Added authentication with token and deleting expired user. Plus, constants for how long tokens should be expired for

2022-07-07 11:45:50 -04:00 · 2022-07-07 11:45:50 -04:00 · aaa91cc330
parent 19fdedc49e
commit aaa91cc330
4 changed files with 84 additions and 26 deletions
--- a/sql/schema/token/delete_expired_tokens.sql
+++ b/sql/schema/token/delete_expired_tokens.sql
@ -0,0 +1,4 @@
+DELETE FROM token
+where 
+TIMESTAMPDIFF(DAY, NOW(), last_updated) > ? AND
+TIMESTAMPDIFF(DAY, NOW(), time_created) > ?
--- a/src/dao/token_dao.rs
+++ b/src/dao/token_dao.rs
@ -1,13 +1,20 @@
 use sqlx::{MySqlConnection, mysql::MySqlQueryResult};

 use crate::r#do::token::Token;
+use crate::r#do::token::{AUTH_TOKEN_EXPIRATION_TIME_IN_DAYS, REFRESH_TOKEN_EXPIRATION_TIME_IN_DAYS};
+

 pub async fn insert_token(conn: &mut MySqlConnection, token: &Token) -> Result<MySqlQueryResult, sqlx::Error> {
    sqlx::query_file!("sql/schema/token/insert.sql", token.user_id, token.auth_token, token.refresh_token).execute(conn).await
 }
-pub async fn get_token_with_user_id(conn: &mut MySqlConnection, user_id: &i32) -> Result<Token, sqlx::Error> {
-    sqlx::query_file_as!(Token, "sql/schema/token/find_with_user_id.sql", user_id).fetch_one(conn).await
+pub async fn get_tokens_with_user_id(conn: &mut MySqlConnection, user_id: &i32) -> Result<Vec<Token>, sqlx::Error> {
+    sqlx::query_file_as!(Token, "sql/schema/token/find_with_user_id.sql", user_id).fetch_all(conn).await
 }
 pub async fn update_token_with_id(conn: &mut MySqlConnection, token: &Token ) -> Result<MySqlQueryResult, sqlx::Error> {
-    sqlx::query_file_as!(Token, "sql/schema/token/update.sql", token.auth_token, token.refresh_token, token.id).execute(conn).await
-}
+    sqlx::query_file!("sql/schema/token/update.sql", token.auth_token, token.refresh_token, token.id).execute(conn).await
+}
+pub async fn delete_expired_tokens(conn: &mut MySqlConnection) -> Result<MySqlQueryResult, sqlx::Error>{
+    sqlx::query_file!("sql/schema/token/delete_expired_tokens.sql", 
+    AUTH_TOKEN_EXPIRATION_TIME_IN_DAYS, REFRESH_TOKEN_EXPIRATION_TIME_IN_DAYS)
+    .execute(conn).await
+}
--- a/src/do/token.rs
+++ b/src/do/token.rs
@ -1,5 +1,9 @@
 use chrono::NaiveDateTime;
 use serde::{Serialize, Deserialize};
+
+pub const AUTH_TOKEN_EXPIRATION_TIME_IN_DAYS:i32 = 1;
+pub const REFRESH_TOKEN_EXPIRATION_TIME_IN_DAYS: i32 = 20;
+
 #[derive(Serialize, Deserialize)]
 pub struct Token {
    pub id: i32,
--- a/src/routes/user_routes.rs
+++ b/src/routes/user_routes.rs
@ -121,9 +121,44 @@ pub async fn authenticate_user_with_password(incoming_user: web::Json<UserForLog



