diff --git a/Cargo.toml b/Cargo.toml index 20ba303b..2f6ad551 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ starknet = { git = "https://github.com/xJonathanLEI/starknet-rs", rev = "c974e5c starknet-id = { git = "https://github.com/starknet-id/starknet-id.rs.git", rev = "2b30c2453b96789a628c86d2edebb1023fa2e77d" } serde_derive = "1.0.183" env_logger = "0.10.0" -axum_auto_routes = { git = "https://github.com/Th0rgal/axum_auto_routes.git", rev = "f9e1d2083e887cd264642359c4aa851938da6f09" } +axum_auto_routes = { git = "https://github.com/Th0rgal/axum_auto_routes.git", rev = "4bcae49628a657ed4bdc1749dfd4f1221ffaffe7" } axum = "0.6.17" toml = "0.5.10" serde = { version = "1.0.152", features = ["derive"] } diff --git a/mod.rs b/mod.rs new file mode 100644 index 00000000..504a74c6 --- /dev/null +++ b/mod.rs @@ -0,0 +1,5 @@ +pub mod create_quest; +pub(crate) mod get_quest; +pub mod get_quests; +pub mod get_tasks; +pub mod update_quest; diff --git a/src/endpoints/achievements/verify_seniority.rs b/src/endpoints/achievements/verify_seniority.rs index 0ff48a47..a60c49f2 100644 --- a/src/endpoints/achievements/verify_seniority.rs +++ b/src/endpoints/achievements/verify_seniority.rs @@ -55,4 +55,4 @@ pub async fn handler( } Err(e) => get_error(e), } -} +} \ No newline at end of file diff --git a/src/endpoints/admin/balance/create_balance.rs b/src/endpoints/admin/balance/create_balance.rs index 14198b15..4de3928e 100644 --- a/src/endpoints/admin/balance/create_balance.rs +++ b/src/endpoints/admin/balance/create_balance.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, QuestDocument, QuestTaskDocument}; +use crate::models::{QuestDocument, QuestTaskDocument}; use crate::utils::verify_quest_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{Extension, State}, http::StatusCode, - response::{IntoResponse, Json}, + response::{IntoResponse, Json} }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use mongodb::options::FindOneOptions; use serde::Deserialize; @@ -26,13 +25,12 @@ pub_struct!(Deserialize; CreateBalance { cta: String, }); -#[route(post, "/admin/tasks/balance/create")] +#[route(post, "/admin/tasks/balance/create", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Extension(sub): Extension, + Json(body): Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("tasks"); // Get the last id in increasing order let last_id_filter = doc! {}; @@ -41,7 +39,7 @@ pub async fn handler( let quests_collection = state.db.collection::("quests"); - let res = verify_quest_auth(user, &quests_collection, &(body.quest_id as i64)).await; + let res = verify_quest_auth(sub, &quests_collection, &(body.quest_id as i64)).await; if !res { return get_error("Error creating task".to_string()); }; diff --git a/src/endpoints/admin/balance/update_balance.rs b/src/endpoints/admin/balance/update_balance.rs index 2b44bfd2..1764b469 100644 --- a/src/endpoints/admin/balance/update_balance.rs +++ b/src/endpoints/admin/balance/update_balance.rs @@ -1,14 +1,14 @@ -use crate::models::{JWTClaims, QuestTaskDocument}; -use crate::utils::verify_task_auth; +use crate::models::QuestTaskDocument; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; +use crate::utils::verify_task_auth; + use axum::{ - extract::State, + extract::{Extension, State}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use serde::Deserialize; use serde_json::json; @@ -30,16 +30,15 @@ fn field_element_to_bson(fe: &FieldElement) -> mongodb::bson::Bson { mongodb::bson::Bson::String(fe.to_string()) } -#[route(post, "/admin/tasks/balance/update")] +#[route(post, "/admin/tasks/balance/update", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Extension(sub): Extension, + Json(body): Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("tasks"); - let res = verify_task_auth(user, &collection, &(body.id as i32)).await; + let res = verify_task_auth(sub, &collection, &(body.id as i32)).await; if !res { return get_error("Error updating tasks".to_string()); } diff --git a/src/endpoints/admin/custom/create_custom.rs b/src/endpoints/admin/custom/create_custom.rs index 743ad885..2180d7e8 100644 --- a/src/endpoints/admin/custom/create_custom.rs +++ b/src/endpoints/admin/custom/create_custom.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, QuestDocument, QuestTaskDocument}; +use crate::models::{QuestDocument, QuestTaskDocument}; use crate::utils::verify_quest_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{State, Extension}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use mongodb::options::FindOneOptions; use serde::Deserialize; @@ -24,13 +23,12 @@ pub_struct!