Noratrieb/karlauth
1
0
Fork 0
mirror of https://github.com/Noratrieb/karlauth.git synced 2026-01-14 14:25:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

oops

Browse source
This commit is contained in:
nora 2021-07-19 14:26:51 +02:00
parent dfc6771135
commit e8419c3a14
7 changed files with 205 additions and 205 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -1,2 +1,2 @@
# nein
# nein
zu windows

4
migrations/2021-07-16-091329_add_users/down.sql
View file

@ -1,3 +1,3 @@
-- This file should undo anything in `up.sql`
-- This file should undo anything in `up.sql`
DROP TABLE users;

18
migrations/2021-07-16-091329_add_users/up.sql
View file

@ -1,10 +1,10 @@
-- Your SQL goes here
CREATE TABLE users
(
id SERIAL NOT NULL PRIMARY KEY,
first_name TEXT NOT NULL,
last_name TEXT NOT NULL,
email TEXT NOT NULL,
created_at TIMESTAMP NOT NULL
-- Your SQL goes here
CREATE TABLE users
(
id SERIAL NOT NULL PRIMARY KEY,
first_name TEXT NOT NULL,
last_name TEXT NOT NULL,
email TEXT NOT NULL,
created_at TIMESTAMP NOT NULL
);

78
src/actions.rs
View file

@ -1,39 +1,39 @@
use super::models::{NewUser, User};
use crate::diesel::QueryDsl;
use crate::diesel::RunQueryDsl;
use crate::handlers::InputUser;
use crate::Pool;
use diesel::{delete, insert_into};
type DbResult<T> = Result<T, diesel::result::Error>;
pub fn get_all_users(db: &Pool) -> DbResult<Vec<User>> {
use super::schema::users::dsl::*;
let conn = db.get().unwrap();
users.load::<User>(&conn)
}
pub fn get_user_by_id(db: &Pool, user_id: i32) -> DbResult<User> {
use super::schema::users::dsl::*;
let conn = db.get().unwrap();
users.find(user_id).get_result::<User>(&conn)
}
pub fn add_user(db: &Pool, user: InputUser) -> DbResult<User> {
use super::schema::users::dsl::*;
let conn = db.get().unwrap();
let new_user = NewUser {
first_name: &user.first_name,
last_name: &user.last_name,
email: &user.email,
created_at: chrono::Local::now().naive_local(),
};
insert_into(users).values(&new_user).get_result(&conn)
}
pub fn delete_user(db: &Pool, user_id: i32) -> DbResult<usize> {
use super::schema::users::dsl::*;
let conn = db.get().unwrap();
delete(users.find(user_id)).execute(&conn)
}
use super::models::{NewUser, User};
use crate::diesel::QueryDsl;
use crate::diesel::RunQueryDsl;
use crate::handlers::InputUser;
use crate::Pool;
use diesel::{delete, insert_into};
type DbResult<T> = Result<T, diesel::result::Error>;
pub fn get_all_users(db: &Pool) -> DbResult<Vec<User>> {
use super::schema::users::dsl::*;
let conn = db.get().unwrap();
users.load::<User>(&conn)
}
pub fn get_user_by_id(db: &Pool, user_id: i32) -> DbResult<User> {
use super::schema::users::dsl::*;
let conn = db.get().unwrap();
users.find(user_id).get_result::<User>(&conn)
}
pub fn add_user(db: &Pool, user: InputUser) -> DbResult<User> {
use super::schema::users::dsl::*;
let conn = db.get().unwrap();
let new_user = NewUser {
first_name: &user.first_name,
last_name: &user.last_name,
email: &user.email,
created_at: chrono::Local::now().naive_local(),
};
insert_into(users).values(&new_user).get_result(&conn)
}
pub fn delete_user(db: &Pool, user_id: i32) -> DbResult<usize> {
use super::schema::users::dsl::*;
let conn = db.get().unwrap();
delete(users.find(user_id)).execute(&conn)
}

