + .service(album::get_album) + .service(album::post_album) + .service(album::put_album) + .service(album::delete_album) + .service(artist::get_artist) + .service(artist::post_artist) + .service(artist::put_artist) + .service(artist::delete_artist) + .service(search_results::search_results) +} + +#[derive(Serialize, Deserialize)] +pub struct Response { + message: String, +} + +pub fn get_response_from_query( + query: Result<sqlx::mysql::MySqlQueryResult, sqlx::Error>, + method: String, +) -> HttpResponse { + match query { + Ok(_) => HttpResponse::Ok().json(Response { + message: format!("{} request executed with no errors", method).to_owned(), + }), + Err(e) => HttpResponse::BadRequest().json(Response { + message: format!("There was an issue in the request: {}", e).to_owned(), + }), + } +} diff --git a/src/api/search_results.rs b/src/api/search_results.rs index 6456ff9..585ba2c 100644 --- a/src/api/search_results.rs +++ b/src/api/search_results.rs @@ -14,7 +14,7 @@ pub async fn search_results( app_state: web::Data<AppState>, get_args: web::Query<SearchQueryOptions>, ) -> HttpResponse { - let default: String = String::from(""); + let default: String = String::default(); if get_args.id.is_some() { let id: &str = get_args.id.as_ref().unwrap_or(&default); diff --git a/src/api/song.rs b/src/api/song.rs index 850c759..698f27a 100644 --- a/src/api/song.rs +++ b/src/api/song.rs @@ -1,8 +1,10 @@ +use crate::api::{get_response_from_query, Response}; use crate::database::{Delete, Song, SongPost, SongPut}; use crate::AppState; use actix_web::{delete, get, post, put, web, HttpResponse}; use serde::Deserialize; +/* Possible arguments ( /song?arg=value ) */ #[derive(Deserialize)] struct SongQueryOptions { id: Option<String>, @@ -16,20 +18,23 @@ pub async fn get_song( app_state: web::Data<AppState>, get_args: web::Query<SongQueryOptions>, ) -> HttpResponse { - let default = String::from(""); + /* Avoid lifespan issues */ + let default = String::default(); + /* Handle individual result for search-by-id */ if get_args.id.is_some() { let id: &str = get_args.id.as_ref().unwrap_or(&default); - let search_attempt: sqlx::Result<Option<Song>> = + let query_result: sqlx::Result<Option<Song>> = app_state.database.select_song_by_id(id).await; - return match search_attempt { + return match query_result { Ok(song_list) => HttpResponse::Ok().json(song_list), Err(e) => HttpResponse::Ok().body(format!("{}", e)), }; } - let search_attempt: sqlx::Result<Vec<Song>> = match true { + /* Handle N results */ + let query_result: sqlx::Result<Vec<Song>> = match true { _ if get_args.name.is_some() => { let name: &str = get_args.name.as_ref().unwrap_or(&default); app_state.database.select_songs_by_name(name).await @@ -45,7 +50,7 @@ pub async fn get_song( _ => app_state.database.select_songs().await, }; - match search_attempt { + match query_result { Ok(song_list) => HttpResponse::Ok().json(song_list), Err(e) => HttpResponse::Ok().body(format!("{}", e)), } @@ -54,31 +59,32 @@ pub async fn get_song( #[post("/song")] pub async fn post_song( app_state: web::Data<AppState>, - post_data: web::Json<SongPost>, + request_data: web::Json<SongPost>, ) -> HttpResponse { - match app_state.database.create_song(post_data.into_inner()).await { - Ok(_) => HttpResponse::Ok().body("Post succeeded\n"), - Err(e) => HttpResponse::Ok().body(format!("{}", e)), - } + get_response_from_query( + app_state.database.create_song(request_data.into_inner()).await, + "POST".to_string(), + ) } #[put("/song")] pub async fn put_song( app_state: web::Data<AppState>, - post_data: web::Json<SongPut>, + request_data: web::Json<SongPut>, ) -> HttpResponse { - match app_state.database.edit_song(post_data.into_inner()).await { - Ok(_) => HttpResponse::Ok().body("Put succeeded\n"), - Err(e) => HttpResponse::Ok().body(format!