(Deserialize; CreateCustom { api: String, }); -#[route(post, "/admin/tasks/custom/create")] +#[route(post, "/admin/tasks/custom/create", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Extension(sub): Extension, + Json(body): Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("tasks"); // Get the last id in increasing order let last_id_filter = doc! {}; @@ -39,11 +37,11 @@ pub async fn handler( let quests_collection = state.db.collection::("quests"); - let res = verify_quest_auth(user, &quests_collection, &(body.quest_id as i64)).await; + let res = verify_quest_auth(sub, &quests_collection, &(body.quest_id as i64)).await; if !res { return get_error("Error creating task".to_string()); }; - + let mut next_id = 1; if let Some(doc) = last_doc { let last_id = doc.id; diff --git a/src/endpoints/admin/custom/update_custom.rs b/src/endpoints/admin/custom/update_custom.rs index c5f21c7a..fb921458 100644 --- a/src/endpoints/admin/custom/update_custom.rs +++ b/src/endpoints/admin/custom/update_custom.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, QuestTaskDocument}; +use crate::models::QuestTaskDocument; use crate::utils::verify_task_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{State, Extension}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use serde::Deserialize; use serde_json::json; @@ -25,20 +24,19 @@ pub_struct!(Deserialize; CreateCustom { href: Option, }); -#[route(post, "/admin/tasks/custom/update")] +#[route(post, "/admin/tasks/custom/update", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Extension(sub): Extension, + Json(body): Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("tasks"); - - let res = verify_task_auth(user, &collection, &(body.id as i32)).await; + + let res = verify_task_auth(sub, &collection, &(body.id as i32)).await; if !res { return get_error("Error updating tasks".to_string()); } - + // filter to get existing quest let filter = doc! { "id": &body.id, diff --git a/src/endpoints/admin/delete_task.rs b/src/endpoints/admin/delete_task.rs index ed04b8c4..d16faacd 100644 --- a/src/endpoints/admin/delete_task.rs +++ b/src/endpoints/admin/delete_task.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, QuestTaskDocument}; +use crate::models::QuestTaskDocument; use crate::utils::verify_task_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{Extension, State}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use serde::Deserialize; use serde_json::json; @@ -18,15 +17,14 @@ pub_struct!(Deserialize; DeleteTask { id: i32, }); -#[route(post, "/admin/tasks/remove_task")] +#[route(post, "/admin/tasks/remove_task", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, + Extension(sub): Extension, body: Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("tasks"); - let res = verify_task_auth(user, &collection, &body.id).await; + let res = verify_task_auth(sub, &collection, &body.id).await; if !res { return get_error("Error updating tasks".to_string()); } diff --git a/src/endpoints/admin/discord/create_discord.rs b/src/endpoints/admin/discord/create_discord.rs index 8f1da307..6f6c7ef6 100644 --- a/src/endpoints/admin/discord/create_discord.rs +++ b/src/endpoints/admin/discord/create_discord.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, QuestDocument, QuestTaskDocument}; +use crate::models::{QuestDocument,QuestTaskDocument}; use crate::utils::verify_quest_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{State, Extension}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use mongodb::options::FindOneOptions; use serde::Deserialize; @@ -23,13 +22,12 @@ pub_struct!(Deserialize; CreateCustom { guild_id: String, }); -#[route(post, "/admin/tasks/discord/create")] +#[route(post, "/admin/tasks/discord/create", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Extension(sub): Extension, + Json(body): Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("tasks"); // Get the last id in increasing order let last_id_filter = doc! {}; @@ -38,7 +36,7 @@ pub async fn handler( let quests_collection = state.db.collection::("quests"); - let res = verify_quest_auth(user, &quests_collection, &(body.quest_id as i64)).await; + let res = verify_quest_auth(sub, &quests_collection, &(body.quest_id as i64)).await; if !res { return get_error("Error creating task".to_string()); }; diff --git a/src/endpoints/admin/discord/update_discord.rs b/src/endpoints/admin/discord/update_discord.rs index 68304b7a..c445da15 100644 --- a/src/endpoints/admin/discord/update_discord.rs +++ b/src/endpoints/admin/discord/update_discord.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, QuestTaskDocument}; +use crate::models::QuestTaskDocument; use crate::utils::verify_task_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{State, Extension}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use serde::Deserialize; use serde_json::json; @@ -22,16 +21,15 @@ pub_struct!