src/api/mod.rs

@@ -1,11 +1,2 @@
-use actix_web::Scope;
-use actix_web::web;
-
-mod v1;
-mod versions;
-
-pub fn web() -> Scope {
-    web::scope("/api")
-        .service(v1::web())
-        .service(versions::res)
-}
+pub mod v1;
+pub mod versions;

src/api/v1/auth/login.rs

@@ -1,17 +1,17 @@
 use std::time::{SystemTime, UNIX_EPOCH};
 
-use actix_web::{error, post, web, Error, HttpResponse};
+use actix_web::{Error, HttpResponse, error, post, web};
 use argon2::{PasswordHash, PasswordVerifier};
 use futures::StreamExt;
 use log::error;
-use serde::Deserialize;
+use serde::{Deserialize, Serialize};
 
 use crate::{
-    api::v1::auth::{EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX}, crypto::{generate_access_token, generate_refresh_token}, utils::refresh_token_cookie, Data
+    Data,
+    api::v1::auth::{EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX},
+    crypto::{generate_access_token, generate_refresh_token},
 };
 
-use super::Response;
-
 #[derive(Deserialize)]
 struct LoginInformation {
     username: String,
@@ -19,6 +19,12 @@ struct LoginInformation {
     device_name: String,
 }
 
+#[derive(Serialize)]
+pub struct Response {
+    pub access_token: String,
+    pub refresh_token: String,
+}
+
 const MAX_SIZE: usize = 262_144;
 
 #[post("/login")]
@@ -181,7 +187,8 @@ async fn login(
         return HttpResponse::InternalServerError().finish()
     }
 
-    HttpResponse::Ok().cookie(refresh_token_cookie(refresh_token)).json(Response {
+    HttpResponse::Ok().json(Response {
         access_token,
+        refresh_token,
     })
 }

src/api/v1/auth/mod.rs

@@ -7,7 +7,6 @@ use std::{
 use actix_web::{HttpResponse, Scope, web};
 use log::error;
 use regex::Regex;
-use serde::Serialize;
 use sqlx::Postgres;
 use uuid::Uuid;
 
@@ -16,11 +15,6 @@ mod refresh;
 mod register;
 mod revoke;
 
-#[derive(Serialize)]
-struct Response {
-    access_token: String,
-}
-
 static EMAIL_REGEX: LazyLock<Regex> = LazyLock::new(|| {
     Regex::new(r"[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+(?:\.[-A-Za-z0-9!#$%&'*+/=?^_`{|}~]+)*@(?:[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?\.)+[A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?").unwrap()
 });

src/api/v1/auth/refresh.rs

@@ -1,22 +1,28 @@
 use actix_web::{post, web, Error, HttpRequest, HttpResponse};
 use log::error;
+use serde::Serialize;
 use std::time::{SystemTime, UNIX_EPOCH};
 
 use crate::{
-    crypto::{generate_access_token, generate_refresh_token}, utils::refresh_token_cookie, Data
+    Data,
+    crypto::{generate_access_token, generate_refresh_token},
 };
 
-use super::Response;
+#[derive(Serialize)]
+struct Response {
+    refresh_token: String,
+    access_token: String,
+}
 
 #[post("/refresh")]
 pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse, Error> {
-    let recv_refresh_token_cookie = req.cookie("refresh_token");
+    let refresh_token_cookie = req.cookie("refresh_token");
 
-    if let None = recv_refresh_token_cookie {
+    if let None = refresh_token_cookie {
         return Ok(HttpResponse::Unauthorized().finish())
     }
 
-    let mut refresh_token = String::from(recv_refresh_token_cookie.unwrap().value());
+    let mut refresh_token = String::from(refresh_token_cookie.unwrap().value());
 
     let current_time = SystemTime::now()
         .duration_since(UNIX_EPOCH)
@@ -95,7 +101,8 @@ pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
             return Ok(HttpResponse::InternalServerError().finish())
         }
 
-        return Ok(HttpResponse::Ok().cookie(refresh_token_cookie(refresh_token)).json(Response {
+        return Ok(HttpResponse::Ok().json(Response {
+            refresh_token,
             access_token,
         }));
     }

src/api/v1/auth/register.rs

@@ -10,9 +10,11 @@ use log::error;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
 
-use super::Response;
+use super::login::Response;
 use crate::{
-    api::v1::auth::{EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX}, crypto::{generate_access_token, generate_refresh_token}, utils::refresh_token_cookie, Data
+    Data,
+    api::v1::auth::{EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX},
+    crypto::{generate_access_token, generate_refresh_token},
 };
 
 #[derive(Deserialize)]
@@ -157,8 +159,9 @@ pub async fn res(mut payload: web::Payload, data: web::Data<Data>) -> Result<Htt
                         return Ok(HttpResponse::InternalServerError().finish())
                     }
 
-                    HttpResponse::Ok().cookie(refresh_token_cookie(refresh_token)).json(Response {
+                    HttpResponse::Ok().json(Response {
                         access_token,
+                        refresh_token,
                     })
                 }
                 Err(error) => {

src/main.rs

@@ -89,7 +89,8 @@ async fn main() -> Result<(), Error> {
     HttpServer::new(move || {
         App::new()
             .app_data(web::Data::new(data.clone()))
-            .service(api::web())
+            .service(api::versions::res)
+            .service(api::v1::web())
     })
     .bind((web.url, web.port))?
     .run()

src/utils.rs

@@ -1,4 +1,4 @@
-use actix_web::{cookie::{time::Duration, Cookie, SameSite}, http::header::HeaderMap, HttpResponse};
+use actix_web::{HttpResponse, http::header::HeaderMap};
 
 pub fn get_auth_header(headers: &HeaderMap) -> Result<&str, HttpResponse> {
     let auth_token = headers.get(actix_web::http::header::AUTHORIZATION);
@@ -21,13 +21,3 @@ pub fn get_auth_header(headers: &HeaderMap) -> Result<&str, HttpResponse> {
 
     Ok(auth_value.unwrap())
 }
-
-pub fn refresh_token_cookie(refresh_token: String) -> Cookie<'static> {
-    Cookie::build("refresh_token", refresh_token)
-        .http_only(true)
-        .secure(true)
-        .same_site(SameSite::None)
-        .path("/api")
-        .max_age(Duration::days(30))
-        .finish()
-}