Implement authentication

Authenticate the user when they register, by encoding their ID into a JWT. Currently the signing secret is a constant in source code - before this is production ready, we should generate a random application-wide token on startup. Since the cookie crate uses time instead of chrono, we now have two time crates. At some point we should attempt to only use one.
Aleksbgbg · Feb 8, 2024 · f1be96c · f1be96c
1 parent 253377c
commit f1be96c
Show file tree

Hide file tree

Showing 11 changed files with 286 additions and 25 deletions.
diff --git a/backend-rs/.env.toml b/backend-rs/.env.toml
@@ -1,6 +1,8 @@
 [config.app]
 host = [0, 0, 0, 0]
 port = 8601
+# Half a year, in seconds
+token_lifespan = 15724800
 
 [config.database]
 host = [127, 0, 0, 1]

diff --git a/backend-rs/Cargo.lock b/backend-rs/Cargo.lock
diff --git a/backend-rs/Cargo.toml b/backend-rs/Cargo.toml
@@ -5,16 +5,21 @@ edition = "2021"
 
 [dependencies]
 axum = "0.7.4"
+axum-extra = { version = "0.9.2", features = ["cookie"] }
 bcrypt = "0.15.0"
+bs58 = "0.5.0"
 chrono = "0.4.33"
 convert_case = "0.6.0"
+jsonwebtoken = { version = "9.2.0", default-features = false }
 lazy_static = "1.4.0"
 rs-snowflake = "0.6.0"
 sea-orm = { version = "0.12.14", features = ["runtime-tokio-native-tls", "sqlx-postgres"] }
 sea-orm-migration = "0.12.12"
 serde = { version = "1.0.196", features = ["derive"] }
 serde_json = "1.0.113"
+serde_with = { version = "3.6.0", features = ["chrono_0_4"] }
 thiserror = "1.0.56"
+time = "0.3.34"
 tokio = { version = "1.36.0", features = ["rt-multi-thread"] }
 toml-env = "1.1.1"
 tower-http = { version = "0.5.1", features = ["trace"] }

diff --git a/backend-rs/src/app_state.rs b/backend-rs/src/app_state.rs
@@ -1,8 +1,11 @@
+use crate::config::Config;
 use sea_orm::DatabaseConnection;
 use snowflake::SnowflakeIdBucket;
+use std::sync::Arc;
 
 #[derive(Clone)]
 pub struct AppState {
+  pub config: Arc<Config>,
   pub connection: DatabaseConnection,
   pub user_snowflake: SnowflakeIdBucket,
 }
diff --git a/backend-rs/src/config.rs b/backend-rs/src/config.rs
@@ -1,4 +1,6 @@
+use chrono::Duration;
 use serde::{Deserialize, Serialize};
+use serde_with::{serde_as, DurationSeconds};
 use thiserror::Error;
 use toml_env::Args;
 
@@ -15,10 +17,13 @@ pub struct Config {
   pub database: Database,
 }
 
+#[serde_as]
 #[derive(Serialize, Deserialize)]
 pub struct App {
   pub host: Ipv4Array,
   pub port: Port,
+  #[serde_as(as = "DurationSeconds<i64>")]
+  pub token_lifespan: Duration,
 }
 
 #[derive(Serialize, Deserialize)]

diff --git a/backend-rs/src/controllers/errors.rs b/backend-rs/src/controllers/errors.rs
@@ -1,3 +1,4 @@
+use crate::controllers::user::AuthError;
 use crate::models::user;
 use axum::http::StatusCode;
 use axum::response::{IntoResponse, Response};
@@ -56,6 +57,8 @@ pub enum HandlerError {
   Database(#[from] DbErr),
   #[error("Could not create user.")]
   CreateUser(#[from] user::CreateError),
+  #[error("Could not authenticate: {0}.")]
+  Authenticate(#[from] AuthError),
 }
 
 impl HandlerError {
@@ -77,6 +80,7 @@ impl IntoResponse for HandlerError {
       HandlerError::EmailTaken => self.failed_validation(StatusCode::BAD_REQUEST, "emailAddress"),
       HandlerError::Database(_) => self.into_generic(StatusCode::INTERNAL_SERVER_ERROR),
       HandlerError::CreateUser(_) => self.into_generic(StatusCode::INTERNAL_SERVER_ERROR),
+      HandlerError::Authenticate(_) => self.into_generic(StatusCode::INTERNAL_SERVER_ERROR),
     }
     .into_response()
   }