diff --git a/api/src/db/account_type.rs b/api/src/db/account_type.rs index efbb1ca..a52668e 100644 --- a/api/src/db/account_type.rs +++ b/api/src/db/account_type.rs @@ -4,6 +4,7 @@ use serde::{Deserialize, Serialize}; Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize, sqlx::Type, )] #[sqlx(type_name = "account_type", rename_all = "PascalCase")] +#[serde(rename_all = "lowercase")] pub enum AccountType { Asset, Equity, diff --git a/api/src/db/permission.rs b/api/src/db/permission.rs index 423b294..0a3f149 100644 --- a/api/src/db/permission.rs +++ b/api/src/db/permission.rs @@ -28,7 +28,7 @@ pub async fn get_all_permissions_by_category( category: PermissionCategoryType, ) -> Result, AppError> { sqlx::query_as::<_, PermissionEntity>( - "SELECT id, category, name value FROM public.permission WHERE category = $1;", + "SELECT id, category, name, value FROM public.permission WHERE category = $1;", ) .bind(category) .fetch_all(pool) @@ -64,14 +64,15 @@ pub async fn get_many_permissions_by_id( .collect::>() .join(","); - sqlx::query_as::<_, PermissionEntity>( - "SELECT id, category, name, value FROM public.permission WHERE id IN ($1);", - ) - .bind(ids.as_str()) - .fetch_all(pool) - .await - .inspect_err(|err| error!(?err, ?ids, "Unable to fetch permissions")) - .map_err(From::from) + let query = + format!("SELECT id, category, name, value FROM public.permission WHERE id IN ({ids});",); + + sqlx::query_as::<_, PermissionEntity>(query.as_str()) + .bind(ids.as_str()) + .fetch_all(pool) + .await + .inspect_err(|err| error!(?err, ?ids, "Unable to fetch permissions")) + .map_err(From::from) } pub async fn _get_permission_by_category_and_name( diff --git a/api/src/db/user_account_permission.rs b/api/src/db/user_account_permission.rs index 4dc118c..fae7bbd 100644 --- a/api/src/db/user_account_permission.rs +++ b/api/src/db/user_account_permission.rs @@ -4,8 +4,8 @@ use tracing::error; use crate::models::AppError; use super::{ - get_all_permissions_by_category, get_many_permissions_by_id, DbPool, PermissionCategoryType, - PermissionEntity, StatusType, + DbPool, PermissionCategoryType, PermissionEntity, StatusType, get_all_permissions_by_category, + get_many_permissions_by_id, }; #[allow(dead_code)] @@ -38,7 +38,9 @@ pub async fn associate_account_with_user_as_owner( .collect::>() .join(","); - let query = format!("INSERT INTO public.user_account_relation (user_id, account_id, permission_id) VALUES {values} RETURNING (id, user_id, account_id, permission_id, status);"); + let query = format!( + "INSERT INTO public.user_account_permission (user_id, account_id, permission_id) VALUES {values} RETURNING id, user_id, account_id, permission_id, status;" + ); let permission_ids = sqlx::query_as::<_, UserAccountPermissionEntity>(query.as_str()) .fetch_all(pool) diff --git a/api/src/models/session.rs b/api/src/models/session.rs index 7898ca7..e72e924 100644 --- a/api/src/models/session.rs +++ b/api/src/models/session.rs @@ -56,7 +56,7 @@ impl FromRequestParts for Session { let token_id = trusted_token .payload_claims() - .and_then(|claims| claims.get_claim("kid")) + .and_then(|claims| claims.get_claim("jti")) .ok_or(AppError::invalid_token()) .map(|value| value.as_str().unwrap()) .and_then(|token_id| Uuid::try_from(token_id).map_err(|_| AppError::invalid_token()))?; diff --git a/api/src/requests/account/create/models/request.rs b/api/src/requests/account/create/models/request.rs index 235e6bc..8b84153 100644 --- a/api/src/requests/account/create/models/request.rs +++ b/api/src/requests/account/create/models/request.rs @@ -3,6 +3,7 @@ use serde::Deserialize; use crate::db::AccountType; #[derive(Debug, Deserialize)] +#[serde(rename_all = "camelCase")] pub struct AccountCreationRequest { pub r#type: AccountType, pub name: String, diff --git a/api/src/services/auth_token.rs b/api/src/services/auth_token.rs index 9642353..4bb5e69 100644 --- a/api/src/services/auth_token.rs +++ b/api/src/services/auth_token.rs @@ -1,8 +1,9 @@ use std::time::{Duration, SystemTime}; -use http::{header::AUTHORIZATION, HeaderMap}; +use http::{HeaderMap, header::AUTHORIZATION}; use humantime::format_rfc3339_seconds; use pasetors::{ + Local, claims::{Claims, ClaimsValidationRules}, errors::{ClaimValidationError, Error as TokenError}, footer::Footer, @@ -10,14 +11,13 @@ use pasetors::{ local, token::{TrustedToken, UntrustedToken}, version4::V4, - Local, }; use tracing::error; use uuid::Uuid; use crate::models::AppError; -use super::{cache, CachePool}; +use super::{CachePool, cache}; static AUTH_TOKEN_CACHE_KEY_PREFIX: &'static str = "debt_pirate:auth:"; static ONE_DAY: Duration = Duration::from_secs(86_400); @@ -175,7 +175,10 @@ fn map_token_error(err: TokenError) -> AppError { ClaimValidationError::Exp => AppError::expired_token(), _ => AppError::invalid_token(), }, - _ => AppError::invalid_token(), + _ => { + error!(?err); + AppError::invalid_token() + } } }