8 files changed, 353 insertions, 7 deletions

diff --git a/Cargo.lock b/Cargo.lock
index 16b9947..558b2a8 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -52,6 +52,21 @@ dependencies = [
 ]
 
 [[package]]
+name = "android-tzdata"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0"
+
+[[package]]
+name = "android_system_properties"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
+dependencies = [
+ "libc",
+]
+
+[[package]]
 name = "ascii_utils"
 version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -359,12 +374,16 @@ dependencies = [
  "async-graphql",
  "async-graphql-axum",
  "axum",
+ "chrono",
  "config",
  "futures-util",
+ "jsonwebtoken",
  "lazy_static",
+ "once_cell",
  "postgis",
  "serde",
  "serde_json",
+ "sha256",
  "tokio",
  "tokio-postgres",
  "tower-http",
@@ -385,6 +404,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 
 [[package]]
+name = "chrono"
+version = "0.4.38"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401"
+dependencies = [
+ "android-tzdata",
+ "iana-time-zone",
+ "js-sys",
+ "num-traits",
+ "wasm-bindgen",
+ "windows-targets 0.52.6",
+]
+
+[[package]]
 name = "config"
 version = "0.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -434,6 +467,12 @@ dependencies = [
 ]
 
 [[package]]
+name = "core-foundation-sys"
+version = "0.8.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
+
+[[package]]
 name = "cpufeatures"
 version = "0.2.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -500,6 +539,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e8566979429cf69b49a5c740c60791108e86440e8be149bbea4fe54d2c32d6e2"
 
 [[package]]
+name = "deranged"
+version = "0.3.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4"
+dependencies = [
+ "powerfmt",
+]
+
+[[package]]
 name = "digest"
 version = "0.10.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -659,8 +707,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
 dependencies = [
  "cfg-if",
+ "js-sys",
  "libc",
  "wasi",
+ "wasm-bindgen",
 ]
 
 [[package]]
@@ -702,6 +752,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
 
 [[package]]
+name = "hex"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
+
+[[package]]
 name = "hmac"
 version = "0.12.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -791,6 +847,29 @@ dependencies = [
 ]
 
 [[package]]
+name = "iana-time-zone"
+version = "0.1.60"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141"
+dependencies = [
+ "android_system_properties",
+ "core-foundation-sys",
+ "iana-time-zone-haiku",
+ "js-sys",
+ "wasm-bindgen",
+ "windows-core",
+]
+
+[[package]]
+name = "iana-time-zone-haiku"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
+dependencies = [
+ "cc",
+]
+
+[[package]]
 name = "ident_case"
 version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -844,6 +923,21 @@ dependencies = [
 ]
 
 [[package]]
+name = "jsonwebtoken"
+version = "9.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b9ae10193d25051e74945f1ea2d0b42e03cc3b890f7e4cc5faa44997d808193f"
+dependencies = [
+ "base64 0.21.7",
+ "js-sys",
+ "pem",
+ "ring",
+ "serde",
+ "serde_json",
+ "simple_asn1",
+]
+
+[[package]]
 name = "lazy_static"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -984,6 +1078,31 @@ dependencies = [
 ]
 
 [[package]]
+name = "num-bigint"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9"
+dependencies = [
+ "num-integer",
+ "num-traits",
+]
+
+[[package]]
+name = "num-conv"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
+
+[[package]]
+name = "num-integer"
+version = "0.1.46"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
+dependencies = [
+ "num-traits",
+]
+
+[[package]]
 name = "num-traits"
 version = "0.2.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1053,6 +1172,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8835116a5c179084a830efb3adc117ab007512b535bc1a21c991d3b32a6b44dd"
 
 [[package]]
+name = "pem"
+version = "3.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e459365e590736a54c3fa561947c84837534b8e9af6fc5bf781307e82658fae"
+dependencies = [
+ "base64 0.22.1",
+ "serde",
+]
+
+[[package]]
 name = "percent-encoding"
 version = "2.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1194,6 +1323,12 @@ dependencies = [
 ]
 
 [[package]]
+name = "powerfmt"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
+
+[[package]]
 name = "ppv-lite86"
 version = "0.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1319,6 +1454,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b"
 
 [[package]]
+name = "ring"
+version = "0.17.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d"
+dependencies = [
+ "cc",
+ "cfg-if",
+ "getrandom",
+ "libc",
+ "spin",
+ "untrusted",
+ "windows-sys 0.52.0",
+]
+
+[[package]]
 name = "ron"
 version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1463,6 +1613,19 @@ dependencies = [
 ]
 
