Merge pull request #256 from Ugo-X/testnet

Replace admin auth macro by middleware
lfglabs-dev · Sep 5, 2024 · 6b262c3 · 6b262c3
2 parents 7b07258 + c3bbd47
commit 6b262c3
Show file tree

Hide file tree

Showing 36 changed files with 249 additions and 277 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -10,7 +10,7 @@ starknet = { git = "https://github.com/xJonathanLEI/starknet-rs", rev = "c974e5c
 starknet-id = { git = "https://github.com/starknet-id/starknet-id.rs.git", rev = "2b30c2453b96789a628c86d2edebb1023fa2e77d" }
 serde_derive = "1.0.183"
 env_logger = "0.10.0"
-axum_auto_routes = { git = "https://github.com/Th0rgal/axum_auto_routes.git", rev = "f9e1d2083e887cd264642359c4aa851938da6f09" }
+axum_auto_routes = { git = "https://github.com/Th0rgal/axum_auto_routes.git", rev = "4bcae49628a657ed4bdc1749dfd4f1221ffaffe7" }
 axum = "0.6.17"
 toml = "0.5.10"
 serde = { version = "1.0.152", features = ["derive"] }

diff --git a/mod.rs b/mod.rs
@@ -0,0 +1,5 @@
+pub mod create_quest;
+pub(crate) mod get_quest;
+pub mod get_quests;
+pub mod get_tasks;
+pub mod update_quest;
diff --git a/src/endpoints/achievements/verify_seniority.rs b/src/endpoints/achievements/verify_seniority.rs
@@ -55,4 +55,4 @@ pub async fn handler(
         }
         Err(e) => get_error(e),
     }
-}
+}
diff --git a/src/endpoints/admin/balance/create_balance.rs b/src/endpoints/admin/balance/create_balance.rs
@@ -1,14 +1,13 @@
-use crate::models::{JWTClaims, QuestDocument, QuestTaskDocument};
+use crate::models::{QuestDocument, QuestTaskDocument};
 use crate::utils::verify_quest_auth;
 use crate::{models::AppState, utils::get_error};
-use axum::http::HeaderMap;
+use crate::middleware::auth::auth_middleware;
 use axum::{
-    extract::State,
+    extract::{Extension, State},
     http::StatusCode,
-    response::{IntoResponse, Json},
+    response::{IntoResponse, Json}
 };
 use axum_auto_routes::route;
-use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
 use mongodb::bson::doc;
 use mongodb::options::FindOneOptions;
 use serde::Deserialize;
@@ -26,13 +25,12 @@ pub_struct!(Deserialize; CreateBalance {
     cta: String,
 });
 
-#[route(post, "/admin/tasks/balance/create")]
+#[route(post, "/admin/tasks/balance/create", auth_middleware)]
 pub async fn handler(
     State(state): State<Arc<AppState>>,
-    headers: HeaderMap,
-    body: Json<CreateBalance>,
+    Extension(sub): Extension<String>,
+    Json(body): Json<CreateBalance>,
 ) -> impl IntoResponse {
-    let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String;
     let collection = state.db.collection::<QuestTaskDocument>("tasks");
     // Get the last id in increasing order
     let last_id_filter = doc! {};
@@ -41,7 +39,7 @@ pub async fn handler(
 
     let quests_collection = state.db.collection::<QuestDocument>("quests");
 
-    let res = verify_quest_auth(user, &quests_collection, &(body.quest_id as i64)).await;
+    let res = verify_quest_auth(sub, &quests_collection, &(body.quest_id as i64)).await;
     if !res {
         return get_error("Error creating task".to_string());
     };

diff --git a/src/endpoints/admin/balance/update_balance.rs b/src/endpoints/admin/balance/update_balance.rs
@@ -1,14 +1,14 @@
-use crate::models::{JWTClaims, QuestTaskDocument};
-use crate::utils::verify_task_auth;
+use crate::models::QuestTaskDocument;
 use crate::{models::AppState, utils::get_error};
-use axum::http::HeaderMap;
+use crate::middleware::auth::auth_middleware;
+use crate::utils::verify_task_auth;
+
 use axum::{
-    extract::State,
+    extract::{Extension, State},
     http::StatusCode,
     response::{IntoResponse, Json},
 };
 use axum_auto_routes::route;
-use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
 use mongodb::bson::doc;
 use serde::Deserialize;
 use serde_json::json;
@@ -30,16 +30,15 @@ fn field_element_to_bson(fe: &FieldElement) -> mongodb::bson::Bson {
     mongodb::bson::Bson::String(fe.to_string())
 }
 