(Deserialize; CreateCustom { guild_id: Option, }); -#[route(post, "/admin/tasks/discord/update")] +#[route(post, "/admin/tasks/discord/update", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Extension(sub): Extension, + Json(body): Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("tasks"); - - let res = verify_task_auth(user, &collection, &(body.id as i32)).await; + + let res = verify_task_auth(sub, &collection, &(body.id as i32)).await; if !res { return get_error("Error updating tasks".to_string()); } diff --git a/src/endpoints/admin/domain/create_domain.rs b/src/endpoints/admin/domain/create_domain.rs index 78fadea9..586e1fb4 100644 --- a/src/endpoints/admin/domain/create_domain.rs +++ b/src/endpoints/admin/domain/create_domain.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, QuestDocument, QuestTaskDocument}; +use crate::models::{QuestDocument, QuestTaskDocument}; use crate::utils::verify_quest_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{State, Extension}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use mongodb::options::FindOneOptions; use serde::Deserialize; @@ -21,17 +20,16 @@ pub_struct!(Deserialize; CreateTwitterFw { quest_id: i64, }); -#[route(post, "/admin/tasks/domain/create")] +#[route(post, "/admin/tasks/domain/create", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Extension(sub): Extension, + Json(body): Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("tasks"); let quests_collection = state.db.collection::("quests"); - let res = verify_quest_auth(user, &quests_collection, &body.quest_id).await; + let res = verify_quest_auth(sub, &quests_collection, &body.quest_id).await; if !res { return get_error("Error creating task".to_string()); }; diff --git a/src/endpoints/admin/domain/update_domain.rs b/src/endpoints/admin/domain/update_domain.rs index 9848fcc0..cf79509a 100644 --- a/src/endpoints/admin/domain/update_domain.rs +++ b/src/endpoints/admin/domain/update_domain.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, QuestTaskDocument}; +use crate::models::QuestTaskDocument; use crate::utils::verify_task_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{State, Extension}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use serde::Deserialize; use serde_json::json; @@ -20,16 +19,14 @@ pub_struct!(Deserialize; CreateTwitterFw { id: i32, }); -#[route(post, "/admin/tasks/domain/update")] +#[route(post, "/admin/tasks/domain/update", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Extension(sub): Extension, + Json(body): Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("tasks"); - - let res = verify_task_auth(user, &collection, &body.id).await; + let res = verify_task_auth(sub, &collection, &body.id).await; if !res { return get_error("Error updating tasks".to_string()); } diff --git a/src/endpoints/admin/nft_uri/create_uri.rs b/src/endpoints/admin/nft_uri/create_uri.rs index 1742c1c1..1a58c008 100644 --- a/src/endpoints/admin/nft_uri/create_uri.rs +++ b/src/endpoints/admin/nft_uri/create_uri.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, NFTUri, QuestDocument}; +use crate::models::{NFTUri, QuestDocument}; use crate::utils::verify_quest_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{State, Extension}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use mongodb::options::FindOneOptions; use serde::Deserialize; @@ -22,18 +21,16 @@ pub_struct!(Deserialize; CreateCustom { image: String, }); -#[route(post, "/admin/nft_uri/create")] +#[route(post, "/admin/nft_uri/create", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Extension(sub): Extension, + Json(body): Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("nft_uri"); - let quests_collection = state.db.collection::("quests"); - let res = verify_quest_auth(user, &quests_collection, &(body.quest_id as i64)).await; + let res = verify_quest_auth(sub, &quests_collection, &(body.quest_id as i64)).await; if !res { return get_error("Error creating task".to_string()); }; diff --git a/src/endpoints/admin/nft_uri/get_nft_uri.rs b/src/endpoints/admin/nft_uri/get_nft_uri.rs index 0c2abf5d..f7f61c16 100644 --- a/src/endpoints/admin/nft_uri/get_nft_uri.rs +++ b/src/endpoints/admin/nft_uri/get_nft_uri.rs @@ -1,5 +1,6 @@ use crate::models::NFTUri; use crate::{models::AppState, utils::get_error}; +use crate::middleware::auth::auth_middleware; use axum::{ extract::{Query, State}, http::StatusCode, @@ -16,7 +17,7 @@ pub struct GetQuestsQuery { id: i64, } -#[route(get, "/admin/nft_uri/get_nft_uri")] +#[route(get, "/admin/nft_uri/get_nft_uri", auth_middleware)] pub async fn handler( State(state): State>, Query(query): Query, diff --git a/src/endpoints/admin/nft_uri/update_uri.rs b/src/endpoints/admin/nft_uri/update_uri.rs index 4a11fb68..c335d8ee 100644 --- a/src/endpoints/admin/nft_uri/update_uri.rs +++ b/src/endpoints/admin/nft_uri/update_uri.rs @@ -1,13 +1,12 @@ -use crate::models::{JWTClaims, NFTUri}; +use crate::models::NFTUri; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ extract::State, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use serde::Deserialize; use serde_json::json; @@ -20,13 +19,11 @@ pub_struct!