debt-pirate/api/src/requests/user/verify/handler.rs

use std::str::FromStr;

use axum::{
    debug_handler,
    extract::{Path, Query, State},
    response::{IntoResponse, Response},
    Json,
};
use http::StatusCode;
use pasetors::{claims::ClaimsValidationRules, keys::SymmetricKey, version4::V4};
use tracing::{debug, error};
use uuid::Uuid;

use crate::{
    db::{verify_user, DbPool},
    models::{ApiResponse, AppError},
    requests::{
        auth::generate_login_auth_and_session_tokens,
        user::verify::UserVerifyGetResponseTokenAndExpiration, AppState,
    },
    services::{auth_token::verify_token, user_session, CachePool},
};

use super::{UserVerifyGetParams, UserVerifyGetResponse};

#[debug_handler]
pub async fn user_verification_get_handler(
    State(state): State<AppState>,
    Path(user_id): Path<i32>,
    Query(query): Query<UserVerifyGetParams>,
) -> Result<Response, AppError> {
    let db_pool = state.db_pool();
    let cache_pool = state.cache_pool();
    let env = state.env();

    let UserVerifyGetParams { verification_token } = query;
    let token_key = env.token_key();
    verify_new_user_request(db_pool, cache_pool, user_id, verification_token, token_key).await
}

async fn verify_new_user_request(
    db_pool: &DbPool,
    cache_pool: &CachePool,
    user_id: i32,
    verification_token: String,
    token_key: &SymmetricKey<V4>,
) -> Result<Response, AppError> {
    debug!(user_id);

    let validation_rules = {
        let mut rules = ClaimsValidationRules::new();
        rules.validate_audience_with(format!("/user/{user_id}/verify").as_str());
        rules
    };

    let verified_token = verify_token(
        token_key,
        verification_token.as_str(),
        Some(validation_rules.clone()),
    )
    .inspect_err(|err| error!(?err))?;

    let verification_token_id = verified_token
        .payload_claims()
        .map(|claims| claims.get_claim("jti"))
        .flatten()
        .map(|jti| Uuid::from_str(jti.as_str().unwrap()).unwrap())
        .unwrap();

    user_session::exists(cache_pool, verification_token_id)
        .await
        .and_then(|exists| {
            if exists {
                Ok(user_session::get_user_session(
                    cache_pool,
                    verification_token_id,
                ))
            } else {
                Err(AppError::no_session_found())
            }
        })?
        .await?;

    verify_user(db_pool, user_id)
        .await
        .inspect_err(|err| error!(?err))?;

    let ((session_token, session_token_expiration), (auth_token, auth_token_expiration)) =
        generate_login_auth_and_session_tokens(cache_pool, token_key, user_id).await?;

    let response = UserVerifyGetResponse {
        user_id,
        session: UserVerifyGetResponseTokenAndExpiration {
            token: session_token,
            expires_at: session_token_expiration,
        },
        auth: UserVerifyGetResponseTokenAndExpiration {
            token: auth_token,
            expires_at: auth_token_expiration,
        },
    };

    Ok((
        StatusCode::OK,
        Json(ApiResponse::<UserVerifyGetResponse>::new(response)),
    )
        .into_response())
}
Implement route to generate a new session 2024-10-07 16:48:50 -04:00			`use std::str::FromStr;`
Fetch the temporary session during validation 2024-10-05 10:45:41 -04:00
Move app-test codebase into api directory 2024-08-06 11:08:15 -04:00			`use axum::{`
Re-enable the verification route 2024-10-03 15:27:30 -04:00			`debug_handler,`
Move app-test codebase into api directory 2024-08-06 11:08:15 -04:00			`extract::{Path, Query, State},`
			`response::{IntoResponse, Response},`
Re-enable the verification route 2024-10-03 15:27:30 -04:00			`Json,`
Move app-test codebase into api directory 2024-08-06 11:08:15 -04:00			`};`
			`use http::StatusCode;`
Re-enable the verification route 2024-10-03 15:27:30 -04:00			`use pasetors::{claims::ClaimsValidationRules, keys::SymmetricKey, version4::V4};`
Change status code associated with missing session 2024-10-05 13:20:53 -04:00			`use tracing::{debug, error};`
Fetch the temporary session during validation 2024-10-05 10:45:41 -04:00			`use uuid::Uuid;`
Move app-test codebase into api directory 2024-08-06 11:08:15 -04:00
			`use crate::{`
Implement route to generate a new session 2024-10-07 16:48:50 -04:00			`db::{verify_user, DbPool},`
			`models::{ApiResponse, AppError},`
			`requests::{`
			`auth::generate_login_auth_and_session_tokens,`
			`user::verify::UserVerifyGetResponseTokenAndExpiration, AppState,`
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`},`
Implement route to generate a new session 2024-10-07 16:48:50 -04:00			`services::{auth_token::verify_token, user_session, CachePool},`
Move app-test codebase into api directory 2024-08-06 11:08:15 -04:00			`};`

