examples/simple-auth-server/src/auth_handler.rs

use actix_identity::Identity;
use actix_web::{
    dev::Payload, error::BlockingError, web, Error, FromRequest, HttpRequest, HttpResponse,
};
use diesel::prelude::*;
use diesel::PgConnection;
use futures::Future;

use crate::errors::ServiceError;
use crate::models::{Pool, SlimUser, User};
use crate::utils::verify;

#[derive(Debug, Deserialize)]
pub struct AuthData {
    pub email: String,
    pub password: String,
}

// we need the same data
// simple aliasing makes the intentions clear and its more readable
pub type LoggedUser = SlimUser;

impl FromRequest for LoggedUser {
    type Config = ();
    type Error = Error;
    type Future = Result<LoggedUser, Error>;

    fn from_request(req: &HttpRequest, pl: &mut Payload) -> Self::Future {
        if let Some(identity) = Identity::from_request(req, pl)?.identity() {
            let user: LoggedUser = serde_json::from_str(&identity)?;
            return Ok(user);
        }
        Err(ServiceError::Unauthorized.into())
    }
}

pub fn logout(id: Identity) -> HttpResponse {
    id.forget();
    HttpResponse::Ok().finish()
}

pub fn login(
    auth_data: web::Json<AuthData>,
    id: Identity,
    pool: web::Data<Pool>,
) -> impl Future<Item = HttpResponse, Error = ServiceError> {
    web::block(move || query(auth_data.into_inner(), pool)).then(
        move |res: Result<SlimUser, BlockingError<ServiceError>>| match res {
            Ok(user) => {
                let user_string = serde_json::to_string(&user).unwrap();
                id.remember(user_string);
                Ok(HttpResponse::Ok().finish())
            }
            Err(err) => match err {
                BlockingError::Error(service_error) => Err(service_error),
                BlockingError::Canceled => Err(ServiceError::InternalServerError),
            },
        },
    )
}

pub fn get_me(logged_user: LoggedUser) -> HttpResponse {
    HttpResponse::Ok().json(logged_user)
}
/// Diesel query
fn query(auth_data: AuthData, pool: web::Data<Pool>) -> Result<SlimUser, ServiceError> {
    use crate::schema::users::dsl::{email, users};
    let conn: &PgConnection = &pool.get().unwrap();
    let mut items = users
        .filter(email.eq(&auth_data.email))
        .load::<User>(conn)?;

    if let Some(user) = items.pop() {
        if let Ok(matching) = verify(&user.hash, &auth_data.password) {
            if matching {
                return Ok(user.into());
            }
        }
    }
    Err(ServiceError::Unauthorized)
}
use cors and identity crates 2019-06-17 12:48:03 +06:00			`use actix_identity::Identity;`
Update to new actix 1.0 api, drop actix-rt (#158) 2019-07-18 12:55:14 +01:00			`use actix_web::{`
			`dev::Payload, error::BlockingError, web, Error, FromRequest, HttpRequest, HttpResponse,`
			`};`
simple-auth-server added to examples (#65) 2018-12-09 15:55:36 +00:00			`use diesel::prelude::*;`
Update to new actix 1.0 api, drop actix-rt (#158) 2019-07-18 12:55:14 +01:00			`use diesel::PgConnection;`
			`use futures::Future;`
update deps 2019-03-29 13:43:03 -07:00
			`use crate::errors::ServiceError;`
Update to new actix 1.0 api, drop actix-rt (#158) 2019-07-18 12:55:14 +01:00			`use crate::models::{Pool, SlimUser, User};`
			`use crate::utils::verify;`
simple-auth-server added to examples (#65) 2018-12-09 15:55:36 +00:00
			`#[derive(Debug, Deserialize)]`
			`pub struct AuthData {`
			`pub email: String,`
			`pub password: String,`
			`}`

			`// we need the same data`
			`// simple aliasing makes the intentions clear and its more readable`
			`pub type LoggedUser = SlimUser;`

upgrade to alpha.6 2019-04-14 10:34:41 -07:00			`impl FromRequest for LoggedUser {`
			`type Config = ();`
update deps 2019-03-29 13:43:03 -07:00			`type Error = Error;`
			`type Future = Result<LoggedUser, Error>;`

upgrade to alpha.6 2019-04-14 10:34:41 -07:00			`fn from_request(req: &HttpRequest, pl: &mut Payload) -> Self::Future {`
upgrade to alpha4 2019-04-07 23:39:45 -07:00			`if let Some(identity) = Identity::from_request(req, pl)?.identity() {`
Update to new actix 1.0 api, drop actix-rt (#158) 2019-07-18 12:55:14 +01:00			`let user: LoggedUser = serde_json::from_str(&identity)?;`
			`return Ok(user);`
simple-auth-server added to examples (#65) 2018-12-09 15:55:36 +00:00			`}`
update deps 2019-03-29 13:43:03 -07:00			`Err(ServiceError::Unauthorized.into())`
simple-auth-server added to examples (#65) 2018-12-09 15:55:36 +00:00			`}`
			`}`
Update to new actix 1.0 api, drop actix-rt (#158) 2019-07-18 12:55:14 +01:00
			`pub fn logout(id: Identity) -> HttpResponse {`
			`id.forget();`
			`HttpResponse::Ok().finish()`
			`}`

			`pub fn login(`
			`auth_data: web::Json<AuthData>,`
			`id: Identity,`
			`pool: web::Data<Pool>,`
			`) -> impl Future<Item = HttpResponse, Error = ServiceError> {`
			`web::block(move \|\| query(auth_data.into_inner(), pool)).then(`
			`move \|res: Result<SlimUser, BlockingError<ServiceError>>\| match res {`
			`Ok(user) => {`
			`let user_string = serde_json::to_string(&user).unwrap();`
			`id.remember(user_string);`
			`Ok(HttpResponse::Ok().finish())`
			`}`
			`Err(err) => match err {`
			`BlockingError::Error(service_error) => Err(service_error),`
			`BlockingError::Canceled => Err(ServiceError::InternalServerError),`
			`},`
			`},`
			`)`
			`}`

			`pub fn get_me(logged_user: LoggedUser) -> HttpResponse {`
			`HttpResponse::Ok().json(logged_user)`
			`}`
			`/// Diesel query`
			`fn query(auth_data: AuthData, pool: web::Data<Pool>) -> Result<SlimUser, ServiceError> {`
			`use crate::schema::users::dsl::{email, users};`
			`let conn: &PgConnection = &pool.get().unwrap();`
			`let mut items = users`
			`.filter(email.eq(&auth_data.email))`
			`.load::<User>(conn)?;`

			`if let Some(user) = items.pop() {`
			`if let Ok(matching) = verify(&user.hash, &auth_data.password) {`
			`if matching {`
			`return Ok(user.into());`
			`}`
			`}`
			`}`
			`Err(ServiceError::Unauthorized)`
			`}`