feat: return refresh_token in cookie
This commit is contained in:
parent
ebb4286c08
commit
0f897dc0c6
5 changed files with 32 additions and 33 deletions
|
|
@ -1,17 +1,17 @@
|
||||||
use std::time::{SystemTime, UNIX_EPOCH};
|
use std::time::{SystemTime, UNIX_EPOCH};
|
||||||
|
|
||||||
use actix_web::{Error, HttpResponse, error, post, web};
|
use actix_web::{error, post, web, Error, HttpResponse};
|
||||||
use argon2::{PasswordHash, PasswordVerifier};
|
use argon2::{PasswordHash, PasswordVerifier};
|
||||||
use futures::StreamExt;
|
use futures::StreamExt;
|
||||||
use log::error;
|
use log::error;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::Deserialize;
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
Data,
|
api::v1::auth::{EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX}, crypto::{generate_access_token, generate_refresh_token}, utils::refresh_token_cookie, Data
|
||||||
api::v1::auth::{EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX},
|
|
||||||
crypto::{generate_access_token, generate_refresh_token},
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
use super::Response;
|
||||||
|
|
||||||
#[derive(Deserialize)]
|
#[derive(Deserialize)]
|
||||||
struct LoginInformation {
|
struct LoginInformation {
|
||||||
username: String,
|
username: String,
|
||||||
|
|
@ -19,12 +19,6 @@ struct LoginInformation {
|
||||||
device_name: String,
|
device_name: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Serialize)]
|
|
||||||
pub struct Response {
|
|
||||||
pub access_token: String,
|
|
||||||
pub refresh_token: String,
|
|
||||||
}
|
|
||||||
|
|
||||||
const MAX_SIZE: usize = 262_144;
|
const MAX_SIZE: usize = 262_144;
|
||||||
|
|
||||||
#[post("/login")]
|
#[post("/login")]
|
||||||
|
|
@ -187,8 +181,7 @@ async fn login(
|
||||||
return HttpResponse::InternalServerError().finish()
|
return HttpResponse::InternalServerError().finish()
|
||||||
}
|
}
|
||||||
|
|
||||||
HttpResponse::Ok().json(Response {
|
HttpResponse::Ok().cookie(refresh_token_cookie(refresh_token)).json(Response {
|
||||||
access_token,
|
access_token,
|
||||||
refresh_token,
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ use std::{
|
||||||
use actix_web::{HttpResponse, Scope, web};
|
use actix_web::{HttpResponse, Scope, web};
|
||||||
use log::error;
|
use log::error;
|
||||||
use regex::Regex;
|
use regex::Regex;
|
||||||
|
use serde::Serialize;
|
||||||
use sqlx::Postgres;
|
use sqlx::Postgres;
|
||||||
use uuid::Uuid;
|
use uuid::Uuid;
|
||||||
|
|
||||||
|
|
@ -15,6 +16,11 @@ mod refresh;
|
||||||
mod register;
|
mod register;
|
||||||
mod revoke;
|
mod revoke;
|
||||||
|
|
||||||
|
#[derive(Serialize)]
|
||||||
|
struct Response {
|
||||||
|
access_token: String,
|
||||||
|
}
|
||||||
|
|
||||||
static EMAIL_REGEX: LazyLock<Regex> = LazyLock::new(|| {
|
static EMAIL_REGEX: LazyLock<Regex> = LazyLock::new(|| {
|
||||||
Regex::new(r"[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+(?:\.[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+)*@(?:[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?\.)+[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?").unwrap()
|
Regex::new(r"[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+(?:\.[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+)*@(?:[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?\.)+[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?").unwrap()
|
||||||
});
|
});
|
||||||
|
|
|
||||||
|
|
@ -1,28 +1,22 @@
|
||||||
use actix_web::{post, web, Error, HttpRequest, HttpResponse};
|
use actix_web::{post, web, Error, HttpRequest, HttpResponse};
|
||||||
use log::error;
|
use log::error;
|
||||||
use serde::Serialize;
|
|
||||||
use std::time::{SystemTime, UNIX_EPOCH};
|
use std::time::{SystemTime, UNIX_EPOCH};
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
Data,
|
crypto::{generate_access_token, generate_refresh_token}, utils::refresh_token_cookie, Data
|
||||||
crypto::{generate_access_token, generate_refresh_token},
