Got auth functioning
This commit is contained in:
+36
-4
@@ -16,13 +16,35 @@ use thiserror::Error;
|
||||
// use time::OffsetDateTime;
|
||||
|
||||
|
||||
fn deserialize_i64_from_f64<'de, D>(deserializer: D) -> Result<i64, D::Error>
|
||||
where
|
||||
D: serde::Deserializer<'de>,
|
||||
{
|
||||
let val = f64::deserialize(deserializer)?;
|
||||
// Handle NaN and infinity cases
|
||||
if val.is_nan() || val.is_infinite() {
|
||||
return Err(serde::de::Error::custom("invalid float value"));
|
||||
}
|
||||
// Round to nearest integer and convert
|
||||
let rounded = val.round();
|
||||
// Check if the rounded value can fit in i64
|
||||
if rounded < (i64::MIN as f64) || rounded > (i64::MAX as f64) {
|
||||
return Err(serde::de::Error::custom("float out of i64 range"));
|
||||
}
|
||||
Ok(rounded as i64)
|
||||
}
|
||||
|
||||
#[derive(Debug, Serialize, Deserialize)]
|
||||
pub struct UserClaims {
|
||||
pub iss: String,
|
||||
pub aud: String, // Audience
|
||||
pub sub: String, // Subject (user ID)
|
||||
#[serde(deserialize_with = "deserialize_i64_from_f64")]
|
||||
pub exp: i64, // Expiration time (UTC timestamp)
|
||||
#[serde(deserialize_with = "deserialize_i64_from_f64")]
|
||||
pub iat: i64, // Issued at (UTC timestamp)
|
||||
// pub azp: String,
|
||||
// pub gty: String,
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub roles: Option<Vec<String>>, // Optional roles
|
||||
}
|
||||
@@ -61,6 +83,8 @@ pub async fn auth<B>(
|
||||
mut req: Request<axum::body::Body>,
|
||||
next: Next,
|
||||
) -> Result<impl IntoResponse, (StatusCode, Json<ErrorResponse>)> {
|
||||
println!("Cookie: {cookie_jar:?}");
|
||||
|
||||
let token = cookie_jar
|
||||
.get("token")
|
||||
.map(|cookie| cookie.value().to_string())
|
||||
@@ -69,6 +93,7 @@ pub async fn auth<B>(
|
||||
.get(axum::http::header::AUTHORIZATION)
|
||||
.and_then(|auth_header| auth_header.to_str().ok())
|
||||
.and_then(|auth_value| {
|
||||
println!("Auth value: {auth_value:?}");
|
||||
if let Some(stripped) = auth_value.strip_prefix("Bearer ") {
|
||||
Some(String::from(stripped))
|
||||
} else {
|
||||
@@ -87,21 +112,27 @@ pub async fn auth<B>(
|
||||
|
||||
let secret_key = icarus_envy::environment::get_secret_main_key().await;
|
||||
|
||||
let mut validation = Validation::new(jsonwebtoken::Algorithm::HS256);
|
||||
validation.set_audience(&["icarus"]); // Must match exactly what's in the token
|
||||
let claims = decode::<UserClaims>(
|
||||
&token,
|
||||
// TODO: Replace with code to get secret from env
|
||||
&DecodingKey::from_secret(secret_key.as_ref()),
|
||||
&Validation::default(),
|
||||
&validation,
|
||||
)
|
||||
.map_err(|_| {
|
||||
.map_err(|err| {
|
||||
eprintln!("Error: {err:?}");
|
||||
let json_error = ErrorResponse {
|
||||
status: "fail",
|
||||
message: "Invalid token".to_string(),
|
||||
message: "Invalid token - Error decoding claims".to_string(),
|
||||
};
|
||||
(StatusCode::UNAUTHORIZED, Json(json_error))
|
||||
})?
|
||||
.claims;
|
||||
|
||||
println!("Claims: {claims:?}");
|
||||
|
||||
/*
|
||||
let user_id = uuid::Uuid::parse_str(&claims.sub).map_err(|_| {
|
||||
let json_error = ErrorResponse {
|
||||
status: "fail",
|
||||
@@ -109,7 +140,8 @@ pub async fn auth<B>(
|
||||
};
|
||||
(StatusCode::UNAUTHORIZED, Json(json_error))
|
||||
})?;
|
||||
*/
|
||||
|
||||
req.extensions_mut().insert(user_id);
|
||||
// req.extensions_mut().insert(user_id);
|
||||
Ok(next.run(req).await)
|
||||
}
|
||||
|
||||
+1
-1
@@ -61,7 +61,7 @@ pub mod init {
|
||||
crate::callers::endpoints::QUEUESONG,
|
||||
post(crate::callers::song::endpoint::queue_song)
|
||||
// .route_layer(axum::middleware::from_fn_with_state(app_state.clone(), crate::auth::auth)),
|
||||
// .route_layer(axum::middleware::from_fn(crate::auth::auth::<axum::body::Body>)),
|
||||
.route_layer(axum::middleware::from_fn(crate::auth::auth::<axum::body::Body>)),
|
||||
)
|
||||
.route(
|
||||
crate::callers::endpoints::QUEUESONG,
|
||||
|
||||
Reference in New Issue
Block a user