Add auth stuff

persmgr_derive/src/lib.rs

@@ -1,7 +1,7 @@
 use darling::FromDeriveInput;
 use proc_macro::{self, TokenStream};
 use quote::quote;
-use syn::{Data, DeriveInput, Expr, Fields, Type, parse_macro_input};
+use syn::{Data, Expr, Fields, Type, parse_macro_input};
 
 #[derive(FromDeriveInput, Default)]
 #[darling(default, attributes(meta))]

src/api/files/create.rs

@@ -1,7 +1,6 @@
 use axum::{
-    body::{Body, Bytes},
+    extract::State,
-    extract::{Path, State},
+    http::StatusCode,
-    http::{HeaderMap, HeaderValue, StatusCode},
     response::{IntoResponse, Response},
 };
 use serde::Deserialize;
@@ -14,7 +13,7 @@ pub struct Data {
 }
 
 #[axum::debug_handler]
-pub async fn route(State(db): State<Database>) -> impl IntoResponse {
+pub async fn route(State(_db): State<Database>) -> impl IntoResponse {
     if false {
         return Response::builder()
             .status(StatusCode::NOT_FOUND)

src/api/files/delete.rs

@@ -1,7 +1,6 @@
 use axum::{
-    body::{Body, Bytes},
+    extract::State,
-    extract::{Path, State},
+    http::StatusCode,
-    http::{HeaderMap, HeaderValue, StatusCode},
     response::{IntoResponse, Response},
 };
 use serde::Deserialize;
@@ -27,4 +26,3 @@ pub async fn route(State(db): State<Database>) -> impl IntoResponse {
         .body(String::new())
         .unwrap()
 }
-

src/api/files/get_file.rs

@@ -1,7 +1,6 @@
 use axum::{
-    body::{Body, Bytes},
+    extract::State,
-    extract::{Path, State},
+    http::StatusCode,
-    http::{HeaderMap, HeaderValue, StatusCode},
     response::{IntoResponse, Response},
 };
 use serde::Deserialize;
@@ -27,4 +26,3 @@ pub async fn route(State(db): State<Database>) -> impl IntoResponse {
         .body(String::new())
         .unwrap()
 }
-

src/api/files/mkdir.rs

@@ -1,7 +1,6 @@
 use axum::{
-    body::{Body, Bytes},
+    extract::State,
-    extract::{Path, State},
+    http::StatusCode,
-    http::{HeaderMap, HeaderValue, StatusCode},
     response::{IntoResponse, Response},
 };
 use serde::Deserialize;
@@ -27,4 +26,3 @@ pub async fn route(State(db): State<Database>) -> impl IntoResponse {
         .body(String::new())
         .unwrap()
 }
-

src/api/files/rmdir.rs

@@ -1,7 +1,6 @@
 use axum::{
-    body::{Body, Bytes},
+    extract::State,
-    extract::{Path, State},
+    http::StatusCode,
-    http::{HeaderMap, HeaderValue, StatusCode},
     response::{IntoResponse, Response},
 };
 use serde::Deserialize;
@@ -27,4 +26,3 @@ pub async fn route(State(db): State<Database>) -> impl IntoResponse {
         .body(String::new())
         .unwrap()
 }
-

src/api/mod.rs

@@ -4,7 +4,7 @@ use axum::{Router, extract::State, http::StatusCode, routing::get};
 pub mod files;
 pub mod user;
 
-async fn root(State(state): State<Database>) -> (StatusCode, &'static str) {
+async fn root(State(_state): State<Database>) -> (StatusCode, &'static str) {
     (StatusCode::OK, "We Good twin :3c")
 }
 

src/api/user/login.rs

@@ -1,9 +1,4 @@
-use axum::{
+use axum::{body::Body, extract::State, http::StatusCode, response::Response};
-    body::Body,
-    extract::State,
-    http::{HeaderMap, HeaderValue, StatusCode},
-    response::{IntoResponse, Response},
-};
 
 use crate::db::Database;
 

src/api/user/mod.rs

@@ -1,7 +1,4 @@
-use axum::{
+use axum::{Router, routing::post};
-    Router,
-    routing::{get, post},
-};
 
 use crate::db::Database;
 