("{}", e)), - } + get_response_from_query( + app_state.database.edit_song(request_data.into_inner()).await, + "PUT".to_owned(), + ) } #[delete("/song")] pub async fn delete_song( app_state: web::Data<AppState>, - post_data: web::Json<Delete>, + request_data: web::Json<Delete>, ) -> HttpResponse { - let id: i32 = post_data + /* Check if ID is valid (return -1 if invalid) */ + let id: i32 = request_data .into_inner() .id .unwrap_or(String::default()) @@ -86,11 +92,13 @@ pub async fn delete_song( .unwrap_or(-1); if id == -1 { - return HttpResponse::Ok().body("Invalid id value, code not executed\n"); + return HttpResponse::BadRequest().json(Response { + message: "Invalid id value, code not executed".to_owned(), + }); } - match app_state.database.delete_song(id).await { - Ok(_) => HttpResponse::Ok().body("Deletion succeeded\n"), - Err(e) => HttpResponse::Ok().body(format!("There was an issue in the request:\n{}", e)), - } + get_response_from_query( + app_state.database.delete_song(id).await, + "DELETE".to_owned(), + ) } diff --git a/src/auth.rs b/src/auth.rs index 8bf29f7..e0c8ae9 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -1,9 +1,13 @@ -use actix_web::{web, Scope, HttpResponse}; -use serde::{Serialize, Deserialize}; -use chrono::{Utc, Duration}; -use jsonwebtoken::{encode, EncodingKey, Header}; - +use actix_web::{web, HttpResponse, Scope}; +use chrono::{Duration, Utc}; +use jsonwebtoken::{ + decode, encode, errors::Error as JwtError, Algorithm, DecodingKey, EncodingKey, Header, + TokenData, Validation, +}; +use serde::{Deserialize, Serialize}; use crate::AppState; +use crate::extractors::auth_token::AuthenticationToken; + pub fn auth_scope() -> Scope { web::scope("/auth") @@ -13,41 +17,71 @@ pub fn auth_scope() -> Scope { } #[derive(Serialize, Deserialize)] -struct Claims{ - id: usize, - exp: usize, +pub struct Claims { + pub id: usize, + pub exp: usize, +} + +#[derive(Serialize, Deserialize)] +struct Response { + message: String, } #[derive(Serialize, Deserialize)] -struct Response{ +struct EncodeResponse { message: String, + token: String, } #[derive(Serialize, Deserialize)] -struct EncodeResponse{ +struct DecodeResponse { message: String, + id: usize, +} + +#[derive(Serialize, Deserialize)] +struct DecodeBody { token: String, } async fn encode_token(path: web::Path<usize>, data: web::Data<AppState>) -> HttpResponse { let id: usize = path.into_inner(); let exp: usize = (Utc::now() + Duration::days(365)).timestamp() as usize; - let claims: Claims = Claims {id, exp}; - let token: String = encode( + let claims: Claims = Claims { id, exp }; + let token: String = match encode( &Header::default(), &claims, &EncodingKey::from_secret(data.secret.as_str().as_ref()), - ).unwrap(); + ) { + Ok(res) => res, + Err(_) => return HttpResponse::Ok().body("Token encoding didn't work\n"), + }; + HttpResponse::Ok().json(EncodeResponse { message: "success".to_owned(), token: token.to_owned(), }) } -async fn decode_token() -> HttpResponse { - HttpResponse::Ok().body("decode_token\n".to_owned()) +async fn decode_token(body: web::Json<DecodeBody>, data: web::Data<AppState>) -> HttpResponse { + let decoded: Result<TokenData<Claims>, JwtError> = decode::<Claims>( + &body.token, + &DecodingKey::from_secret(data.secret.as_str().as_ref()), + &Validation::new(Algorithm::HS256), + ); + + match decoded { + Ok(token) => HttpResponse::Ok().json(DecodeResponse { + message: "Authorized".to_string(), + id: token.claims.id, + }), + Err(e) => HttpResponse::BadRequest().json(Response { + message: e.to_string(), + }), + } } -async fn protected() -> HttpResponse { - HttpResponse::Ok().body("protected\n".to_owned()) +async fn protected(auth_token: AuthenticationToken) -> HttpResponse { + println!("{:#?