ffplayout/src/api/routes.rs

use actix_web::{get, http::StatusCode, post, put, web, Responder};
use actix_web_grants::proc_macro::has_permissions;
use argon2::{password_hash::PasswordHash, Argon2, PasswordVerifier};
use serde::Serialize;
use simplelog::*;

use crate::api::{
    auth::{create_jwt, Claims},
    errors::ServiceError,
    handles::{get_login, get_role},
    models::{LoginUser, User},
};

#[derive(Serialize)]
struct ResponseObj<T> {
    message: String,
    status: i32,
    data: Option<T>,
}

/// curl -X GET http://127.0.0.1:8080/api/settings -H "Authorization: Bearer <TOKEN>"
#[get("/settings")]
#[has_permissions("admin")]
async fn settings(user: web::ReqData<LoginUser>) -> Result<impl Responder, ServiceError> {
    println!("{:?}", user);
    Ok("Hello from settings!")
}

#[put("/user/{user_id}")]
#[has_permissions("admin")]
async fn update_user(
    user_id: web::Path<i64>,
    user: web::ReqData<LoginUser>,
    data: web::Json<User>,
) -> Result<impl Responder, ServiceError> {
    if user_id.into_inner() == user.id {
        println!("{data:?}");
        return Ok("Update allow!");
    }

    Err(ServiceError::Unauthorized)
}

/// curl -X POST -H "Content-Type: application/json" -d '{"username": "USER", "password": "abc123" }' \
/// http://127.0.0.1:8080/auth/login/
#[post("/auth/login/")]
pub async fn login(credentials: web::Json<User>) -> impl Responder {
    match get_login(&credentials.username).await {
        Ok(mut user) => {
            let pass = user.password.clone();
            user.password = "".into();
            user.salt = None;

            let hash = PasswordHash::new(&pass).unwrap();
            if Argon2::default()
                .verify_password(credentials.password.as_bytes(), &hash)
                .is_ok()
            {
                let role = get_role(&user.role_id.unwrap_or_default())
                    .await
                    .unwrap_or_else(|_| "guest".to_string());
                let claims = Claims::new(user.id, user.username.clone(), vec![role.clone()]);

                if let Ok(token) = create_jwt(claims) {
                    user.token = Some(token);
                };

                info!("user {} login, with role: {role}", credentials.username);

                web::Json(ResponseObj {
                    message: "login correct!".into(),
                    status: 200,
                    data: Some(user),
                })
                .customize()
                .with_status(StatusCode::OK)
            } else {
                error!("Wrong password for {}!", credentials.username);
                web::Json(ResponseObj {
                    message: "Wrong password!".into(),
                    status: 401,
                    data: None,
                })
                .customize()
                .with_status(StatusCode::FORBIDDEN)
            }
        }
        Err(e) => {
            error!("Login {} failed! {e}", credentials.username);
            return web::Json(ResponseObj {
                message: format!("Login {} failed!", credentials.username),
                status: 400,
                data: None,
            })
            .customize()
            .with_status(StatusCode::BAD_REQUEST);
        }
    }
}
set user data in validator 2022-06-09 19:20:09 +02:00			`use actix_web::{get, http::StatusCode, post, put, web, Responder};`
add jwt auth 2022-06-09 18:59:14 +02:00			`use actix_web_grants::proc_macro::has_permissions;`
add login 2022-06-07 22:05:35 +02:00			`use argon2::{password_hash::PasswordHash, Argon2, PasswordVerifier};`
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`use serde::Serialize;`
add login 2022-06-07 22:05:35 +02:00			`use simplelog::*;`
start with API 2022-06-06 23:07:11 +02:00
add jwt auth 2022-06-09 18:59:14 +02:00			`use crate::api::{`
			`auth::{create_jwt, Claims},`
add errors 2022-06-09 22:17:03 +02:00			`errors::ServiceError,`
add jwt auth 2022-06-09 18:59:14 +02:00			`handles::{get_login, get_role},`
			`models::{LoginUser, User},`
			`};`
start with API 2022-06-06 23:07:11 +02:00
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`#[derive(Serialize)]`
			`struct ResponseObj<T> {`
			`message: String,`
			`status: i32,`
			`data: Option<T>,`
work on login route 2022-06-07 18:11:46 +02:00			`}`
cleanup code, reponse object 2022-06-08 18:06:40 +02:00
add errors 2022-06-09 22:17:03 +02:00			`/// curl -X GET http://127.0.0.1:8080/api/settings -H "Authorization: Bearer <TOKEN>"`
add jwt auth 2022-06-09 18:59:14 +02:00			`#[get("/settings")]`
			`#[has_permissions("admin")]`
add errors 2022-06-09 22:17:03 +02:00			`async fn settings(user: web::ReqData<LoginUser>) -> Result<impl Responder, ServiceError> {`
set user data in validator 2022-06-09 19:20:09 +02:00			`println!("{:?}", user);`
add errors 2022-06-09 22:17:03 +02:00			`Ok("Hello from settings!")`
add jwt auth 2022-06-09 18:59:14 +02:00			`}`

