Compare commits
4 Commits
v0.2.0
...
v0.3.2-dev
| Author | SHA1 | Date | |
|---|---|---|---|
| 89c89a5524 | |||
| a58b0cb40b | |||
| 3424d31151 | |||
| 332e9d3378 |
@@ -1 +1,2 @@
|
||||
DATABASE_URL=postgres://username:password@localhost/database_name
|
||||
SECRET_KEY=refero34o8rfhfjn983thf39fhc943rf923n3h
|
||||
@@ -73,6 +73,7 @@ jobs:
|
||||
# Define DATABASE_URL for tests to use
|
||||
DATABASE_URL: postgresql://${{ secrets.DB_TEST_USER || 'testuser' }}:${{ secrets.DB_TEST_PASSWORD || 'testpassword' }}@postgres:5432/${{ secrets.DB_TEST_NAME || 'testdb' }}
|
||||
RUST_LOG: info # Optional: configure test log level
|
||||
SECRET_KEY: ${{ secrets.TOKEN_SECRET_KEY }}
|
||||
# Make SSH agent available if tests fetch private dependencies
|
||||
SSH_AUTH_SOCK: ${{ env.SSH_AUTH_SOCK }}
|
||||
run: |
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "icarus_auth"
|
||||
version = "0.2.0"
|
||||
version = "0.3.2"
|
||||
edition = "2024"
|
||||
rust-version = "1.86"
|
||||
|
||||
@@ -18,10 +18,10 @@ uuid = { version = "1.16.0", features = ["v4", "serde"] }
|
||||
argon2 = { version = "0.5.3", features = ["std"] } # Use the latest 0.5.x version
|
||||
rand = { version = "0.9" }
|
||||
time = { version = "0.3.41", features = ["macros", "serde"] }
|
||||
icarus_models = { git = "ssh://git@git.kundeng.us/phoenix/icarus_models.git", tag = "v0.4.0" }
|
||||
josekit = { version = "0.10.1" }
|
||||
icarus_models = { git = "ssh://git@git.kundeng.us/phoenix/icarus_models.git", tag = "v0.4.1" }
|
||||
|
||||
[dev-dependencies]
|
||||
http-body-util = { version = "0.1.3" }
|
||||
url = { version = "2.5" }
|
||||
reqwest = { version = "0.12.5", features = ["json"] } # For making HTTP requests in tests
|
||||
once_cell = { version = "1.19" } # Useful for lazy initialization in tests/app setup
|
||||
|
||||
@@ -1,30 +1,37 @@
|
||||
use axum::{Extension, Json, http::StatusCode};
|
||||
pub mod response {
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
#[derive(Deserialize, Serialize)]
|
||||
pub struct TestResult {
|
||||
message: String,
|
||||
#[derive(Deserialize, Serialize)]
|
||||
pub struct TestResult {
|
||||
pub message: String,
|
||||
}
|
||||
}
|
||||
|
||||
// basic handler that responds with a static string
|
||||
pub async fn root() -> &'static str {
|
||||
pub mod endpoint {
|
||||
use super::*;
|
||||
use axum::{Extension, Json, http::StatusCode};
|
||||
|
||||
// basic handler that responds with a static string
|
||||
pub async fn root() -> &'static str {
|
||||
"Hello, World!"