(Deserialize; CreateCustom { image: Option, }); -#[route(post, "/admin/nft_uri/update")] +#[route(post, "/admin/nft_uri/update", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Json(body): Json, ) -> impl IntoResponse { - let _user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("nft_uri"); // filter to get existing quest diff --git a/src/endpoints/admin/quest/create_quest.rs b/src/endpoints/admin/quest/create_quest.rs index e78185be..febe4186 100644 --- a/src/endpoints/admin/quest/create_quest.rs +++ b/src/endpoints/admin/quest/create_quest.rs @@ -1,13 +1,12 @@ -use crate::models::{JWTClaims, QuestInsertDocument}; +use crate::models::QuestInsertDocument; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{State, Extension}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::{doc, from_document}; use mongodb::options::FindOneOptions; use serde::Deserialize; @@ -29,15 +28,13 @@ pub_struct!(Deserialize; CreateQuestQuery { issuer: Option, }); -#[route(post, "/admin/quest/create")] +#[route(post, "/admin/quest/create", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Extension(sub): Extension, + Json(body): Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("quests"); - // Get the last id in increasing order let last_id_filter = doc! {}; let options = FindOneOptions::builder().sort(doc! {"id": -1}).build(); @@ -54,12 +51,12 @@ pub async fn handler( "level": 1, }; - let issuer = match user == "super_user" { + let issuer = match sub == "super_user" { true => { let result_issuer = (&body.issuer).as_ref().unwrap(); result_issuer } - false => &user, + false => &sub, }; let mut new_document = doc! { diff --git a/src/endpoints/admin/quest/get_quest.rs b/src/endpoints/admin/quest/get_quest.rs index 283a89a3..cf5dfcfc 100644 --- a/src/endpoints/admin/quest/get_quest.rs +++ b/src/endpoints/admin/quest/get_quest.rs @@ -1,16 +1,15 @@ use crate::{ - models::{AppState, JWTClaims, QuestDocument}, + models::{AppState, QuestDocument}, utils::get_error, }; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::{Query, State}, + extract::{Query, State, Extension}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; use futures::StreamExt; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use serde::Deserialize; use std::sync::Arc; @@ -20,13 +19,12 @@ pub struct GetQuestsQuery { id: i32, } -#[route(get, "/admin/quest/get_quest")] +#[route(get, "/admin/quest/get_quest", auth_middleware)] pub async fn handler( State(state): State>, Query(query): Query, - headers: HeaderMap, + Extension(sub): Extension ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("quests"); let mut pipeline = vec![ doc! { @@ -71,12 +69,12 @@ pub async fn handler( }, ]; - if user != "super_user" { + if sub != "super_user" { pipeline.insert( 1, doc! { "$match": doc! { - "issuer": user, + "issuer": sub, } }, ); diff --git a/src/endpoints/admin/quest/get_quests.rs b/src/endpoints/admin/quest/get_quests.rs index b981cc72..cf6f7ac0 100644 --- a/src/endpoints/admin/quest/get_quests.rs +++ b/src/endpoints/admin/quest/get_quests.rs @@ -1,27 +1,28 @@ use crate::{ - models::{AppState, JWTClaims, QuestDocument}, + models::{AppState, QuestDocument}, utils::get_error, }; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{State, Extension}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; use futures::StreamExt; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::{doc, from_document}; use std::sync::Arc; -#[route(get, "/admin/quest/get_quests")] -pub async fn handler(State(state): State>, headers: HeaderMap) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()); +#[route(get, "/admin/quest/get_quests", auth_middleware)] +pub async fn handler( + State(state): State>, + Extension(sub): Extension +) -> impl IntoResponse { let mut pipeline = vec![]; - if user != "super_user" { + if sub != "super_user" { pipeline.push(doc! { "$match": doc! { - "issuer":user + "issuer":sub } }); } diff --git a/src/endpoints/admin/quest/get_tasks.rs b/src/endpoints/admin/quest/get_tasks.rs index 36aaf716..0723d4f8 100644 --- a/src/endpoints/admin/quest/get_tasks.rs +++ b/src/endpoints/admin/quest/get_tasks.rs @@ -1,4 +1,5 @@ use crate::{models::AppState, utils::get_error}; +use crate::middleware::auth::auth_middleware; use axum::{ extract::{Query, State}, http::StatusCode, @@ -31,7 +32,7 @@ pub struct GetTasksQuery { quest_id: u32, } -#[route(get, "/admin/quest/get_tasks")] +#[route(get, "/admin/quest/get_tasks", auth_middleware)] pub async fn handler( State(state): State>, Query(query): Query, diff --git a/src/endpoints/admin/quest/update_quest.rs b/src/endpoints/admin/quest/update_quest.rs index 627b5555..006bc900 100644 --- a/src/endpoints/admin/quest/update_quest.rs +++ b/src/endpoints/admin/quest/update_quest.rs @@ -1,13 +1,12 @@ -use crate::models::{JWTClaims, QuestDocument}; +use crate::models::QuestDocument; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{State, Extension}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::{doc, Document}; use serde::Deserialize; use serde_json::json; @@ -29,13 +28,12 @@ pub_struct!