src/extract/auth.rs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

use axum::{extract::FromRequestParts, http::request::Parts};
use axum_extra::TypedHeader;
use entity::users;
use headers::authorization::{Authorization, Bearer};
use sea_orm::EntityTrait;

use crate::{AppState, ClientError, ErrorResponse, validate_jwt};

pub struct Auth(pub users::Model);

impl FromRequestParts<AppState> for Auth {
    type Rejection = ErrorResponse;

    async fn from_request_parts(
        parts: &mut Parts,
        state: &AppState,
    ) -> Result<Self, Self::Rejection> {
        let token_header =
            TypedHeader::<Authorization<Bearer>>::from_request_parts(parts, state).await?;

        let jwt_claims = validate_jwt(token_header.token(), &state.secret)
            .map_err(|_| ClientError::NotAuthorized)?;

        let user = users::Entity::find_by_id(jwt_claims.sub)
            .one(&state.db)
            .await?
            .ok_or(ClientError::NotAuthorized)?;

        if jwt_claims.iat < user.password_issue_date.and_utc().timestamp() {
            return Err(ClientError::NotAuthorized.into());
        }

        Ok(Auth(user))
    }
}