1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
use crate::errors::AppError;
use axum::{
async_trait,
extract::{FromRequest, RequestParts, TypedHeader},
headers::{authorization::Bearer, Authorization},
};
use chrono::{Duration, Local};
use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation};
use once_cell::sync::Lazy;
use serde::{Deserialize, Serialize};
struct Keys {
encoding: EncodingKey,
decoding: DecodingKey,
}
/// Claims struct
#[derive(Serialize, Deserialize)]
pub struct Claims {
/// ID from the user model
pub user_id: i32,
/// Expiration timestamp
exp: usize,
}
/// Body used as response to login
#[derive(Serialize)]
pub struct AuthBody {
/// Access token string
access_token: String,
/// "Bearer" string
token_type: String,
}
/// Payload used for login
#[derive(Deserialize)]
pub struct LoginCredentials {
pub username: String,
pub password: String,
}
/// Paylod used for user creation
#[derive(Deserialize)]
pub struct SignUpForm {
pub name: String,
pub email: String,
pub username: String,
pub password1: String,
pub password2: String,
}
static KEYS: Lazy<Keys> = Lazy::new(|| {
let secret = std::env::var("JWT_SECRET").expect("JWT_SECRET must be set");
Keys::new(secret.as_bytes())
});
impl Keys {
fn new(secret: &[u8]) -> Self {
Self {
encoding: EncodingKey::from_secret(secret),
decoding: DecodingKey::from_secret(secret),
}
}
}
impl Claims {
/// Create a new Claim using the `user_id` and the current timestamp + 2 days
pub fn new(user_id: i32) -> Self {
let expiration = Local::now() + Duration::days(2);
Self {
user_id,
exp: expiration.timestamp() as usize,
}
}
/// Returns the token as a string. If a token is not encoded, raises an
/// `AppError::TokenCreation`
pub fn get_token(&self) -> Result<String, AppError> {
let token = encode(&Header::default(), &self, &KEYS.encoding)
.map_err(|_| AppError::TokenCreation)?;
Ok(token)
}
}
impl AuthBody {
pub fn new(access_token: String) -> Self {
Self {
access_token,
token_type: "Bearer".to_string(),
}
}
}
/// Parse a request to get the Authorization header and then decode it checking its validation
#[async_trait]
impl<B> FromRequest<B> for Claims
where
B: Send,
{
type Rejection = AppError;
async fn from_request(req: &mut RequestParts<B>) -> Result<Self, Self::Rejection> {
// Extract the token from the authorization header
let TypedHeader(Authorization(bearer)) =
TypedHeader::<Authorization<Bearer>>::from_request(req)
.await
.map_err(|_| AppError::InvalidToken)?;
// Decode the user data
let token_data = decode::<Claims>(bearer.token(), &KEYS.decoding, &Validation::default())
.map_err(|_| AppError::InvalidToken)?;
let now = Local::now().timestamp() as usize;
// Handle the case of expired token
if token_data.claims.exp < now {
return Err(AppError::InvalidToken);
}
Ok(token_data.claims)
}
}
|
