ffplayout/src/api/routes.rs

use std::sync::Mutex;

use actix_web::{
    get,
    http::StatusCode,
    post, put,
    web::{self, Data},
    Responder,
};
use actix_web_grants::proc_macro::has_permissions;
use argon2::{password_hash::PasswordHash, Argon2, PasswordVerifier};
use serde::Serialize;
use simplelog::*;

use crate::api::{
    auth::{create_jwt, Claims},
    handles::{get_login, get_role},
    models::{LoginUser, User},
};

#[derive(Serialize)]
struct ResponseObj<T> {
    message: String,
    status: i32,
    data: Option<T>,
}

#[get("/settings")]
#[has_permissions("admin")]
async fn settings(data: Data<Mutex<LoginUser>>) -> impl Responder {
    println!("{:?}", data.lock());
    "Hello from settings!"
}

#[put("/user/{user_id}")]
#[has_permissions("admin")]
async fn update_user(user_id: web::Path<i64>, data: Data<Mutex<LoginUser>>) -> impl Responder {
    if user_id.into_inner() == data.lock().unwrap().id {
        return "Update allow!";
    }

    "Wrong user!"
}

/// curl -X POST -H "Content-Type: application/json" -d '{"username": "USER", "password": "abc123" }' \
/// http://127.0.0.1:8080/auth/login/
#[post("/auth/login/")]
pub async fn login(credentials: web::Json<User>, data: Data<Mutex<LoginUser>>) -> impl Responder {
    match get_login(&credentials.username).await {
        Ok(mut user) => {
            let pass = user.password.clone();
            user.password = "".into();
            user.salt = None;

            let hash = PasswordHash::new(&pass).unwrap();
            if Argon2::default()
                .verify_password(credentials.password.as_bytes(), &hash)
                .is_ok()
            {
                let role = get_role(&user.role_id.unwrap_or_default())
                    .await
                    .unwrap_or_else(|_| "guest".to_string());
                let claims = Claims::new(user.id, user.username.clone(), vec![role.clone()]);

                if let Ok(token) = create_jwt(claims) {
                    user.token = Some(token);
                };

                let mut my_data = data.lock().unwrap();
                my_data.id = user.id;

                info!("user {} login, with role: {role}", credentials.username);

                web::Json(ResponseObj {
                    message: "login correct!".into(),
                    status: 200,
                    data: Some(user),
                })
                .customize()
                .with_status(StatusCode::OK)
            } else {
                error!("Wrong password for {}!", credentials.username);
                web::Json(ResponseObj {
                    message: "Wrong password!".into(),
                    status: 401,
                    data: None,
                })
                .customize()
                .with_status(StatusCode::FORBIDDEN)
            }
        }
        Err(e) => {
            error!("Login {} failed! {e}", credentials.username);
            return web::Json(ResponseObj {
                message: format!("Login {} failed!", credentials.username),
                status: 400,
                data: None,
            })
            .customize()
            .with_status(StatusCode::BAD_REQUEST);
        }
    }
}
add jwt auth 2022-06-09 18:59:14 +02:00			`use std::sync::Mutex;`

			`use actix_web::{`
			`get,`
			`http::StatusCode,`
			`post, put,`
			`web::{self, Data},`
			`Responder,`
			`};`
			`use actix_web_grants::proc_macro::has_permissions;`
add login 2022-06-07 22:05:35 +02:00			`use argon2::{password_hash::PasswordHash, Argon2, PasswordVerifier};`
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`use serde::Serialize;`
add login 2022-06-07 22:05:35 +02:00			`use simplelog::*;`
start with API 2022-06-06 23:07:11 +02:00
add jwt auth 2022-06-09 18:59:14 +02:00			`use crate::api::{`
			`auth::{create_jwt, Claims},`
			`handles::{get_login, get_role},`
			`models::{LoginUser, User},`
			`};`
start with API 2022-06-06 23:07:11 +02:00
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`#[derive(Serialize)]`
			`struct ResponseObj<T> {`
			`message: String,`
			`status: i32,`
			`data: Option<T>,`
work on login route 2022-06-07 18:11:46 +02:00			`}`
cleanup code, reponse object 2022-06-08 18:06:40 +02:00
add jwt auth 2022-06-09 18:59:14 +02:00			`#[get("/settings")]`
			`#[has_permissions("admin")]`
			`async fn settings(data: Data<Mutex<LoginUser>>) -> impl Responder {`
			`println!("{:?}", data.lock());`
			`"Hello from settings!"`
			`}`

			`#[put("/user/{user_id}")]`
			`#[has_permissions("admin")]`
			`async fn update_user(user_id: web::Path<i64>, data: Data<Mutex<LoginUser>>) -> impl Responder {`
			`if user_id.into_inner() == data.lock().unwrap().id {`
			`return "Update allow!";`
			`}`

			`"Wrong user!"`
			`}`

			`/// curl -X POST -H "Content-Type: application/json" -d '{"username": "USER", "password": "abc123" }' \`
			`/// http://127.0.0.1:8080/auth/login/`
work on login route 2022-06-07 18:11:46 +02:00			`#[post("/auth/login/")]`
add jwt auth 2022-06-09 18:59:14 +02:00			`pub async fn login(credentials: web::Json<User>, data: Data<Mutex<LoginUser>>) -> impl Responder {`
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`match get_login(&credentials.username).await {`
			`Ok(mut user) => {`
			`let pass = user.password.clone();`
			`user.password = "".into();`
			`user.salt = None;`
add login 2022-06-07 22:05:35 +02:00
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`let hash = PasswordHash::new(&pass).unwrap();`
add login 2022-06-07 22:05:35 +02:00			`if Argon2::default()`
			`.verify_password(credentials.password.as_bytes(), &hash)`
			`.is_ok()`
			`{`
add jwt auth 2022-06-09 18:59:14 +02:00			`let role = get_role(&user.role_id.unwrap_or_default())`
			`.await`
			`.unwrap_or_else(\|_\| "guest".to_string());`
			`let claims = Claims::new(user.id, user.username.clone(), vec![role.clone()]);`

			`if let Ok(token) = create_jwt(claims) {`
			`user.token = Some(token);`
			`};`

			`let mut my_data = data.lock().unwrap();`
			`my_data.id = user.id;`

			`info!("user {} login, with role: {role}", credentials.username);`
work on login route 2022-06-07 18:11:46 +02:00
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`web::Json(ResponseObj {`
			`message: "login correct!".into(),`
			`status: 200,`
			`data: Some(user),`
			`})`
add status 2022-06-08 18:16:58 +02:00			`.customize()`
			`.with_status(StatusCode::OK)`
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`} else {`
			`error!("Wrong password for {}!", credentials.username);`
			`web::Json(ResponseObj {`
			`message: "Wrong password!".into(),`
			`status: 401,`
			`data: None,`
			`})`
add status 2022-06-08 18:16:58 +02:00			`.customize()`
			`.with_status(StatusCode::FORBIDDEN)`
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`}`
			`}`
			`Err(e) => {`
			`error!("Login {} failed! {e}", credentials.username);`
			`return web::Json(ResponseObj {`
			`message: format!("Login {} failed!", credentials.username),`
add status 2022-06-08 18:16:58 +02:00			`status: 400,`
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`data: None,`
add status 2022-06-08 18:16:58 +02:00			`})`
			`.customize()`
			`.with_status(StatusCode::BAD_REQUEST);`
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`}`
			`}`
work on login route 2022-06-07 18:11:46 +02:00			`}`