Create "client" tables. Add a route for authentication and a middleware for authorization.

Author: metalwhale

chloria-backend/Cargo.lock

@@ -4,4 +4,13 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
+anyhow = "1.0.96"
+axum = "0.8.1"
+axum-extra = { version = "0.10.0", features = ["typed-header"] }
 diesel = { version = "2.2.7", features = ["postgres"] }
+jsonwebtoken = "9.3.1"
+serde = "1.0.218"
+serde_json = "1.0.140"
+serde_with = "3.12.0"
+tokio = { version = "1.43.0", features = ["rt-multi-thread"] }
+tower = "0.5.2"

chloria-backend/chloria-api/Cargo.toml

@@ -0,0 +1,69 @@
+use std::time::{SystemTime, UNIX_EPOCH};
+
+use anyhow::Result;
+use axum::{
+    extract::{Request, State},
+    http::StatusCode,
+    middleware::Next,
+    response::Response,
+    Json, RequestExt,
+};
+use axum_extra::{
+    headers::{authorization::Bearer, Authorization},
+    TypedHeader,
+};
+use jsonwebtoken::{decode, encode, Header, Validation};
+use serde::{Deserialize, Serialize};
+
+use super::{super::state::RouterState, ErrorResponse};
+
+#[derive(Deserialize)]
+pub(in super::super) struct AuthenticateRequest {}
+
+#[derive(Serialize)]
+pub(in super::super) struct AuthenticateResponse {
+    token: String,
+}
+
+#[derive(Deserialize, Serialize)]
+struct Claim {
+    exp: u64,
+}
+
+pub(in super::super) async fn authenticate(
+    State(state): State<RouterState>,
+    Json(request): Json<AuthenticateRequest>,
+) -> Result<Json<AuthenticateResponse>, (StatusCode, Json<ErrorResponse>)> {
+    let claim = Claim {
+        exp: SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, Json(e.to_string().into())))?
+            .as_secs()
+            + state.jwt.lifetime,
+    };
+    let token = encode(&Header::default(), &claim, &state.jwt.encoding_key)
+        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, Json(e.to_string().into())))?;
+    Ok(Json(AuthenticateResponse { token }))
+}
+
+pub(in super::super) async fn authorize(
+    State(state): State<RouterState>,
+    mut request: Request,
+    next: Next,
+) -> Result<Response, (StatusCode, Json<ErrorResponse>)> {
+    let TypedHeader(Authorization(bearer)) = request
+        .extract_parts::<TypedHeader<Authorization<Bearer>>>()
+        .await
+        .map_err(|r| (StatusCode::BAD_REQUEST, Json(r.to_string().into())))?;
+    decode::<Claim>(bearer.token(), &state.jwt.decoding_key, &Validation::default()).map_err(|error| {
+        (
+            StatusCode::UNAUTHORIZED,
+            Json(ErrorResponse {
+                code: Some(error.to_string()),
+                ..Default::default()
+            }),
+        )
+    })?;
+    let response = next.run(request).await;
+    Ok(response)
+}

chloria-backend/chloria-api/src/interface/adapters/auth.rs

@@ -0,0 +1,21 @@
+pub(super) mod auth;
+
+use serde::Serialize;
+use serde_json::Value;
+
+#[serde_with::skip_serializing_none]
+#[derive(Default, Serialize)]
+pub(super) struct ErrorResponse {
+    code: Option<String>,
+    reason: Option<String>,
+    extra: Option<Value>,
+}
+
+impl From<String> for ErrorResponse {
+    fn from(value: String) -> Self {
+        Self {
+            reason: Some(value),
+            ..Default::default()
+        }
+    }
+}

chloria-backend/chloria-api/src/interface/adapters/mod.rs

@@ -0,0 +1,3 @@
+mod adapters;
+pub(crate) mod router;
+mod state;