 [[package]]
+name = "sha256"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "18278f6a914fa3070aa316493f7d2ddfb9ac86ebc06fa3b83bffda487e9065b0"
+dependencies = [
+ "async-trait",
+ "bytes",
+ "hex",
+ "sha2",
+ "tokio",
+]
+
+[[package]]
 name = "sharded-slab"
 version = "0.1.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1472,6 +1635,18 @@ dependencies = [
 ]
 
 [[package]]
+name = "simple_asn1"
+version = "0.6.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "adc4e5204eb1910f40f9cfa375f6f05b68c3abac4b6fd879c8ff5e7ae8a0a085"
+dependencies = [
+ "num-bigint",
+ "num-traits",
+ "thiserror",
+ "time",
+]
+
+[[package]]
 name = "siphasher"
 version = "0.3.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1625,6 +1800,37 @@ dependencies = [
 ]
 
 [[package]]
+name = "time"
+version = "0.3.36"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885"
+dependencies = [
+ "deranged",
+ "itoa",
+ "num-conv",
+ "powerfmt",
+ "serde",
+ "time-core",
+ "time-macros",
+]
+
+[[package]]
+name = "time-core"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
+
+[[package]]
+name = "time-macros"
+version = "0.2.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf"
+dependencies = [
+ "num-conv",
+ "time-core",
+]
+
+[[package]]
 name = "tiny-keccak"
 version = "2.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1959,6 +2165,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d4c87d22b6e3f4a18d4d40ef354e97c90fcb14dd91d7dc0aa9d8a1172ebf7202"
 
 [[package]]
+name = "untrusted"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+
+[[package]]
 name = "url"
 version = "2.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2098,6 +2310,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
 [[package]]
+name = "windows-core"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9"
+dependencies = [
+ "windows-targets 0.52.6",
+]
+
+[[package]]
 name = "windows-sys"
 version = "0.48.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
diff --git a/Cargo.toml b/Cargo.toml
index 50f662d..31bc110 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -18,3 +18,7 @@ tower-http = { version = "0.5.2", features = ["trace", "compression-br", "propag
 lazy_static = "1.5.0"
 serde = { version = "1.0.208", features = ["derive"] }
 tokio-postgres = "0.7.11"
+jsonwebtoken = "9.3.0"
+once_cell = "1.19.0"
+chrono = "0.4.38"
+sha256 = "1.5.0"
diff --git a/src/graphql/mod.rs b/src/graphql/mod.rs
index b394fc1..425faca 100644
--- a/src/graphql/mod.rs
+++ b/src/graphql/mod.rs
@@ -1,3 +1,4 @@
+pub mod mutation;
 pub mod query;
 pub mod routes;
 pub mod types;
diff --git a/src/graphql/mutation.rs b/src/graphql/mutation.rs
new file mode 100644
index 0000000..9321653
--- /dev/null
+++ b/src/graphql/mutation.rs
@@ -0,0 +1,35 @@
+use crate::graphql::types::jwt;
+use crate::state::AppState;
+use async_graphql::{Context, Error, FieldResult, Object};
+
+pub struct Mutation;
+
+#[Object]
+impl Mutation {
+    async fn login<'ctx>(
+        &self,
+        ctx: &Context<'ctx>,
+        input: jwt::LoginCredentials,
+    ) -> FieldResult<jwt::AuthBody> {
+        let state = ctx.data::<AppState>().expect("Can't connect to db");
+        let client = &*state.client;
+
+        let password = sha256::digest(input.password);
+        let rows = client
+            .query(
+                "SELECT id FROM users WHERE email = $1 AND password = $2",
+                &[&input.email, &password],
+            )
+            .await
+            .unwrap();
+
+        let id: Vec<i32> = rows.iter().map(|row| row.get(0)).collect();
+        if id.len() == 1 {
+            let claims = jwt::Claims::new(id[0]);
+            let token = claims.get_token().unwrap();
+            Ok(jwt::AuthBody::new(token))
+        } else {
+            Err(Error::new("Invalid email or password"))
+        }
+    }
+}
diff --git a/src/graphql/routes.rs b/src/graphql/routes.rs
index 2380760..e15267e 100644
--- a/src/graphql/routes.rs
+++ b/src/graphql/routes.rs
@@ -1,10 +1,11 @@
-use crate::graphql::query::*;
-use async_graphql::{EmptyMutation, EmptySubscription, Schema};
+use crate::graphql::mutation::Mutation;
+use crate::graphql::query::Query;
+use async_graphql::{EmptySubscription, Schema};
 use async_graphql_axum::{GraphQLRequest, GraphQLResponse};
 use std::sync::Arc;
 
