From b9d75e22db72aabf47815e381aa6432c1bff3877 Mon Sep 17 00:00:00 2001
From: Tolmachev Igor <me@igorek.dev>
Date: Mon, 1 Sep 2025 13:32:05 +0300
Subject: Add account endpoints

---
 src/extract/auth.rs | 36 ++++++++++++++++++++++++++++++++++++
 src/extract/json.rs | 19 +++++++++++++++++++
 src/extract/mod.rs  |  5 +++++
 3 files changed, 60 insertions(+)
 create mode 100644 src/extract/auth.rs
 create mode 100644 src/extract/json.rs
 create mode 100644 src/extract/mod.rs

(limited to 'src/extract')

diff --git a/src/extract/auth.rs b/src/extract/auth.rs
new file mode 100644
index 0000000..cc357fd
--- /dev/null
+++ b/src/extract/auth.rs
@@ -0,0 +1,36 @@
+use axum::extract::FromRequestParts;
+use axum::http::request::Parts;
+use axum_extra::TypedHeader;
+use entity::users;
+use headers::authorization::{Authorization, Bearer};
+use sea_orm::EntityTrait;
+
+use crate::{ApiError, AppState, validate_jwt};
+
+pub struct Auth(pub users::Model);
+
+impl FromRequestParts<AppState> for Auth {
+    type Rejection = ApiError;
+
+    async fn from_request_parts(
+        parts: &mut Parts,
+        state: &AppState,
+    ) -> Result<Self, Self::Rejection> {
+        let token_header =
+            TypedHeader::<Authorization<Bearer>>::from_request_parts(parts, state).await?;
+
+        let jwt_claims = validate_jwt(token_header.token(), &state.secret)
+            .map_err(|_| ApiError::NotAuthorized)?;
+
+        let user = users::Entity::find_by_id(jwt_claims.sub)
+            .one(&state.db)
+            .await?
+            .ok_or(ApiError::NotAuthorized)?;
+
+        if jwt_claims.iat < user.password_issue_date.and_utc().timestamp() {
+            return Err(ApiError::NotAuthorized);
+        }
+
+        Ok(Auth(user))
+    }
+}
diff --git a/src/extract/json.rs b/src/extract/json.rs
new file mode 100644
index 0000000..cfde15b
--- /dev/null
+++ b/src/extract/json.rs
@@ -0,0 +1,19 @@
+use axum::extract::rejection::JsonRejection;
+use axum::extract::{FromRequest, Request};
+
+use crate::error::ApiError;
+
+pub struct ApiJson<T>(pub T);
+
+impl<S, T> FromRequest<S> for ApiJson<T>
+where
+    axum::Json<T>: FromRequest<S, Rejection = JsonRejection>,
+    S: Send + Sync,
+{
+    type Rejection = ApiError;
+
+    #[inline]
+    async fn from_request(req: Request, state: &S) -> Result<Self, Self::Rejection> {
+        Ok(Self(axum::Json::<T>::from_request(req, state).await?.0))
+    }
+}
diff --git a/src/extract/mod.rs b/src/extract/mod.rs
new file mode 100644
index 0000000..b46a610
--- /dev/null
+++ b/src/extract/mod.rs
@@ -0,0 +1,5 @@
+mod auth;
+mod json;
+
+pub use auth::Auth;
+pub use json::ApiJson;
-- 
cgit v1.2.3