chloria-backend/chloria-api/src/interface/mod.rs

@@ -0,0 +1,37 @@
+use axum::{
+    middleware,
+    routing::{get, post},
+    Router,
+};
+use jsonwebtoken::{DecodingKey, EncodingKey};
+use tower::ServiceBuilder;
+
+use super::{
+    adapters::auth::{authenticate, authorize},
+    state::{RouterState, RouterStateJwt},
+};
+
+pub(crate) struct RouterConfig {
+    pub(crate) jwt_key: String,
+    pub(crate) jwt_lifetime: u64,
+}
+
+pub(crate) fn new(config: RouterConfig) -> Router {
+    let state = RouterState {
+        jwt: RouterStateJwt {
+            decoding_key: DecodingKey::from_secret(config.jwt_key.as_bytes()),
+            encoding_key: EncodingKey::from_secret(config.jwt_key.as_bytes()),
+            lifetime: config.jwt_lifetime,
+        },
+    };
+    let public_router = Router::new()
+        .route("/authenticate", post(authenticate))
+        .with_state(state.clone());
+    let authorized_router = Router::new()
+        .route("/news", get(read_news))
+        .route_layer(ServiceBuilder::new().layer(middleware::from_fn_with_state(state, authorize)));
+    let router = Router::new().merge(public_router).merge(authorized_router);
+    router
+}
+
+async fn read_news() {}

chloria-backend/chloria-api/src/interface/router.rs

@@ -0,0 +1,13 @@
+use jsonwebtoken::{DecodingKey, EncodingKey};
+
+#[derive(Clone)]
+pub(super) struct RouterState {
+    pub(super) jwt: RouterStateJwt,
+}
+
+#[derive(Clone)]
+pub(super) struct RouterStateJwt {
+    pub(super) decoding_key: DecodingKey,
+    pub(super) encoding_key: EncodingKey,
+    pub(super) lifetime: u64,
+}

chloria-backend/chloria-api/src/interface/state.rs

@@ -1,5 +1,25 @@
+mod interface;
 mod schema;
 
-fn main() {
-    println!("Hello, world!");
+use std::env;
+
+use anyhow::Result;
+use tokio::net::TcpListener;
+
+use crate::interface::router::{self, RouterConfig};
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    // Read env vars
+    let chloria_jwt_key = env::var("CHLORIA_JWT_KEY")?;
+    let chloria_jwt_lifetime = env::var("CHLORIA_JWT_LIFETIME")?.parse()?; // In seconds
+    let chloria_api_port: i32 = env::var("CHLORIA_API_PORT")?.parse()?;
+    // Initialize interface
+    let router = router::new(RouterConfig {
+        jwt_key: chloria_jwt_key,
+        jwt_lifetime: chloria_jwt_lifetime,
+    });
+    let listener = TcpListener::bind(format!("0.0.0.0:{}", chloria_api_port)).await?;
+    axum::serve(listener, router).await?;
+    Ok(())
 }

chloria-backend/chloria-api/src/main.rs

@@ -1,5 +1,25 @@
 // @generated automatically by Diesel CLI.
 
+diesel::table! {
+    client_credentials (id) {
+        id -> Int4,
+        api_key -> Text,
+        api_secret -> Text,
+        created_at -> Timestamptz,
+        updated_at -> Timestamptz,
+    }
+}
+
+diesel::table! {
+    clients (id) {
+        id -> Int4,
+        authentication_method -> Text,
+        authentication_registry -> Text,
+        created_at -> Timestamptz,
+        updated_at -> Timestamptz,
+    }
+}
+
 diesel::table! {
     news (id) {
         id -> Int4,
@@ -15,3 +35,7 @@ diesel::table! {
         updated_at -> Timestamptz,
     }
 }
+
+diesel::joinable!(client_credentials -> clients (id));
+
+diesel::allow_tables_to_appear_in_same_query!(client_credentials, clients, news,);

chloria-backend/chloria-api/src/schema.rs

@@ -0,0 +1,4 @@
+-- This file should undo anything in `up.sql`
+
+DROP TABLE client_credentials;
+DROP TABLE clients;