(Deserialize; UpdateQuestQuery { issuer: Option, }); -#[route(post, "/admin/quest/update")] +#[route(post, "/admin/quest/update", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Extension(sub): Extension, + Json(body): Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("quests"); // filter to get existing quest @@ -44,8 +42,8 @@ pub async fn handler( }; // check if user is super_user - if user != "super_user" { - filter.insert("issuer", user); + if sub != "super_user" { + filter.insert("issuer", sub); } let existing_quest = &collection.find_one(filter.clone(), None).await.unwrap(); diff --git a/src/endpoints/admin/quest_boost/create_boost.rs b/src/endpoints/admin/quest_boost/create_boost.rs index 1cd40a1c..42ed1231 100644 --- a/src/endpoints/admin/quest_boost/create_boost.rs +++ b/src/endpoints/admin/quest_boost/create_boost.rs @@ -1,14 +1,13 @@ -use crate::models::{BoostTable, JWTClaims, QuestDocument}; +use crate::models::{BoostTable, QuestDocument}; use crate::utils::verify_quest_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{State, Extension}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use mongodb::options::FindOneOptions; use serde::Deserialize; @@ -28,17 +27,16 @@ pub struct CreateBoostQuery { img_url: String, } -#[route(post, "/admin/quest_boost/create_boost")] +#[route(post, "/admin/quest_boost/create_boost", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Extension(sub): Extension, + Json(body): Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("boosts"); let quests_collection = state.db.collection::("quests"); - let res = verify_quest_auth(user, &quests_collection, &(body.quest_id as i64)).await; + let res = verify_quest_auth(sub, &quests_collection, &(body.quest_id as i64)).await; if !res { return get_error("Error creating boost".to_string()); }; diff --git a/src/endpoints/admin/quest_boost/update_boost.rs b/src/endpoints/admin/quest_boost/update_boost.rs index fea7eac2..3d120380 100644 --- a/src/endpoints/admin/quest_boost/update_boost.rs +++ b/src/endpoints/admin/quest_boost/update_boost.rs @@ -1,14 +1,13 @@ -use crate::models::{BoostTable, JWTClaims, QuestDocument}; +use crate::models::{BoostTable, QuestDocument}; use crate::utils::verify_quest_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{Extension, State}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::{doc, Document}; use mongodb::options::FindOneAndUpdateOptions; use serde::Deserialize; @@ -27,13 +26,12 @@ pub_struct!(Deserialize; UpdateBoostQuery { hidden: Option, }); -#[route(post, "/admin/quest_boost/update_boost")] +#[route(post, "/admin/quest_boost/update_boost", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, + Extension(sub): Extension, body: Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("boosts"); let questcollection = state.db.collection::("quests"); @@ -46,7 +44,7 @@ pub async fn handler( return get_error("boost does not exist".to_string()); } let quest_id = res.as_ref().unwrap().quests[0]; - let res = verify_quest_auth(user, &questcollection, &(quest_id as i64)).await; + let res = verify_quest_auth(sub, &questcollection, &(quest_id as i64)).await; if !res { return get_error("Error updating boost".to_string()); diff --git a/src/endpoints/admin/quiz/create_question.rs b/src/endpoints/admin/quiz/create_question.rs index 2fdd0dde..f88586f6 100644 --- a/src/endpoints/admin/quiz/create_question.rs +++ b/src/endpoints/admin/quiz/create_question.rs @@ -1,16 +1,15 @@ use crate::models::{ - JWTClaims, QuestDocument, QuestTaskDocument, QuizInsertDocument, QuizQuestionDocument, + QuestDocument, QuestTaskDocument, QuizInsertDocument, QuizQuestionDocument, }; use crate::utils::verify_quest_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{Extension, State}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use mongodb::options::FindOneOptions; use serde::Deserialize; @@ -24,13 +23,12 @@ pub_struct!(Deserialize; CreateQuizQuestion { correct_answers: Vec, }); -#[route(post, "/admin/tasks/quiz/question/create")] +#[route(post, "/admin/tasks/quiz/question/create", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, + Extension(sub): Extension, body: Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let quiz_collection = state.db.collection::("quizzes"); let quiz_questions_collection = state .db @@ -49,7 +47,7 @@ pub async fn handler( // get the quest id let quest_id = res.as_ref().unwrap().id as i64; - let res = verify_quest_auth(user, &quests_collection, &quest_id).await; + let res = verify_quest_auth(sub, &quests_collection, &quest_id).await; if !res { return get_error("Error creating task".to_string()); }; diff --git a/src/endpoints/admin/quiz/create_quiz.rs b/src/endpoints/admin/quiz/create_quiz.rs index 9e8f64e8..4f9b41ee 100644 --- a/src/endpoints/admin/quiz/create_quiz.rs +++ b/src/endpoints/admin/quiz/create_quiz.