Merge pull request #27 from EETagent/guard_session_auth

Guard session auth

api/src/guards/request/candidate_refresh_token.rs

@@ -1,27 +0,0 @@
-use portfolio_core::sea_orm::prelude::Uuid;
-use rocket::http::Status;
-use rocket::outcome::Outcome;
-use rocket::request::{FromRequest, Request};
-
-
-pub struct UUIDCookie(Uuid);
-
-impl Into<Uuid> for UUIDCookie {
-    fn into(self) -> Uuid {
-        self.0
-    }
-}
-
-#[rocket::async_trait]
-impl<'r> FromRequest<'r> for UUIDCookie {
-    type Error = Option<String>;
-    async fn from_request(req: &'r Request<'_>) -> Outcome<UUIDCookie, (Status, Self::Error), ()> {
-        let session_id = req.cookies().get("id").unwrap().name_value().1;
-        println!("session_id: {}", session_id);
-
-        match Uuid::parse_str(&session_id) {
-            Ok(uuid) => Outcome::Success(UUIDCookie(uuid)),
-            Err(_) => return Outcome::Failure((Status::BadRequest, None)),
-        }
-    }
-}

api/src/guards/request/mod.rs

@@ -1 +1 @@
-pub mod candidate_refresh_token;
+pub mod session_auth;

api/src/guards/request/session_auth.rs

@@ -0,0 +1,38 @@
+use entity::candidate::Model as Candidate;
+use portfolio_core::sea_orm::prelude::Uuid;
+use portfolio_core::services::candidate_service::CandidateService;
+use rocket::http::Status;
+use rocket::outcome::Outcome;
+use rocket::request::{FromRequest, Request};
+
+use crate::pool::Db;
+
+pub struct SessionAuth(Candidate);
+
+impl Into<Candidate> for SessionAuth {
+    fn into(self) -> Candidate {
+        self.0
+    }
+}
+    
+#[rocket::async_trait]
+impl<'r> FromRequest<'r> for SessionAuth {
+    type Error = Option<String>;
+    async fn from_request(req: &'r Request<'_>) -> Outcome<SessionAuth, (Status, Self::Error), ()> {
+        let session_id = req.cookies().get("id").unwrap().name_value().1;
+        let conn = &req.rocket().state::<Db>().unwrap().conn;
+
+        let uuid = match Uuid::parse_str(&session_id) {
+            Ok(uuid) => uuid,
+            Err(_) => return Outcome::Failure((Status::BadRequest, None)),
+        };
+
+        let session = CandidateService::auth_user_session(conn, uuid).await;
+
+        match session {
+            Ok(model) => Outcome::Success(SessionAuth(model)),
+            Err(_) => Outcome::Failure((Status::Unauthorized, None)),
+        }
+
+    }
+}

api/src/lib.rs

@@ -3,6 +3,7 @@ extern crate rocket;
 
 use std::net::SocketAddr;
 
+use guards::request::session_auth::SessionAuth;
 use portfolio_core::error::ServiceError;
 use portfolio_core::services::candidate_service::CandidateService;
 use requests::{LoginRequest, RegisterRequest};
@@ -29,8 +30,6 @@ pub use entity::candidate::Entity as Candidate;
 
 use portfolio_core::crypto::random_8_char_string;
 
-use crate::guards::request::candidate_refresh_token::UUIDCookie;
-
 fn custom_err_from_service_err(service_err: ServiceError) -> Custom<String> {
     Custom(Status::from_code(service_err.0.code).unwrap_or_default(), service_err.1.to_string())
 }
@@ -50,15 +49,9 @@ async fn create(conn: Connection<'_, Db>, post_form: Json<RegisterRequest>) -> R
 }
 
 #[get("/whoami")]
-async fn validate(conn: Connection<'_, Db>, uuid_cookie: Result<UUIDCookie, Option<String>>) -> Result<String, Custom<String>> {
-    let db = conn.into_inner();
-    let user = CandidateService::auth_user_session(db, uuid_cookie.ok().unwrap().into()).await;
-
-
-    match user {
-        Ok(user) => Ok(user.application.to_string()),
-        Err(err) => Err(custom_err_from_service_err(err))
-    }
+async fn validate(session: SessionAuth) -> Result<String, Custom<String>> {
+    let candidate: entity::candidate::Model = session.into();
+    Ok(candidate.application.to_string())
 }
 
 #[post("/login", data = "<login_form>")]