-#[route(post, "/admin/tasks/balance/update")]
+#[route(post, "/admin/tasks/balance/update", auth_middleware)]
 pub async fn handler(
     State(state): State<Arc<AppState>>,
-    headers: HeaderMap,
-    body: Json<CreateBalance>,
+    Extension(sub): Extension<String>,
+    Json(body): Json<CreateBalance>,
 ) -> impl IntoResponse {
-    let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String;
     let collection = state.db.collection::<QuestTaskDocument>("tasks");
 
-    let res = verify_task_auth(user, &collection, &(body.id as i32)).await;
+    let res = verify_task_auth(sub, &collection, &(body.id as i32)).await;
     if !res {
         return get_error("Error updating tasks".to_string());
     }

diff --git a/src/endpoints/admin/custom/create_custom.rs b/src/endpoints/admin/custom/create_custom.rs
@@ -1,14 +1,13 @@
-use crate::models::{JWTClaims, QuestDocument, QuestTaskDocument};
+use crate::models::{QuestDocument, QuestTaskDocument};
 use crate::utils::verify_quest_auth;
 use crate::{models::AppState, utils::get_error};
-use axum::http::HeaderMap;
+use crate::middleware::auth::auth_middleware;
 use axum::{
-    extract::State,
+    extract::{State, Extension},
     http::StatusCode,
     response::{IntoResponse, Json},
 };
 use axum_auto_routes::route;
-use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
 use mongodb::bson::doc;
 use mongodb::options::FindOneOptions;
 use serde::Deserialize;
@@ -24,13 +23,12 @@ pub_struct!(Deserialize; CreateCustom {
     api: String,
 });
 
-#[route(post, "/admin/tasks/custom/create")]
+#[route(post, "/admin/tasks/custom/create", auth_middleware)]
 pub async fn handler(
     State(state): State<Arc<AppState>>,
-    headers: HeaderMap,
-    body: Json<CreateCustom>,
+    Extension(sub): Extension<String>,
+    Json(body): Json<CreateCustom>,
 ) -> impl IntoResponse {
-    let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String;
     let collection = state.db.collection::<QuestTaskDocument>("tasks");
     // Get the last id in increasing order
     let last_id_filter = doc! {};
@@ -39,11 +37,11 @@ pub async fn handler(
 
     let quests_collection = state.db.collection::<QuestDocument>("quests");
 
-    let res = verify_quest_auth(user, &quests_collection, &(body.quest_id as i64)).await;
+    let res = verify_quest_auth(sub, &quests_collection, &(body.quest_id as i64)).await;
     if !res {
         return get_error("Error creating task".to_string());
     };
-
+   
     let mut next_id = 1;
     if let Some(doc) = last_doc {
         let last_id = doc.id;

diff --git a/src/endpoints/admin/custom/update_custom.rs b/src/endpoints/admin/custom/update_custom.rs
@@ -1,14 +1,13 @@
-use crate::models::{JWTClaims, QuestTaskDocument};
+use crate::models::QuestTaskDocument;
 use crate::utils::verify_task_auth;
 use crate::{models::AppState, utils::get_error};
-use axum::http::HeaderMap;
+use crate::middleware::auth::auth_middleware;
 use axum::{
-    extract::State,
+    extract::{State, Extension},
     http::StatusCode,
     response::{IntoResponse, Json},
 };
 use axum_auto_routes::route;
-use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
 use mongodb::bson::doc;
 use serde::Deserialize;
 use serde_json::json;
@@ -25,20 +24,19 @@ pub_struct!(Deserialize; CreateCustom {
     href: Option<String>,
 });
 
