backend: jwt token

backend:add development secret
backend: add dependency: jsonwebtoken
2024-07-05 21:24:32 +02:00 · 2024-07-05 21:23:03 +02:00 · 2024-07-05 16:29:46 +02:00
6 changed files with 82 additions and 7 deletions
--- a/.env
+++ b/.env
@ -1 +1,2 @@
-DATABASE_URL=postgres://alisa:alisa@localhost/alisa
+DATABASE_URL=postgres://alisa:alisa@localhost/alisa
+TOKEN_SECRET=secret
--- a/Cargo.lock
+++ b/Cargo.lock
@ -573,6 +573,7 @@ dependencies = [
 "argon2",
 "dotenvy",
 "entity",
+ "jsonwebtoken",
 "migration",
 "sea-orm",
 "serde",
@ -1284,8 +1285,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
 dependencies = [
 "cfg-if",
+ "js-sys",
 "libc",
 "wasi",
+ "wasm-bindgen",
 ]

 [[package]]
@ -1546,6 +1549,21 @@ dependencies = [
 "wasm-bindgen",
 ]

+[[package]]
+name = "jsonwebtoken"
+version = "9.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b9ae10193d25051e74945f1ea2d0b42e03cc3b890f7e4cc5faa44997d808193f"
+dependencies = [
+ "base64 0.21.7",
+ "js-sys",
+ "pem",
+ "ring",
+ "serde",
+ "serde_json",
+ "simple_asn1",
+]
+
 [[package]]
 name = "kv-log-macro"
 version = "1.0.7"
@ -1884,6 +1902,16 @@ version = "1.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"

+[[package]]
+name = "pem"
+version = "3.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e459365e590736a54c3fa561947c84837534b8e9af6fc5bf781307e82658fae"
+dependencies = [
+ "base64 0.22.1",
+ "serde",
+]
+
 [[package]]
 name = "pem-rfc7468"
 version = "0.7.0"
@ -2620,6 +2648,18 @@ version = "0.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f27f6278552951f1f2b8cf9da965d10969b2efdea95a6ec47987ab46edfe263a"

+[[package]]
+name = "simple_asn1"
+version = "0.6.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "adc4e5204eb1910f40f9cfa375f6f05b68c3abac4b6fd879c8ff5e7ae8a0a085"
+dependencies = [
+ "num-bigint",
+ "num-traits",
+ "thiserror",
+ "time",
+]
+
 [[package]]
 name = "slab"
 version = "0.4.9"
--- a/crates/backend/Cargo.toml
+++ b/crates/backend/Cargo.toml
@ -17,3 +17,4 @@ sea-orm = { version = "0.12", features = [
    "with-uuid",
 ] }
 dotenvy = "*"
+jsonwebtoken = "*"
--- a/crates/backend/src/auth.rs
+++ b/crates/backend/src/auth.rs
@ -0,0 +1,26 @@
+use jsonwebtoken::{EncodingKey, Header, Validation};
+use migration::token;
+use serde::{Deserialize, Serialize};
+use uuid::Uuid;
+
+#[derive(Deserialize, Serialize)]
+struct Claims {
+    sub: Uuid,
+    name: String,
+}
+
+pub fn create_jwt(
+    user: entity::user::Model,
+    key: &EncodingKey,
+) -> Result<String, jsonwebtoken::errors::Error> {
+    let claims = Claims {
+        sub: user.id,
+        name: user.name,
+    };
+    jsonwebtoken::encode(&Header::default(), &claims, key)
+}
+
+pub fn verify(token: &str) {
+    let validation = Validation::new(jsonwebtoken::Algorithm::HS256);
+    // jsonwebtoken::decode(token, , validation)
+}
--- a/crates/backend/src/controller/auth.rs
+++ b/crates/backend/src/controller/auth.rs
@ -1,14 +1,12 @@
 use actix_web::{
    error::{ErrorBadRequest, ErrorInternalServerError},
-    web, Responder,
+    web, HttpResponse, Responder,
 };
 use argon2::{Argon2, PasswordHash, PasswordVerifier};
 use sea_orm::{ColumnTrait, EntityTrait, QueryFilter};
 use serde::Deserialize;

-use crate::AppState;
-
-use super::user::UserWithoutPassword;
+use crate::{auth::create_jwt, AppState};

 #[derive(Deserialize)]
 pub struct LoginRequest {
@ -24,6 +22,7 @@ impl AuthController {
        login: web::Json<LoginRequest>,
    ) -> actix_web::Result<impl Responder> {
        let db = &state.db;
+        let jwt_secret = &state.secret;
        let login = login.into_inner();

        let user = entity::user::Entity::find()
@ -39,6 +38,7 @@ impl AuthController {
            .verify_password(login.password.as_bytes(), &parsed_hash)
            .map_err(ErrorBadRequest)?;

-        Ok(web::Json(UserWithoutPassword::from(user)))
+        let jwt = create_jwt(user, jwt_secret).map_err(ErrorInternalServerError)?;
+        Ok(HttpResponse::Ok().body(jwt))
    }
 }
--- a/crates/backend/src/main.rs
+++ b/crates/backend/src/main.rs
@ -1,15 +1,18 @@
 use actix_web::{web, App, HttpServer};
+use jsonwebtoken::EncodingKey;
 use migration::MigratorTrait;
 use sea_orm::{Database, DatabaseConnection};
 use std::env;

 use routes::config;
+mod auth;
 mod controller;
 mod routes;

 #[derive(Clone)]
 struct AppState {
    db: DatabaseConnection,
+    secret: EncodingKey,
 }

 #[actix_web::main]
@ -20,6 +23,7 @@ async fn main() -> std::io::Result<()> {
    dotenvy::dotenv().ok();

    let db_url = env::var("DATABASE_URL").expect("DATABASE_URL must be set");
+    let jwt_secret = env::var("TOKEN_SECRET").expect("TOKEN_SECRET must be set");

    let conn = Database::connect(&db_url)
        .await
@ -31,7 +35,10 @@ async fn main() -> std::io::Result<()> {
        .expect("Running migrations failed");
    println!("Finished running migrations");

-    let state = AppState { db: conn };
+    let state = AppState {
+        db: conn,
+        secret: EncodingKey::from_secret(jwt_secret.as_bytes()),
+    };

    println!("Listening for connections...");
    HttpServer::new(move || {
Author	SHA1	Message	Date
Sphereso	77abf8811a	backend: jwt token	2024-07-05 21:24:32 +02:00
Sphereso	52d59fe51b	backend:add development secret	2024-07-05 21:23:03 +02:00
Sphereso	6e195d0f04	backend: add dependency: jsonwebtoken	2024-07-05 16:29:46 +02:00