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, QuestDocument, QuestTaskDocument, QuizInsertDocument}; +use crate::models::{QuestDocument, QuestTaskDocument, QuizInsertDocument}; use crate::utils::verify_quest_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{State, Extension}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use mongodb::options::FindOneOptions; use serde::Deserialize; @@ -24,19 +23,18 @@ pub_struct!(Deserialize; CreateQuiz { quest_id: i64, }); -#[route(post, "/admin/tasks/quiz/create")] +#[route(post, "/admin/tasks/quiz/create", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, + Extension(sub): Extension, body: Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let tasks_collection = state.db.collection::("tasks"); let quiz_collection = state.db.collection::("quizzes"); let quests_collection = state.db.collection::("quests"); - let res = verify_quest_auth(user, &quests_collection, &body.quest_id).await; + let res = verify_quest_auth(sub, &quests_collection, &body.quest_id).await; if !res { return get_error("Error creating task".to_string()); }; diff --git a/src/endpoints/admin/quiz/get_quiz.rs b/src/endpoints/admin/quiz/get_quiz.rs index b0e95a70..21b5da91 100644 --- a/src/endpoints/admin/quiz/get_quiz.rs +++ b/src/endpoints/admin/quiz/get_quiz.rs @@ -1,6 +1,6 @@ -use crate::models::{JWTClaims, QuizInsertDocument}; +use crate::models::QuizInsertDocument; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ extract::{Query, State}, http::StatusCode, @@ -8,7 +8,6 @@ use axum::{ }; use axum_auto_routes::route; use futures::StreamExt; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use serde::Deserialize; use std::sync::Arc; @@ -18,13 +17,11 @@ pub struct GetQuestsQuery { id: i64, } -#[route(get, "/admin/quiz/get_quiz")] +#[route(get, "/admin/quiz/get_quiz", auth_middleware)] pub async fn handler( State(state): State>, Query(query): Query, - headers: HeaderMap, ) -> impl IntoResponse { - let _user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()); let collection = state.db.collection::("quizzes"); let pipeline = vec![ doc! { diff --git a/src/endpoints/admin/quiz/update_question.rs b/src/endpoints/admin/quiz/update_question.rs index 684e152e..09723ffc 100644 --- a/src/endpoints/admin/quiz/update_question.rs +++ b/src/endpoints/admin/quiz/update_question.rs @@ -1,16 +1,15 @@ use crate::models::{ - JWTClaims, QuestDocument, QuestTaskDocument, QuizInsertDocument, QuizQuestionDocument, + QuestDocument, QuestTaskDocument, QuizInsertDocument, QuizQuestionDocument, }; use crate::utils::verify_quest_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{Extension, State}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::{doc, Document}; use mongodb::options::FindOneAndUpdateOptions; use serde::Deserialize; @@ -25,14 +24,12 @@ pub_struct!(Deserialize; UpdateQuiz { correct_answers: Option>, }); -#[route(post, "/admin/tasks/quiz/question/update")] +#[route(post, "/admin/tasks/quiz/question/update", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, + Extension(sub): Extension, body: Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; - let tasks_collection = state.db.collection::("tasks"); let quiz_collection = state.db.collection::("quizzes"); @@ -52,7 +49,7 @@ pub async fn handler( // get the quest id let quest_id = res.as_ref().unwrap().id as i64; - let res = verify_quest_auth(user, &quests_collection, &quest_id).await; + let res = verify_quest_auth(sub, &quests_collection, &quest_id).await; if !res { return get_error("Error creating task".to_string()); }; diff --git a/src/endpoints/admin/quiz/update_quiz.rs b/src/endpoints/admin/quiz/update_quiz.rs index b2db5e96..7d98ecf0 100644 --- a/src/endpoints/admin/quiz/update_quiz.rs +++ b/src/endpoints/admin/quiz/update_quiz.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, QuestTaskDocument, QuizInsertDocument}; +use crate::models::{QuestTaskDocument, QuizInsertDocument}; use crate::utils::verify_task_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{Extension, State}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use mongodb::bson::Document; use mongodb::options::FindOneAndUpdateOptions; @@ -26,17 +25,16 @@ pub_struct!