Added token expiration

This commit is contained in:
franklinblanco 2022-07-07 19:00:38 -04:00
parent dc9b063f70
commit ba2594b84c
3 changed files with 30 additions and 9 deletions

View File

@ -18,3 +18,5 @@ pub const ERROR_INVALID_TOKEN: (&str, &str) = ("ERROR.INVALID_TOKEN", "The token
pub const ERROR_INCORRECT_TOKEN: (&str, &str) = ("ERROR.INCORRECT_TOKEN", "The token you have supplied does not belong to this user.");
pub const ERROR_MISSING_TOKEN: (&str, &str) = ("ERROR.MISSING_TOKEN", "No token supplied.");
pub const ERROR_EXPIRED_TOKEN: (&str, &str) = ("ERROR.EXPIRED_TOKEN", "The token you have supplied is expired.");

View File

@ -41,6 +41,7 @@ pub async fn start_all_routes(after_startup_fn_call: &dyn Fn(), state: SharedSta
.service(user_routes::create_user)
.service(user_routes::authenticate_user_with_password)
.service(user_routes::refresh_auth_token)
.service(user_routes::authenticate_user_with_auth_token)
//.service(user_routes::get_user_from_db)
})
.bind((host_addr, host_port))?

View File

@ -2,9 +2,10 @@ use core::panic;
use std::{sync::Mutex};
use actix_web::{web::{self, Data}, HttpResponse, post, patch, HttpRequest};
use chrono::{Utc};
use sqlx::MySqlConnection;
use crate::{r#do::user::User, dao::{user_dao::{insert_user, find_user_by_email}, token_dao::{insert_token, self, update_token_with_id}}, dto::{user_dtos::{UserForCreationDto, UserForLoginDto}, message_resources_dtos::MessageResourceDto}, validation::user_validator, util::hasher::{self, generate_multiple_random_token_with_rng}, r#do::token::Token, resources::error_messages::{ERROR_USER_ALREADY_EXISTS, ERROR_USER_DOES_NOT_EXIST, ERROR_PASSWORD_INCORRECT, ERROR_INVALID_TOKEN, ERROR_MISSING_TOKEN, ERROR_INCORRECT_TOKEN}};
use crate::{r#do::user::User, dao::{user_dao::{insert_user, find_user_by_email}, token_dao::{insert_token, self, update_token_with_id}}, dto::{user_dtos::{UserForCreationDto, UserForLoginDto}, message_resources_dtos::MessageResourceDto}, validation::user_validator, util::hasher::{self, generate_multiple_random_token_with_rng}, r#do::token::Token, resources::error_messages::{ERROR_USER_ALREADY_EXISTS, ERROR_USER_DOES_NOT_EXIST, ERROR_PASSWORD_INCORRECT, ERROR_INVALID_TOKEN, ERROR_MISSING_TOKEN, ERROR_INCORRECT_TOKEN, ERROR_EXPIRED_TOKEN}, r#do::token::AUTH_TOKEN_EXPIRATION_TIME_IN_DAYS, r#do::token::REFRESH_TOKEN_EXPIRATION_TIME_IN_DAYS};
/*#[get("/u&ser/{id}")]
pub async fn get_user_from_db(id: Path<i32>, db_conn: Data<Mutex<MySqlConnection>>) -> HttpResponse {
@ -119,9 +120,8 @@ pub async fn authenticate_user_with_password(incoming_user: web::Json<UserForLog
HttpResponse::Ok().json(token_to_insert)
}
pub async fn _authenticate_user_with_auth_token(request: HttpRequest, user_id: web::Path<i32>, db_conn: Data<Mutex<MySqlConnection>>) -> HttpResponse{
#[post("/user/auth/token/{user_id}")]
pub async fn authenticate_user_with_auth_token(request: HttpRequest, user_id: web::Path<i32>, db_conn: Data<Mutex<MySqlConnection>>) -> HttpResponse{
let mut message_resources: Vec<MessageResourceDto> = Vec::new();
let headers = request.headers();
let auth_token = match headers.get("auth-token") {
@ -145,7 +145,16 @@ pub async fn _authenticate_user_with_auth_token(request: HttpRequest, user_id: w
match token_dao::get_tokens_with_user_id(&mut db_conn.lock().unwrap(), &user_id).await {
Ok(tokens) => {
for token in tokens{
if token.auth_token == auth_token{ return HttpResponse::Ok().finish(); }
let now = Utc::now().naive_utc();
match token.auth_token == auth_token{
true if token.last_updated.unwrap().signed_duration_since(now).num_days() <
AUTH_TOKEN_EXPIRATION_TIME_IN_DAYS.into() => { return HttpResponse::Ok().finish(); },
true => {
message_resources.push(MessageResourceDto::new_from_error_message(ERROR_EXPIRED_TOKEN));
return HttpResponse::Unauthorized().json(web::Json(message_resources));
},
false => {}
}
};
message_resources.push(MessageResourceDto::new_from_error_message(ERROR_INCORRECT_TOKEN));
return HttpResponse::Unauthorized().json(web::Json(message_resources));
@ -185,8 +194,15 @@ pub async fn refresh_auth_token(request: HttpRequest, user_id: web::Path<i32>, d
Ok(tokens) => {
let mut matched_token: Option<Token> = None;
for token in tokens{
if token.refresh_token == refresh_token{
matched_token = Some(token);
let now = Utc::now().naive_utc();
match token.refresh_token == refresh_token{
true if token.last_updated.unwrap().signed_duration_since(now).num_days() <
REFRESH_TOKEN_EXPIRATION_TIME_IN_DAYS.into() => { matched_token = Some(token) },
true => {
message_resources.push(MessageResourceDto::new_from_error_message(ERROR_EXPIRED_TOKEN));
return HttpResponse::Unauthorized().json(web::Json(message_resources));
},
false => {}
}
};
match matched_token {
@ -214,3 +230,5 @@ pub async fn refresh_auth_token(request: HttpRequest, user_id: web::Path<i32>, d
return HttpResponse::InternalServerError().json(web::Json(message_resources));
}};
}