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn db_ping(Extension(pool): Extension<sqlx::PgPool>) -> (StatusCode, Json<TestResult>) {
|
||||
pub async fn db_ping(
|
||||
Extension(pool): Extension<sqlx::PgPool>,
|
||||
) -> (StatusCode, Json<response::TestResult>) {
|
||||
match sqlx::query("SELECT 1").execute(&pool).await {
|
||||
Ok(_) => {
|
||||
let tr = TestResult {
|
||||
let tr = response::TestResult {
|
||||
message: String::from("This works"),
|
||||
};
|
||||
(StatusCode::OK, Json(tr))
|
||||
}
|
||||
Err(e) => (
|
||||
StatusCode::BAD_REQUEST,
|
||||
Json(TestResult {
|
||||
Json(response::TestResult {
|
||||
message: e.to_string(),
|
||||
}),
|
||||
),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
79
src/callers/login.rs
Normal file
79
src/callers/login.rs
Normal file
@@ -0,0 +1,79 @@
|
||||
pub mod request {
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
#[derive(Default, Deserialize, Serialize)]
|
||||
pub struct Request {
|
||||
pub username: String,
|
||||
pub password: String,
|
||||
}
|
||||
}
|
||||
|
||||
pub mod response {
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
#[derive(Default, Deserialize, Serialize)]
|
||||
pub struct Response {
|
||||
pub message: String,
|
||||
pub data: Vec<icarus_models::login_result::LoginResult>,
|
||||
}
|
||||
}
|
||||
|
||||
pub mod endpoint {
|
||||
use axum::{Json, http::StatusCode};
|
||||
|
||||
use crate::hashing;
|
||||
use crate::repo;
|
||||
use crate::token_stuff;
|
||||
|
||||
use super::request;
|
||||
use super::response;
|
||||
|
||||
async fn not_found(message: &str) -> (StatusCode, Json<response::Response>) {
|
||||
(
|
||||
StatusCode::NOT_FOUND,
|
||||
Json(response::Response {
|
||||
message: String::from(message),
|
||||
data: Vec::new(),
|
||||
}),
|
||||
)
|
||||
}
|
||||
|
||||
pub async fn login(
|
||||
axum::Extension(pool): axum::Extension<sqlx::PgPool>,
|
||||
Json(payload): Json<request::Request>,
|
||||
) -> (StatusCode, Json<response::Response>) {
|
||||
// Check if user exists
|
||||
match repo::user::get(&pool, &payload.username).await {
|
||||
Ok(user) => {
|
||||
if hashing::verify_password(&payload.password, user.password.clone()).unwrap() {
|
||||
// Create token
|
||||
let key = token_stuff::get_key().unwrap();
|
||||
let (token_literal, duration) = token_stuff::create_token(&key).unwrap();
|
||||
|
||||
if token_stuff::verify_token(&key, &token_literal) {
|
||||
(
|
||||
StatusCode::OK,
|
||||
Json(response::Response {
|
||||
message: String::from("Successful"),
|
||||
data: vec![icarus_models::login_result::LoginResult {
|
||||
id: user.id,
|
||||
username: user.username,
|
||||
token: token_literal,
|
||||
token_type: String::from(token_stuff::TOKENTYPE),
|
||||
expiration: duration,
|
||||
}],
|
||||
}),
|
||||
)
|
||||
} else {
|
||||
return not_found("Could not verify password").await;
|
||||
}
|
||||
} else {
|
||||
return not_found("Error Hashing").await;
|
||||
}
|
||||
}
|
||||
Err(err) => {
|
||||
return not_found(&err.to_string()).await;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,8 +1,10 @@
|
||||
pub mod common;
|
||||
pub mod login;
|
||||
pub mod register;
|
||||
|
||||
pub mod endpoints {
|
||||
pub const ROOT: &str = "/";
|
||||
pub const REGISTER: &str = "/api/v2/register";
|
||||
pub const DBTEST: &str = "/api/v2/test/db";
|
||||
pub const LOGIN: &str = "/api/v2/login";
|
||||
}
|
||||
|
||||
@@ -11,8 +11,11 @@ use argon2::{
|
||||
pub fn generate_salt() -> Result<SaltString, argon2::Error> {
|
||||
// Generate a random salt
|
||||
// SaltString::generate uses OsRng internally for cryptographic security
|
||||
let salt = SaltString::generate(&mut OsRng);
|
||||
Ok(salt)
|
||||
Ok(SaltString::generate(&mut OsRng))
|
||||
}
|
||||
|
||||
pub fn get_salt(s: &str) -> Result<SaltString, argon2::password_hash::Error> {
|
||||
SaltString::from_b64(s)
|
||||
}
|
||||
|
||||
pub fn hash_password(
|
||||
@@ -28,9 +31,7 @@ pub fn hash_password(
|
||||
// Hash the password with the salt
|
||||
// The output is a PasswordHash string format that includes algorithm, version,
|
||||
// parameters, salt, and the hash itself.