(Deserialize; UpdateQuiz { intro: Option, }); -#[route(post, "/admin/tasks/quiz/update")] +#[route(post, "/admin/tasks/quiz/update", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, + Extension(sub): Extension, body: Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let tasks_collection = state.db.collection::("tasks"); let quiz_collection = state.db.collection::("quizzes"); - let res = verify_task_auth(user, &tasks_collection, &(body.id as i32)).await; + let res = verify_task_auth(sub, &tasks_collection, &(body.id as i32)).await; if !res { return get_error("Error updating tasks".to_string()); } diff --git a/src/endpoints/admin/twitter/create_twitter_fw.rs b/src/endpoints/admin/twitter/create_twitter_fw.rs index 0f60caf6..a2348a6c 100644 --- a/src/endpoints/admin/twitter/create_twitter_fw.rs +++ b/src/endpoints/admin/twitter/create_twitter_fw.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, QuestDocument, QuestTaskDocument}; +use crate::models::{QuestDocument, QuestTaskDocument}; use crate::utils::verify_quest_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{Extension, State}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use mongodb::options::FindOneOptions; use serde::Deserialize; @@ -22,13 +21,12 @@ pub_struct!(Deserialize; CreateTwitterFw { quest_id: i64, }); -#[route(post, "/admin/tasks/twitter_fw/create")] +#[route(post, "/admin/tasks/twitter_fw/create", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, + Extension(sub): Extension, body: Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("tasks"); // Get the last id in increasing order let last_id_filter = doc! {}; @@ -36,7 +34,7 @@ pub async fn handler( let last_doc = &collection.find_one(last_id_filter, options).await.unwrap(); let quests_collection = state.db.collection::("quests"); - let res = verify_quest_auth(user, &quests_collection, &body.quest_id).await; + let res = verify_quest_auth(sub, &quests_collection, &body.quest_id).await; if !res { return get_error("Error creating task".to_string()); }; diff --git a/src/endpoints/admin/twitter/create_twitter_rw.rs b/src/endpoints/admin/twitter/create_twitter_rw.rs index 3e3d071d..8b1106e2 100644 --- a/src/endpoints/admin/twitter/create_twitter_rw.rs +++ b/src/endpoints/admin/twitter/create_twitter_rw.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, QuestDocument, QuestTaskDocument}; +use crate::models::{QuestDocument, QuestTaskDocument}; use crate::utils::verify_quest_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{Extension, State}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use mongodb::options::FindOneOptions; use serde::Deserialize; @@ -22,13 +21,12 @@ pub_struct!(Deserialize; CreateTwitterRw { quest_id: i64, }); -#[route(post, "/admin/tasks/twitter_rw/create")] +#[route(post, "/admin/tasks/twitter_rw/create", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Extension(sub): Extension, + Json(body): Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("tasks"); // Get the last id in increasing order let last_id_filter = doc! {}; @@ -37,7 +35,7 @@ pub async fn handler( let quests_collection = state.db.collection::("quests"); - let res = verify_quest_auth(user, &quests_collection, &body.quest_id).await; + let res = verify_quest_auth(sub, &quests_collection, &body.quest_id).await; if !res { return get_error("Error creating task".to_string()); }; diff --git a/src/endpoints/admin/twitter/update_twitter_fw.rs b/src/endpoints/admin/twitter/update_twitter_fw.rs index e4db13b3..10d84eaf 100644 --- a/src/endpoints/admin/twitter/update_twitter_fw.rs +++ b/src/endpoints/admin/twitter/update_twitter_fw.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, QuestTaskDocument}; +use crate::models::QuestTaskDocument; use crate::utils::verify_task_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{Extension, State}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::{doc, Document}; use mongodb::options::FindOneAndUpdateOptions; use serde::Deserialize; @@ -22,17 +21,15 @@ pub_struct!(Deserialize; UpdateTwitterFw { id: i32, }); -#[route(post, "/admin/tasks/twitter_fw/update")] +#[route(post, "/admin/tasks/twitter_fw/update", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, + Extension(sub): Extension, body: Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; - let collection = state.db.collection::("tasks"); - let res = verify_task_auth(user, &collection, &body.id).await; + let res = verify_task_auth(sub, &collection, &body.id).await; if !res { return get_error("Error updating tasks".to_string()); } diff --git a/src/endpoints/admin/twitter/update_twitter_rw.rs b/src/endpoints/admin/twitter/update_twitter_rw.rs index b3088e0c..d3fefe6f 100644 --- a/src/endpoints/admin/twitter/update_twitter_rw.rs +++ b/src/endpoints/admin/twitter/update_twitter_rw.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, QuestTaskDocument}; +use crate::models::QuestTaskDocument; use crate::utils::verify_task_auth; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{Extension, State}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::{doc, Document}; use mongodb::options::FindOneAndUpdateOptions; use serde::Deserialize; @@ -22,16 +21,15 @@ pub_struct!