Got auth functioning
This commit is contained in:
+36
-4
@@ -16,13 +16,35 @@ use thiserror::Error;
|
|||||||
// use time::OffsetDateTime;
|
// use time::OffsetDateTime;
|
||||||
|
|
||||||
|
|
||||||
|
fn deserialize_i64_from_f64<'de, D>(deserializer: D) -> Result<i64, D::Error>
|
||||||
|
where
|
||||||
|
D: serde::Deserializer<'de>,
|
||||||
|
{
|
||||||
|
let val = f64::deserialize(deserializer)?;
|
||||||
|
// Handle NaN and infinity cases
|
||||||
|
if val.is_nan() || val.is_infinite() {
|
||||||
|
return Err(serde::de::Error::custom("invalid float value"));
|
||||||
|
}
|
||||||
|
// Round to nearest integer and convert
|
||||||
|
let rounded = val.round();
|
||||||
|
// Check if the rounded value can fit in i64
|
||||||
|
if rounded < (i64::MIN as f64) || rounded > (i64::MAX as f64) {
|
||||||
|
return Err(serde::de::Error::custom("float out of i64 range"));
|
||||||
|
}
|
||||||
|
Ok(rounded as i64)
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Debug, Serialize, Deserialize)]
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
pub struct UserClaims {
|
pub struct UserClaims {
|
||||||
|
pub iss: String,
|
||||||
pub aud: String, // Audience
|
pub aud: String, // Audience
|
||||||
pub sub: String, // Subject (user ID)
|
pub sub: String, // Subject (user ID)
|
||||||
|
#[serde(deserialize_with = "deserialize_i64_from_f64")]
|
||||||
pub exp: i64, // Expiration time (UTC timestamp)
|
pub exp: i64, // Expiration time (UTC timestamp)
|
||||||
|
#[serde(deserialize_with = "deserialize_i64_from_f64")]
|
||||||
pub iat: i64, // Issued at (UTC timestamp)
|
pub iat: i64, // Issued at (UTC timestamp)
|
||||||
|
// pub azp: String,
|
||||||
|
// pub gty: String,
|
||||||
#[serde(skip_serializing_if = "Option::is_none")]
|
#[serde(skip_serializing_if = "Option::is_none")]
|
||||||
pub roles: Option<Vec<String>>, // Optional roles
|
pub roles: Option<Vec<String>>, // Optional roles
|
||||||
}
|
}
|
||||||
@@ -61,6 +83,8 @@ pub async fn auth<B>(
|
|||||||
mut req: Request<axum::body::Body>,
|
mut req: Request<axum::body::Body>,
|
||||||
next: Next,
|
next: Next,
|
||||||
) -> Result<impl IntoResponse, (StatusCode, Json<ErrorResponse>)> {
|
) -> Result<impl IntoResponse, (StatusCode, Json<ErrorResponse>)> {
|
||||||
|
println!("Cookie: {cookie_jar:?}");
|
||||||
|
|
||||||
let token = cookie_jar
|
let token = cookie_jar
|
||||||
.get("token")
|
.get("token")
|
||||||
.map(|cookie| cookie.value().to_string())
|
.map(|cookie| cookie.value().to_string())
|
||||||
@@ -69,6 +93,7 @@ pub async fn auth<B>(
|
|||||||
.get(axum::http::header::AUTHORIZATION)
|
.get(axum::http::header::AUTHORIZATION)
|
||||||
.and_then(|auth_header| auth_header.to_str().ok())
|
.and_then(|auth_header| auth_header.to_str().ok())
|
||||||
.and_then(|auth_value| {
|
.and_then(|auth_value| {
|
||||||
|
println!("Auth value: {auth_value:?}");
|
||||||
if let Some(stripped) = auth_value.strip_prefix("Bearer ") {
|
if let Some(stripped) = auth_value.strip_prefix("Bearer ") {
|
||||||
Some(String::from(stripped))
|
Some(String::from(stripped))
|
||||||
} else {
|
} else {
|
||||||
@@ -87,21 +112,27 @@ pub async fn auth<B>(
|
|||||||
|
|
||||||
let secret_key = icarus_envy::environment::get_secret_main_key().await;
|
let secret_key = icarus_envy::environment::get_secret_main_key().await;
|
||||||
|
|
||||||
|
let mut validation = Validation::new(jsonwebtoken::Algorithm::HS256);
|
||||||
|
validation.set_audience(&["icarus"]); // Must match exactly what's in the token
|
||||||
let claims = decode::<UserClaims>(
|
let claims = decode::<UserClaims>(
|
||||||
&token,
|
&token,
|
||||||
// TODO: Replace with code to get secret from env
|
// TODO: Replace with code to get secret from env
|
||||||
&DecodingKey::from_secret(secret_key.as_ref()),
|
&DecodingKey::from_secret(secret_key.as_ref()),
|
||||||
&Validation::default(),
|
&validation,
|
||||||
)
|
)
|
||||||
.map_err(|_| {
|
.map_err(|err| {
|
||||||
|
eprintln!("Error: {err:?}");
|
||||||
let json_error = ErrorResponse {
|
let json_error = ErrorResponse {
|
||||||
status: "fail",
|
status: "fail",
|
||||||
message: "Invalid token".to_string(),
|
message: "Invalid token - Error decoding claims".to_string(),
|
||||||
};
|
};
|
||||||
(StatusCode::UNAUTHORIZED, Json(json_error))
|
(StatusCode::UNAUTHORIZED, Json(json_error))
|
||||||
})?
|
})?
|
||||||
.claims;
|
.claims;
|
||||||
|
|
||||||
|
println!("Claims: {claims:?}");
|
||||||
|
|
||||||
|
/*
|
||||||
let user_id = uuid::Uuid::parse_str(&claims.sub).map_err(|_| {
|
let user_id = uuid::Uuid::parse_str(&claims.sub).map_err(|_| {
|
||||||
let json_error = ErrorResponse {
|
let json_error = ErrorResponse {
|
||||||
status: "fail",
|
status: "fail",
|
||||||
@@ -109,7 +140,8 @@ pub async fn auth<B>(
|
|||||||
};
|
};
|
||||||
(StatusCode::UNAUTHORIZED, Json(json_error))
|
(StatusCode::UNAUTHORIZED, Json(json_error))
|
||||||
})?;
|
})?;
|
||||||
|
*/
|
||||||
|
|
||||||
req.extensions_mut().insert(user_id);
|
// req.extensions_mut().insert(user_id);
|
||||||
Ok(next.run(req).await)
|
Ok(next.run(req).await)
|
||||||
}
|
}
|
||||||
|
|||||||
+1
-1
@@ -61,7 +61,7 @@ pub mod init {
|
|||||||
crate::callers::endpoints::QUEUESONG,
|
crate::callers::endpoints::QUEUESONG,
|
||||||
post(crate::callers::song::endpoint::queue_song)
|
post(crate::callers::song::endpoint::queue_song)
|
||||||
// .route_layer(axum::middleware::from_fn_with_state(app_state.clone(), crate::auth::auth)),
|
// .route_layer(axum::middleware::from_fn_with_state(app_state.clone(), crate::auth::auth)),
|
||||||
// .route_layer(axum::middleware::from_fn(crate::auth::auth::<axum::body::Body>)),
|
.route_layer(axum::middleware::from_fn(crate::auth::auth::<axum::body::Body>)),
|
||||||
)
|
)
|
||||||
.route(
|
.route(
|
||||||
crate::callers::endpoints::QUEUESONG,
|
crate::callers::endpoints::QUEUESONG,
|
||||||
|
|||||||
Reference in New Issue
Block a user