 pub async fn graphql_handler(
-    schema: Arc<Schema<Query, EmptyMutation, EmptySubscription>>,
+    schema: Arc<Schema<Query, Mutation, EmptySubscription>>,
     req: GraphQLRequest,
 ) -> GraphQLResponse {
     schema.execute(req.into_inner()).await.into()
diff --git a/src/graphql/types/jwt.rs b/src/graphql/types/jwt.rs
new file mode 100644
index 0000000..932f7fd
--- /dev/null
+++ b/src/graphql/types/jwt.rs
@@ -0,0 +1,79 @@
+use crate::errors::AppError;
+use async_graphql::{InputObject, SimpleObject};
+use chrono::{Duration, Local};
+use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation};
+use once_cell::sync::Lazy;
+use serde::{Deserialize, Serialize};
+
+struct Keys {
+    encoding: EncodingKey,
+    _decoding: DecodingKey,
+}
+
+static KEYS: Lazy<Keys> = Lazy::new(|| {
+    let secret = &crate::config::CONFIG.jwt_secret;
+    Keys::new(secret.as_bytes())
+});
+
+impl Keys {
+    fn new(secret: &[u8]) -> Self {
+        Self {
+            encoding: EncodingKey::from_secret(secret),
+            _decoding: DecodingKey::from_secret(secret),
+        }
+    }
+}
+
+/// Claims struct
+#[derive(Serialize, Deserialize)]
+pub struct Claims {
+    /// ID from the user model
+    pub user_id: i32,
+    /// Expiration timestamp
+    exp: usize,
+}
+
+impl Claims {
+    /// Create a new Claim using the `user_id` and the current timestamp + 2 days
+    pub fn new(user_id: i32) -> Self {
+        let expiration = Local::now() + Duration::days(2);
+
+        Self {
+            user_id,
+            exp: expiration.timestamp() as usize,
+        }
+    }
+
+    /// Returns the token as a string. If a token is not encoded, raises an
+    /// `AppError::TokenCreation`
+    pub fn get_token(&self) -> Result<String, AppError> {
+        let token = encode(&Header::default(), &self, &KEYS.encoding)
+            .map_err(|_| AppError::TokenCreation)?;
+
+        Ok(token)
+    }
+}
+
+#[derive(InputObject, Debug)]
+pub struct LoginCredentials {
+    pub email: String,
+    pub password: String,
+}
+
+/// Body used as response to login
+#[derive(Serialize, SimpleObject)]
+pub struct AuthBody {
+    /// Access token string
+    access_token: String,
+    /// "Bearer" string
+    token_type: String,
+}
+
+impl AuthBody {
+    pub fn new(access_token: String) -> Self {
+        Self {
+            access_token,
+            token_type: "Bearer".to_string(),
+        }
+    }
+}
diff --git a/src/graphql/types/mod.rs b/src/graphql/types/mod.rs
index 22d12a3..d7cdece 100644
--- a/src/graphql/types/mod.rs
+++ b/src/graphql/types/mod.rs
@@ -1 +1,2 @@
+pub mod jwt;
 pub mod user;
diff --git a/src/main.rs b/src/main.rs
index e87a7c4..04e2564 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -8,7 +8,7 @@ mod state;
 use std::{net::SocketAddr, sync::Arc, time::Duration};
 
 use crate::config::CONFIG;
-use async_graphql::{EmptyMutation, EmptySubscription, Schema};
+use async_graphql::{EmptySubscription, Schema};
 use axum::{
     http::{header, Request},
     routing::post,
@@ -30,9 +30,13 @@ async fn create_app() -> Router {
         client: Arc::new(dbclient),
     };
 
-    let schema = Schema::build(graphql::query::Query, EmptyMutation, EmptySubscription)
-        .data(state.clone())
-        .finish();
+    let schema = Schema::build(
+        graphql::query::Query,
+        graphql::mutation::Mutation,
+        EmptySubscription,
+    )
+    .data(state.clone())
+    .finish();
     Router::new()
         .route(
             "/graphql",