-#[route(post, "/admin/tasks/custom/update")]
+#[route(post, "/admin/tasks/custom/update", auth_middleware)]
 pub async fn handler(
     State(state): State<Arc<AppState>>,
-    headers: HeaderMap,
-    body: Json<CreateCustom>,
+    Extension(sub): Extension<String>,
+    Json(body): Json<CreateCustom>,
 ) -> impl IntoResponse {
-    let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String;
     let collection = state.db.collection::<QuestTaskDocument>("tasks");
-
-    let res = verify_task_auth(user, &collection, &(body.id as i32)).await;
+    
+    let res = verify_task_auth(sub, &collection, &(body.id as i32)).await;
     if !res {
         return get_error("Error updating tasks".to_string());
     }
-
+    
     // filter to get existing quest
     let filter = doc! {
         "id": &body.id,

diff --git a/src/endpoints/admin/delete_task.rs b/src/endpoints/admin/delete_task.rs
@@ -1,14 +1,13 @@
-use crate::models::{JWTClaims, QuestTaskDocument};
+use crate::models::QuestTaskDocument;
 use crate::utils::verify_task_auth;
 use crate::{models::AppState, utils::get_error};
-use axum::http::HeaderMap;
+use crate::middleware::auth::auth_middleware;
 use axum::{
-    extract::State,
+    extract::{Extension, State},
     http::StatusCode,
     response::{IntoResponse, Json},
 };
 use axum_auto_routes::route;
-use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
 use mongodb::bson::doc;
 use serde::Deserialize;
 use serde_json::json;
@@ -18,15 +17,14 @@ pub_struct!(Deserialize; DeleteTask {
    id: i32,
 });
 
-#[route(post, "/admin/tasks/remove_task")]
+#[route(post, "/admin/tasks/remove_task", auth_middleware)]
 pub async fn handler(
     State(state): State<Arc<AppState>>,
-    headers: HeaderMap,
+    Extension(sub): Extension<String>,
     body: Json<DeleteTask>,
 ) -> impl IntoResponse {
-    let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String;
     let collection = state.db.collection::<QuestTaskDocument>("tasks");
-    let res = verify_task_auth(user, &collection, &body.id).await;
+    let res = verify_task_auth(sub, &collection, &body.id).await;
     if !res {
         return get_error("Error updating tasks".to_string());
     }

diff --git a/src/endpoints/admin/discord/create_discord.rs b/src/endpoints/admin/discord/create_discord.rs
@@ -1,14 +1,13 @@
-use crate::models::{JWTClaims, QuestDocument, QuestTaskDocument};
+use crate::models::{QuestDocument,QuestTaskDocument};
 use crate::utils::verify_quest_auth;
 use crate::{models::AppState, utils::get_error};
-use axum::http::HeaderMap;
+use crate::middleware::auth::auth_middleware;
 use axum::{
-    extract::State,
+    extract::{State, Extension},
     http::StatusCode,
     response::{IntoResponse, Json},
 };
 use axum_auto_routes::route;
-use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
 use mongodb::bson::doc;
 use mongodb::options::FindOneOptions;
 use serde::Deserialize;
@@ -23,13 +22,12 @@ pub_struct!(Deserialize; CreateCustom {
     guild_id: String,
 });
 
-#[route(post, "/admin/tasks/discord/create")]
+#[route(post, "/admin/tasks/discord/create", auth_middleware)]
 pub async fn handler(
     State(state): State<Arc<AppState>>,
-    headers: HeaderMap,
-    body: Json<CreateCustom>,
+    Extension(sub): Extension<String>,
+    Json(body): Json<CreateCustom>,
 ) -> impl IntoResponse {
-    let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String;
     let collection = state.db.collection::<QuestTaskDocument>("tasks");
     // Get the last id in increasing order
     let last_id_filter = doc! {};
@@ -38,7 +36,7 @@ pub async fn handler(
 
     let quests_collection = state.db.collection::<QuestDocument>("quests");
 