172
src/auth.rs
View file

@ -1,86 +1,86 @@
use crate::errors::ServiceError;
use crate::models::User;
use actix_web::dev::{Payload, ServiceRequest};
use actix_web::error::ErrorUnauthorized;
use actix_web::http::header::Header;
use actix_web::{FromRequest, HttpMessage, HttpRequest};
use actix_web_httpauth::extractors::bearer::BearerAuth;
use actix_web_httpauth::headers::authorization;
use actix_web_httpauth::headers::authorization::Bearer;
use chrono::Utc;
use jsonwebtoken::{Algorithm, DecodingKey, EncodingKey, Validation};
use serde::{Deserialize, Serialize};
use std::future;
#[derive(Debug, Clone, Serialize, Deserialize, Eq, PartialEq, PartialOrd, Ord)]
pub enum Role {
None = 0,
ReadAll = 1,
WriteAll = 2,
Admin = 3,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Claims {
pub exp: usize,
pub uid: i32,
pub role: Role,
}
impl FromRequest for Claims {
type Error = actix_web::Error;
type Future = std::future::Ready<Result<Self, Self::Error>>;
type Config = ();
fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future {
future::ready(match authorization::Authorization::<Bearer>::parse(req) {
Ok(auth) => validate_token(auth.into_scheme().token()),
Err(_) => Err(ErrorUnauthorized("No Bearer token present")),
})
}
}
fn validate_token(token: &str) -> Result<Claims, actix_web::Error> {
let secret = std::env::var("JWT_SECRET").expect("JWT_SECRET env var");
let decoded = jsonwebtoken::decode::<Claims>(
&token,
&DecodingKey::from_secret(secret.as_bytes()),
&Validation::new(Algorithm::HS512),
)
.map_err(|_| ServiceError::JWTokenError)?
.claims;
if decoded.exp < Utc::now().timestamp() as usize {
Err(ServiceError::TokenExpiredError.into())
} else {
Ok(decoded)
}
}
pub fn create_jwt(user: &User) -> Result<String, ServiceError> {
create_jwt_role(user, Role::ReadAll)
}
pub fn create_jwt_role(user: &User, role: Role) -> Result<String, ServiceError> {
let expiration = Utc::now()
.checked_add_signed(chrono::Duration::weeks(10))
.expect("valid timestamp")
.timestamp();
let claims = Claims {
exp: expiration as usize,
uid: user.id,
role,
};
let secret = std::env::var("JWT_SECRET").expect("JWT_SECRET env var");
let header = jsonwebtoken::Header::new(Algorithm::HS512);
jsonwebtoken::encode(
&header,
&claims,
&EncodingKey::from_secret(secret.as_bytes()),
)
.map_err(|_| ServiceError::JWTCreationError)
}
use crate::errors::ServiceError;
use crate::models::User;
use actix_web::dev::{Payload, ServiceRequest};
use actix_web::error::ErrorUnauthorized;
use actix_web::http::header::Header;
use actix_web::{FromRequest, HttpMessage, HttpRequest};
use actix_web_httpauth::extractors::bearer::BearerAuth;
use actix_web_httpauth::headers::authorization;
use actix_web_httpauth::headers::authorization::Bearer;
use chrono::Utc;
use jsonwebtoken::{Algorithm, DecodingKey, EncodingKey, Validation};
use serde::{Deserialize, Serialize};
use std::future;
#[derive(Debug, Clone, Serialize, Deserialize, Eq, PartialEq, PartialOrd, Ord)]
pub enum Role {
None = 0,
ReadAll = 1,
WriteAll = 2,
Admin = 3,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Claims {
pub exp: usize,
pub uid: i32,
pub role: Role,
}
impl FromRequest for Claims {
type Error = actix_web::Error;
type Future = std::future::Ready<Result<Self, Self::Error>>;
type Config = ();
fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future {
future::ready(match authorization::Authorization::<Bearer>::parse(req) {
Ok(auth) => validate_token(auth.into_scheme().token()),
Err(_) => Err(ErrorUnauthorized("No Bearer token present")),
})
}
}
fn validate_token(token: &str) -> Result<Claims, actix_web::Error> {
let secret = std::env::var("JWT_SECRET").expect("JWT_SECRET env var");
let decoded = jsonwebtoken::decode::<Claims>(
&token,
&DecodingKey::from_secret(secret.as_bytes()),
&Validation::new(Algorithm::HS512),
)
.map_err(|_| ServiceError::JWTokenError)?
.claims;
if decoded.exp < Utc::now().timestamp() as usize {
Err(ServiceError::TokenExpiredError.into())
} else {
Ok(decoded)
}
}
pub fn create_jwt(user: &User) -> Result<String, ServiceError> {
create_jwt_role(user, Role::ReadAll)
}
pub fn create_jwt_role(user: &User, role: Role) -> Result<String, ServiceError> {
let expiration = Utc::now()
.checked_add_signed(chrono::Duration::weeks(10))
.expect("valid timestamp")
.timestamp();
let claims = Claims {
exp: expiration as usize,
uid: user.id,
role,
};
let secret = std::env::var("JWT_SECRET").expect("JWT_SECRET env var");
let header = jsonwebtoken::Header::new(Algorithm::HS512);
jsonwebtoken::encode(
&header,
&claims,
&EncodingKey::from_secret(secret.as_bytes()),
)
.map_err(|_| ServiceError::JWTCreationError)
}