Re-enable the verification route 2024-10-03 15:27:30 -04:00			`use super::{UserVerifyGetParams, UserVerifyGetResponse};`
Move app-test codebase into api directory 2024-08-06 11:08:15 -04:00
Re-enable the verification route 2024-10-03 15:27:30 -04:00			`#[debug_handler]`
			`pub async fn user_verification_get_handler(`
			`State(state): State<AppState>,`
			`Path(user_id): Path<i32>,`
			`Query(query): Query<UserVerifyGetParams>,`
Change requests to return an AppError on failure 2024-10-03 15:55:38 -04:00			`) -> Result<Response, AppError> {`
Fetch the temporary session during validation 2024-10-05 10:45:41 -04:00			`let db_pool = state.db_pool();`
			`let cache_pool = state.cache_pool();`
Re-enable the verification route 2024-10-03 15:27:30 -04:00			`let env = state.env();`

			`let UserVerifyGetParams { verification_token } = query;`
			`let token_key = env.token_key();`
Fetch the temporary session during validation 2024-10-05 10:45:41 -04:00			`verify_new_user_request(db_pool, cache_pool, user_id, verification_token, token_key).await`
Move app-test codebase into api directory 2024-08-06 11:08:15 -04:00			`}`

Re-enable the verification route 2024-10-03 15:27:30 -04:00			`async fn verify_new_user_request(`
Fetch the temporary session during validation 2024-10-05 10:45:41 -04:00			`db_pool: &DbPool,`
			`cache_pool: &CachePool,`
Re-enable the verification route 2024-10-03 15:27:30 -04:00			`user_id: i32,`
			`verification_token: String,`
			`token_key: &SymmetricKey<V4>,`
Change requests to return an AppError on failure 2024-10-03 15:55:38 -04:00			`) -> Result<Response, AppError> {`
Re-enable the verification route 2024-10-03 15:27:30 -04:00			`debug!(user_id);`
Move app-test codebase into api directory 2024-08-06 11:08:15 -04:00
			`let validation_rules = {`
			`let mut rules = ClaimsValidationRules::new();`
			`rules.validate_audience_with(format!("/user/{user_id}/verify").as_str());`
			`rules`
			`};`

Fetch the temporary session during validation 2024-10-05 10:45:41 -04:00			`let verified_token = verify_token(`
			`token_key,`
			`verification_token.as_str(),`
			`Some(validation_rules.clone()),`
			`)`
			`.inspect_err(\|err\| error!(?err))?;`

Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`let verification_token_id = verified_token`
Fetch the temporary session during validation 2024-10-05 10:45:41 -04:00			`.payload_claims()`
			`.map(\|claims\| claims.get_claim("jti"))`
			`.flatten()`
			`.map(\|jti\| Uuid::from_str(jti.as_str().unwrap()).unwrap())`
			`.unwrap();`

Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`user_session::exists(cache_pool, verification_token_id)`
Change status code associated with missing session 2024-10-05 13:20:53 -04:00			`.await`
			`.and_then(\|exists\| {`
			`if exists {`
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`Ok(user_session::get_user_session(`
			`cache_pool,`
			`verification_token_id,`
			`))`
Change status code associated with missing session 2024-10-05 13:20:53 -04:00			`} else {`
			`Err(AppError::no_session_found())`
			`}`
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`})?`
			`.await?;`

Implement route to generate a new session 2024-10-07 16:48:50 -04:00			`verify_user(db_pool, user_id)`
			`.await`
			`.inspect_err(\|err\| error!(?err))?;`
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00
Implement route to generate a new session 2024-10-07 16:48:50 -04:00			`let ((session_token, session_token_expiration), (auth_token, auth_token_expiration)) =`
			`generate_login_auth_and_session_tokens(cache_pool, token_key, user_id).await?;`
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00
Implement route to generate a new session 2024-10-07 16:48:50 -04:00			`let response = UserVerifyGetResponse {`
Create session objects during login, also store auth token for users 2024-10-06 14:08:26 -04:00			`user_id,`
			`session: UserVerifyGetResponseTokenAndExpiration {`
			`token: session_token,`
			`expires_at: session_token_expiration,`
			`},`
			`auth: UserVerifyGetResponseTokenAndExpiration {`
			`token: auth_token,`
			`expires_at: auth_token_expiration,`
			`},`
Implement route to generate a new session 2024-10-07 16:48:50 -04:00			`};`
Move app-test codebase into api directory 2024-08-06 11:08:15 -04:00
			`Ok((`
			`StatusCode::OK,`
			`Json(ApiResponse::<UserVerifyGetResponse>::new(response)),`
			`)`
			`.into_response())`
			`}`