diff --git a/src/auth.rs b/src/auth.rs index 6774026..e25b5b2 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -16,13 +16,35 @@ use thiserror::Error; // use time::OffsetDateTime; +fn deserialize_i64_from_f64<'de, D>(deserializer: D) -> Result +where + D: serde::Deserializer<'de>, +{ + let val = f64::deserialize(deserializer)?; + // Handle NaN and infinity cases + if val.is_nan() || val.is_infinite() { + return Err(serde::de::Error::custom("invalid float value")); + } + // Round to nearest integer and convert + let rounded = val.round(); + // Check if the rounded value can fit in i64 + if rounded < (i64::MIN as f64) || rounded > (i64::MAX as f64) { + return Err(serde::de::Error::custom("float out of i64 range")); + } + Ok(rounded as i64) +} #[derive(Debug, Serialize, Deserialize)] pub struct UserClaims { + pub iss: String, pub aud: String, // Audience pub sub: String, // Subject (user ID) + #[serde(deserialize_with = "deserialize_i64_from_f64")] pub exp: i64, // Expiration time (UTC timestamp) + #[serde(deserialize_with = "deserialize_i64_from_f64")] pub iat: i64, // Issued at (UTC timestamp) + // pub azp: String, + // pub gty: String, #[serde(skip_serializing_if = "Option::is_none")] pub roles: Option>, // Optional roles } @@ -61,6 +83,8 @@ pub async fn auth( mut req: Request, next: Next, ) -> Result)> { + println!("Cookie: {cookie_jar:?}"); + let token = cookie_jar .get("token") .map(|cookie| cookie.value().to_string()) @@ -69,6 +93,7 @@ pub async fn auth( .get(axum::http::header::AUTHORIZATION) .and_then(|auth_header| auth_header.to_str().ok()) .and_then(|auth_value| { + println!("Auth value: {auth_value:?}"); if let Some(stripped) = auth_value.strip_prefix("Bearer ") { Some(String::from(stripped)) } else { @@ -87,21 +112,27 @@ pub async fn auth( let secret_key = icarus_envy::environment::get_secret_main_key().await; + let mut validation = Validation::new(jsonwebtoken::Algorithm::HS256); + validation.set_audience(&["icarus"]); // Must match exactly what's in the token let claims = decode::( &token, // TODO: Replace with code to get secret from env &DecodingKey::from_secret(secret_key.as_ref()), - &Validation::default(), + &validation, ) - .map_err(|_| { + .map_err(|err| { + eprintln!("Error: {err:?}"); let json_error = ErrorResponse { status: "fail", - message: "Invalid token".to_string(), + message: "Invalid token - Error decoding claims".to_string(), }; (StatusCode::UNAUTHORIZED, Json(json_error)) })? .claims; + println!("Claims: {claims:?}"); + + /* let user_id = uuid::Uuid::parse_str(&claims.sub).map_err(|_| { let json_error = ErrorResponse { status: "fail", @@ -109,7 +140,8 @@ pub async fn auth( }; (StatusCode::UNAUTHORIZED, Json(json_error)) })?; + */ - req.extensions_mut().insert(user_id); + // req.extensions_mut().insert(user_id); Ok(next.run(req).await) } diff --git a/src/main.rs b/src/main.rs index 762d232..b80007a 100644 --- a/src/main.rs +++ b/src/main.rs @@ -61,7 +61,7 @@ pub mod init { crate::callers::endpoints::QUEUESONG, post(crate::callers::song::endpoint::queue_song) // .route_layer(axum::middleware::from_fn_with_state(app_state.clone(), crate::auth::auth)), - // .route_layer(axum::middleware::from_fn(crate::auth::auth::)), + .route_layer(axum::middleware::from_fn(crate::auth::auth::)), ) .route( crate::callers::endpoints::QUEUESONG,