feat: integrate token authentication

src/api/v1/auth/refresh.rs

@@ -3,7 +3,7 @@ use actix_web::{error, post, web, Error, HttpResponse};
 use serde::{Deserialize, Serialize};
 use futures::StreamExt;
 
-use crate::Data;
+use crate::{crypto::{generate_access_token, generate_refresh_token}, Data};
 
 #[derive(Deserialize)]
 struct RefreshRequest {
@@ -12,9 +12,8 @@ struct RefreshRequest {
 
 #[derive(Serialize)]
 struct Response {
-    refresh_token: Option<String>,
+    refresh_token: String,
     access_token: String,
-    expires_in: u64,
 }
 
 const MAX_SIZE: usize = 262_144;
@@ -35,15 +34,82 @@ pub async fn res(mut payload: web::Payload, data: web::Data<Data>) -> Result<Htt
 
     let current_time = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as i64;
 
-    let row: (String, i64) = sqlx::query_as("SELECT CAST(uuid as VARCHAR), created FROM refresh_tokens WHERE token = $1")
-        .bind(refresh_request.refresh_token)
-        .fetch_one(&data.pool)
-        .await
-        .unwrap();
+    if let Ok(row) = sqlx::query_as("SELECT CAST(uuid as VARCHAR), created FROM refresh_tokens WHERE token = $1").bind(&refresh_request.refresh_token).fetch_one(&data.pool).await {
+        let (uuid, created): (String, i64) = row;
 
-    let (uuid, created) = row;
+        if let Err(error) = sqlx::query("DELETE FROM access_tokens WHERE refresh_token = $1")
+            .bind(&refresh_request.refresh_token)
+            .execute(&data.pool)
+            .await {
+            eprintln!("{}", error);
+        }
+    
+        let lifetime = current_time - created;
+    
+        if lifetime > 2592000 {
+            if let Err(error) = sqlx::query("DELETE FROM refresh_tokens WHERE token = $1")
+                .bind(&refresh_request.refresh_token)
+                .execute(&data.pool)
+                .await {
+                eprintln!("{}", error);
+            }
+    
+            return Ok(HttpResponse::Unauthorized().finish())
+        }
 
-    println!("{}, {}", uuid, created);
+        let current_time = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as i64;
 
-    Ok(HttpResponse::InternalServerError().finish())
+        let mut refresh_token = refresh_request.refresh_token;
+
+        if lifetime > 1987200 {
+            let new_refresh_token = generate_refresh_token();
+
+            if new_refresh_token.is_err() {
+                eprintln!("{}", new_refresh_token.unwrap_err());
+                return Ok(HttpResponse::InternalServerError().finish())
+            }
+
+            let new_refresh_token = new_refresh_token.unwrap();
+
+            match sqlx::query(&format!("UPDATE refresh_tokens SET token = $1, uuid = {}, created = $2 WHERE token = $3", uuid))
+                .bind(&new_refresh_token)
+                .bind(&current_time)
+                .bind(&refresh_token)
+                .execute(&data.pool)
+                .await {
+                Ok(_) => {
+                    refresh_token = new_refresh_token;
+                },
+                Err(error) => {
+                    eprintln!("{}", error);
+                },
+            }
+        }
+
+        let access_token = generate_access_token();
+
+        if access_token.is_err() {
+            eprintln!("{}", access_token.unwrap_err());
+            return Ok(HttpResponse::InternalServerError().finish())
+        }
+
+        let access_token = access_token.unwrap();
+
+        if let Err(error) = sqlx::query(&format!("INSERT INTO access_tokens (token, refresh_token, uuid, created) VALUES ($1, $2, '{}', $3 )", uuid))
+            .bind(&access_token)
+            .bind(&refresh_token)
+            .bind(current_time)
+            .execute(&data.pool)
+            .await {
+            eprintln!("{}", error);
+            return Ok(HttpResponse::InternalServerError().finish())
+        }
+    
+        return Ok(HttpResponse::Ok().json(Response {
+            refresh_token,
+            access_token
+        }))
+    }
+
+    Ok(HttpResponse::Unauthorized().finish())
 }