diff options
| author | rtkay123 <dev@kanjala.com> | 2025-07-25 18:37:32 +0200 |
|---|---|---|
| committer | rtkay123 <dev@kanjala.com> | 2025-07-25 18:37:32 +0200 |
| commit | 3406efe921e877878d8ba656651e0d90382586ae (patch) | |
| tree | 72538576df711385490d12a4ef9fed0781ce9de2 /crates/auth/src/server | |
| parent | 3831e5a42ab4e21f116537c5251582245de37f0b (diff) | |
| download | sellershut-3406efe921e877878d8ba656651e0d90382586ae.tar.bz2 sellershut-3406efe921e877878d8ba656651e0d90382586ae.zip | |
feat(auth): validate token
Diffstat (limited to 'crates/auth/src/server')
| -rw-r--r-- | crates/auth/src/server/grpc.rs | 2 | ||||
| -rw-r--r-- | crates/auth/src/server/grpc/auth.rs | 50 | ||||
| -rw-r--r-- | crates/auth/src/server/grpc/interceptor.rs | 11 | ||||
| -rw-r--r-- | crates/auth/src/server/routes/authorised.rs | 11 |
4 files changed, 64 insertions, 10 deletions
diff --git a/crates/auth/src/server/grpc.rs b/crates/auth/src/server/grpc.rs new file mode 100644 index 0000000..0fd775b --- /dev/null +++ b/crates/auth/src/server/grpc.rs @@ -0,0 +1,2 @@ +pub mod auth; +pub mod interceptor; diff --git a/crates/auth/src/server/grpc/auth.rs b/crates/auth/src/server/grpc/auth.rs new file mode 100644 index 0000000..fb00291 --- /dev/null +++ b/crates/auth/src/server/grpc/auth.rs @@ -0,0 +1,50 @@ +use std::str::FromStr; + +use jsonwebtoken::DecodingKey; +use sellershut_core::auth::{ValidationRequest, ValidationResponse, auth_server::Auth}; +use tonic::{Request, Response, Status, async_trait}; +use tower_sessions::{SessionStore, session::Id}; +use tracing::warn; + +use crate::{auth::Claims, state::AppHandle}; + +#[async_trait] +impl Auth for AppHandle { + async fn validate_auth_token( + &self, + request: Request<ValidationRequest>, + ) -> Result<Response<ValidationResponse>, Status> { + let token = request.into_inner().token; + + let token = jsonwebtoken::decode::<Claims>( + &token, + &DecodingKey::from_secret(self.local_config.oauth.jwt_encoding_key.as_bytes()), + &jsonwebtoken::Validation::default(), + ); + + match token { + Ok(value) => { + let session_id = value.claims.sid; + let store = &self.session_store; + match Id::from_str(&session_id) { + Ok(ref id) => { + if let Ok(Some(_)) = store.load(id).await { + return Ok(Response::new(ValidationResponse { valid: true })); + } else { + return Ok(Response::new(Default::default())); + } + } + Err(e) => { + warn!("{e}"); + + return Ok(Response::new(Default::default())); + } + } + } + Err(e) => { + warn!("{e}"); + Ok(Response::new(ValidationResponse::default())) + } + } + } +} diff --git a/crates/auth/src/server/grpc/interceptor.rs b/crates/auth/src/server/grpc/interceptor.rs new file mode 100644 index 0000000..6fbe7fa --- /dev/null +++ b/crates/auth/src/server/grpc/interceptor.rs @@ -0,0 +1,11 @@ +use tonic::{Status, service::Interceptor}; +use tracing::Span; + +#[derive(Clone, Copy)] +pub struct MyInterceptor; + +impl Interceptor for MyInterceptor { + fn call(&mut self, request: tonic::Request<()>) -> Result<tonic::Request<()>, Status> { + Ok(request) + } +} diff --git a/crates/auth/src/server/routes/authorised.rs b/crates/auth/src/server/routes/authorised.rs index 27f02bc..50fcfc8 100644 --- a/crates/auth/src/server/routes/authorised.rs +++ b/crates/auth/src/server/routes/authorised.rs @@ -19,6 +19,7 @@ use tower_sessions::{ use uuid::Uuid; use crate::{ + auth::Claims, error::AppError, server::{ OAUTH_CSRF_COOKIE, csrf_token_validation::csrf_token_validation_workflow, routes::Provider, @@ -55,16 +56,6 @@ struct DbUser { const SESSION_COOKIE: &str = "info"; const SESSION_DATA_KEY: &str = "data"; -#[derive(Debug, Serialize, Deserialize)] -struct Claims { - iss: String, - sub: Uuid, - exp: i64, - iat: i64, - sid: String, - aud: String, -} - pub async fn login_authorised( Query(query): Query<AuthRequest>, State(state): State<AppHandle>, |