feat: add auth things

2023-10-07 22:14:22 +02:00 · 2023-10-07 22:14:22 +02:00 · 88c4045d33
commit 88c4045d33
parent 42a75ba800
7 changed files with 182 additions and 20 deletions
--- a/src/error.rs
+++ b/src/error.rs
@ -6,6 +6,12 @@ pub type Result<T> = core::result::Result<T, Error>;
 #[derive(Debug)]
 pub enum Error {
    LoginFail,
+
+    // -- Auth errors.
+    AuthFailNoAuthTokenCookie,
+    AuthFailTokenWrongFormat,
+
+    // -- Model errors.
    PropertyDeleteFailIdNotFound { id: u64 },
 }

--- a/src/main.rs
+++ b/src/main.rs
@ -1,5 +1,7 @@
 #![allow(unused)]

+use crate::model::ModelController;
+
 pub use self::error::{Error, Result};

 use std::net::SocketAddr;
@ -25,10 +27,15 @@ struct HelloParams {
 }

 #[tokio::main]
-async fn main() {
+async fn main() -> Result<()>{
+    let mc = ModelController::new().await?;
+
+    let routes_apis = web::routes_properties::routes(mc.clone()).route_layer(middleware::from_fn(web::mw_auth::mw_require_auth));
+
    let routes_all = Router::new()
        .merge(routes_hello())
        .merge(web::routes_login::routes())
+        .nest("/api", routes_apis)
        .layer(middleware::map_response(main_response_mapper))
        .layer(CookieManagerLayer::new()) // must be above? the auth routes
        // TODO: continue video at 22:15
@ -40,6 +47,8 @@ async fn main() {
        .serve(routes_all.into_make_service())
        .await
        .unwrap();
+
+    Ok(())
 }


--- a/src/web/mod.rs
+++ b/src/web/mod.rs
@ -1,3 +1,4 @@
+pub mod mw_auth;
 pub mod routes_login;
 pub mod routes_properties;

--- a/src/web/mw_auth.rs
+++ b/src/web/mw_auth.rs
@ -0,0 +1,42 @@
+use axum::http::Request;
+use axum::middleware::Next;
+use axum::response::Response;
+use lazy_regex::regex_captures;
+use tower_cookies::Cookies;
+
+use crate::web::AUTH_TOKEN;
+use crate::{Error, Result};
+
+pub async fn mw_require_auth<B>(
+    cookies: Cookies,
+    req: Request<B>,
+    next: Next<B>
+) -> Result<Response> {
+    println!("->> {:<12} - mw_require_auth", "MIDDLEWARE");
+    let auth_token = cookies.get(AUTH_TOKEN).map(|c| c.value().to_string());
+    
+    // Parse token.
+    let (user_id, exp, sign) = auth_token
+        .ok_or(Error::AuthFailNoAuthTokenCookie)
+        .and_then(parse_token)?;
+    
+    // TODO: Token components validation.
+
+    Ok(next.run(req).await)
+}
+
+/// Parse a token of format `user-[user-id].[expiration].[signature]`
+/// Returns (user-id, expiration, signature)
+fn parse_token(token: String) -> Result<(u64, String, String)> {
+    let (_whole, user_id, exp, sign) = regex_captures!(
+        r#"^user-(\d+)\.(.+)\.(.+)"#, // a literal regex
+    &token)
+    .ok_or(Error::AuthFailTokenWrongFormat)?;
+
+    let user_id: u64 = user_id
+        .parse()
+        .map_err(|_| Error::AuthFailTokenWrongFormat)?;
+
+    Ok((user_id, exp.to_string(), sign.to_string()))
+
+}