Merge pull request #13 from QuantGeekDev/feature/users

QuantGeekDev · web-flow · commit 979141488269 · 2024-10-24T02:26:12.000+02:00
Feature/users
diff --git a/Cargo.toml b/Cargo.toml
@@ -4,9 +4,11 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
+bcrypt = "0.15.1"
 chrono = { version = "0.4.38", features = ["serde"] }
 diesel = { version = "2.2.4", features = ["postgres", "numeric", "serde_json", "chrono"] }
 dotenv = "0.15.0"
+jsonwebtoken = "9.3.0"
 rocket = { version = "0.5.1", features = ["json"] }
 rust_decimal = { version = "1.36.0", features = ["db-diesel-postgres", "serde-with-str"] }
 serde = "1.0.213"
diff --git a/migrations/2024-10-23-232744_create_users_table/down.sql b/migrations/2024-10-23-232744_create_users_table/down.sql
@@ -0,0 +1 @@
+DROP TABLE IF EXISTS users CASCADE;
diff --git a/migrations/2024-10-23-232744_create_users_table/up.sql b/migrations/2024-10-23-232744_create_users_table/up.sql
@@ -0,0 +1,16 @@
+CREATE TABLE users
+(
+    id            SERIAL PRIMARY KEY,
+    username      VARCHAR   NOT NULL UNIQUE,
+    password_hash VARCHAR   NOT NULL,
+    role          VARCHAR   NOT NULL DEFAULT 'user',
+    created_at    TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated_at    TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+SELECT diesel_manage_updated_at('users');
+
+CREATE INDEX idx_users_username ON users (username);
+
+ALTER TABLE users
+    ADD CONSTRAINT valid_role CHECK (role IN ('user', 'admin'));
diff --git a/migrations/2024-10-23-235320_user_id_to_snacks/down.sql b/migrations/2024-10-23-235320_user_id_to_snacks/down.sql
@@ -0,0 +1 @@
+-- This file should undo anything in `up.sql`
diff --git a/migrations/2024-10-23-235320_user_id_to_snacks/up.sql b/migrations/2024-10-23-235320_user_id_to_snacks/up.sql
@@ -0,0 +1,27 @@
+ALTER TABLE snacks
+    ADD COLUMN user_id INTEGER;
+
+INSERT INTO users (username, password_hash, role, created_at, updated_at)
+SELECT 'admin',
+       '$2a$12$K6O5bFK6.O4V6csO94BFN.yvMkv4pOXxYH.rolz4.Y4.pxpwB6fvC',
+       'admin',
+       CURRENT_TIMESTAMP,
+       CURRENT_TIMESTAMP
+    WHERE NOT EXISTS (
+    SELECT 1 FROM users WHERE username = 'admin'
+) RETURNING id;
+
+UPDATE snacks
+SET user_id = (SELECT id FROM users WHERE username = 'admin')
+WHERE user_id IS NULL;
+
+ALTER TABLE snacks
+    ALTER COLUMN user_id SET NOT NULL;
+
+ALTER TABLE snacks
+    ADD CONSTRAINT fk_snacks_user
+        FOREIGN KEY (user_id)
+            REFERENCES users(id)
+            ON DELETE CASCADE;
+
+CREATE INDEX idx_snacks_user_id ON snacks(user_id);
diff --git a/src/auth/mod.rs b/src/auth/mod.rs
@@ -1,29 +1 @@
-pub struct ApiKey(pub String);
-use rocket::{http::Status, request::{FromRequest, Outcome}, Request};
-use std::env;
-
-#[derive(Debug)]
-pub enum ApiKeyError {
-    Missing,
-    Invalid,
-}
-
-#[rocket::async_trait]
-impl<'r> FromRequest<'r> for ApiKey {
-    type Error = ApiKeyError;
-
-    async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
-        let api_key = request.headers().get_one("x-api-key");
-
-        match api_key {
-            None => Outcome::Error((Status::Unauthorized, ApiKeyError::Missing)),
-            Some(api_key) => {
-                if api_key == env::var("AUTH_API_KEY").unwrap() {
-                    Outcome::Success(ApiKey(api_key.to_string()))
-                } else {
-                    Outcome::Error((Status::Unauthorized, ApiKeyError::Invalid))
-                }
-            }
-        }
-    }
-}
+pub mod user;
diff --git a/src/auth/user.rs b/src/auth/user.rs
@@ -0,0 +1,46 @@
+use crate::models::user::User;
+use diesel::prelude::*;
+use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
+use rocket::http::Status;
+use rocket::request::{FromRequest, Outcome};
+use rocket::Request;
+use serde::{Deserialize, Serialize};
+
+pub struct AuthenticatedUser(pub User);
+
+#[derive(Debug, Serialize, Deserialize)]
+pub(crate) struct Claims {
+    pub(crate) sub: i32,
+    pub(crate) role: String,
+    pub(crate) exp: usize,
+}
+
+#[rocket::async_trait]
+impl<'r> FromRequest<'r> for AuthenticatedUser {
+    type Error = ();
+
+    async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
+        let token = request.headers().get_one("Authorization");
+
+        match token {
+            Some(token) if token.starts_with("Bearer ") => {
+                let token = &token[7..];
+                let decoding_key = DecodingKey::from_secret("SECRET".as_ref());
+                match decode::<Claims>(token, &decoding_key, &Validation::new(Algorithm::HS256)) {
+                    Ok(token_data) => {
+                        let mut conn = crate::db::establish_connection();
+                        match crate::schema::users::dsl::users
+                            .find(token_data.claims.sub)
+                            .first::<User>(&mut conn)
+                        {
+                            Ok(user) => Outcome::Success(AuthenticatedUser(user)),
+                            Err(_) => Outcome::Error((Status::Unauthorized, ())),
+                        }
+                    }
+                    Err(_) => Outcome::Error((Status::Unauthorized, ())),
+                }
+            }
+            _ => Outcome::Error((Status::Unauthorized, ())),
+        }
+    }
+}
diff --git a/src/catchers/mod.rs b/src/catchers/mod.rs
@@ -18,15 +18,15 @@ pub fn unauthorized(req: &Request) -> Json<ErrorResponse> {
 }
 