|
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Serialize)]
|
use super::Response;
|
||||||
struct Response {
|
|
||||||
refresh_token: String,
|
|
||||||
access_token: String,
|
|
||||||
}
|
|
||||||
|
|
||||||
#[post("/refresh")]
|
#[post("/refresh")]
|
||||||
pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse, Error> {
|
pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse, Error> {
|
||||||
let refresh_token_cookie = req.cookie("refresh_token");
|
let recv_refresh_token_cookie = req.cookie("refresh_token");
|
||||||
|
|
||||||
if let None = refresh_token_cookie {
|
if let None = recv_refresh_token_cookie {
|
||||||
return Ok(HttpResponse::Unauthorized().finish())
|
return Ok(HttpResponse::Unauthorized().finish())
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut refresh_token = String::from(refresh_token_cookie.unwrap().value());
|
let mut refresh_token = String::from(recv_refresh_token_cookie.unwrap().value());
|
||||||
|
|
||||||
let current_time = SystemTime::now()
|
let current_time = SystemTime::now()
|
||||||
.duration_since(UNIX_EPOCH)
|
.duration_since(UNIX_EPOCH)
|
||||||
|
|
@ -101,8 +95,7 @@ pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
|
||||||
return Ok(HttpResponse::InternalServerError().finish())
|
return Ok(HttpResponse::InternalServerError().finish())
|
||||||
}
|
}
|
||||||
|
|
||||||
return Ok(HttpResponse::Ok().json(Response {
|
return Ok(HttpResponse::Ok().cookie(refresh_token_cookie(refresh_token)).json(Response {
|
||||||
refresh_token,
|
|
||||||
access_token,
|
access_token,
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -10,11 +10,9 @@ use log::error;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use uuid::Uuid;
|
use uuid::Uuid;
|
||||||
|
|
||||||
use super::login::Response;
|
use super::Response;
|
||||||
use crate::{
|
use crate::{
|
||||||
Data,
|
api::v1::auth::{EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX}, crypto::{generate_access_token, generate_refresh_token}, utils::refresh_token_cookie, Data
|
||||||
api::v1::auth::{EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX},
|
|
||||||
crypto::{generate_access_token, generate_refresh_token},
|
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Deserialize)]
|
#[derive(Deserialize)]
|
||||||
|
|
@ -159,9 +157,8 @@ pub async fn res(mut payload: web::Payload, data: web::Data<Data>) -> Result<Htt
|
||||||
return Ok(HttpResponse::InternalServerError().finish())
|
return Ok(HttpResponse::InternalServerError().finish())
|
||||||
}
|
}
|
||||||
|
|
||||||
HttpResponse::Ok().json(Response {
|
HttpResponse::Ok().cookie(refresh_token_cookie(refresh_token)).json(Response {
|
||||||
access_token,
|
access_token,
|
||||||
refresh_token,
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
Err(error) => {
|
Err(error) => {
|
||||||
|
|
|
||||||
12
src/utils.rs
12
src/utils.rs
|
|
@ -1,4 +1,4 @@
|
||||||
use actix_web::{HttpResponse, http::header::HeaderMap};
|
use actix_web::{cookie::{time::Duration, Cookie, SameSite}, http::header::HeaderMap, HttpResponse};
|
||||||
|
|
||||||
pub fn get_auth_header(headers: &HeaderMap) -> Result<&str, HttpResponse> {
|
pub fn get_auth_header(headers: &HeaderMap) -> Result<&str, HttpResponse> {
|
||||||
let auth_token = headers.get(actix_web::http::header::AUTHORIZATION);
|
let auth_token = headers.get(actix_web::http::header::AUTHORIZATION);
|
||||||
|
|
@ -21,3 +21,13 @@ pub fn get_auth_header(headers: &HeaderMap) -> Result<&str, HttpResponse> {
|
||||||
|
|
||||||
Ok(auth_value.unwrap())
|
Ok(auth_value.unwrap())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn refresh_token_cookie(refresh_token: String) -> Cookie<'static> {
|
||||||
|
Cookie::build("refresh_token", refresh_token)
|
||||||
|
.http_only(true)
|
||||||
|
.secure(true)
|
||||||
|
.same_site(SameSite::None)
|
||||||
|
.path("/api")
|
||||||
|
.max_age(Duration::days(30))
|
||||||
|
.finish()
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue