Login endpoint bug fix (#24)

Reviewed-on: #24
Co-authored-by: phoenix <kundeng00@pm.me>
Co-committed-by: phoenix <kundeng00@pm.me>

.env.sample

@@ -1,2 +1,2 @@
 DATABASE_URL=postgres://username:password@localhost/database_name
-TEST_DATABASE_URL=postgres://username:password@localhost/database_name_test
+SECRET_KEY=refero34o8rfhfjn983thf39fhc943rf923n3h

.gitea/workflows/tag_release.yml

@@ -19,7 +19,7 @@ jobs:
       - name: Install Rust
         uses: actions-rs/toolchain@v1
         with:
-          toolchain: 1.85.0
+          toolchain: 1.86.0
           components: cargo
 
       - name: Extract Version from Cargo.toml

.gitea/workflows/workflow.yml

@@ -18,25 +18,42 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: 1.85.0
+          toolchain: 1.86.0
       - run: |
           mkdir -p ~/.ssh
-          echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/gitlab_deploy_key
-          chmod 600 ~/.ssh/gitlab_deploy_key
+          echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/icarus_models_deploy_key
+          chmod 600 ~/.ssh/icarus_models_deploy_key
           ssh-keyscan ${{ vars.MYHOST }} >> ~/.ssh/known_hosts
 
           eval $(ssh-agent -s)
-          ssh-add -v ~/.ssh/gitlab_deploy_key
+          ssh-add -v ~/.ssh/icarus_models_deploy_key
+
           cargo check
 
   test:
     name: Test Suite
     runs-on: ubuntu-24.04
+    # --- Add database service definition ---
+    services:
+      postgres:
+        image: postgres:17.4 # Or pin to a more specific version like 14.9
+        env:
+          # Use secrets for DB init, with fallbacks for flexibility
+          POSTGRES_USER: ${{ secrets.DB_TEST_USER || 'testuser' }}
+          POSTGRES_PASSWORD: ${{ secrets.DB_TEST_PASSWORD || 'testpassword' }}
+          POSTGRES_DB: ${{ secrets.DB_TEST_NAME || 'testdb' }}
+        # Options to wait until the database is ready
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
     steps:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: 1.85.0
+          toolchain: 1.86.0
       # --- Add this step for explicit verification ---
       - name: Verify Docker Environment
         run: |
@@ -51,14 +68,23 @@ jobs:
           echo "Docker environment check complete."
         # NOTE: Do NOT use continue-on-error here.
         # If Docker isn't working as expected, the job SHOULD fail here.
-      - run: |
+      - name: Run tests
+        env:
+          # Define DATABASE_URL for tests to use
+          DATABASE_URL: postgresql://${{ secrets.DB_TEST_USER || 'testuser' }}:${{ secrets.DB_TEST_PASSWORD || 'testpassword' }}@postgres:5432/${{ secrets.DB_TEST_NAME || 'testdb' }}
+          RUST_LOG: info # Optional: configure test log level
+          SECRET_KEY: ${{ secrets.TOKEN_SECRET_KEY }}
+          # Make SSH agent available if tests fetch private dependencies
+          SSH_AUTH_SOCK: ${{ env.SSH_AUTH_SOCK }}
+        run: |
           mkdir -p ~/.ssh
-          echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/gitlab_deploy_key
-          chmod 600 ~/.ssh/gitlab_deploy_key
+          echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/icarus_models_deploy_key
+          chmod 600 ~/.ssh/icarus_models_deploy_key
           ssh-keyscan ${{ vars.MYHOST }} >> ~/.ssh/known_hosts
 
           eval $(ssh-agent -s)
-          ssh-add -v ~/.ssh/gitlab_deploy_key
+          ssh-add -v ~/.ssh/icarus_models_deploy_key
+
           cargo test
 
   fmt:
@@ -68,16 +94,16 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: 1.85.0
+          toolchain: 1.86.0
       - run: rustup component add rustfmt
       - run: |
           mkdir -p ~/.ssh
-          echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/gitlab_deploy_key
-          chmod 600 ~/.ssh/gitlab_deploy_key
+          echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/icarus_models_deploy_key
+          chmod 600 ~/.ssh/icarus_models_deploy_key
           ssh-keyscan ${{ vars.MYHOST }} >> ~/.ssh/known_hosts
 
           eval $(ssh-agent -s)
-          ssh-add -v ~/.ssh/gitlab_deploy_key
+          ssh-add -v ~/.ssh/icarus_models_deploy_key
           cargo fmt --all -- --check
 
   clippy:
@@ -87,16 +113,16 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: 1.85.0
+          toolchain: 1.86.0
       - run: rustup component add clippy
       - run: |
           mkdir -p ~/.ssh
-          echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/gitlab_deploy_key
-          chmod 600 ~/.ssh/gitlab_deploy_key
+          echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/icarus_models_deploy_key
+          chmod 600 ~/.ssh/icarus_models_deploy_key
           ssh-keyscan ${{ vars.MYHOST }} >> ~/.ssh/known_hosts
 
           eval $(ssh-agent -s)
-          ssh-add -v ~/.ssh/gitlab_deploy_key
+          ssh-add -v ~/.ssh/icarus_models_deploy_key
           cargo clippy -- -D warnings
 
   build:
@@ -106,14 +132,13 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: 1.85.0
+          toolchain: 1.86.0
       - run: |
           mkdir -p ~/.ssh
-          echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/gitlab_deploy_key
-          chmod 600 ~/.ssh/gitlab_deploy_key
+          echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/icarus_models_deploy_key
+          chmod 600 ~/.ssh/icarus_models_deploy_key
           ssh-keyscan ${{ vars.MYHOST }} >> ~/.ssh/known_hosts
 
           eval $(ssh-agent -s)
-          ssh-add -v ~/.ssh/gitlab_deploy_key
+          ssh-add -v ~/.ssh/icarus_models_deploy_key
           cargo build --release
-

Cargo.toml

@@ -1,7 +1,8 @@
 [package]
 name = "icarus_auth"
-version = "0.1.0"
+version = "0.3.2"
 edition = "2024"
+rust-version = "1.86"
 
 [dependencies]
 axum = { version = "0.8.3" }
@@ -11,11 +12,16 @@ tokio = { version = "1.44.1", features = ["rt-multi-thread"] }
 tracing-subscriber = { version = "0.3.19" }
 tower = { version = "0.5.2" }
 hyper = { version = "1.6.0" }
-sqlx = { version = "0.8.3", features = ["postgres", "runtime-tokio-native-tls"] }
-dotenv = { version = "0.15" }
-icarus_models = { git = "ssh://git@git.kundeng.us/phoenix/icarus_models.git", tag = "v0.2.0" }
+sqlx = { version = "0.8.3", features = ["postgres", "runtime-tokio-native-tls", "time", "uuid"] }
+dotenvy = { version = "0.15.7" }
+uuid = { version = "1.16.0", features = ["v4", "serde"] }
+argon2 = { version = "0.5.3", features = ["std"] } # Use the latest 0.5.x version
+rand = { version = "0.9" }
+time = { version = "0.3.41", features = ["macros", "serde"] }
+josekit = { version = "0.10.1" }
+icarus_models = { git = "ssh://git@git.kundeng.us/phoenix/icarus_models.git", tag = "v0.4.1" }
 
 [dev-dependencies]
-http-body-util = "0.1.3"
-reqwest = { version = "0.12.5", features = ["json"] } # For making HTTP requests in tests
-once_cell = "1.19" # Useful for lazy initialization in tests/app setup
+http-body-util = { version = "0.1.3" }
+url = { version = "2.5" }
+once_cell = { version = "1.19" } # Useful for lazy initialization in tests/app setup

migrations/20250402221858_init_migrate.sql

@@ -1 +1,22 @@
 -- Add migration script here
+CREATE EXTENSION IF NOT EXISTS pgcrypto;
+
+CREATE TABLE IF NOT EXISTS "user" (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    username TEXT NOT NULL,
+    password TEXT NOT NULL,
+    email TEXT NOT NULL,
+    phone TEXT NOT NULL,
+    firstname TEXT NOT NULL,
+    lastname TEXT NOT NULL,
+    email_verified BOOL NOT NULL,
+    date_created TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    status TEXT NOT NULL,
+    last_login TIMESTAMPTZ NULL DEFAULT NOW(),
+    salt_id UUID NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS "salt" (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    salt TEXT NOT NULL
+);

run_migrations.txt

@@ -1,3 +1,25 @@
+# Make sure role has CREATEDB
+ALTER ROLE username_that_needs_permission CREATEDB;
+
+# Install migrations
 cargo install sqlx-cli
+
+# Make sure to populate DATABASE_URL with correct value. 
+# By default, the DATABASE_URL found in .env file will be used
+export DATABASE_URL="postgres://icarus_op_test:password@localhost/icarus_auth_test"
+
+# init
 sqlx migrate add init_migration
 sqlx migrate run
+
+# Create
+sqlx database create
+
+# Drop
+sqlx database drop
+
+# setup
+sqlx database setup
+
+# Reset
+sqlx database reset

src/callers/common.rs

@@ -1,30 +1,37 @@
-use axum::{Extension, Json, http::StatusCode};
+pub mod response {
+    use serde::{Deserialize, Serialize};
 
-use serde::{Deserialize, Serialize};
-
-#[derive(Deserialize, Serialize)]
-pub struct TestResult {
-    message: String,
-}
-
-// basic handler that responds with a static string
-pub async fn root() -> &'static str {
-    "Hello, World!"
-}
-
-pub async fn db_ping(Extension(pool): Extension<sqlx::PgPool>) -> (StatusCode, Json<TestResult>) {
-    match sqlx::query("SELECT 1").execute(&pool).await {
-        Ok(_) => {
-            let tr = TestResult {
-                message: String::from("This works"),
-            };
-            (StatusCode::OK, Json(tr))
-        }
-        Err(e) => (
-            StatusCode::BAD_REQUEST,
-            Json(TestResult {
-                message: e.to_string(),
-            }),
-        ),
+    #[derive(Deserialize, Serialize)]
+    pub struct TestResult {
+        pub message: String,
+    }
+}
+
+pub mod endpoint {
+    use super::*;
+    use axum::{Extension, Json, http::StatusCode};
+
+    // basic handler that responds with a static string
+    pub async fn root() -> &'static str {
+        "Hello, World!"
+    }
+
+    pub async fn db_ping(
+        Extension(pool): Extension<sqlx::PgPool>,
+    ) -> (StatusCode, Json<response::TestResult>) {
+        match sqlx::query("SELECT 1").execute(&pool).await {
+            Ok(_) => {
+                let tr = response::TestResult {
+                    message: String::from("This works"),
+                };
+                (StatusCode::OK, Json(tr))
+            }
+            Err(e) => (
+                StatusCode::BAD_REQUEST,
+                Json(response::TestResult {
+                    message: e.to_string(),
+                }),
+            ),
+        }
     }
 }

src/callers/login.rs

@@ -0,0 +1,79 @@
+pub mod request {
+    use serde::{Deserialize, Serialize};
+
+    #[derive(Default, Deserialize, Serialize)]
+    pub struct Request {
+        pub username: String,
+        pub password: String,
+    }
+}
+
+pub mod response {
+    use serde::{Deserialize, Serialize};
+
+    #[derive(Default, Deserialize, Serialize)]
+    pub struct Response {
+        pub message: String,
+        pub data: Vec<icarus_models::login_result::LoginResult>,
+    }
+}
+
+pub mod endpoint {
+    use axum::{Json, http::StatusCode};
+
+    use crate::hashing;
+    use crate::repo;
+    use crate::token_stuff;
+
+    use super::request;
+    use super::response;
+
+    async fn not_found(message: &str) -> (StatusCode, Json<response::Response>) {
+        (
+            StatusCode::NOT_FOUND,
+            Json(response::Response {
+                message: String::from(message),
+                data: Vec::new(),
+            }),
+        )
+    }
+
+    pub async fn login(
+        axum::Extension(pool): axum::Extension<sqlx::PgPool>,
+        Json(payload): Json<request::Request>,
+    ) -> (StatusCode, Json<response::Response>) {
+        // Check if user exists
+        match repo::user::get(&pool, &payload.username).await {
+            Ok(user) => {
+                if hashing::verify_password(&payload.password, user.password.clone()).unwrap() {
+                    // Create token
+                    let key = token_stuff::get_key().unwrap();
+                    let (token_literal, duration) = token_stuff::create_token(&key).unwrap();
+
+                    if token_stuff::verify_token(&key, &token_literal) {
+                        (
+                            StatusCode::OK,
+                            Json(response::Response {
+                                message: String::from("Successful"),
+                                data: vec![icarus_models::login_result::LoginResult {
+                                    id: user.id,
+                                    username: user.username,
+                                    token: token_literal,
+                                    token_type: String::from(token_stuff::TOKENTYPE),
+                                    expiration: duration,
+                                }],
+                            }),
+                        )
+                    } else {
+                        return not_found("Could not verify password").await;
+                    }
+                } else {
+                    return not_found("Error Hashing").await;
+                }
+            }
+            Err(err) => {
+                return not_found(&err.to_string()).await;
+            }
+        }
+    }
+}

src/callers/mod.rs

@@ -1,8 +1,10 @@
 pub mod common;
+pub mod login;
 pub mod register;
 
 pub mod endpoints {
     pub const ROOT: &str = "/";
     pub const REGISTER: &str = "/api/v2/register";
     pub const DBTEST: &str = "/api/v2/test/db";
+    pub const LOGIN: &str = "/api/v2/login";
 }

src/callers/register.rs

@@ -1,12 +1,105 @@
 use axum::{Json, http::StatusCode};
 
-use crate::models;
+use crate::hashing;
+use crate::repo;
+
+pub mod request {
+    use serde::{Deserialize, Serialize};
+
+    #[derive(Default, Deserialize, Serialize)]
+    pub struct Request {
+        #[serde(skip_serializing_if = "String::is_empty")]
+        pub username: String,
+        #[serde(skip_serializing_if = "String::is_empty")]
+        pub password: String,
+        #[serde(skip_serializing_if = "String::is_empty")]
+        pub email: String,
+        #[serde(skip_serializing_if = "String::is_empty")]
+        pub phone: String,
+        #[serde(skip_serializing_if = "String::is_empty")]
+        pub firstname: String,
+        #[serde(skip_serializing_if = "String::is_empty")]
+        pub lastname: String,
+    }
+}
+
+pub mod response {
+    use serde::{Deserialize, Serialize};
+
+    #[derive(Deserialize, Serialize)]
+    pub struct Response {
+        pub message: String,
+        pub data: Vec<icarus_models::user::User>,
+    }
+}
 
 pub async fn register_user(
-    Json(payload): Json<models::common::CreateUser>,
-) -> (StatusCode, Json<models::common::User>) {
-    let user = models::common::User {
+    axum::Extension(pool): axum::Extension<sqlx::PgPool>,
+    Json(payload): Json<request::Request>,
+) -> (StatusCode, Json<response::Response>) {
+    let mut user = icarus_models::user::User {
+        id: uuid::Uuid::nil(),
         username: payload.username.clone(),
+        password: payload.password.clone(),
+        email: payload.email.clone(),
+        phone: payload.phone.clone(),
+        firstname: payload.firstname.clone(),
+        lastname: payload.lastname.clone(),
+        status: String::from("Active"),
+        email_verified: true,
+        date_created: Some(time::OffsetDateTime::now_utc()),
+        last_login: None,
+        salt_id: uuid::Uuid::nil(),
     };
-    (StatusCode::CREATED, Json(user))
+
+    match repo::user::exists(&pool, &user.username).await {
+        Ok(res) => {
+            if res {
+                (
+                    StatusCode::NOT_FOUND,
+                    Json(response::Response {
+                        message: String::from("Error"),
+                        data: vec![user],
+                    }),
+                )
+            } else {
+                let salt_string = hashing::generate_salt().unwrap();
+                let mut salt = icarus_models::user::salt::Salt::default();
+                let generated_salt = salt_string;
+                salt.salt = generated_salt.to_string();
+                salt.id = repo::salt::insert(&pool, &salt).await.unwrap();
+                user.salt_id = salt.id;
+                let hashed_password =
+                    hashing::hash_password(&user.password, &generated_salt).unwrap();
+                user.password = hashed_password;
+
+                match repo::user::insert(&pool, &user).await {
+                    Ok(id) => {
+                        user.id = id;
+                        (
+                            StatusCode::CREATED,
+                            Json(response::Response {
+                                message: String::from("User created"),
+                                data: vec![user],
+                            }),
+                        )
+                    }
+                    Err(err) => (
+                        StatusCode::BAD_REQUEST,
+                        Json(response::Response {
+                            message: err.to_string(),
+                            data: vec![user],
+                        }),
+                    ),
+                }
+            }
+        }
+        Err(err) => (
+            StatusCode::BAD_REQUEST,
+            Json(response::Response {
+                message: err.to_string(),
+                data: vec![user],
+            }),
+        ),
+    }
 }

src/hashing/mod.rs

@@ -0,0 +1,101 @@
+use argon2::{
+    Argon2, // The Argon2 algorithm struct
+    PasswordVerifier,
+    password_hash::{
+        PasswordHasher,
+        SaltString,
+        rand_core::OsRng, // Secure random number generator
+    },
+};
+
+pub fn generate_salt() -> Result<SaltString, argon2::Error> {
+    // Generate a random salt
+    // SaltString::generate uses OsRng internally for cryptographic security
+    Ok(SaltString::generate(&mut OsRng))
+}
+
+pub fn get_salt(s: &str) -> Result<SaltString, argon2::password_hash::Error> {
+    SaltString::from_b64(s)
+}
+
+pub fn hash_password(
+    password: &String,
+    salt: &SaltString,
+) -> Result<String, argon2::password_hash::Error> {
+    let password_bytes = password.as_bytes();
+
+    // Create an Argon2 instance with default parameters (recommended)
+    // You could customize parameters here if needed, but defaults are strong
+    let argon2 = Argon2::default();
+
+    // Hash the password with the salt
+    // The output is a PasswordHash string format that includes algorithm, version,
+    // parameters, salt, and the hash itself.
+    Ok(argon2.hash_password(password_bytes, salt)?.to_string())
+}
+
+pub fn verify_password(
+    password_attempt: &String,
+    stored_hash: String,
+) -> Result<bool, argon2::password_hash::Error> {
+    let password_bytes = password_attempt.as_bytes();
+
+    // Parse the stored hash string
+    // This extracts the salt, parameters, and hash digest
+    let parsed_hash = argon2::PasswordHash::new(stored_hash.as_str())?;
+
+    // Create an Argon2 instance (it will use the parameters from the parsed hash)
+    // Verify the password against the parsed hash
+    // This automatically uses the correct salt and parameters embedded in `parsed_hash`
+    match Argon2::default().verify_password(password_bytes, &parsed_hash) {
+        Ok(()) => Ok(true),                                       // Passwords match
+        Err(argon2::password_hash::Error::Password) => Ok(false), // Passwords don't match
+        Err(e) => Err(e), // Some other error occurred (e.g., invalid hash format)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_hash_password() {
+        let some_password = String::from("somethingrandom");
+        match hash_password(&some_password, &generate_salt().unwrap()) {
+            Ok(p) => match verify_password(&some_password, p.clone()) {
+                Ok(res) => {
+                    assert_eq!(res, true);
+                }
+                Err(err) => {
+                    assert!(false, "Error: {:?}", err.to_string());
+                }
+            },
+            Err(eerr) => {
+                assert!(false, "Error: {:?}", eerr.to_string());
+            }
+        }
+    }
+
+    #[test]
+    fn test_wrong_password() {
+        let some_password = String::from("somethingrandom");
+        match hash_password(&some_password, &generate_salt().unwrap()) {
+            Ok(p) => {
+                match verify_password(&some_password, p.clone()) {
+                    Ok(res) => {
+                        assert_eq!(res, true, "Passwords are not verified");
+                    }
+                    Err(err) => {
+                        assert!(false, "Error: {:?}", err.to_string());
+                    }
+                }
+                let wrong_password = String::from("Differentanotherlevel");
+                let result = verify_password(&wrong_password, p.clone()).unwrap();
+                assert_eq!(false, result, "Passwords should not match");
+            }
+            Err(err) => {
+                assert!(false, "Error: {:?}", err.to_string());
+            }
+        }
+    }
+}

src/lib.rs

@@ -1,8 +1,10 @@
 pub mod callers;
 pub mod config;
-pub mod models;
+pub mod hashing;
+pub mod repo;
+pub mod token_stuff;
 
-mod keys {
+pub mod keys {
     pub const DBURL: &str = "DATABASE_URL";
 
     pub mod error {
@@ -14,7 +16,7 @@ mod connection_settings {
     pub const MAXCONN: u32 = 5;
 }
 
-pub mod db_pool {
+pub mod db {
 
     use sqlx::postgres::PgPoolOptions;
     use std::env;
@@ -22,12 +24,28 @@ pub mod db_pool {
     use crate::{connection_settings, keys};
 
     pub async fn create_pool() -> Result<sqlx::PgPool, sqlx::Error> {
-        dotenv::dotenv().ok();
-        let database_url = env::var(keys::DBURL).expect(keys::error::ERROR);
+        let database_url = get_db_url().await;
+        println!("Database url: {:?}", database_url);
 
         PgPoolOptions::new()
             .max_connections(connection_settings::MAXCONN)
             .connect(&database_url)
             .await
     }
+
+    async fn get_db_url() -> String {
+        #[cfg(debug_assertions)] // Example: Only load .env in debug builds
+        dotenvy::dotenv().ok();
+
+        env::var(keys::DBURL).expect(keys::error::ERROR)
+    }
+
+    pub async fn migrations(pool: &sqlx::PgPool) {
+        // Run migrations using the sqlx::migrate! macro
+        // Assumes your migrations are in a ./migrations folder relative to Cargo.toml
+        sqlx::migrate!("./migrations")
+            .run(pool)
+            .await
+            .expect("Failed to run migrations");
+    }
 }

src/main.rs

@@ -1,19 +1,12 @@
-use axum::{
-    Router,
-    routing::{get, post},
-};
-// use std::net::SocketAddr;
-
 use icarus_auth::callers;
 use icarus_auth::config;
-// use sqlx::Postgres;
 
 #[tokio::main]
 async fn main() {
     // initialize tracing
     tracing_subscriber::fmt::init();
 
-    let app = app().await;
+    let app = init::app().await;
 
     // run our app with hyper, listening globally on port 3000
     let url = config::get_full();
@@ -21,40 +14,158 @@ async fn main() {
     axum::serve(listener, app).await.unwrap();
 }
 
-async fn app() -> Router {
-    let pool = icarus_auth::db_pool::create_pool()
-        .await
-        .expect("Failed to create pool");
+mod init {
+    use axum::{
+        Router,
+        routing::{get, post},
+    };
 
-    // build our application with a route
-    Router::new()
-        .route(callers::endpoints::DBTEST, get(callers::common::db_ping))
-        .route(callers::endpoints::ROOT, get(callers::common::root))
-        .route(
-            callers::endpoints::REGISTER,
-            post(callers::register::register_user),
-        )
-        .layer(axum::Extension(pool))
+    use crate::callers;
+
+    pub async fn routes() -> Router {
+        // build our application with a route
+        Router::new()
+            .route(
+                callers::endpoints::DBTEST,
+                get(callers::common::endpoint::db_ping),
+            )
+            .route(
+                callers::endpoints::ROOT,
+                get(callers::common::endpoint::root),
+            )
+            .route(
+                callers::endpoints::REGISTER,
+                post(callers::register::register_user),
+            )
+            .route(
+                callers::endpoints::LOGIN,
+                post(callers::login::endpoint::login),
+            )
+    }
+
+    pub async fn app() -> Router {
+        let pool = icarus_auth::db::create_pool()
+            .await
+            .expect("Failed to create pool");
+
+        icarus_auth::db::migrations(&pool).await;
+
+        routes().await.layer(axum::Extension(pool))
+    }
 }
 
 #[cfg(test)]
 mod tests {
     use super::*;
+
     use axum::{
         body::Body,
-        // extract::connect_info::MockConnectInfo,
         http::{Request, StatusCode},
     };
     use http_body_util::BodyExt;
-    // use http_body_util::BodyExt; // for `collect`
-    // use serde_json::{Value, json};
-    // use tokio::net::TcpListener;
-    // use tower::{Service, ServiceExt}; // for `call`, `oneshot`, and `ready`
+    use serde_json::json;
     use tower::ServiceExt; // for `call`, `oneshot`, and `ready`
 
+    mod db_mgr {
+        use std::str::FromStr;
+
+        use icarus_auth::keys;
+
+        pub const LIMIT: usize = 6;
+
+        pub async fn get_pool() -> Result<sqlx::PgPool, sqlx::Error> {
+            let tm_db_url = std::env::var(keys::DBURL).expect("DATABASE_URL must be present");
+            let tm_options = sqlx::postgres::PgConnectOptions::from_str(&tm_db_url).unwrap();
+            sqlx::PgPool::connect_with(tm_options).await
+        }
+
+        pub async fn generate_db_name() -> String {
+            let db_name =
+                get_database_name().unwrap() + &"_" + &uuid::Uuid::new_v4().to_string()[..LIMIT];
+            db_name
+        }
+
+        pub async fn connect_to_db(db_name: &str) -> Result<sqlx::PgPool, sqlx::Error> {
+            let db_url = std::env::var(keys::DBURL).expect("DATABASE_URL must be set for tests");
+            let options = sqlx::postgres::PgConnectOptions::from_str(&db_url)?.database(db_name);
+            sqlx::PgPool::connect_with(options).await
+        }
+
+        pub async fn create_database(
+            template_pool: &sqlx::PgPool,
+            db_name: &str,
+        ) -> Result<(), sqlx::Error> {
+            let create_query = format!("CREATE DATABASE {}", db_name);
+            match sqlx::query(&create_query).execute(template_pool).await {
+                Ok(_) => Ok(()),
+                Err(e) => Err(e),
+            }
+        }
+
+        // Function to drop a database
+        pub async fn drop_database(
+            template_pool: &sqlx::PgPool,
+            db_name: &str,
+        ) -> Result<(), sqlx::Error> {
+            let drop_query = format!("DROP DATABASE IF EXISTS {} WITH (FORCE)", db_name);
+            sqlx::query(&drop_query).execute(template_pool).await?;
+            Ok(())
+        }
+
+        pub fn get_database_name() -> Result<String, Box<dyn std::error::Error>> {
+            dotenvy::dotenv().ok(); // Load .env file if it exists
+
+            match std::env::var(keys::DBURL) {
+                Ok(database_url) => {
+                    let parsed_url = url::Url::parse(&database_url)?;
+                    if parsed_url.scheme() == "postgres" || parsed_url.scheme() == "postgresql" {
+                        match parsed_url
+                            .path_segments()
+                            .and_then(|segments| segments.last().map(|s| s.to_string()))
+                        {
+                            Some(sss) => Ok(sss),
+                            None => Err("Error parsing".into()),
+                        }
+                    } else {
+                        // Handle other database types if needed
+                        Err("Error parsing".into())
+                    }
+                }
+                Err(_) => {
+                    // DATABASE_URL environment variable not found
+                    Err("Error parsing".into())
+                }
+            }
+        }
+    }
+
+    fn get_test_register_request() -> icarus_auth::callers::register::request::Request {
+        icarus_auth::callers::register::request::Request {
+            username: String::from("somethingsss"),
+            password: String::from("Raindown!"),
+            email: String::from("dev@null.com"),
+            phone: String::from("1234567890"),
+            firstname: String::from("Bob"),
+            lastname: String::from("Smith"),
+        }
+    }
+
+    fn get_test_register_payload(
+        usr: &icarus_auth::callers::register::request::Request,
+    ) -> serde_json::Value {
+        json!({
+            "username": &usr.username,
+            "password": &usr.password,
+            "email": &usr.email,
+            "phone": &usr.phone,
+            "firstname": &usr.firstname,
+            "lastname": &usr.lastname,
+        })
+    }
+
     #[tokio::test]
-    async fn hello_world() {
-        let app = app().await;
+    async fn test_hello_world() {
+        let app = init::app().await;
 
         // `Router` implements `tower::Service<Request<Body>>` so we can
         // call it like any tower service, no need to run an HTTP server.
@@ -70,24 +181,173 @@ mod tests {
 
         assert_eq!(response.status(), StatusCode::OK);
 
-        /*
-        match response.into_body().collect().await {
-            Ok(o) => {
-                let parsed: String = match String::from_utf8(o.to_bytes()) {
-                    Ok(s) => s,
-                    Err(err) => {
-                        String::new()
-                    }
-                };
-            }
-            Err(err) => {
-                assert!(false,
-                "Error: {:?}", err.to_string());
-            }
-        }
-        */
-
         let body = response.into_body().collect().await.unwrap().to_bytes();
         assert_eq!(&body[..], b"Hello, World!");
     }
+
+    #[tokio::test]
+    async fn test_register_user() {
+        let tm_pool = db_mgr::get_pool().await.unwrap();
+
+        let db_name = db_mgr::generate_db_name().await;
+
+        match db_mgr::create_database(&tm_pool, &db_name).await {
+            Ok(_) => {
+                println!("Success");
+            }
+            Err(e) => {
+                assert!(false, "Error: {:?}", e.to_string());
+            }
+        }
+
+        let pool = db_mgr::connect_to_db(&db_name).await.unwrap();
+
+        icarus_auth::db::migrations(&pool).await;
+
+        let app = init::routes().await.layer(axum::Extension(pool));
+
+        let usr = get_test_register_request();
+        let payload = get_test_register_payload(&usr);
+
+        let response = app
+            .oneshot(
+                Request::builder()
+                    .method(axum::http::Method::POST)
+                    .uri(callers::endpoints::REGISTER)
+                    .header(axum::http::header::CONTENT_TYPE, "application/json")
+                    .body(Body::from(payload.to_string()))
+                    .unwrap(),
+            )
+            .await;
+
+        match response {
+            Ok(resp) => {
+                assert_eq!(
+                    resp.status(),
+                    StatusCode::CREATED,
+                    "Message: {:?} {:?}",
+                    resp,
+                    usr.username
+                );
+                let body = axum::body::to_bytes(resp.into_body(), usize::MAX)
+                    .await
+                    .unwrap();
+                let parsed_body: callers::register::response::Response =
+                    serde_json::from_slice(&body).unwrap();
+                let returned_usr = &parsed_body.data[0];
+
+                assert_eq!(false, returned_usr.id.is_nil(), "Id is not populated");
+
+                assert_eq!(
+                    usr.username, returned_usr.username,
+                    "Usernames do not match"
+                );
+                assert!(returned_usr.date_created.is_some(), "Date Created is empty");
+            }
+            Err(err) => {
+                assert!(false, "Error: {:?}", err.to_string());
+            }
+        };
+
+        let _ = db_mgr::drop_database(&tm_pool, &db_name).await;
+    }
+
+    #[tokio::test]
+    async fn test_login_user() {
+        let tm_pool = db_mgr::get_pool().await.unwrap();
+
+        let db_name = db_mgr::generate_db_name().await;
+
+        match db_mgr::create_database(&tm_pool, &db_name).await {
+            Ok(_) => {
+                println!("Success");
+            }
+            Err(e) => {
+                assert!(false, "Error: {:?}", e.to_string());
+            }
+        }
+
+        let pool = db_mgr::connect_to_db(&db_name).await.unwrap();
+
+        icarus_auth::db::migrations(&pool).await;
+
+        let app = init::routes().await.layer(axum::Extension(pool));
+
+        let usr = get_test_register_request();
+        let payload = get_test_register_payload(&usr);
+
+        let response = app
+            .clone()
+            .oneshot(
+                Request::builder()
+                    .method(axum::http::Method::POST)
+                    .uri(callers::endpoints::REGISTER)
+                    .header(axum::http::header::CONTENT_TYPE, "application/json")
+                    .body(Body::from(payload.to_string()))
+                    .unwrap(),
+            )
+            .await;
+
+        match response {
+            Ok(resp) => {
+                assert_eq!(
+                    resp.status(),
+                    StatusCode::CREATED,
+                    "Message: {:?} {:?}",
+                    resp,
+                    usr.username
+                );
+                let body = axum::body::to_bytes(resp.into_body(), usize::MAX)
+                    .await
+                    .unwrap();
+                let parsed_body: callers::register::response::Response =
+                    serde_json::from_slice(&body).unwrap();
+                let returned_usr = &parsed_body.data[0];
+
+                assert_eq!(false, returned_usr.id.is_nil(), "Id is not populated");
+
+                assert_eq!(
+                    usr.username, returned_usr.username,
+                    "Usernames do not match"
+                );
+                assert!(returned_usr.date_created.is_some(), "Date Created is empty");
+
+                let login_payload = json!({
+                    "username": &usr.username,
+                    "password": &usr.password,
+                });
+
+                match app
+                    .oneshot(
+                        Request::builder()
+                            .method(axum::http::Method::POST)
+                            .uri(callers::endpoints::LOGIN)
+                            .header(axum::http::header::CONTENT_TYPE, "application/json")
+                            .body(Body::from(login_payload.to_string()))
+                            .unwrap(),
+                    )
+                    .await
+                {
+                    Ok(resp) => {
+                        assert_eq!(StatusCode::OK, resp.status(), "Status is not right");
+                        let body = axum::body::to_bytes(resp.into_body(), usize::MAX)
+                            .await
+                            .unwrap();
+                        let parsed_body: callers::login::response::Response =
+                            serde_json::from_slice(&body).unwrap();
+                        let login_result = &parsed_body.data[0];
+                        assert!(!login_result.id.is_nil(), "Id is nil");
+                    }
+                    Err(err) => {
+                        assert!(false, "Error: {:?}", err.to_string());
+                    }
+                }
+            }
+            Err(err) => {
+                assert!(false, "Error: {:?}", err.to_string());
+            }
+        };
+
+        let _ = db_mgr::drop_database(&tm_pool, &db_name).await;
+    }
 }

src/models/common.rs

@@ -1,11 +0,0 @@
-use serde::{Deserialize, Serialize};
-
-#[derive(Deserialize)]
-pub struct CreateUser {
-    pub username: String,
-}
-
-#[derive(Serialize)]
-pub struct User {
-    pub username: String,
-}

src/models/mod.rs

@@ -1 +0,0 @@
-pub mod common;

src/repo/mod.rs

@@ -0,0 +1,164 @@
+pub mod user {
+    use sqlx::Row;
+
+    #[derive(Debug, serde::Serialize, sqlx::FromRow)]
+    pub struct InsertedData {
+        pub id: uuid::Uuid,
+        pub date_created: Option<time::OffsetDateTime>,
+    }
+
+    pub async fn get(
+        pool: &sqlx::PgPool,
+        username: &String,
+    ) -> Result<icarus_models::user::User, sqlx::Error> {
+        let result = sqlx::query(
+            r#"
+        SELECT * FROM "user" WHERE username = $1
+        "#,
+        )
+        .bind(username)
+        .fetch_optional(pool)
+        .await;
+
+        match result {
+            Ok(r) => match r {
+                Some(r) => Ok(icarus_models::user::User {
+                    id: r.try_get("id")?,
+                    username: r.try_get("username")?,
+                    password: r.try_get("password")?,
+                    email: r.try_get("email")?,
+                    email_verified: r.try_get("email_verified")?,
+                    phone: r.try_get("phone")?,
+                    salt_id: r.try_get("salt_id")?,
+                    firstname: r.try_get("firstname")?,
+                    lastname: r.try_get("lastname")?,
+                    date_created: r.try_get("date_created")?,
+                    last_login: r.try_get("last_login")?,
+                    status: r.try_get("status")?,
+                }),
+                None => Err(sqlx::Error::RowNotFound),
+            },
+            Err(e) => Err(e),
+        }
+    }
+
+    pub async fn exists(pool: &sqlx::PgPool, username: &String) -> Result<bool, sqlx::Error> {
+        let result = sqlx::query(
+            r#"
+        SELECT 1 FROM "user" WHERE username = $1
+        "#,
+        )
+        .bind(username)
+        .fetch_optional(pool)
+        .await;
+
+        match result {
+            Ok(r) => Ok(r.is_some()),
+            Err(e) => Err(e),
+        }
+    }
+
+    pub async fn insert(
+        pool: &sqlx::PgPool,
+        user: &icarus_models::user::User,
+    ) -> Result<uuid::Uuid, sqlx::Error> {
+        let row = sqlx::query(
+            r#"
+                INSERT INTO "user" (username, password, email, phone, firstname, lastname, email_verified, status, salt_id) 
+                VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)
+                RETURNING id, date_created;
+            "#)
+            .bind(&user.username)
+            .bind(&user.password)
+            .bind(&user.email)
+            .bind(&user.phone)
+            .bind(&user.firstname)
+            .bind(&user.lastname)
+            .bind(user.email_verified)
+            .bind(&user.status)
+            .bind(user.salt_id)
+        .fetch_one(pool)
+        .await
+        .map_err(|e| {
+            eprintln!("Error inserting item: {}", e);
+            e
+        })?;
+
+        let result = InsertedData {
+            id: row.try_get("id").map_err(|_e| sqlx::Error::RowNotFound)?,
+            date_created: row
+                .try_get("date_created")
+                .map_err(|_e| sqlx::Error::RowNotFound)?,
+        };
+
+        if !result.id.is_nil() {
+            Ok(result.id)
+        } else {
+            Err(sqlx::Error::RowNotFound)
+        }
+    }
+}
+
+pub mod salt {
+    use sqlx::Row;
+
+    #[derive(Debug, serde::Serialize, sqlx::FromRow)]
+    pub struct InsertedData {
+        pub id: uuid::Uuid,
+    }
+
+    pub async fn get(
+        pool: &sqlx::PgPool,
+        id: &uuid::Uuid,
+    ) -> Result<icarus_models::user::salt::Salt, sqlx::Error> {
+        let result = sqlx::query(
+            r#"
+        SELECT * FROM "salt" WHERE id = $1
+        "#,
+        )
+        .bind(id)
+        .fetch_optional(pool)
+        .await;
+
+        match result {
+            Ok(r) => match r {
+                Some(r) => Ok(icarus_models::user::salt::Salt {
+                    id: r.try_get("id")?,
+                    salt: r.try_get("salt")?,
+                }),
+                None => Err(sqlx::Error::RowNotFound),
+            },
+            Err(e) => Err(e),
+        }
+    }
+
+    pub async fn insert(
+        pool: &sqlx::PgPool,
+        salt: &icarus_models::user::salt::Salt,
+    ) -> Result<uuid::Uuid, sqlx::Error> {
+        let row = sqlx::query(
+            r#"
+                INSERT INTO "salt" (salt) 
+                VALUES ($1)
+                RETURNING id;
+            "#,
+        )
+        .bind(&salt.salt)
+        .fetch_one(pool)
+        .await
+        .map_err(|e| {
+            eprintln!("Error inserting item: {}", e);
+            e
+        })?;
+
+        let result = InsertedData {
+            id: row.try_get("id").map_err(|_e| sqlx::Error::RowNotFound)?,
+        };
+
+        if !result.id.is_nil() {
+            Ok(result.id)
+        } else {
+            Err(sqlx::Error::RowNotFound)
+        }
+    }
+}

src/token_stuff/mod.rs

@@ -0,0 +1,96 @@
+use josekit::{
+    self,
+    jws::{JwsHeader, alg::hmac::HmacJwsAlgorithm::Hs256},
+    jwt::{self, JwtPayload},
+};
+
+use time;
+
+pub const TOKENTYPE: &str = "JWT";
+pub const KEY_ENV: &str = "SECRET_KEY";
+pub const MESSAGE: &str = "Something random";
+pub const ISSUER: &str = "icarus_auth";
+pub const AUDIENCE: &str = "icarus";
+
+pub fn get_key() -> Result<String, dotenvy::Error> {
+    dotenvy::dotenv().ok();
+    let key = std::env::var(KEY_ENV).expect("SECRET_KEY_NOT_FOUND");
+    Ok(key)
+}
+
+pub fn get_issued() -> time::Result<time::OffsetDateTime> {
+    Ok(time::OffsetDateTime::now_utc())
+}
+
+pub fn get_expiration(issued: &time::OffsetDateTime) -> Result<time::OffsetDateTime, time::Error> {
+    let duration_expire = time::Duration::hours(4);
+    Ok(*issued + duration_expire)
+}
+
+mod util {
+    pub fn time_to_std_time(
+        provided_time: &time::OffsetDateTime,
+    ) -> Result<std::time::SystemTime, std::time::SystemTimeError> {
+        let converted = std::time::SystemTime::from(*provided_time);
+        Ok(converted)
+    }
+}
+
+pub fn create_token(provided_key: &String) -> Result<(String, i64), josekit::JoseError> {
+    let mut header = JwsHeader::new();
+    header.set_token_type(TOKENTYPE);
+
+    let mut payload = JwtPayload::new();
+    payload.set_subject(MESSAGE);
+    payload.set_issuer(ISSUER);
+    payload.set_audience(vec![AUDIENCE]);
+    match get_issued() {
+        Ok(issued) => {
+            let expire = get_expiration(&issued).unwrap();
+            payload.set_issued_at(&util::time_to_std_time(&issued).unwrap());
+            payload.set_expires_at(&util::time_to_std_time(&expire).unwrap());
+
+            let key: String = if provided_key.is_empty() {
+                get_key().unwrap()
+            } else {
+                provided_key.to_owned()
+            };
+
+            let signer = Hs256.signer_from_bytes(key.as_bytes()).unwrap();
+            Ok((
+                josekit::jwt::encode_with_signer(&payload, &header, &signer).unwrap(),
+                (expire - time::OffsetDateTime::UNIX_EPOCH).whole_seconds(),
+            ))
+        }
+        Err(e) => Err(josekit::JoseError::InvalidClaim(e.into())),
+    }
+}
+
+pub fn verify_token(key: &String, token: &String) -> bool {
+    let ver = Hs256.verifier_from_bytes(key.as_bytes()).unwrap();
+    let (payload, _header) = jwt::decode_with_verifier(token, &ver).unwrap();
+    match payload.subject() {
+        Some(_sub) => true,
+        None => false,
+    }
+}
+
+#[cfg(test)]
+mod tests {
+
+    use super::*;
+
+    #[test]
+    fn test_tokenize() {
+        let special_key = get_key().unwrap();
+        match create_token(&special_key) {
+            Ok((token, _duration)) => {
+                let result = verify_token(&special_key, &token);
+                assert!(result, "Token not verified");
+            }
+            Err(err) => {
+                assert!(false, "Error: {:?}", err.to_string());
+            }
+        };
+    }
+}