 #[catch(404)]
-pub fn not_found(req: &Request) -> Json<ErrorResponse> {
+pub fn not_found(_req: &Request) -> Json<ErrorResponse> {
     Json(ErrorResponse {
         status: 404,
         message: "Page not found".to_string(),
     })
 }
 
 #[catch(500)]
-pub fn internal_server_error(req: &Request) -> Json<ErrorResponse> {
+pub fn internal_server_error(_req: &Request) -> Json<ErrorResponse> {
     Json(ErrorResponse {
         status: 500,
         message: "Internal Server Error".to_string(),
diff --git a/src/main.rs b/src/main.rs
@@ -8,6 +8,7 @@ mod catchers;
 mod db;
 mod schema;
 
+use crate::routes::auth::{login, register};
 use crate::routes::snack::{create_snack, delete_snack, list_snacks, update_snack};
 use dotenv::dotenv;
 use rocket::*;
@@ -28,7 +29,7 @@ fn index() -> &'static str {
 fn rocket() -> _ {
     dotenv().ok();
 
-    rocket::build().mount("/", routes![index, create_snack, list_snacks, update_snack, delete_snack]).register("/", catchers![catchers::unauthorized, catchers::not_found,
+    rocket::build().mount("/", routes![index, create_snack, list_snacks, update_snack, delete_snack, register, login]).register("/", catchers![catchers::unauthorized, catchers::not_found,
      catchers::internal_server_error])
 }
 
diff --git a/src/models/mod.rs b/src/models/mod.rs
@@ -1 +1,2 @@
-pub mod snack;
+pub mod snack;
+pub(crate) mod user;
diff --git a/src/models/snack.rs b/src/models/snack.rs
@@ -1,10 +1,12 @@
+use crate::models::user::User;
 use chrono::NaiveDateTime;
 use diesel::prelude::*;
 use rust_decimal::Decimal;
 use serde::{Deserialize, Serialize};
 
-#[derive(Queryable, Selectable, Serialize, AsChangeset)]
+#[derive(Queryable, Selectable, Serialize, AsChangeset, Associations)]
 #[diesel(table_name = crate::schema::snacks)]
+#[diesel(belongs_to(User))]
 #[diesel(check_for_backend(diesel::pg::Pg))]
 pub struct Snack {
     pub id: i32,
@@ -15,15 +17,36 @@ pub struct Snack {
     pub image_url: String,
     pub created_at: NaiveDateTime,
     pub updated_at: NaiveDateTime,
+    pub user_id: i32,
 }
 