			`#[put("/user/{user_id}")]`
			`#[has_permissions("admin")]`
add errors 2022-06-09 22:17:03 +02:00			`async fn update_user(`
			`user_id: web::Path<i64>,`
			`user: web::ReqData<LoginUser>,`
			`data: web::Json<User>,`
			`) -> Result<impl Responder, ServiceError> {`
set user data in validator 2022-06-09 19:20:09 +02:00			`if user_id.into_inner() == user.id {`
add errors 2022-06-09 22:17:03 +02:00			`println!("{data:?}");`
			`return Ok("Update allow!");`
add jwt auth 2022-06-09 18:59:14 +02:00			`}`

add errors 2022-06-09 22:17:03 +02:00			`Err(ServiceError::Unauthorized)`
add jwt auth 2022-06-09 18:59:14 +02:00			`}`

			`/// curl -X POST -H "Content-Type: application/json" -d '{"username": "USER", "password": "abc123" }' \`
			`/// http://127.0.0.1:8080/auth/login/`
work on login route 2022-06-07 18:11:46 +02:00			`#[post("/auth/login/")]`
set user data in validator 2022-06-09 19:20:09 +02:00			`pub async fn login(credentials: web::Json<User>) -> impl Responder {`
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`match get_login(&credentials.username).await {`
			`Ok(mut user) => {`
			`let pass = user.password.clone();`
			`user.password = "".into();`
			`user.salt = None;`
add login 2022-06-07 22:05:35 +02:00
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`let hash = PasswordHash::new(&pass).unwrap();`
add login 2022-06-07 22:05:35 +02:00			`if Argon2::default()`
			`.verify_password(credentials.password.as_bytes(), &hash)`
			`.is_ok()`
			`{`
add jwt auth 2022-06-09 18:59:14 +02:00			`let role = get_role(&user.role_id.unwrap_or_default())`
			`.await`
			`.unwrap_or_else(\|_\| "guest".to_string());`
			`let claims = Claims::new(user.id, user.username.clone(), vec![role.clone()]);`

			`if let Ok(token) = create_jwt(claims) {`
			`user.token = Some(token);`
			`};`

			`info!("user {} login, with role: {role}", credentials.username);`
work on login route 2022-06-07 18:11:46 +02:00
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`web::Json(ResponseObj {`
			`message: "login correct!".into(),`
			`status: 200,`
			`data: Some(user),`
			`})`
add status 2022-06-08 18:16:58 +02:00			`.customize()`
			`.with_status(StatusCode::OK)`
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`} else {`
			`error!("Wrong password for {}!", credentials.username);`
			`web::Json(ResponseObj {`
			`message: "Wrong password!".into(),`
			`status: 401,`
			`data: None,`
			`})`
add status 2022-06-08 18:16:58 +02:00			`.customize()`
			`.with_status(StatusCode::FORBIDDEN)`
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`}`
			`}`
			`Err(e) => {`
			`error!("Login {} failed! {e}", credentials.username);`
			`return web::Json(ResponseObj {`
			`message: format!("Login {} failed!", credentials.username),`
add status 2022-06-08 18:16:58 +02:00			`status: 400,`
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`data: None,`
add status 2022-06-08 18:16:58 +02:00			`})`
			`.customize()`
			`.with_status(StatusCode::BAD_REQUEST);`
cleanup code, reponse object 2022-06-08 18:06:40 +02:00			`}`
			`}`
work on login route 2022-06-07 18:11:46 +02:00			`}`