Got auth functioning

This commit is contained in:
kdeng00
2025-07-30 20:46:55 -04:00
parent c9f6fab746
commit 7ecb4d5c4b
2 changed files with 37 additions and 5 deletions
+36 -4
View File
@@ -16,13 +16,35 @@ use thiserror::Error;
// use time::OffsetDateTime; // use time::OffsetDateTime;
fn deserialize_i64_from_f64<'de, D>(deserializer: D) -> Result<i64, D::Error>
where
D: serde::Deserializer<'de>,
{
let val = f64::deserialize(deserializer)?;
// Handle NaN and infinity cases
if val.is_nan() || val.is_infinite() {
return Err(serde::de::Error::custom("invalid float value"));
}
// Round to nearest integer and convert
let rounded = val.round();
// Check if the rounded value can fit in i64
if rounded < (i64::MIN as f64) || rounded > (i64::MAX as f64) {
return Err(serde::de::Error::custom("float out of i64 range"));
}
Ok(rounded as i64)
}
#[derive(Debug, Serialize, Deserialize)] #[derive(Debug, Serialize, Deserialize)]
pub struct UserClaims { pub struct UserClaims {
pub iss: String,
pub aud: String, // Audience pub aud: String, // Audience
pub sub: String, // Subject (user ID) pub sub: String, // Subject (user ID)
#[serde(deserialize_with = "deserialize_i64_from_f64")]
pub exp: i64, // Expiration time (UTC timestamp) pub exp: i64, // Expiration time (UTC timestamp)
#[serde(deserialize_with = "deserialize_i64_from_f64")]
pub iat: i64, // Issued at (UTC timestamp) pub iat: i64, // Issued at (UTC timestamp)
// pub azp: String,
// pub gty: String,
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub roles: Option<Vec<String>>, // Optional roles pub roles: Option<Vec<String>>, // Optional roles
} }
@@ -61,6 +83,8 @@ pub async fn auth<B>(
mut req: Request<axum::body::Body>, mut req: Request<axum::body::Body>,
next: Next, next: Next,
) -> Result<impl IntoResponse, (StatusCode, Json<ErrorResponse>)> { ) -> Result<impl IntoResponse, (StatusCode, Json<ErrorResponse>)> {
println!("Cookie: {cookie_jar:?}");
let token = cookie_jar let token = cookie_jar
.get("token") .get("token")
.map(|cookie| cookie.value().to_string()) .map(|cookie| cookie.value().to_string())
@@ -69,6 +93,7 @@ pub async fn auth<B>(
.get(axum::http::header::AUTHORIZATION) .get(axum::http::header::AUTHORIZATION)
.and_then(|auth_header| auth_header.to_str().ok()) .and_then(|auth_header| auth_header.to_str().ok())
.and_then(|auth_value| { .and_then(|auth_value| {
println!("Auth value: {auth_value:?}");
if let Some(stripped) = auth_value.strip_prefix("Bearer ") { if let Some(stripped) = auth_value.strip_prefix("Bearer ") {
Some(String::from(stripped)) Some(String::from(stripped))
} else { } else {
@@ -87,21 +112,27 @@ pub async fn auth<B>(
let secret_key = icarus_envy::environment::get_secret_main_key().await; let secret_key = icarus_envy::environment::get_secret_main_key().await;
let mut validation = Validation::new(jsonwebtoken::Algorithm::HS256);
validation.set_audience(&["icarus"]); // Must match exactly what's in the token
let claims = decode::<UserClaims>( let claims = decode::<UserClaims>(
&token, &token,
// TODO: Replace with code to get secret from env // TODO: Replace with code to get secret from env
&DecodingKey::from_secret(secret_key.as_ref()), &DecodingKey::from_secret(secret_key.as_ref()),
&Validation::default(), &validation,
) )
.map_err(|_| { .map_err(|err| {
eprintln!("Error: {err:?}");
let json_error = ErrorResponse { let json_error = ErrorResponse {
status: "fail", status: "fail",
message: "Invalid token".to_string(), message: "Invalid token - Error decoding claims".to_string(),
}; };
(StatusCode::UNAUTHORIZED, Json(json_error)) (StatusCode::UNAUTHORIZED, Json(json_error))
})? })?
.claims; .claims;
println!("Claims: {claims:?}");
/*
let user_id = uuid::Uuid::parse_str(&claims.sub).map_err(|_| { let user_id = uuid::Uuid::parse_str(&claims.sub).map_err(|_| {
let json_error = ErrorResponse { let json_error = ErrorResponse {
status: "fail", status: "fail",
@@ -109,7 +140,8 @@ pub async fn auth<B>(
}; };
(StatusCode::UNAUTHORIZED, Json(json_error)) (StatusCode::UNAUTHORIZED, Json(json_error))
})?; })?;
*/
req.extensions_mut().insert(user_id); // req.extensions_mut().insert(user_id);
Ok(next.run(req).await) Ok(next.run(req).await)
} }
+1 -1
View File
@@ -61,7 +61,7 @@ pub mod init {
crate::callers::endpoints::QUEUESONG, crate::callers::endpoints::QUEUESONG,
post(crate::callers::song::endpoint::queue_song) post(crate::callers::song::endpoint::queue_song)
// .route_layer(axum::middleware::from_fn_with_state(app_state.clone(), crate::auth::auth)), // .route_layer(axum::middleware::from_fn_with_state(app_state.clone(), crate::auth::auth)),
// .route_layer(axum::middleware::from_fn(crate::auth::auth::<axum::body::Body>)), .route_layer(axum::middleware::from_fn(crate::auth::auth::<axum::body::Body>)),
) )
.route( .route(
crate::callers::endpoints::QUEUESONG, crate::callers::endpoints::QUEUESONG,