src/auth.rs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

use crate::database::user::{User, UserForm};
use crate::AppState;
use actix_web::{delete, post, web, HttpResponse, Scope};
use chrono::{Duration, Utc};
use jsonwebtoken::{encode, EncodingKey, Header};
use serde::{Deserialize, Serialize};
pub use crate::api::Response;
use utoipa::ToSchema;

/* Set up scope */
pub fn auth_scope() -> Scope {
    web::scope("/auth")
        //.service(register)
        .service(login)
        .service(delete_user)
}

#[derive(Serialize, Deserialize)]
pub struct Claims {
    pub id: usize,
    pub exp: usize,
}

#[derive(Serialize, Deserialize, ToSchema)]
struct EncodeResponse {
    #[schema(example = "response")]
    message: String,
    #[schema(example = "4f4bf0b9ef653818a56df74cffb024bd")]
    token: String,
}

#[utoipa::path(
    request_body = UserForm,
    context_path = "/balalaika/auth",
    description = "Creates a new user with the specified values.",
    responses(
        (status = 200, description = "Create new user", body = Response),
        (status = 400, description = "Errors found, unfulfilled request"),
    ),
)]
#[post("/register")]
pub async fn register(
    app_state: web::Data<AppState>,
    request_data: web::Json<UserForm>,
) -> HttpResponse {
    let query = app_state.database.register(request_data.into_inner()).await;
    match query {
        Ok(_) => HttpResponse::Ok().json(Response {
            message: "Registration executed with no errors".to_owned(),
        }),
        Err(e) => HttpResponse::BadRequest().json(Response {
            message: format!("There was an issue in the request: {}", e).to_owned(),
        }),
    }
}

#[utoipa::path(
    request_body = UserForm,
    context_path = "/balalaika/auth",
    description = "Attempts to log in user. If successful, it returns an encoded token that grants access to protected routes in the api.",
    responses(
        (status = 200, description = "Returns encoded token", body = EncodeResponse),
        (status = 400, description = "Errors found, unfulfilled request"),
        (status = 401, description = "Unauthorized"),
    ),
)]
#[post("/login")]
pub async fn login(
    app_state: web::Data<AppState>,
    request_data: web::Json<UserForm>,
) -> HttpResponse {
    let query = app_state.database.login(request_data.into_inner()).await;

    let result = match query {
        Ok(res) => res,
        Err(e) => {
            return HttpResponse::Unauthorized().json(Response {
                message: format!("There was an issue in the request: {}", e).to_owned(),
            })
        }
    };

    let user: User = match result {
        Some(user) => user,
        None => {
            return HttpResponse::BadRequest().json(Response {
                message: "Username/Password incorrect!".to_owned(),
            })
        }
    };

    let id: usize = match user.id {
        Some(res) => res as usize,
        None => {
            return HttpResponse::BadRequest().json(Response {
                message: "Internal error: user id not found".to_owned(),
            })
        }
    };

    return match encode_token(id, &app_state.secret).await {
        Ok(token) => HttpResponse::Ok().json(EncodeResponse {
            message: format!("Successfully logged in as {}", user.name.unwrap()).to_owned(),
            token: token.to_owned(),
        }),
        Err(response) => response,
    };
}

async fn encode_token(id: usize, secret: &String) -> Result<String, HttpResponse> {
    let exp: usize = (Utc::now() + Duration::days(365)).timestamp() as usize;
    let claims: Claims = Claims { id, exp };
    match encode(
        &Header::default(),
        &claims,
        &EncodingKey::from_secret(secret.as_str().as_ref()),
    ) {
        Ok(token) => return Ok(token),
        Err(_) => return Err(HttpResponse::Ok().body("Token encoding didn't work\n")),
    };
}

#[utoipa::path(
    request_body = UserForm,
    context_path = "/balalaika/auth",
    description = "Attempts to delete user. Both username and password are required.",
    responses(
        (status = 200, description = "Delete user", body = Response),
        (status = 400, description = "Errors found, unfulfilled request"),
        (status = 401, description = "Unauthorized"),
    ),
)]
#[delete("/user")]
pub async fn delete_user(
    app_state: web::Data<AppState>,
    request_data: web::Json<UserForm>,
) -> HttpResponse {
    let query = app_state
        .database
        .delete_user(request_data.into_inner())
        .await;

    match query {
        Ok(_) => HttpResponse::Ok().json(Response {
            message: "Deletion executed with no errors".to_owned(),
        }),
        Err(e) => {
            return HttpResponse::BadRequest().json(Response {
                message: format!("There was an issue in the request: {}", e).to_owned(),
            })
        }
    }
}