summaryrefslogtreecommitdiffstats
path: root/crates/auth/src/server/routes/authorised.rs
diff options
context:
space:
mode:
Diffstat (limited to 'crates/auth/src/server/routes/authorised.rs')
-rw-r--r--crates/auth/src/server/routes/authorised.rs137
1 files changed, 131 insertions, 6 deletions
diff --git a/crates/auth/src/server/routes/authorised.rs b/crates/auth/src/server/routes/authorised.rs
index d493db5..27f02bc 100644
--- a/crates/auth/src/server/routes/authorised.rs
+++ b/crates/auth/src/server/routes/authorised.rs
@@ -8,13 +8,15 @@ use axum::{
};
use axum_extra::{TypedHeader, headers};
use oauth2::{AuthorizationCode, TokenResponse};
-use reqwest::header::SET_COOKIE;
+use reqwest::{StatusCode, header::SET_COOKIE};
use serde::{Deserialize, Serialize};
use sqlx::types::uuid;
+use time::OffsetDateTime;
use tower_sessions::{
SessionStore,
session::{Id, Record},
};
+use uuid::Uuid;
use crate::{
error::AppError,
@@ -37,17 +39,38 @@ struct User {
avatar: Option<String>,
username: String,
discriminator: String,
+ verified: bool,
+ email: String,
+}
+
+#[derive(Debug, Deserialize, Serialize)]
+struct DbUser {
+ id: Uuid,
+ email: String,
+ created_at: OffsetDateTime,
+ updated_at: OffsetDateTime,
}
/// The cookie to store the session id for user information.
const SESSION_COOKIE: &str = "info";
const SESSION_DATA_KEY: &str = "data";
+#[derive(Debug, Serialize, Deserialize)]
+struct Claims {
+ iss: String,
+ sub: Uuid,
+ exp: i64,
+ iat: i64,
+ sid: String,
+ aud: String,
+}
+
pub async fn login_authorised(
Query(query): Query<AuthRequest>,
State(state): State<AppHandle>,
TypedHeader(cookies): TypedHeader<headers::Cookie>,
) -> Result<impl IntoResponse, AppError> {
+ let provider = query.provider.to_string();
let oauth_session_id = Id::from_str(
cookies
.get(OAUTH_CSRF_COOKIE)
@@ -66,19 +89,112 @@ pub async fn login_authorised(
.await
.context("failed in sending request request to authorisation server")?;
- let user_data: User = client
+ let user_data = client
// https://discord.com/developers/docs/resources/user#get-current-user
.get("https://discordapp.com/api/users/@me")
.bearer_auth(token.access_token().secret())
.send()
.await
.context("failed in sending request to target Url")?
- .json::<User>()
+ .json::<serde_json::Value>()
.await
.context("failed to deserialise response as JSON")?;
+ let user_data: User = serde_json::from_value(user_data)?;
+
+ if !user_data.verified {
+ return Ok((StatusCode::UNAUTHORIZED, "email is not verified").into_response());
+ }
+
// Create a new session filled with user data
let session_id = Id(i128::from_le_bytes(uuid::Uuid::new_v4().to_bytes_le()));
+
+ let mut transaction = state.services.postgres.begin().await?;
+
+ let user = sqlx::query_as!(
+ DbUser,
+ "
+ select
+ p.*
+ from
+ auth_user p
+ inner join
+ oauth_account a
+ on
+ p.id=a.user_id
+ where a.provider_id = $1 and a.provider_user_id = $2
+ ",
+ provider,
+ user_data.id
+ )
+ .fetch_optional(&mut *transaction)
+ .await?;
+
+ let user = if let Some(user) = user {
+ println!("some");
+ user
+ } else {
+ println!("none");
+ let uuid = uuid::Uuid::now_v7();
+ let user = sqlx::query_as!(
+ DbUser,
+ "insert into auth_user (id, email) values ($1, $2)
+ on conflict (email) do update
+ set email = excluded.email
+ returning *;
+ ",
+ uuid,
+ user_data.email,
+ // user_data.avatar.as_ref().map(|value| {
+ // format!(
+ // "https://cdn.discordapp.com/avatars/{}/{value}",
+ // user_data.id
+ // )
+ // })
+ )
+ .fetch_one(&mut *transaction)
+ .await?;
+
+ sqlx::query_as!(
+ DbUser,
+ "with upsert as (
+ insert into oauth_account (provider_id, provider_user_id, user_id) values ($1, $2, $3)
+ on conflict (provider_id, provider_user_id) do update
+ set provider_id = excluded.provider_id -- no-op
+ returning user_id
+ )
+ select u.*
+ from upsert
+ join auth_user u on u.id = upsert.user_id;
+ ",
+ provider,
+ user_data.id,
+ user.id
+ )
+ .fetch_one(&mut *transaction)
+ .await?
+ };
+
+ let exp = OffsetDateTime::now_utc() + Duration::from_secs(15 * 60);
+
+ let claims = Claims {
+ sub: user.id,
+ // Mandatory expiry time as UTC timestamp
+ exp: exp.unix_timestamp(),
+ iss: "sellershut".to_owned(),
+ sid: session_id.to_string(),
+ aud: "sellershut".to_owned(),
+ iat: OffsetDateTime::now_utc().unix_timestamp(),
+ };
+
+ let token = jsonwebtoken::encode(
+ &jsonwebtoken::Header::default(),
+ &claims,
+ &jsonwebtoken::EncodingKey::from_secret(
+ state.local_config.oauth.jwt_encoding_key.as_bytes(),
+ ),
+ )?;
+
store
.create(&mut Record {
id: session_id,
@@ -93,15 +209,24 @@ pub async fn login_authorised(
.await
.context("failed in inserting serialised value into session")?;
- // Store session and get corresponding cookie.
+ sqlx::query!(
+ "insert into token (user_id, token, session_id) values ($1, $2, $3)",
+ user.id,
+ token,
+ session_id.to_string()
+ )
+ .execute(&mut *transaction)
+ .await?;
+
let cookie = format!("{SESSION_COOKIE}={session_id}; SameSite=Lax; HttpOnly; Secure; Path=/");
- // Set cookie
let mut headers = HeaderMap::new();
headers.insert(
SET_COOKIE,
cookie.parse().context("failed to parse cookie")?,
);
- Ok((headers, Redirect::to("/")))
+ transaction.commit().await?;
+
+ Ok((headers, Redirect::to("/")).into_response())
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-14 16:56:19 +0000