-#[derive(Insertable, Deserialize)]
+#[derive(Insertable)]
 #[diesel(table_name = crate::schema::snacks)]
 pub struct NewSnack {
     pub name: String,
     pub category: String,
     #[diesel(sql_type = Numeric)]
     pub price: Decimal,
     pub image_url: String,
+    pub user_id: i32,
 }
 
+#[derive(Deserialize)]
+pub struct CreateSnackRequest {
+    pub name: String,
+    pub category: String,
+    pub price: Decimal,
+    pub image_url: String,
+}
+
+impl CreateSnackRequest {
+    pub fn into_new_snack(self, user_id: i32) -> NewSnack {
+        NewSnack {
+            name: self.name,
+            category: self.category,
+            price: self.price,
+            image_url: self.image_url,
+            user_id,
+        }
+    }
+}
diff --git a/src/models/user.rs b/src/models/user.rs
@@ -0,0 +1,21 @@
+use chrono::NaiveDateTime;
+use diesel::{Identifiable, Insertable, Queryable};
+use serde::Serialize;
+#[derive(Queryable, Serialize, Identifiable)]
+#[diesel(table_name = crate::schema::users)]
+pub struct User {
+    pub id: i32,
+    pub username: String,
+    pub password_hash: String,
+    pub role: String,
+    pub created_at: NaiveDateTime,
+    pub updated_at: NaiveDateTime,
+}
+
+#[derive(Insertable)]
+#[diesel(table_name = crate::schema::users)]
+pub struct NewUser {
+    pub username: String,
+    pub password_hash: String,
+    pub role: String,
+}
diff --git a/src/routes/auth.rs b/src/routes/auth.rs
@@ -0,0 +1,69 @@
+use crate::auth::user::Claims;
+use crate::db;
+use crate::models::user::{NewUser, User};
+use crate::schema::users::dsl::*;
+use bcrypt::{hash, verify, DEFAULT_COST};
+use diesel::prelude::*;
+use jsonwebtoken::{encode, EncodingKey, Header};
+use rocket::http::Status;
+use rocket::serde::json::Json;
+use serde::{Deserialize, Serialize};
+#[derive(Deserialize)]
+pub struct RegisterInfo {
+    username: String,
+    password: String,
+}
+
+#[derive(Deserialize)]
+pub struct LoginInfo {
+    username: String,
+    password: String,
+}
+#[derive(Serialize)]
+pub struct TokenResponse {
+    token: String,
+}
+
+#[post("/register", data = "<info>")]
+pub fn register(info: Json<RegisterInfo>) -> Result<Json<User>, Status> {
+    let conn = &mut db::establish_connection();
+    let hashed_password = hash(&info.password, DEFAULT_COST)
+        .map_err(|_| Status::InternalServerError)?;
+
+    let new_user = NewUser {
+        username: info.username.clone(),
+        password_hash: hashed_password,
+        role: "user".to_string(),
+    };
+
+    diesel::insert_into(users)
+        .values(new_user)
+        .get_result::<User>(conn)
+        .map(Json)
+        .map_err(|_| Status::InternalServerError)
+}
+
+#[post("/login", data = "<info>")]
+pub fn login(info: Json<LoginInfo>) -> Result<Json<TokenResponse>, Status> {
+    let conn = &mut db::establish_connection();
+    let user = users
+        .filter(username.eq(&info.username))
+        .first::<User>(conn)
+        .map_err(|_| Status::Unauthorized)?;
+    if verify(&info.password, &user.password_hash).map_err(|_| Status::InternalServerError)? {
+        let claims = Claims {
+            sub: user.id,
+            role: user.role.clone(),
+            exp: 10000000000,
+        };
+        let token = encode(
+            &Header::default(),
+            &claims,
+            &EncodingKey::from_secret("SECRET".as_ref()),
+        )
+            .map_err(|_| Status::InternalServerError)?;
+        Ok(Json(TokenResponse { token }))
+    } else {
+        Err(Status::Unauthorized)
+    }
+}
diff --git a/src/routes/mod.rs b/src/routes/mod.rs
@@ -1 +1,2 @@
-pub mod snack;
+pub mod snack;
+pub mod auth;
diff --git a/src/routes/snack.rs b/src/routes/snack.rs
diff --git a/src/schema.rs b/src/schema.rs

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+-- This file should undo anything in `up.sql`
Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`		`-pub mod snack;`
	`1`	`+pub mod snack;`
	`2`	`+pub(crate) mod user;`