|
||||
let password_hash = argon2.hash_password(password_bytes, salt)?.to_string();
|
||||
|
||||
Ok(password_hash)
|
||||
Ok(argon2.hash_password(password_bytes, salt)?.to_string())
|
||||
}
|
||||
|
||||
pub fn verify_password(
|
||||
@@ -44,11 +45,9 @@ pub fn verify_password(
|
||||
let parsed_hash = argon2::PasswordHash::new(stored_hash.as_str())?;
|
||||
|
||||
// Create an Argon2 instance (it will use the parameters from the parsed hash)
|
||||
let argon2 = Argon2::default();
|
||||
|
||||
// Verify the password against the parsed hash
|
||||
// This automatically uses the correct salt and parameters embedded in `parsed_hash`
|
||||
match argon2.verify_password(password_bytes, &parsed_hash) {
|
||||
match Argon2::default().verify_password(password_bytes, &parsed_hash) {
|
||||
Ok(()) => Ok(true), // Passwords match
|
||||
Err(argon2::password_hash::Error::Password) => Ok(false), // Passwords don't match
|
||||
Err(e) => Err(e), // Some other error occurred (e.g., invalid hash format)
|
||||
@@ -62,8 +61,7 @@ mod tests {
|
||||
#[test]
|
||||
fn test_hash_password() {
|
||||
let some_password = String::from("somethingrandom");
|
||||
let salt = generate_salt().unwrap();
|
||||
match hash_password(&some_password, &salt) {
|
||||
match hash_password(&some_password, &generate_salt().unwrap()) {
|
||||
Ok(p) => match verify_password(&some_password, p.clone()) {
|
||||
Ok(res) => {
|
||||
assert_eq!(res, true);
|
||||
@@ -77,4 +75,27 @@ mod tests {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_wrong_password() {
|
||||
let some_password = String::from("somethingrandom");
|
||||
match hash_password(&some_password, &generate_salt().unwrap()) {
|
||||
Ok(p) => {
|
||||
match verify_password(&some_password, p.clone()) {
|
||||
Ok(res) => {
|
||||
assert_eq!(res, true, "Passwords are not verified");
|
||||
}
|
||||
Err(err) => {
|
||||
assert!(false, "Error: {:?}", err.to_string());
|
||||
}
|
||||
}
|
||||
let wrong_password = String::from("Differentanotherlevel");
|
||||
let result = verify_password(&wrong_password, p.clone()).unwrap();
|
||||
assert_eq!(false, result, "Passwords should not match");
|
||||
}
|
||||
Err(err) => {
|
||||
assert!(false, "Error: {:?}", err.to_string());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
12
src/lib.rs
12
src/lib.rs
@@ -2,6 +2,7 @@ pub mod callers;
|
||||
pub mod config;
|
||||
pub mod hashing;
|
||||
pub mod repo;
|
||||
pub mod token_stuff;
|
||||
|
||||
pub mod keys {
|
||||
pub const DBURL: &str = "DATABASE_URL";
|
||||
@@ -15,7 +16,7 @@ mod connection_settings {
|
||||
pub const MAXCONN: u32 = 5;
|
||||
}
|
||||
|
||||
pub mod db_pool {
|
||||
pub mod db {
|
||||
|
||||
use sqlx::postgres::PgPoolOptions;
|
||||
use std::env;
|
||||
@@ -38,4 +39,13 @@ pub mod db_pool {
|
||||
|
||||
env::var(keys::DBURL).expect(keys::error::ERROR)
|
||||
}
|
||||
|
||||
pub async fn migrations(pool: &sqlx::PgPool) {
|
||||
// Run migrations using the sqlx::migrate! macro
|
||||
// Assumes your migrations are in a ./migrations folder relative to Cargo.toml
