Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(session): validate token sessions #57

Merged
merged 4 commits into from
Jan 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion doseid/src/server/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ mod logs;
mod ping;
mod project;
mod secret;
mod token;
pub(crate) mod token;
mod user;

use anyhow::Context;
Expand Down
2 changes: 1 addition & 1 deletion doseid/src/server/token/mod.rs
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
pub(crate) mod route;
mod schema;
pub(crate) mod schema;
6 changes: 3 additions & 3 deletions doseid/src/server/token/route.rs
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ pub async fn api_get_tokens(
config: Extension<&'static Config>,
headers: axum::http::HeaderMap,
) -> Result<Json<Vec<Token>>, StatusCode> {
let session = validate_session(&config, headers).await?;
let session = validate_session(Arc::clone(&pool), &config, headers).await?;
match sqlx::query_as!(
Token,
"SELECT * FROM token WHERE owner_id = $1::uuid",
Expand All @@ -40,7 +40,7 @@ pub async fn api_set_token(
headers: axum::http::HeaderMap,
Json(body): Json<TokenBody>,
) -> Result<Json<Token>, Response> {
let session = validate_session(&config, headers)
let session = validate_session(Arc::clone(&pool), &config, headers)
.await
.map_err(|e| e.into_response())?;
let token = Token::new(body.name, body.days_until_expiration, session.owner_id).map_err(|e| {
Expand Down Expand Up @@ -89,7 +89,7 @@ pub async fn api_delete_token(
headers: axum::http::HeaderMap,
Path(token_id): Path<Uuid>,
) -> Result<StatusCode, StatusCode> {
let session = validate_session(&config, headers).await?;
let session = validate_session(Arc::clone(&pool), &config, headers).await?;
match sqlx::query!(
"DELETE FROM token WHERE id = $1::uuid and owner_id = $2::uuid",
token_id,
Expand Down
18 changes: 15 additions & 3 deletions doseid/src/session.rs
Original file line number Diff line number Diff line change
@@ -1,14 +1,18 @@
use crate::config::Config;
use crate::server::token::schema::Token;
use axum::http::header;
use axum::http::StatusCode;
use jsonwebtoken::{Algorithm, DecodingKey, Validation};
use serde::{Deserialize, Serialize};
use sqlx::{Pool, Postgres};
use std::collections::HashSet;
use std::sync::Arc;
use uuid::Uuid;

const BEARER: &str = "Bearer ";

pub async fn validate_session(
pool: Arc<Pool<Postgres>>,
config: &'static Config,
headers: axum::http::HeaderMap,
) -> Result<Session, StatusCode> {
Expand All @@ -33,10 +37,18 @@ pub async fn validate_session(
)
.map_err(|_| StatusCode::UNAUTHORIZED)?;
return Ok(token_message.claims);
} else {
// TODO: Look for access token on db
}
Err(StatusCode::FORBIDDEN)
let token = sqlx::query_as!(
Token,
"SELECT * FROM token WHERE value = $1::text and expires_at >= CURRENT_TIMESTAMP",
token
)
.fetch_one(&*pool)
.await
.map_err(|_| StatusCode::UNAUTHORIZED)?;
Ok(Session {
owner_id: token.owner_id,
})
}

#[derive(Debug, Serialize, Deserialize)]
Expand Down