debt-pirate/api/src/requests/auth/login/handler.rs

use std::time::SystemTime;

use axum::{
    debug_handler,
    extract::State,
    response::{IntoResponse, Response},
    Json,
};
use http::StatusCode;
use pasetors::{keys::SymmetricKey, version4::V4};
use tracing::debug;

use crate::{
    db::{
        get_username_and_password_by_username, insert_new_user_auth_token, DbPool,
        NewUserAuthTokenEntity, UserIdAndHashedPasswordEntity,
    },
    models::{ApiResponse, AppError, Session},
    requests::{
        auth::login::models::{AuthLoginResponse, AuthLoginTokenData},
        AppState,
    },
    services::{
        auth_token::{generate_auth_token, generate_session_token},
        user_session, verify_password, CachePool,
    },
};

use super::models::AuthLoginRequest;

#[debug_handler]
pub async fn auth_login_post_handler(
    State(state): State<AppState>,
    Json(body): Json<AuthLoginRequest>,
) -> Result<Response, AppError> {
    let db_pool = state.db_pool();
    let cache_pool = state.cache_pool();
    let token_key = state.env().token_key();
    auth_login_request(db_pool, cache_pool, token_key, body).await
}

async fn auth_login_request(
    db_pool: &DbPool,
    cache_pool: &CachePool,
    token_key: &SymmetricKey<V4>,
    body: AuthLoginRequest,
) -> Result<Response, AppError> {
    debug!(?body);

    let AuthLoginRequest { username, password } = body;
    let UserIdAndHashedPasswordEntity {
        id: user_id,
        password: hashed_password,
    } = get_username_and_password_by_username(db_pool, username).await?;

    verify_password(password, hashed_password)?;

    let (session_token, session_token_id, session_token_expiration) =
        generate_session_token(token_key, user_id);

    let (auth_token, auth_token_id, auth_token_expiration) =
        generate_auth_token(token_key, user_id);

    insert_new_user_auth_token(
        db_pool,
        NewUserAuthTokenEntity {
            user_id,
            token_hash: blake3::hash(auth_token_id.as_bytes()),
            expires_at: auth_token_expiration,
        },
    )
    .await?;

    let session = Session {
        user_id,
        created_at: SystemTime::now(),
        expires_at: auth_token_expiration,
    };

    let expiration = session_token_expiration
        .duration_since(SystemTime::now())
        .unwrap();

    user_session::store_user_session(cache_pool, session_token_id, session, Some(expiration))
        .await?;

    let response = AuthLoginResponse {
        user_id,
        session: AuthLoginTokenData {
            token: session_token,
            expiration: session_token_expiration,
        },
        auth: AuthLoginTokenData {
            token: auth_token,
            expiration: auth_token_expiration,
        },
    };

    Ok((
        StatusCode::OK,
        ApiResponse::new(response).into_json_response(),
    )
        .into_response())
}
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`use std::time::SystemTime;`

Change requests to return an AppError on failure 2024-10-03 15:55:38 -04:00			`use axum::{`
			`debug_handler,`
Adding a service to handle caching 2024-10-05 08:09:46 -04:00			`extract::State,`
Change requests to return an AppError on failure 2024-10-03 15:55:38 -04:00			`response::{IntoResponse, Response},`
Adding a service to handle caching 2024-10-05 08:09:46 -04:00			`Json,`
Change requests to return an AppError on failure 2024-10-03 15:55:38 -04:00			`};`
Display an error when attempting to log in to an account that doesn't exist 2024-10-06 07:14:44 -04:00			`use http::StatusCode;`
			`use pasetors::{keys::SymmetricKey, version4::V4};`
Adding a service to handle caching 2024-10-05 08:09:46 -04:00			`use tracing::debug;`
Change requests to return an AppError on failure 2024-10-03 15:55:38 -04:00
Adding a service to handle caching 2024-10-05 08:09:46 -04:00			`use crate::{`
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`db::{`
			`get_username_and_password_by_username, insert_new_user_auth_token, DbPool,`
			`NewUserAuthTokenEntity, UserIdAndHashedPasswordEntity,`
			`},`
			`models::{ApiResponse, AppError, Session},`
Display an error when attempting to log in to an account that doesn't exist 2024-10-06 07:14:44 -04:00			`requests::{`
			`auth::login::models::{AuthLoginResponse, AuthLoginTokenData},`
			`AppState,`
			`},`
			`services::{`
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`auth_token::{generate_auth_token, generate_session_token},`
			`user_session, verify_password, CachePool,`
Display an error when attempting to log in to an account that doesn't exist 2024-10-06 07:14:44 -04:00			`},`
Adding a service to handle caching 2024-10-05 08:09:46 -04:00			`};`

