forked from alexjustesen/speedtest-tracker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.rs
More file actions
170 lines (156 loc) · 5.03 KB
/
Copy pathauth.rs
File metadata and controls
170 lines (156 loc) · 5.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
use axum::{
Json,
extract::{FromRequestParts, Request, State},
http::{StatusCode, request::Parts},
middleware::Next,
response::Response,
};
use axum_extra::{
TypedHeader,
headers::{Authorization, authorization::Bearer},
};
use serde::Serialize;
use sha2::{Digest, Sha256};
use crate::{AppState, db::Database, models::PersonalAccessToken};
#[derive(Serialize)]
pub struct ErrorResponse {
pub message: String,
}
impl<S> FromRequestParts<S> for PersonalAccessToken
where
S: Send + Sync,
{
type Rejection = (StatusCode, &'static str);
async fn from_request_parts(parts: &mut Parts, _state: &S) -> Result<Self, Self::Rejection> {
parts
.extensions
.get::<PersonalAccessToken>()
.cloned()
.ok_or((
StatusCode::INTERNAL_SERVER_ERROR,
"No access token found in request extensions",
))
}
}
pub async fn require_auth(
State(state): State<AppState>,
TypedHeader(auth): TypedHeader<Authorization<Bearer>>,
mut request: Request,
next: Next,
) -> Result<Response, (StatusCode, Json<ErrorResponse>)> {
let token = auth.token();
tracing::debug!("Auth token received, length: {}", token.len());
// Hash the token using SHA-256 (same as Laravel Sanctum)
let mut hasher = Sha256::new();
hasher.update(token.as_bytes());
let hash_bytes = hasher.finalize();
let hashed = hex::encode(hash_bytes);
tracing::debug!(
"Auth attempt - token length: {}, hash: {}...",
token.len(),
&hashed[..20]
);
// Verify token exists in database
let token_valid = match &state.db {
#[cfg(feature = "sqlite")]
Database::Sqlite(pool) => sqlx::query_as::<_, PersonalAccessToken>(
"SELECT * FROM personal_access_tokens WHERE token = $1",
)
.bind(&hashed)
.fetch_optional(pool)
.await
.map_err(|e| {
tracing::error!("Database query error: {}", e);
e
})
.ok()
.flatten(),
#[cfg(feature = "postgres")]
Database::Postgres(pool) => sqlx::query_as::<_, PersonalAccessToken>(
"SELECT * FROM personal_access_tokens WHERE token = $1",
)
.bind(&hashed)
.fetch_optional(pool)
.await
.map_err(|e| {
tracing::error!("Database query error: {}", e);
e
})
.ok()
.flatten(),
#[cfg(feature = "mysql")]
Database::MySql(pool) => sqlx::query_as::<_, PersonalAccessToken>(
"SELECT * FROM personal_access_tokens WHERE token = ?",
)
.bind(&hashed)
.fetch_optional(pool)
.await
.map_err(|e| {
tracing::error!("Database query error: {}", e);
e
})
.ok()
.flatten(),
};
if token_valid.is_none() {
tracing::warn!("Token not found in database - hash: {}...", &hashed[..20]);
}
if let Some(pat) = token_valid {
// Check if token is expired
if let Some(expires_at) = pat.expires_at {
let now = chrono::Local::now().naive_local();
if now > expires_at {
return Err((
StatusCode::UNAUTHORIZED,
Json(ErrorResponse {
message: "Unauthenticated.".to_string(),
}),
));
}
}
// Update last_used_at timestamp (fire and forget)
let state_clone = state.clone();
let token_id = pat.id;
tokio::spawn(async move {
match &state_clone.db {
#[cfg(feature = "sqlite")]
Database::Sqlite(pool) => {
let _ = sqlx::query(
"UPDATE personal_access_tokens SET last_used_at = datetime('now') WHERE id = ?"
)
.bind(token_id)
.execute(pool)
.await;
}
#[cfg(feature = "postgres")]
Database::Postgres(pool) => {
let _ = sqlx::query(
"UPDATE personal_access_tokens SET last_used_at = NOW() WHERE id = ?",
)
.bind(token_id)
.execute(pool)
.await;
}
#[cfg(feature = "mysql")]
Database::MySql(pool) => {
let _ = sqlx::query(
"UPDATE personal_access_tokens SET last_used_at = NOW() WHERE id = $1",
)
.bind(token_id)
.execute(pool)
.await;
}
}
});
// Store token in request extensions for later use if needed
request.extensions_mut().insert(pat);
Ok(next.run(request).await)
} else {
Err((
StatusCode::UNAUTHORIZED,
Json(ErrorResponse {
message: "Unauthenticated.".to_string(),
}),
))
}
}