From ea2ac88a83b6de15beb8b9727f88d498a56fb5b3 Mon Sep 17 00:00:00 2001
From: Santo Cariotti <santo@dcariotti.me>
Date: Mon, 22 Aug 2022 23:03:59 +0200
Subject: Add validation

---
 server/src/errors.rs      |  6 ++++--
 server/src/models/user.rs | 10 ++++++----
 server/src/routes/user.rs |  8 ++++----
 3 files changed, 14 insertions(+), 10 deletions(-)

(limited to 'server/src')

diff --git a/server/src/errors.rs b/server/src/errors.rs
index dc0468e..9221fea 100644
--- a/server/src/errors.rs
+++ b/server/src/errors.rs
@@ -8,6 +8,7 @@ use serde_json::json;
 pub enum AppError {
     Generic,
     Database,
+    BadRequest(String),
 }
 
 impl IntoResponse for AppError {
@@ -15,12 +16,13 @@ impl IntoResponse for AppError {
         let (status, error_message) = match self {
             AppError::Generic => (
                 StatusCode::INTERNAL_SERVER_ERROR,
-                "Generic error, can't find why",
+                "Generic error, can't find why".to_string(),
             ),
             AppError::Database => (
                 StatusCode::INTERNAL_SERVER_ERROR,
-                "Error with database connection",
+                "Error with database connection".to_string(),
             ),
+            AppError::BadRequest(value) => (StatusCode::BAD_REQUEST, value),
         };
 
         let body = Json(json!({
diff --git a/server/src/models/user.rs b/server/src/models/user.rs
index 9545fac..76cb4b5 100644
--- a/server/src/models/user.rs
+++ b/server/src/models/user.rs
@@ -2,11 +2,14 @@ use crate::db::get_client;
 use crate::errors::AppError;
 
 use serde::{Deserialize, Serialize};
+use validator::Validate;
 
-#[derive(Deserialize, Serialize)]
+#[derive(Deserialize, Serialize, Validate)]
 pub struct User {
     id: i32,
+    #[validate(length(min = 1, message = "Can not be empty"))]
     email: String,
+    #[validate(length(min = 8, message = "Must be min 8 chars length"))]
     password: String,
     is_staff: Option<bool>,
 }
@@ -26,11 +29,10 @@ pub struct UserCreate {
 
 impl User {
     pub fn new(email: String, password: String) -> Self {
-        let crypted_password = sha256::digest(password);
         Self {
             id: 0,
             email,
-            password: crypted_password,
+            password,
             is_staff: Some(false),
         }
     }
@@ -45,7 +47,7 @@ impl User {
                 RETURNING id, email, is_staff
             "#,
             user.email,
-            user.password
+            sha256::digest(user.password)
         )
         .fetch_one(pool)
         .await?;
diff --git a/server/src/routes/user.rs b/server/src/routes/user.rs
index 7aecccb..c15b5aa 100644
--- a/server/src/routes/user.rs
+++ b/server/src/routes/user.rs
@@ -1,9 +1,7 @@
 use crate::errors::AppError;
 use crate::models::user::{User, UserCreate, UserList};
-use axum::{
-    routing::{get},
-    Json, Router,
-};
+use axum::{routing::get, Json, Router};
+use validator::Validate;
 
 pub fn create_route() -> Router {
     Router::new().route("/", get(list_users).post(create_user))
@@ -17,6 +15,8 @@ async fn list_users() -> Result<Json<Vec<UserList>>, AppError> {
 
 async fn create_user(Json(payload): Json<UserCreate>) -> Result<Json<UserList>, AppError> {
     let user = User::new(payload.email, payload.password);
+    user.validate()
+        .map_err(|error| AppError::BadRequest(error.to_string()))?;
     let user_new = User::create(user).await?;
 
     Ok(Json(user_new))
-- 
cgit v1.2.3-18-g5258