}", auth_token); + HttpResponse::Ok().json(Response { message: "Authorized".to_owned() }) } diff --git a/src/database.rs b/src/database.rs index fbe8529..37960e1 100644 --- a/src/database.rs +++ b/src/database.rs @@ -84,7 +84,7 @@ impl DatabaseWrapper { .max_connections(10) .connect( env::var("DATABASE_URL") - .expect("environment variables are *probably not setted up!!") + .expect("Environment variable DATABASE_URL is *probably not setted up!!") .as_str(), ) .await diff --git a/src/extractors/auth_token.rs b/src/extractors/auth_token.rs new file mode 100644 index 0000000..c505fdf --- /dev/null +++ b/src/extractors/auth_token.rs @@ -0,0 +1,43 @@ +use std::future::{ Ready, ready }; +use actix_web::{web, FromRequest, Error as ActixWebError, HttpRequest, dev::Payload, http, http::header::HeaderValue, error::ErrorUnauthorized}; +use serde::{Serialize, Deserialize}; +use jsonwebtoken:: {decode, DecodingKey, errors::Error as JwtError, Algorithm, Validation, TokenData}; +use crate::auth::Claims; +use crate::AppState; + +#[derive(Serialize, Deserialize, Debug)] +pub struct AuthenticationToken { + pub id: usize, +} + +impl FromRequest for AuthenticationToken { + type Error = ActixWebError; + type Future = Ready<Result<Self, Self::Error>>; + + fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future { + // get auth token from the authorization header + let auth_header: Option<&HeaderValue> = req.headers().get(http::header::AUTHORIZATION); + let auth_token: String = auth_header.unwrap().to_str().unwrap_or("").to_string(); // check errors later + // stop empty and weird (ascii, chinese...) auth_token strings: + if auth_token.is_empty() { return ready(Err(ErrorUnauthorized("Invalid auth token!")))} + let secret: String = req.app_data::<web::Data<AppState>>().unwrap().secret.to_string(); + + // decode token with secret + let decode: Result<TokenData<Claims>, JwtError> = decode::<Claims>( + &auth_token, + &DecodingKey::from_secret(secret.as_str().as_ref()), + &Validation::new(Algorithm::HS256), + ); + + println!("{}", auth_token); + // return authenticationtoken + match decode { + Ok(token) => ready(Ok(AuthenticationToken { id: token.claims.id })), + Err(_) => ready(Err(ErrorUnauthorized("Unauthorized!"))), + } + } +} + +/* Example execution in curl: +curl localhost:8000/auth/protected -H "Accept: application/json" -H "Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MSwiZXhwIjoxNzY5MjAyNjU1fQ.QbWkgjmbmMwLJnia6vd67EfRkf6y-4nw572g-Nk0BOE" +*/ diff --git a/src/extractors/mod.rs b/src/extractors/mod.rs new file mode 100644 index 0000000..403a6a8 --- /dev/null +++ b/src/extractors/mod.rs @@ -0,0 +1 @@ +pub mod auth_token; diff --git a/src/main.rs b/src/main.rs index 8a64e0d..0151c47 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,10 +1,11 @@ mod api; mod auth; mod database; -mod structs; +mod extractors; use actix_web::{web, App, HttpServer}; use dotenv::dotenv; +use std::env; use std::sync::Arc; #[derive(Clone)] @@ -21,17 +22,25 @@ async fn main() -> std::io::Result<()> { env_logger::init(); dotenv().ok(); + /* create database wrapper (reference: acsim) */ let db_raw = match database::DatabaseWrapper::new().await { Ok(res) => res, Err(_) => panic!("Error creating database wrapper"), }; - let db = Arc::new(db_raw); + + /* get jwt secret from env */ + let jwt_secret = env::var("SECRET") + .expect("environment variable SECRET is *probably not setted up!!") + .to_string(); + + /* application data struct */ let app_state = AppState { database: db, - secret: "secret".to_owned(), + secret: jwt_secret, }; + /* main server setup */ HttpServer::new(move || { App::new() .app_data(web::Data::new(app_state.clone())) @@ -44,6 +53,7 @@ async fn main() -> std::io::Result<()> { .await } +/* main page*/ async fn root() -> String { String::from("Server is up and running") } diff --git a/src/structs.rs b/src/structs.rs deleted file mode 100644 index 7535bb4..0000000 --- a/src/structs.rs +++ /dev/null @@ -1,35 +0,0 @@ -#[allow(dead_code)] -struct Song { - //song variables - id: i32, - title: String, - lyrics: String, - - //album variables - album_id: i32, - genres: Vec<String>, - album_cover: String, - - //artist variables - artist_id: i32, - artist_name: String, -} - -#[allow(dead_code)] -struct Album { - id: i32, - title: String, - genres: Vec<String>, - cover: String, - songs: Vec<i32>, -} - -#[allow(dead_code)] -struct Artist { - id: i32, - name: String, - genres: Vec<String>, - albums: Vec<i32>, -} - -// lepht anonym |