From b9d75e22db72aabf47815e381aa6432c1bff3877 Mon Sep 17 00:00:00 2001
From: Tolmachev Igor <me@igorek.dev>
Date: Mon, 1 Sep 2025 13:32:05 +0300
Subject: Add account endpoints

---
 src/auth.rs | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 src/auth.rs

(limited to 'src/auth.rs')

diff --git a/src/auth.rs b/src/auth.rs
new file mode 100644
index 0000000..418f64e
--- /dev/null
+++ b/src/auth.rs
@@ -0,0 +1,49 @@
+use argon2::password_hash::rand_core::OsRng;
+use argon2::password_hash::{PasswordHasher, SaltString};
+use argon2::{Argon2, PasswordHash, PasswordVerifier};
+use jsonwebtoken::{self as jwt, DecodingKey, EncodingKey, Header, Validation};
+use serde::{Deserialize, Serialize};
+
+#[derive(Serialize, Deserialize)]
+pub struct JwtClaims {
+    pub sub: i64,
+    pub iat: i64,
+    pub exp: i64,
+}
+
+pub fn create_password(password: &str) -> argon2::password_hash::Result<String> {
+    Ok(Argon2::default()
+        .hash_password(password.as_bytes(), &SaltString::generate(&mut OsRng))?
+        .to_string())
+}
+
+pub fn validate_password(
+    password: &str,
+    password_hash: &str,
+) -> argon2::password_hash::Result<bool> {
+    Ok(Argon2::default()
+        .verify_password(password.as_bytes(), &PasswordHash::new(password_hash)?)
+        .is_ok())
+}
+
+pub fn create_jwt(claims: &JwtClaims, secret: &str) -> jwt::errors::Result<String> {
+    jwt::encode(
+        &Header::default(),
+        claims,
+        &EncodingKey::from_secret(secret.as_bytes()),
+    )
+}
+
+pub fn validate_jwt(token: &str, secret: &str) -> jwt::errors::Result<JwtClaims> {
+    let mut validation = Validation::default();
+    validation.set_required_spec_claims(&["exp"]);
+    validation.validate_exp = true;
+    validation.leeway = 0;
+
+    Ok(jwt::decode(
+        token,
+        &DecodingKey::from_secret(secret.as_bytes()),
+        &validation,
+    )?
+    .claims)
+}
-- 
cgit v1.2.3