tests/auth_tests.rs

@@ -1,153 +0,0 @@
-extern crate icarus_auth;
-
-use crate::icarus_auth::callers;
-
-// use axum::Extension;
-use axum::body::Body;
-// use axum::response::Response;
-use axum::{
-    Router,
-    http::{Request, StatusCode},
-    routing::get,
-};
-// use hyper::client::conn;
-// use sqlx::PgPool;
-// use sqlx::postgres::{self, PgPoolOptions};
-// use testcontainers_modules::testcontainers::runners::AsyncRunner;
-// use hyper::client;
-// use sqlx::postgres;
-// use http::{Request, StatusCode};
-// use serde_json::json;
-// use tower::ServiceExt; // for `.oneshot()`
-use tower::util::ServiceExt;
-// use testcontainers_modules::testcontainers::core::client::
-
-const TEST_DATABASE_URL_ENV: &str = "TEST_DATABASE_URL";
-const DEFAULT_TEST_DATABASE_URL: &str =
-    "postgres://icarus_op_test:password@localhost:5432/icarus_auth_test";
-
-static SETUP: std::sync::Once = std::sync::Once::new();
-
-// Ensure tracing is initialized only once for all tests in this file
-/*
-static TRACING_INIT: Lazy<()> = Lazy::new(|| {
-    if std::env::var("RUST_LOG").is_err() {
-        // Set default log level if not provided
-        unsafe {
-        std::env::set_var("RUST_LOG", "info,tower_http=debug,your_project_name=debug");
-        }
-    }
-    tracing_subscriber::fmt()
-        .with_env_filter(tracing_subscriber::EnvFilter::from_default_env())
-        .with_test_writer() // Write logs to the test output capture
-        .init();
-});
-*/
-
-/*
-async fn setup_database() -> sqlx::PgPool {
-    let database_url = std::env::var(TEST_DATABASE_URL_ENV)
-        .unwrap_or_else(|_| DEFAULT_TEST_DATABASE_URL.to_string());
-    let pool = sqlx::PgPool::connect(&database_url)
-        .await
-        .expect("Failed to connect to test database");
-
-    let migrator = sqlx::migrate::Migrator::new(std::path::Path::new("./migrations"))
-        .await
-        .expect("Failed to create migrator");
-    migrator.run(&pool).await.expect("Failed to run migrations");
-
-    // Seed here if needed
-    pool
-}
-    */
-
-/*
-#[tokio::test]
-async fn test_db_health() {
-    SETUP.call_once(|| {
-        tokio::runtime::Runtime::new().unwrap().block_on(async {
-            setup_database().await;
-        });
-    });
-}
-*/
-
-/*
-async fn setup_test(pool: sqlx::PgPool) -> Router {
-    Router::new()
-        .route(callers::endpoints::DBTEST, get(callers::common::db_ping))
-        .layer(Extension(pool))
-}
-*/
-
-/*
-#[tokio::test]
-async fn test_hello_world() {
-    let app = Router::new().route(callers::endpoints::ROOT, get(callers::common::root)); // Replace with your handler
-
-    let response = app
-        .oneshot(
-            Request::builder()
-                .uri(callers::endpoints::ROOT)
-                .body(Body::empty())
-                .unwrap(),
-        )
-        .await
-        .unwrap();
-
-    assert_eq!(response.status(), StatusCode::OK);
-
-    let body = String::from_utf8(
-        axum::body::to_bytes(response.into_body(), usize::MAX)
-            .await
-            .unwrap()
-            .to_vec(),
-    )
-    .unwrap();
-
-    assert_eq!(body, "Hello, World!");
-}
-*/
-
-/*
-#[tokio::test]
-async fn _test_db_health_check() {
-    let container = testcontainers_modules::postgres::Postgres::default()
-        .start()
-        .await
-        .unwrap();
-    let _host_ip = container.get_host().await.unwrap();
-    let port = 5432;
-    let host_port = container.get_host_port_ipv4(port).await.unwrap();
-    let conn_string = &format!(
-        "postgres://postgres:postgres@localhost:{}/postgres",
-        host_port
-    );
-
-    println!("Test Database: {}", conn_string);
-
-    let app = Router::new().route(callers::endpoints::DBTEST, get(callers::common::db_ping)); // Replace with your handler
-
-    let response = app
-        .oneshot(
-            Request::builder()
-                .uri(callers::endpoints::DBTEST)
-                .body(Body::empty())
-                .unwrap(),
-        )
-        .await
-        .unwrap();
-
-    assert_eq!(response.status(), StatusCode::OK);
-
-    match PgPoolOptions::new().connect(conn_string).await {
-        Ok(_) => {
-            assert!(true, "Success");
-        }
-        Err(err) => {
-            assert!(false, "Error: {:?}", err.to_string());
-        }
-    };
-}
-    */