summaryrefslogtreecommitdiffstats
path: root/crates/auth-service/src/server/csrf_token_validation.rs
diff options
context:
space:
mode:
authorrtkay123 <dev@kanjala.com>2025-07-26 19:24:38 +0200
committerrtkay123 <dev@kanjala.com>2025-07-26 19:24:38 +0200
commite26d87f4fa18999c6bcfbcf32cfa85adab11acdd (patch)
tree603c6dacb6c448984bdcc5fa2b4a9314f1a23960 /crates/auth-service/src/server/csrf_token_validation.rs
parent236876f1d0539ac22a3977fd8599933725ad0f90 (diff)
downloadsellershut-e26d87f4fa18999c6bcfbcf32cfa85adab11acdd.tar.bz2
sellershut-e26d87f4fa18999c6bcfbcf32cfa85adab11acdd.zip
feat(auth): create user call
Diffstat (limited to 'crates/auth-service/src/server/csrf_token_validation.rs')
-rw-r--r--crates/auth-service/src/server/csrf_token_validation.rs40
1 files changed, 40 insertions, 0 deletions
diff --git a/crates/auth-service/src/server/csrf_token_validation.rs b/crates/auth-service/src/server/csrf_token_validation.rs
new file mode 100644
index 0000000..94424c8
--- /dev/null
+++ b/crates/auth-service/src/server/csrf_token_validation.rs
@@ -0,0 +1,40 @@
+use anyhow::{Context, anyhow};
+use oauth2::CsrfToken;
+use tower_sessions::{CachingSessionStore, SessionStore, session::Id};
+use tower_sessions_moka_store::MokaStore;
+use tower_sessions_sqlx_store::PostgresStore;
+
+use crate::{
+ error::AppError,
+ server::{CSRF_TOKEN, routes::authorised::AuthRequest},
+};
+
+pub async fn csrf_token_validation_workflow(
+ auth_request: &AuthRequest,
+ store: &CachingSessionStore<MokaStore, PostgresStore>,
+ oauth_session_id: Id,
+) -> Result<(), AppError> {
+ let oauth_session = store.load(&oauth_session_id).await.unwrap().unwrap();
+
+ // Extract the CSRF token from the session
+ let csrf_token_serialized = oauth_session
+ .data
+ .get(CSRF_TOKEN)
+ .context("failed to get value from session")?;
+ let csrf_token = serde_json::from_value::<CsrfToken>(csrf_token_serialized.clone())
+ .context("CSRF token not found in session")?
+ .to_owned();
+
+ // Cleanup the CSRF token session
+ store
+ .delete(&oauth_session_id)
+ .await
+ .context("Failed to destroy old session")?;
+
+ // Validate CSRF token is the same as the one in the auth request
+ if *csrf_token.secret() != auth_request.state {
+ return Err(anyhow!("CSRF token mismatch").into());
+ }
+
+ Ok(())
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-14 16:55:32 +0000