1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
use std::sync::Arc;
use argon2::{Argon2, PasswordHash, PasswordVerifier};
use axum::{extract::State, http::header::SET_COOKIE, response::IntoResponse, Json};
use axum_extra::{
extract::cookie::{Cookie, SameSite},
routing::TypedPath,
};
use jsonwebtoken::{EncodingKey, Header};
use serde::Deserialize;
use crate::{
model::{LoginSchema, TokenClaims, User},
state::AppState,
Error,
};
#[derive(Debug, Deserialize, TypedPath)]
#[typed_path("/api/login")]
pub struct Login;
impl Login {
#[tracing::instrument(skip(state, password))]
pub async fn post(
self,
State(state): State<Arc<AppState>>,
Json(LoginSchema { email, password }): Json<LoginSchema>,
) -> Result<impl IntoResponse, Error> {
let User {
uuid,
password_hash,
..
} = sqlx::query_as!(
User,
"SELECT * FROM users WHERE email = $1",
email.to_ascii_lowercase()
)
.fetch_optional(&state.pool)
.await?
.ok_or(Error::LoginInvalid)?;
Argon2::default()
.verify_password(password.as_bytes(), &PasswordHash::new(&password_hash)?)?;
let token = jsonwebtoken::encode(
&Header::default(),
&TokenClaims::new(uuid, state.jwt_max_age),
&EncodingKey::from_secret(state.jwt_secret.as_ref()),
)?;
let cookie = Cookie::build(("token", token.to_owned()))
.path("/")
.max_age(state.jwt_max_age)
.same_site(SameSite::Lax)
.http_only(true)
.build();
let mut response = Json(token).into_response();
response
.headers_mut()
.insert(SET_COOKIE, cookie.to_string().parse().unwrap());
Ok(response)
}
}
#[cfg(test)]
mod tests {
use super::*;
use axum::{
body::Body,
http::{header, Request, StatusCode},
};
use sqlx::PgPool;
use tower::ServiceExt;
use crate::init_router;
const JWT_SECRET: &str = "test-jwt-secret-token";
const JWT_MAX_AGE: time::Duration = time::Duration::HOUR;
#[sqlx::test(fixtures(path = "../../fixtures", scripts("users")))]
async fn test_login_unauthorized(pool: PgPool) -> Result<(), Error> {
let state = Arc::new(AppState {
pool,
jwt_secret: JWT_SECRET.to_string(),
jwt_max_age: JWT_MAX_AGE,
});
let router = init_router(state.clone());
let user = LoginSchema {
email: "adent@earth.sol".to_string(),
password: "hunter2".to_string(),
};
let request = Request::builder()
.uri("/api/login")
.method("POST")
.header(header::CONTENT_TYPE, mime::APPLICATION_JSON.as_ref())
.body(Body::from(serde_json::to_vec(&user).unwrap()))?;
let response = router.oneshot(request).await.unwrap();
assert_eq!(StatusCode::UNAUTHORIZED, response.status());
Ok(())
}
#[sqlx::test(fixtures(path = "../../fixtures", scripts("users")))]
async fn test_login_ok(pool: PgPool) -> Result<(), Error> {
let state = Arc::new(AppState {
pool,
jwt_secret: JWT_SECRET.to_string(),
jwt_max_age: JWT_MAX_AGE,
});
let router = init_router(state.clone());
let user = LoginSchema {
email: "adent@earth.sol".to_string(),
password: "solongandthanksforallthefish".to_string(),
};
let response = router
.oneshot(
Request::builder()
.uri("/api/login")
.method("POST")
.header(header::CONTENT_TYPE, mime::APPLICATION_JSON.as_ref())
.body(Body::from(serde_json::to_vec(&user).unwrap()))?,
)
.await
.unwrap();
assert_eq!(StatusCode::OK, response.status());
Ok(())
}
}
|
