From 4c5534d59f83dd4b9e9b12aa4695acdbbb14c0a8 Mon Sep 17 00:00:00 2001 From: ayushtom Date: Tue, 18 Jun 2024 15:33:38 +0530 Subject: [PATCH] feat: add user authentication on user create, issuer category on quest create --- src/endpoints/admin/quest/create_quest.rs | 21 ++++++++++++++------- src/endpoints/admin/user/create_user.rs | 23 +++++++++++++---------- 2 files changed, 27 insertions(+), 17 deletions(-) diff --git a/src/endpoints/admin/quest/create_quest.rs b/src/endpoints/admin/quest/create_quest.rs index cf384631..b6435509 100644 --- a/src/endpoints/admin/quest/create_quest.rs +++ b/src/endpoints/admin/quest/create_quest.rs @@ -1,20 +1,18 @@ -use crate::models::{ QuestInsertDocument,JWTClaims}; +use crate::models::{JWTClaims, QuestInsertDocument}; use crate::{models::AppState, utils::get_error}; +use axum::http::HeaderMap; use axum::{ extract::State, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; +use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::{doc, from_document}; use mongodb::options::FindOneOptions; use serde::Deserialize; use serde_json::json; use std::sync::Arc; -use axum::http::HeaderMap; -use jsonwebtoken::{Validation,Algorithm,decode,DecodingKey}; - - pub_struct!(Deserialize; CreateQuestQuery { name: String, @@ -28,6 +26,7 @@ pub_struct!(Deserialize; CreateQuestQuery { rewards_title: String, img_card: String, title_card: String, + issuer: Option, }); #[route( @@ -59,6 +58,14 @@ pub async fn handler( "level": 1, }; + let issuer = match user == "super_user" { + true => { + let result_issuer=(&body.issuer).as_ref().unwrap(); + result_issuer + }, + false => &user + }; + let mut new_document = doc! { "name": &body.name, "desc": &body.desc, @@ -66,7 +73,7 @@ pub async fn handler( "start_time": &body.start_time, "id": &next_id, "category":&body.category, - "issuer": &user, + "issuer": &issuer, "rewards_endpoint":"/quests/claimable", "rewards_title": &body.rewards_title, "rewards_img": &body.rewards_img, @@ -81,7 +88,7 @@ pub async fn handler( None => new_document.insert("expiry", None::), }; - match user == "admin" { + match issuer == "Starknet ID" { true => new_document.insert("experience", 50), false => new_document.insert("experience", 10), }; diff --git a/src/endpoints/admin/user/create_user.rs b/src/endpoints/admin/user/create_user.rs index b88f703e..84153bd8 100644 --- a/src/endpoints/admin/user/create_user.rs +++ b/src/endpoints/admin/user/create_user.rs @@ -1,17 +1,18 @@ -use crate::models::{LoginDetails}; +use crate::models::{JWTClaims, LoginDetails}; +use crate::utils::calculate_hash; use crate::{models::AppState, utils::get_error}; +use axum::http::HeaderMap; use axum::{ extract::State, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use mongodb::bson::{doc}; +use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; +use mongodb::bson::doc; use serde::Deserialize; use serde_json::json; use std::sync::Arc; -use crate::utils::calculate_hash; - pub_struct!(Deserialize; CreateCustom { user: String, @@ -21,8 +22,15 @@ pub_struct!(Deserialize; CreateCustom { #[route(post, "/admin/user/create", crate::endpoints::admin::user::create_user)] pub async fn handler( State(state): State>, + headers: HeaderMap, body: Json, ) -> impl IntoResponse { + let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; + + if user != "super_user" { + return get_error("Operation not allowed with your account".to_string()); + }; + let collection = state.db.collection::("login_details"); let hashed_password = calculate_hash(&body.password); @@ -32,12 +40,7 @@ pub async fn handler( }; // insert document to boost collection - return match collection - .insert_one(new_document, - None, - ) - .await - { + return match collection.insert_one(new_document, None).await { Ok(_) => ( StatusCode::OK, Json(json!({"message": "User added successfully"})).into_response(),