82
src/errors.rs
View file

@ -1,41 +1,41 @@
use actix_web::{error::ResponseError, HttpResponse};
use derive_more::Display;
#[derive(Debug, Display)]
pub enum ServiceError {
#[display(fmt = "Internal Server Error")]
InternalServerError,
#[display(fmt = "BadRequest: {}", _0)]
BadRequest(String),
#[display(fmt = "JWT Creation Error")]
JWTCreationError,
#[display(fmt = "JWT Error")]
JWTokenError,
#[display(fmt = "No Permission Error")]
NoPermissionError,
#[display(fmt = "Token Expired Error")]
TokenExpiredError,
}
// impl ResponseError trait allows to convert our errors into http responses with appropriate data
impl ResponseError for ServiceError {
fn error_response(&self) -> HttpResponse {
match self {
ServiceError::InternalServerError => {
HttpResponse::InternalServerError().json("Internal Server Error, Please try later")
}
ServiceError::BadRequest(ref message) => HttpResponse::BadRequest().json(message),
ServiceError::JWTCreationError => {
HttpResponse::InternalServerError().json("Could not fetch JWKS")
}
ServiceError::JWTokenError => HttpResponse::BadRequest().json("Invalid JWT"),
ServiceError::NoPermissionError => HttpResponse::Unauthorized().json("No permissions"),
ServiceError::TokenExpiredError => HttpResponse::Unauthorized().json("Token expired"),
}
}
}
use actix_web::{error::ResponseError, HttpResponse};
use derive_more::Display;
#[derive(Debug, Display)]
pub enum ServiceError {
#[display(fmt = "Internal Server Error")]
InternalServerError,
#[display(fmt = "BadRequest: {}", _0)]
BadRequest(String),
#[display(fmt = "JWT Creation Error")]
JWTCreationError,
#[display(fmt = "JWT Error")]
JWTokenError,
#[display(fmt = "No Permission Error")]
NoPermissionError,
#[display(fmt = "Token Expired Error")]
TokenExpiredError,
}
// impl ResponseError trait allows to convert our errors into http responses with appropriate data
impl ResponseError for ServiceError {
fn error_response(&self) -> HttpResponse {
match self {
ServiceError::InternalServerError => {
HttpResponse::InternalServerError().json("Internal Server Error, Please try later")
}
ServiceError::BadRequest(ref message) => HttpResponse::BadRequest().json(message),
ServiceError::JWTCreationError => {
HttpResponse::InternalServerError().json("Could not fetch JWKS")
}
ServiceError::JWTokenError => HttpResponse::BadRequest().json("Invalid JWT"),
ServiceError::NoPermissionError => HttpResponse::Unauthorized().json("No permissions"),
ServiceError::TokenExpiredError => HttpResponse::Unauthorized().json("Token expired"),
}
}
}

54
src/models.rs
View file

@ -1,27 +1,27 @@
use crate::schema::*;
use actix_web::HttpResponse;
use serde::{Deserialize, Serialize};
#[derive(Debug, Clone, Serialize, Deserialize, Queryable)]
pub struct User {
pub id: i32,
pub first_name: String,
pub last_name: String,
pub email: String,
pub created_at: chrono::NaiveDateTime,
}
#[derive(Insertable, Debug)]
#[table_name = "users"]
pub struct NewUser<'a> {
pub first_name: &'a str,
pub last_name: &'a str,
pub email: &'a str,
pub created_at: chrono::NaiveDateTime,
}
impl From<User> for HttpResponse {
fn from(user: User) -> Self {
HttpResponse::Ok().json(user)
}
}
use crate::schema::*;
use actix_web::HttpResponse;
use serde::{Deserialize, Serialize};
#[derive(Debug, Clone, Serialize, Deserialize, Queryable)]
pub struct User {
pub id: i32,
pub first_name: String,
pub last_name: String,
pub email: String,
pub created_at: chrono::NaiveDateTime,
}
#[derive(Insertable, Debug)]
#[table_name = "users"]
pub struct NewUser<'a> {
pub first_name: &'a str,
pub last_name: &'a str,
pub email: &'a str,
pub created_at: chrono::NaiveDateTime,
}
impl From<User> for HttpResponse {
fn from(user: User) -> Self {
HttpResponse::Ok().json(user)
}
}