|
||||
sqlx::migrate!("./migrations")
|
||||
.run(pool)
|
||||
.await
|
||||
.expect("Failed to run migrations");
|
||||
}
|
||||
}
|
||||
|
||||
174
src/main.rs
174
src/main.rs
@@ -14,17 +14,6 @@ async fn main() {
|
||||
axum::serve(listener, app).await.unwrap();
|
||||
}
|
||||
|
||||
mod db {
|
||||
pub async fn migrations(pool: &sqlx::PgPool) {
|
||||
// Run migrations using the sqlx::migrate! macro
|
||||
// Assumes your migrations are in a ./migrations folder relative to Cargo.toml
|
||||
sqlx::migrate!("./migrations")
|
||||
.run(pool)
|
||||
.await
|
||||
.expect("Failed to run migrations on testcontainer DB");
|
||||
}
|
||||
}
|
||||
|
||||
mod init {
|
||||
use axum::{
|
||||
Router,
|
||||
@@ -32,25 +21,34 @@ mod init {
|
||||
};
|
||||
|
||||
use crate::callers;
|
||||
use crate::db;
|
||||
|
||||
pub async fn routes() -> Router {
|
||||
// build our application with a route
|
||||
Router::new()
|
||||
.route(callers::endpoints::DBTEST, get(callers::common::db_ping))
|
||||
.route(callers::endpoints::ROOT, get(callers::common::root))
|
||||
.route(
|
||||
callers::endpoints::DBTEST,
|
||||
get(callers::common::endpoint::db_ping),
|
||||
)
|
||||
.route(
|
||||
callers::endpoints::ROOT,
|
||||
get(callers::common::endpoint::root),
|
||||
)
|
||||
.route(
|
||||
callers::endpoints::REGISTER,
|
||||
post(callers::register::register_user),
|
||||
)
|
||||
.route(
|
||||
callers::endpoints::LOGIN,
|
||||
post(callers::login::endpoint::login),
|
||||
)
|
||||
}
|
||||
|
||||
pub async fn app() -> Router {
|
||||
let pool = icarus_auth::db_pool::create_pool()
|
||||
let pool = icarus_auth::db::create_pool()
|
||||
.await
|
||||
.expect("Failed to create pool");
|
||||
|
||||
db::migrations(&pool).await;
|
||||
icarus_auth::db::migrations(&pool).await;
|
||||
|
||||
routes().await.layer(axum::Extension(pool))
|
||||
}
|
||||
@@ -141,6 +139,30 @@ mod tests {
|
||||
}
|
||||
}
|
||||
|
||||
fn get_test_register_request() -> icarus_auth::callers::register::request::Request {
|
||||
icarus_auth::callers::register::request::Request {
|
||||
username: String::from("somethingsss"),
|
||||
password: String::from("Raindown!"),
|
||||
email: String::from("dev@null.com"),
|
||||
phone: String::from("1234567890"),
|
||||
firstname: String::from("Bob"),
|
||||
lastname: String::from("Smith"),
|
||||
}
|
||||
}
|
||||
|
||||
fn get_test_register_payload(
|
||||
usr: &icarus_auth::callers::register::request::Request,
|
||||
) -> serde_json::Value {
|
||||
json!({
|
||||
"username": &usr.username,
|
||||
"password": &usr.password,
|
||||
"email": &usr.email,
|
||||
"phone": &usr.phone,
|
||||
"firstname": &usr.firstname,
|
||||
"lastname": &usr.lastname,
|
||||
})
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_hello_world() {
|
||||
let app = init::app().await;
|
||||
@@ -180,27 +202,12 @@ mod tests {
|
||||
|
||||
let pool = db_mgr::connect_to_db(&db_name).await.unwrap();
|
||||
|
||||
db::migrations(&pool).await;
|
||||
icarus_auth::db::migrations(&pool).await;
|
||||
|
||||