src/db/auth.rs

@@ -0,0 +1,82 @@
+use anyhow::bail;
+use axum::{
+    http::{Response, StatusCode},
+    response::{Html, IntoResponse},
+};
+
+use crate::db::{
+    Database,
+    tables::{sessions::Session, user::User},
+};
+
+pub enum AuthResultApi<R: Default> {
+    Ok(User),
+    Error(Response<R>),
+}
+
+pub enum AuthResultWeb {
+    Ok(User),
+    Error((StatusCode, Html<String>)),
+}
+
+#[derive(Debug)]
+pub struct Auth;
+
+impl Auth {
+    pub async fn check_auth(
+        db: &Database,
+        session: tower_sessions::Session,
+        token: &String,
+    ) -> anyhow::Result<User> {
+        let mut user_session: crate::Session = session
+            .get(crate::Session::KEY)
+            .await
+            .unwrap()
+            .unwrap_or_default();
+
+        if let Some(uid) = user_session.user_id {
+            return Ok(User::get_by_id(db.pool(), uid).await?);
+        }
+
+        if let Ok(session_token) = Session::get_by_session_key(db.pool(), token).await {
+            user_session.user_id = Some(session_token.user_id);
+            session
+                .insert(crate::Session::KEY, user_session)
+                .await
+                .unwrap();
+            return Ok(User::get_by_id(db.pool(), session_token.user_id).await?);
+        }
+
+        bail!("Unable to find user by this token")
+    }
+
+    pub async fn check_auth_api<R: Default>(
+        db: &Database,
+        session: tower_sessions::Session,
+        token: &String,
+    ) -> AuthResultApi<R> {
+        match Self::check_auth(db, session, token).await {
+            Ok(r) => AuthResultApi::Ok(r),
+            Err(_) => AuthResultApi::Error(
+                Response::builder()
+                    .status(StatusCode::UNAUTHORIZED)
+                    .header("Location", "/")
+                    .body(R::default())
+                    .unwrap(),
+            ),
+        }
+    }
+
+    pub async fn check_auth_web<R: Default>(
+        db: &Database,
+        session: tower_sessions::Session,
+        token: &String,
+    ) -> AuthResultWeb {
+        match Self::check_auth(db, session, token).await {
+            Ok(r) => AuthResultWeb::Ok(r),
+            Err(_) => {
+                AuthResultWeb::Error((StatusCode::UNAUTHORIZED, Html("UNAUTHORIZED".to_string())))
+            }
+        }
+    }
+}

src/db/mod.rs

@@ -1,8 +1,8 @@
 use anyhow::Result;
 use sqlx::{Pool, Postgres, postgres::PgPoolOptions};
 
+pub mod auth;
 pub mod tables;
-
 pub type CurrDb = Postgres;
 pub type CurrPool = Pool<CurrDb>;
 

src/db/tables/assignables/missions.rs

@@ -15,7 +15,6 @@ pub struct Mission {
     pub created_at: i64,
     pub modified_at: i64,
 }
-
 impl Mission {
     pub async fn insert_new(&self, pool: &CurrPool) -> Result<Self> {
         let session = sqlx::query_as!(

src/db/tables/groups.rs

@@ -4,7 +4,7 @@ use sqlx::prelude::FromRow;
 
 use crate::db::{
     CurrPool,
-    tables::{ForeignKey, TableMeta, assignables::missions::Mission, user::User},
+    tables::{ForeignKey, TableMeta, user::User},
 };
 
 #[derive(Debug, Default, Clone, FromRow, TableMeta)]

src/db/tables/mod.rs

@@ -4,7 +4,7 @@ use std::{
     ops::{Deref, DerefMut},
 };
 
-use sqlx::{Decode, Encode, QueryBuilder, Type, postgres::PgRow};
+use sqlx::{Decode, QueryBuilder, Type, postgres::PgRow};
 
 pub mod assignables;
 pub mod attendance;

src/db/tables/sessions.rs

@@ -41,7 +41,7 @@ impl Session {
         .await?;
         Ok(session)
     }
-    pub async fn get_by_session_key(pool: &CurrPool, session_key: String) -> anyhow::Result<Self> {
+    pub async fn get_by_session_key(pool: &CurrPool, session_key: &String) -> anyhow::Result<Self> {
         let session = sqlx::query_as!(
             Session,
             "SELECT * FROM sessions WHERE session_key = $1",

src/db/tables/user.rs

@@ -1,4 +1,3 @@
-use anyhow::bail;
 use persmgr_derive::TableMeta;
 use sqlx::prelude::FromRow;
 

src/main.rs

@@ -1,4 +1,5 @@
 use axum::Router;
+use serde::{Deserialize, Serialize};
 use tower::ServiceBuilder;
 use tower_cookies::cookie::time::Duration;
 use tower_http::{services::ServeDir, trace::TraceLayer};
@@ -10,6 +11,16 @@ mod api;
 mod db;
 mod pages;
 
+#[derive(Debug, Serialize, Deserialize, Default)]
+pub struct Session {
+    // None if unauthed yet
+    user_id: Option<i64>,
+}
+
+impl Session {
+    const KEY: &'static str = "user_session";
+}
+
 #[tokio::main]
 async fn main() {
     let sub = FmtSubscriber::builder()