-    let res = verify_quest_auth(user, &quests_collection, &(body.quest_id as i64)).await;
+    let res = verify_quest_auth(sub, &quests_collection, &(body.quest_id as i64)).await;
     if !res {
         return get_error("Error creating task".to_string());
     };

diff --git a/src/endpoints/admin/discord/update_discord.rs b/src/endpoints/admin/discord/update_discord.rs
@@ -1,14 +1,13 @@
-use crate::models::{JWTClaims, QuestTaskDocument};
+use crate::models::QuestTaskDocument;
 use crate::utils::verify_task_auth;
 use crate::{models::AppState, utils::get_error};
-use axum::http::HeaderMap;
+use crate::middleware::auth::auth_middleware;
 use axum::{
-    extract::State,
+    extract::{State, Extension},
     http::StatusCode,
     response::{IntoResponse, Json},
 };
 use axum_auto_routes::route;
-use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
 use mongodb::bson::doc;
 use serde::Deserialize;
 use serde_json::json;
@@ -22,16 +21,15 @@ pub_struct!(Deserialize; CreateCustom {
     guild_id: Option<String>,
 });
 
-#[route(post, "/admin/tasks/discord/update")]
+#[route(post, "/admin/tasks/discord/update", auth_middleware)]
 pub async fn handler(
     State(state): State<Arc<AppState>>,
-    headers: HeaderMap,
-    body: Json<CreateCustom>,
+    Extension(sub): Extension<String>,
+    Json(body): Json<CreateCustom>,
 ) -> impl IntoResponse {
-    let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String;
     let collection = state.db.collection::<QuestTaskDocument>("tasks");
-
-    let res = verify_task_auth(user, &collection, &(body.id as i32)).await;
+    
+    let res = verify_task_auth(sub, &collection, &(body.id as i32)).await;
     if !res {
         return get_error("Error updating tasks".to_string());
     }

diff --git a/src/endpoints/admin/domain/create_domain.rs b/src/endpoints/admin/domain/create_domain.rs
@@ -1,14 +1,13 @@
-use crate::models::{JWTClaims, QuestDocument, QuestTaskDocument};
+use crate::models::{QuestDocument, QuestTaskDocument};
 use crate::utils::verify_quest_auth;
 use crate::{models::AppState, utils::get_error};
-use axum::http::HeaderMap;
+use crate::middleware::auth::auth_middleware;
 use axum::{
-    extract::State,
+    extract::{State, Extension},
     http::StatusCode,
     response::{IntoResponse, Json},
 };
 use axum_auto_routes::route;
-use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
 use mongodb::bson::doc;
 use mongodb::options::FindOneOptions;
 use serde::Deserialize;
@@ -21,17 +20,16 @@ pub_struct!(Deserialize; CreateTwitterFw {
     quest_id: i64,
 });
 
-#[route(post, "/admin/tasks/domain/create")]
+#[route(post, "/admin/tasks/domain/create", auth_middleware)]
 pub async fn handler(
     State(state): State<Arc<AppState>>,
-    headers: HeaderMap,
-    body: Json<CreateTwitterFw>,
+    Extension(sub): Extension<String>,
+    Json(body): Json<CreateTwitterFw>,
 ) -> impl IntoResponse {
-    let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String;
     let collection = state.db.collection::<QuestTaskDocument>("tasks");
     let quests_collection = state.db.collection::<QuestDocument>("quests");
 
-    let res = verify_quest_auth(user, &quests_collection, &body.quest_id).await;
+    let res = verify_quest_auth(sub, &quests_collection, &body.quest_id).await;
     if !res {
         return get_error("Error creating task".to_string());
     };
-Original file line number
+Diff line change
@@ Expand Up / @@ -55,4 +55,4 @@ pub async fn handler( @@
             }
             Err(e) => get_error(e),
         }
-    }
+    }