let app = init::routes().await.layer(axum::Extension(pool));
|
||||
|
||||
let usr = icarus_auth::callers::register::request::Request {
|
||||
username: String::from("somethingsss"),
|
||||
password: String::from("Raindown!"),
|
||||
email: String::from("dev@null.com"),
|
||||
phone: String::from("1234567890"),
|
||||
firstname: String::from("Bob"),
|
||||
lastname: String::from("Smith"),
|
||||
};
|
||||
|
||||
let payload = json!({
|
||||
"username": &usr.username,
|
||||
"password": &usr.password,
|
||||
"email": &usr.email,
|
||||
"phone": &usr.phone,
|
||||
"firstname": &usr.firstname,
|
||||
"lastname": &usr.lastname,
|
||||
});
|
||||
let usr = get_test_register_request();
|
||||
let payload = get_test_register_payload(&usr);
|
||||
|
||||
let response = app
|
||||
.oneshot(
|
||||
@@ -244,4 +251,103 @@ mod tests {
|
||||
|
||||
let _ = db_mgr::drop_database(&tm_pool, &db_name).await;
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_login_user() {
|
||||
let tm_pool = db_mgr::get_pool().await.unwrap();
|
||||
|
||||
let db_name = db_mgr::generate_db_name().await;
|
||||
|
||||
match db_mgr::create_database(&tm_pool, &db_name).await {
|
||||
Ok(_) => {
|
||||
println!("Success");
|
||||
}
|
||||
Err(e) => {
|
||||
assert!(false, "Error: {:?}", e.to_string());
|
||||
}
|
||||
}
|
||||
|
||||
let pool = db_mgr::connect_to_db(&db_name).await.unwrap();
|
||||
|
||||
icarus_auth::db::migrations(&pool).await;
|
||||
|
||||
let app = init::routes().await.layer(axum::Extension(pool));
|
||||
|
||||
let usr = get_test_register_request();
|
||||
let payload = get_test_register_payload(&usr);
|
||||
|
||||
let response = app
|
||||
.clone()
|
||||
.oneshot(
|
||||
Request::builder()
|
||||
.method(axum::http::Method::POST)
|
||||
.uri(callers::endpoints::REGISTER)
|
||||
.header(axum::http::header::CONTENT_TYPE, "application/json")
|
||||
.body(Body::from(payload.to_string()))
|
||||
.unwrap(),
|
||||
)
|
||||
.await;
|
||||
|
||||
match response {
|
||||
Ok(resp) => {
|
||||
assert_eq!(
|
||||
resp.status(),
|
||||
StatusCode::CREATED,
|
||||
"Message: {:?} {:?}",
|
||||
resp,
|
||||
usr.username
|
||||
);
|
||||
let body = axum::body::to_bytes(resp.into_body(), usize::MAX)
|
||||
.await
|
||||
.unwrap();
|
||||
let parsed_body: callers::register::response::Response =
|
||||
serde_json::from_slice(&body).unwrap();
|
||||
let returned_usr = &parsed_body.data[0];
|
||||
|
||||
assert_eq!(false, returned_usr.id.is_nil(), "Id is not populated");
|
||||
|
||||
assert_eq!(
|
||||
usr.username, returned_usr.username,
|
||||
"Usernames do not match"
|
||||
);
|
||||
assert!(returned_usr.date_created.is_some(), "Date Created is empty");
|
||||
|
||||
let login_payload = json!({
|
||||
"username": &usr.username,
|
||||
"password": &usr.password,
|
||||
});
|
||||
|
||||
match app
|
||||
.oneshot(
|
||||
Request::builder()
|
||||
.method(axum::http::Method::POST)
|
||||
.uri(callers::endpoints::LOGIN)
|
||||
.header(axum::http::header::CONTENT_TYPE, "application/json")
|
||||
.body(Body::from(login_payload.to_string()))