			`use super::models::AuthLoginRequest;`
Change requests to return an AppError on failure 2024-10-03 15:55:38 -04:00
			`#[debug_handler]`
Adding a service to handle caching 2024-10-05 08:09:46 -04:00			`pub async fn auth_login_post_handler(`
			`State(state): State<AppState>,`
			`Json(body): Json<AuthLoginRequest>,`
			`) -> Result<Response, AppError> {`
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`let db_pool = state.db_pool();`
			`let cache_pool = state.cache_pool();`
Display an error when attempting to log in to an account that doesn't exist 2024-10-06 07:14:44 -04:00			`let token_key = state.env().token_key();`
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`auth_login_request(db_pool, cache_pool, token_key, body).await`
Adding a service to handle caching 2024-10-05 08:09:46 -04:00			`}`

Display an error when attempting to log in to an account that doesn't exist 2024-10-06 07:14:44 -04:00			`async fn auth_login_request(`
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`db_pool: &DbPool,`
			`cache_pool: &CachePool,`
Display an error when attempting to log in to an account that doesn't exist 2024-10-06 07:14:44 -04:00			`token_key: &SymmetricKey<V4>,`
			`body: AuthLoginRequest,`
			`) -> Result<Response, AppError> {`
Adding a service to handle caching 2024-10-05 08:09:46 -04:00			`debug!(?body);`

			`let AuthLoginRequest { username, password } = body;`
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`let UserIdAndHashedPasswordEntity {`
Display an error when attempting to log in to an account that doesn't exist 2024-10-06 07:14:44 -04:00			`id: user_id,`
Adding a service to handle caching 2024-10-05 08:09:46 -04:00			`password: hashed_password,`
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`} = get_username_and_password_by_username(db_pool, username).await?;`
Adding a service to handle caching 2024-10-05 08:09:46 -04:00
			`verify_password(password, hashed_password)?;`

Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`let (session_token, session_token_id, session_token_expiration) =`
			`generate_session_token(token_key, user_id);`
Display an error when attempting to log in to an account that doesn't exist 2024-10-06 07:14:44 -04:00
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`let (auth_token, auth_token_id, auth_token_expiration) =`
Display an error when attempting to log in to an account that doesn't exist 2024-10-06 07:14:44 -04:00			`generate_auth_token(token_key, user_id);`

Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`insert_new_user_auth_token(`
			`db_pool,`
			`NewUserAuthTokenEntity {`
			`user_id,`
			`token_hash: blake3::hash(auth_token_id.as_bytes()),`
			`expires_at: auth_token_expiration,`
			`},`
			`)`
			`.await?;`

			`let session = Session {`
			`user_id,`
			`created_at: SystemTime::now(),`
			`expires_at: auth_token_expiration,`
			`};`

			`let expiration = session_token_expiration`
			`.duration_since(SystemTime::now())`
			`.unwrap();`

			`user_session::store_user_session(cache_pool, session_token_id, session, Some(expiration))`
			`.await?;`

Display an error when attempting to log in to an account that doesn't exist 2024-10-06 07:14:44 -04:00			`let response = AuthLoginResponse {`
			`user_id,`
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`session: AuthLoginTokenData {`
			`token: session_token,`
			`expiration: session_token_expiration,`
Display an error when attempting to log in to an account that doesn't exist 2024-10-06 07:14:44 -04:00			`},`
			`auth: AuthLoginTokenData {`
			`token: auth_token,`
			`expiration: auth_token_expiration,`
			`},`
			`};`

			`Ok((`
			`StatusCode::OK,`
			`ApiResponse::new(response).into_json_response(),`
			`)`
			`.into_response())`
Change requests to return an AppError on failure 2024-10-03 15:55:38 -04:00			`}`