1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
use argon2::{
password_hash::{rand_core::OsRng, SaltString},
Argon2, PasswordHash, PasswordHasher, PasswordVerifier,
};
use axum::{extract::State, http::StatusCode, Router};
use axum_extra::{
headers::{authorization::Basic, Authorization},
routing::Resource,
TypedHeader,
};
use uuid::Uuid;
use crate::state::AppState;
use self::{error::Error, jwt::JWT};
pub use self::claims::{AccessClaims, RefreshClaims};
pub mod claims;
pub mod error;
pub mod jwt;
pub fn router() -> Router<AppState> {
axum::Router::new().merge(Resource::named("users").index(issue).create(create))
}
pub async fn issue(
State(state): State<AppState>,
TypedHeader(Authorization(basic)): TypedHeader<Authorization<Basic>>,
) -> Result<(AccessClaims, RefreshClaims), Error> {
let uuid = Uuid::try_parse(basic.username())?;
let p: String = sqlx::query_scalar!("SELECT password_hash FROM credential WHERE id = $1", uuid)
.fetch_optional(&state.pool)
.await?
.ok_or(Error::LoginInvalid)?;
Argon2::default().verify_password(basic.password().as_bytes(), &PasswordHash::new(&p)?)?;
let refresh = RefreshClaims::new(uuid);
let access = refresh.refresh();
Ok((access, refresh))
}
pub async fn create(
State(state): State<AppState>,
TypedHeader(Authorization(basic)): TypedHeader<Authorization<Basic>>,
) -> Result<(StatusCode, (AccessClaims, RefreshClaims)), Error> {
let salt = SaltString::generate(&mut OsRng);
let password_hash = Argon2::default().hash_password(basic.password().as_bytes(), &salt)?;
let uuid = sqlx::query!(
"INSERT INTO credential (password_hash) VALUES ($1) RETURNING id",
password_hash.to_string()
)
.fetch_optional(&state.pool)
.await?
.ok_or(Error::Registration)?
.id;
let refresh = RefreshClaims::new(uuid);
let access = refresh.refresh();
Ok((StatusCode::CREATED, (access, refresh)))
}
pub async fn refresh(claims: RefreshClaims) -> AccessClaims {
claims.refresh()
}
#[cfg(test)]
mod tests {
use super::*;
use axum::{
body::Body,
http::{header::AUTHORIZATION, Request, StatusCode},
Router,
};
use axum_extra::headers::authorization::Credentials;
use sqlx::PgPool;
use tower::ServiceExt;
use crate::tests::{setup_test_env, TestResult};
#[test]
fn test_jwt_encode_decode() -> TestResult {
setup_test_env();
let claims = AccessClaims::new(uuid::Uuid::new_v4());
let token = JWT.encode(&claims)?;
let decoded = JWT.decode(&token)?.claims;
assert_eq!(claims, decoded);
Ok(())
}
#[sqlx::test(fixtures(path = "../fixtures", scripts("users")))]
async fn test_issue_ok(pool: PgPool) -> TestResult {
setup_test_env();
let router = Router::new().merge(router()).with_state(AppState { pool });
let auth = Authorization::basic(
"4c14f795-86f0-4361-a02f-0edb966fb145",
"solongandthanksforallthefish",
);
let request = Request::builder()
.uri("/auth")
.method("GET")
.header(AUTHORIZATION, auth.0.encode())
.body(Body::empty())?;
let response = router.oneshot(request).await?;
println!("{response:?}");
assert_eq!(StatusCode::OK, response.status());
Ok(())
}
#[sqlx::test(fixtures(path = "../fixtures", scripts("users")))]
async fn test_issue_unauthorized(pool: PgPool) -> TestResult {
setup_test_env();
let router = Router::new().merge(router()).with_state(AppState { pool });
let auth = Authorization::basic("4c14f795-86f0-4361-a02f-0edb966fb145", "hunter2");
let request = Request::builder()
.uri("/auth")
.method("GET")
.header(AUTHORIZATION, auth.0.encode())
.body(Body::empty())?;
let response = router.oneshot(request).await?;
assert_eq!(StatusCode::UNAUTHORIZED, response.status());
Ok(())
}
}
|
