diff options
| author | Toby Vincent <tobyv@tobyvin.dev> | 2024-04-13 17:37:08 -0500 |
|---|---|---|
| committer | Toby Vincent <tobyv@tobyvin.dev> | 2024-04-13 17:37:08 -0500 |
| commit | 49266fab5d12a63ea51708941ac15c286dfc4141 (patch) | |
| tree | f61de885004d5658739db60fd8a374e7a216f03e /src/auth/claims.rs | |
| parent | fecfd74eb29a5e1ddafab48d393c022dfcac3815 (diff) | |
fix(api,auth): improve token validation and errors
Diffstat (limited to 'src/auth/claims.rs')
| -rw-r--r-- | src/auth/claims.rs | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/src/auth/claims.rs b/src/auth/claims.rs index ff582a3..bee1c35 100644 --- a/src/auth/claims.rs +++ b/src/auth/claims.rs @@ -14,13 +14,14 @@ use axum_extra::{ headers::{authorization::Bearer, Authorization}, TypedHeader, }; -use serde::{Deserialize, Serialize}; +use serde::{Deserialize, Deserializer, Serialize, Serializer}; use time::OffsetDateTime; use uuid::Uuid; use super::{Error, JWT}; #[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)] +#[serde(remote = "Self")] pub struct Claims<const LIFETIME: i64 = ACCESS> { pub sub: Uuid, pub iat: i64, @@ -40,6 +41,32 @@ impl<const LIFETIME: i64> Claims<LIFETIME> { } } +impl<const LIFETIME: i64> Serialize for Claims<LIFETIME> { + fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> + where + S: Serializer, + { + Self::serialize(self, serializer) + } +} + +impl<'de, const LIFETIME: i64> Deserialize<'de> for Claims<LIFETIME> { + fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> + where + D: Deserializer<'de>, + { + let claims = Self::deserialize(deserializer)?; + + if claims.exp - claims.iat != LIFETIME { + return Err(serde::de::Error::custom( + "Lifetime is invalid for Claim type", + )); + } + + Ok(claims) + } +} + // 1 day in seconds const ACCESS: i64 = 86400; @@ -158,6 +185,6 @@ where .await .map_err(|_| Error::JwtNotFound)?; - Ok(JWT.decode(bearer.token())?.claims) + JWT.decode(bearer.token()).map(|jwt| jwt.claims) } } |