|
||||
.unwrap(),
|
||||
)
|
||||
.await
|
||||
{
|
||||
Ok(resp) => {
|
||||
assert_eq!(StatusCode::OK, resp.status(), "Status is not right");
|
||||
let body = axum::body::to_bytes(resp.into_body(), usize::MAX)
|
||||
.await
|
||||
.unwrap();
|
||||
let parsed_body: callers::login::response::Response =
|
||||
serde_json::from_slice(&body).unwrap();
|
||||
let login_result = &parsed_body.data[0];
|
||||
assert!(!login_result.id.is_nil(), "Id is nil");
|
||||
}
|
||||
Err(err) => {
|
||||
assert!(false, "Error: {:?}", err.to_string());
|
||||
}
|
||||
}
|
||||
}
|
||||
Err(err) => {
|
||||
assert!(false, "Error: {:?}", err.to_string());
|
||||
}
|
||||
};
|
||||
|
||||
let _ = db_mgr::drop_database(&tm_pool, &db_name).await;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,6 +7,41 @@ pub mod user {
|
||||
pub date_created: Option<time::OffsetDateTime>,
|
||||
}
|
||||
|
||||
pub async fn get(
|
||||
pool: &sqlx::PgPool,
|
||||
username: &String,
|
||||
) -> Result<icarus_models::user::User, sqlx::Error> {
|
||||
let result = sqlx::query(
|
||||
r#"
|
||||
SELECT * FROM "user" WHERE username = $1
|
||||
"#,
|
||||
)
|
||||
.bind(username)
|
||||
.fetch_optional(pool)
|
||||
.await;
|
||||
|
||||
match result {
|
||||
Ok(r) => match r {
|
||||
Some(r) => Ok(icarus_models::user::User {
|
||||
id: r.try_get("id")?,
|
||||
username: r.try_get("username")?,
|
||||
password: r.try_get("password")?,
|
||||
email: r.try_get("email")?,
|
||||
email_verified: r.try_get("email_verified")?,
|
||||
phone: r.try_get("phone")?,
|
||||
salt_id: r.try_get("salt_id")?,
|
||||
firstname: r.try_get("firstname")?,
|
||||
lastname: r.try_get("lastname")?,
|
||||
date_created: r.try_get("date_created")?,
|
||||
last_login: r.try_get("last_login")?,
|
||||
status: r.try_get("status")?,
|
||||
}),
|
||||
None => Err(sqlx::Error::RowNotFound),
|
||||
},
|
||||
Err(e) => Err(e),
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn exists(pool: &sqlx::PgPool, username: &String) -> Result<bool, sqlx::Error> {
|
||||
let result = sqlx::query(
|
||||
r#"
|
||||
@@ -72,6 +107,31 @@ pub mod salt {
|
||||
pub id: uuid::Uuid,
|
||||
}
|
||||
|
||||
pub async fn get(
|
||||
pool: &sqlx::PgPool,
|
||||
id: &uuid::Uuid,
|
||||
) -> Result<icarus_models::user::salt::Salt, sqlx::Error> {
|
||||
let result = sqlx::query(
|
||||
r#"
|
||||
SELECT * FROM "salt" WHERE id = $1
|
||||
"#,
|
||||
)
|
||||
.bind(id)
|
||||
.fetch_optional(pool)
|
||||
.await;
|
||||
|
||||
match result {
|
||||
Ok(r) => match r {
|
||||
Some(r) => Ok(icarus_models::user::salt::Salt {
|
||||
id: r.try_get("id")?,
|
||||
salt: r.try_get("salt")?,
|
||||
}),
|
||||
None => Err(sqlx::Error::RowNotFound),
|
||||
},
|
||||
Err(e) => Err(e),
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn insert(
|
||||
pool: &sqlx::PgPool,
|
||||
salt: &icarus_models::user::salt::Salt,
|
||||
|
||||
96
src/token_stuff/mod.rs
Normal file
96
src/token_stuff/mod.rs
Normal file
@@ -0,0 +1,96 @@
|
||||
use josekit::{
|
||||
self,
|
||||