-pub async fn _authenticate_user_with_auth_token(){}
+pub async fn _authenticate_user_with_auth_token(request: HttpRequest, user_id: web::Path<i32>, db_conn: Data<Mutex<MySqlConnection>>) -> HttpResponse{
+    let mut message_resources: Vec<MessageResourceDto> = Vec::new();
+    let headers = request.headers();
+    let auth_token = match headers.get("auth-token") {
+        Some(token) => {
+            match token.to_str(){
+                Ok(value) => {value},
+                Err(e) => {
+                    println!("{}", e);
+                    message_resources.push(MessageResourceDto::new_from_error_message(ERROR_INVALID_TOKEN));
+                    return HttpResponse::BadRequest().json(web::Json(message_resources));
+                }}},
+        None => {
+            message_resources.push(MessageResourceDto::new_from_error_message(ERROR_MISSING_TOKEN));
+            return HttpResponse::BadRequest().json(web::Json(message_resources));
+        }};
+
+    match token_dao::delete_expired_tokens(&mut db_conn.lock().unwrap()).await 
+    { Ok(_res) => {}, Err(_err) => {} };
+
+    let mut _persisted_token = 
+    match token_dao::get_tokens_with_user_id(&mut db_conn.lock().unwrap(), &user_id).await {
+        Ok(tokens) => {
+            for token in tokens{
+                if token.auth_token == auth_token{ return HttpResponse::Ok().finish(); }
+            };
+            message_resources.push(MessageResourceDto::new_from_error_message(ERROR_INCORRECT_TOKEN));
+            return HttpResponse::Unauthorized().json(web::Json(message_resources));
+        },
+        Err(err) if matches!(err, sqlx::Error::RowNotFound) => {
+            return HttpResponse::NotFound().json(web::Json(message_resources));
+        }
+        Err(err) => {
+            println!("{}", err);
+            return HttpResponse::InternalServerError().json(web::Json(message_resources));
+        }};
+}

-//TODO: Change auth token in db when this is used.
 #[patch("/user/refresh/{user_id}")]
 pub async fn refresh_auth_token(request: HttpRequest, user_id: web::Path<i32>, db_conn: Data<Mutex<MySqlConnection>>) -> HttpResponse{
    let mut message_resources: Vec<MessageResourceDto> = Vec::new();
@ -141,33 +176,41 @@ pub async fn refresh_auth_token(request: HttpRequest, user_id: web::Path<i32>, d
            message_resources.push(MessageResourceDto::new_from_error_message(ERROR_MISSING_TOKEN));
            return HttpResponse::BadRequest().json(web::Json(message_resources));
        }};
+    
+    match token_dao::delete_expired_tokens(&mut db_conn.lock().unwrap()).await 
+    { Ok(_res) => {}, Err(_err) => {} };

    let mut persisted_token = 
-    match token_dao::get_token_with_user_id(&mut db_conn.lock().unwrap(), &user_id).await {
-        Ok(token) => {token},
+    match token_dao::get_tokens_with_user_id(&mut db_conn.lock().unwrap(), &user_id).await {
+        Ok(tokens) => {
+            let mut matched_token: Option<Token> = None;
+            for token in tokens{
+                if token.refresh_token == refresh_token{
+                    matched_token = Some(token);
+                }
+            };
+            match matched_token {
+                Some(token) => {token},
+                None => {            
+                    message_resources.push(MessageResourceDto::new_from_error_message(ERROR_INCORRECT_TOKEN));
+                    return HttpResponse::Unauthorized().json(web::Json(message_resources));
+                }
+            }
+        },
        Err(err) if matches!(err, sqlx::Error::RowNotFound) => {
-            println!("{}", err);
            return HttpResponse::NotFound().json(web::Json(message_resources));
        }
        Err(err) => {
            println!("{}", err);
            return HttpResponse::InternalServerError().json(web::Json(message_resources));
        }};
-
-    match persisted_token.refresh_token == refresh_token{
-        true => {
-            persisted_token.auth_token = generate_multiple_random_token_with_rng(1).await.expect("msg").get(0).expect("msg").to_string();
-            match update_token_with_id(&mut db_conn.lock().unwrap(), &persisted_token).await {
-                Ok(_rs) => {
-                    return HttpResponse::Ok().json(web::Json(persisted_token));
-                },
-                Err(err) => {            
-                    println!("{}", err);
-                    return HttpResponse::InternalServerError().json(web::Json(message_resources));
-                }};
-        },
-        false => {
-            message_resources.push(MessageResourceDto::new_from_error_message(ERROR_INCORRECT_TOKEN));
-            return HttpResponse::Unauthorized().json(web::Json(message_resources));
-        }};
+        persisted_token.auth_token = generate_multiple_random_token_with_rng(1).await.expect("msg").get(0).expect("msg").to_string();
+        match update_token_with_id(&mut db_conn.lock().unwrap(), &persisted_token).await {
+            Ok(_rs) => {
+                return HttpResponse::Ok().json(web::Json(persisted_token));
+            },
+            Err(err) => {            
+                println!("{}", err);
+                return HttpResponse::InternalServerError().json(web::Json(message_resources));
+            }};
 }