(Deserialize; UpdateTwitterRw { id: i32, }); -#[route(post, "/admin/tasks/twitter_rw/update")] +#[route(post, "/admin/tasks/twitter_rw/update", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, - body: Json, + Extension(sub): Extension, + Json(body): Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; let collection = state.db.collection::("tasks"); - let res = verify_task_auth(user, &collection, &body.id).await; + let res = verify_task_auth(sub, &collection, &body.id).await; if !res { return get_error("Error updating tasks".to_string()); } diff --git a/src/endpoints/admin/user/create_user.rs b/src/endpoints/admin/user/create_user.rs index 384320d5..3d21672b 100644 --- a/src/endpoints/admin/user/create_user.rs +++ b/src/endpoints/admin/user/create_user.rs @@ -1,14 +1,13 @@ -use crate::models::{JWTClaims, LoginDetails}; +use crate::models::LoginDetails; use crate::utils::calculate_hash; use crate::{models::AppState, utils::get_error}; -use axum::http::HeaderMap; +use crate::middleware::auth::auth_middleware; use axum::{ - extract::State, + extract::{Extension, State}, http::StatusCode, response::{IntoResponse, Json}, }; use axum_auto_routes::route; -use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; use mongodb::bson::doc; use serde::Deserialize; use serde_json::json; @@ -19,15 +18,13 @@ pub_struct!(Deserialize; CreateCustom { password: String, }); -#[route(post, "/admin/user/create")] +#[route(post, "/admin/user/create", auth_middleware)] pub async fn handler( State(state): State>, - headers: HeaderMap, + Extension(sub): Extension, body: Json, ) -> impl IntoResponse { - let user = check_authorization!(headers, &state.conf.auth.secret_key.as_ref()) as String; - - if user != "super_user" { + if sub != "super_user" { return get_error("Operation not allowed with your account".to_string()); }; diff --git a/src/main.rs b/src/main.rs index 94aeb7d3..31d4fdf5 100644 --- a/src/main.rs +++ b/src/main.rs @@ -5,6 +5,7 @@ mod config; mod endpoints; mod logger; mod models; +mod middleware; use crate::utils::{add_leaderboard_table, run_boosts_raffle}; use axum::{http::StatusCode, Router}; diff --git a/src/middleware/auth.rs b/src/middleware/auth.rs new file mode 100644 index 00000000..be36627c --- /dev/null +++ b/src/middleware/auth.rs @@ -0,0 +1,49 @@ +// src/middleware.rs +use crate::models::JWTClaims; +use axum::{ + http::{Request, StatusCode}, + middleware::Next, + response::Response, +}; +use jsonwebtoken::{decode, DecodingKey, Validation}; + +use crate::config; + +pub async fn auth_middleware( + mut req: Request, + next: Next, +) -> Result { + let headers = req.headers(); + let conf = config::load(); + let secret_key = &conf.auth.secret_key; + + let auth_header = headers + .get(axum::http::header::AUTHORIZATION) + .and_then(|h| h.to_str().ok()); + + if let Some(auth_header) = auth_header { + let mut parts = auth_header.split_whitespace(); + if let Some("Bearer") = parts.next() { + if let Some(token) = parts.next() { + match decode::( + token, + &DecodingKey::from_secret(secret_key.as_bytes()), + &Validation::new(jsonwebtoken::Algorithm::HS256), + ) { + Ok(token_data) => + { + req.extensions_mut().insert(token_data.claims.sub); + Ok(next.run(req).await) + }, + Err(_) => Err((StatusCode::UNAUTHORIZED, "Invalid token was provided".to_string())), + } + } else { + Err((StatusCode::UNAUTHORIZED, "Missing token was provided".to_string())) + } + } else { + Err((StatusCode::UNAUTHORIZED, "Invalid Authorization header format".to_string())) + } + } else { + Err((StatusCode::UNAUTHORIZED, "Missing Authorization header".to_string())) + } +} diff --git a/src/middleware/mod.rs b/src/middleware/mod.rs new file mode 100644 index 00000000..5696e21f --- /dev/null +++ b/src/middleware/mod.rs @@ -0,0 +1 @@ +pub mod auth; \ No newline at end of file diff --git a/src/utils.rs b/src/utils.rs index 4be3e523..25b754b7 100644 --- a/src/utils.rs +++ b/src/utils.rs @@ -42,35 +42,7 @@ macro_rules! pub_struct { } } } - -macro_rules! check_authorization { - ($headers:expr,$secret_key:expr) => { - match $headers.get("Authorization") { - Some(auth_header) => { - let validation = Validation::new(Algorithm::HS256); - let token = auth_header - .to_str() - .unwrap() - .to_string() - .split(" ") - .collect::>()[1] - .to_string(); - - match decode::( - &token, - &DecodingKey::from_secret($secret_key), - &validation, - ) { - Ok(token_data) => token_data.claims.sub, - Err(_e) => { - return get_error("Invalid token".to_string()); - } - } - } - None => return get_error("missing auth header".to_string()), - } - }; -} + pub async fn get_nft( quest_id: u32, @@ -854,4 +826,4 @@ impl Clone for Box { fn clone(&self) -> Box { self.box_clone() } -} +} \ No newline at end of file