jws::{JwsHeader, alg::hmac::HmacJwsAlgorithm::Hs256},
|
||||
jwt::{self, JwtPayload},
|
||||
};
|
||||
|
||||
use time;
|
||||
|
||||
pub const TOKENTYPE: &str = "JWT";
|
||||
pub const KEY_ENV: &str = "SECRET_KEY";
|
||||
pub const MESSAGE: &str = "Something random";
|
||||
pub const ISSUER: &str = "icarus_auth";
|
||||
pub const AUDIENCE: &str = "icarus";
|
||||
|
||||
pub fn get_key() -> Result<String, dotenvy::Error> {
|
||||
dotenvy::dotenv().ok();
|
||||
let key = std::env::var(KEY_ENV).expect("SECRET_KEY_NOT_FOUND");
|
||||
Ok(key)
|
||||
}
|
||||
|
||||
pub fn get_issued() -> time::Result<time::OffsetDateTime> {
|
||||
Ok(time::OffsetDateTime::now_utc())
|
||||
}
|
||||
|
||||
pub fn get_expiration(issued: &time::OffsetDateTime) -> Result<time::OffsetDateTime, time::Error> {
|
||||
let duration_expire = time::Duration::hours(4);
|
||||
Ok(*issued + duration_expire)
|
||||
}
|
||||
|
||||
mod util {
|
||||
pub fn time_to_std_time(
|
||||
provided_time: &time::OffsetDateTime,
|
||||
) -> Result<std::time::SystemTime, std::time::SystemTimeError> {
|
||||
let converted = std::time::SystemTime::from(*provided_time);
|
||||
Ok(converted)
|
||||
}
|
||||
}
|
||||
|
||||
pub fn create_token(provided_key: &String) -> Result<(String, i64), josekit::JoseError> {
|
||||
let mut header = JwsHeader::new();
|
||||
header.set_token_type(TOKENTYPE);
|
||||
|
||||
let mut payload = JwtPayload::new();
|
||||
payload.set_subject(MESSAGE);
|
||||
payload.set_issuer(ISSUER);
|
||||
payload.set_audience(vec![AUDIENCE]);
|
||||
match get_issued() {
|
||||
Ok(issued) => {
|
||||
let expire = get_expiration(&issued).unwrap();
|
||||
payload.set_issued_at(&util::time_to_std_time(&issued).unwrap());
|
||||
payload.set_expires_at(&util::time_to_std_time(&expire).unwrap());
|
||||
|
||||
let key: String = if provided_key.is_empty() {
|
||||
get_key().unwrap()
|
||||
} else {
|
||||
provided_key.to_owned()
|
||||
};
|
||||
|
||||
let signer = Hs256.signer_from_bytes(key.as_bytes()).unwrap();
|
||||
Ok((
|
||||
josekit::jwt::encode_with_signer(&payload, &header, &signer).unwrap(),
|
||||
(expire - time::OffsetDateTime::UNIX_EPOCH).whole_seconds(),
|
||||
))
|
||||
}
|
||||
Err(e) => Err(josekit::JoseError::InvalidClaim(e.into())),
|
||||
}
|
||||
}
|
||||
|
||||
pub fn verify_token(key: &String, token: &String) -> bool {
|
||||
let ver = Hs256.verifier_from_bytes(key.as_bytes()).unwrap();
|
||||
let (payload, _header) = jwt::decode_with_verifier(token, &ver).unwrap();
|
||||
match payload.subject() {
|
||||
Some(_sub) => true,
|
||||
None => false,
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
|
||||
use super::*;
|
||||
|
||||
#[test]
|
||||
fn test_tokenize() {
|
||||
let special_key = get_key().unwrap();
|
||||
match create_token(&special_key) {
|
||||
Ok((token, _duration)) => {
|
||||
let result = verify_token(&special_key, &token);
|
||||
assert!(result, "Token not verified");
|
||||
}
|
||||
Err(err) => {
|
||||
assert!(false, "Error: {:?}", err.to_string());
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user