feat: add auth routes

Author: QuantGeekDev

migrations/2024-10-23-235320_user_id_to_snacks/down.sql

@@ -0,0 +1 @@
+-- This file should undo anything in `up.sql`

migrations/2024-10-23-235320_user_id_to_snacks/up.sql

@@ -0,0 +1,27 @@
+ALTER TABLE snacks
+    ADD COLUMN user_id INTEGER;
+
+INSERT INTO users (username, password_hash, role, created_at, updated_at)
+SELECT 'admin',
+       '$2a$12$K6O5bFK6.O4V6csO94BFN.yvMkv4pOXxYH.rolz4.Y4.pxpwB6fvC',
+       'admin',
+       CURRENT_TIMESTAMP,
+       CURRENT_TIMESTAMP
+    WHERE NOT EXISTS (
+    SELECT 1 FROM users WHERE username = 'admin'
+) RETURNING id;
+
+UPDATE snacks
+SET user_id = (SELECT id FROM users WHERE username = 'admin')
+WHERE user_id IS NULL;
+
+ALTER TABLE snacks
+    ALTER COLUMN user_id SET NOT NULL;
+
+ALTER TABLE snacks
+    ADD CONSTRAINT fk_snacks_user
+        FOREIGN KEY (user_id)
+            REFERENCES users(id)
+            ON DELETE CASCADE;
+
+CREATE INDEX idx_snacks_user_id ON snacks(user_id);

src/catchers/mod.rs

@@ -18,15 +18,15 @@ pub fn unauthorized(req: &Request) -> Json<ErrorResponse> {
 }
 
 #[catch(404)]
-pub fn not_found(req: &Request) -> Json<ErrorResponse> {
+pub fn not_found(_req: &Request) -> Json<ErrorResponse> {
     Json(ErrorResponse {
         status: 404,
         message: "Page not found".to_string(),
     })
 }
 
 #[catch(500)]
-pub fn internal_server_error(req: &Request) -> Json<ErrorResponse> {
+pub fn internal_server_error(_req: &Request) -> Json<ErrorResponse> {
     Json(ErrorResponse {
         status: 500,
         message: "Internal Server Error".to_string(),

src/main.rs

@@ -8,6 +8,7 @@ mod catchers;
 mod db;
 mod schema;
 
+use crate::routes::auth::{login, register};
 use crate::routes::snack::{create_snack, delete_snack, list_snacks, update_snack};
 use dotenv::dotenv;
 use rocket::*;
@@ -28,7 +29,7 @@ fn index() -> &'static str {
 fn rocket() -> _ {
     dotenv().ok();
 
-    rocket::build().mount("/", routes![index, create_snack, list_snacks, update_snack, delete_snack]).register("/", catchers![catchers::unauthorized, catchers::not_found,
+    rocket::build().mount("/", routes![index, create_snack, list_snacks, update_snack, delete_snack, register, login]).register("/", catchers![catchers::unauthorized, catchers::not_found,
      catchers::internal_server_error])
 }
 

src/models/snack.rs

@@ -1,3 +1,4 @@
+use crate::models::user::User;
 use chrono::NaiveDateTime;
 use diesel::prelude::*;
 use rust_decimal::Decimal;
@@ -16,6 +17,8 @@ pub struct Snack {
     pub image_url: String,
     pub created_at: NaiveDateTime,
     pub updated_at: NaiveDateTime,
+    pub user_id: i32,
+
 }
 
 #[derive(Insertable, Deserialize)]

src/models/user.rs

@@ -1,8 +1,8 @@
 use chrono::NaiveDateTime;
-use diesel::{Insertable, Queryable};
-use serde::{Deserialize, Serialize};
-
-#[derive(Queryable, Serialize)]
+use diesel::{Identifiable, Insertable, Queryable};
+use serde::Serialize;
+#[derive(Queryable, Serialize, Identifiable)]
+#[diesel(table_name = crate::schema::users)]
 pub struct User {
     pub id: i32,
     pub username: String,
@@ -12,7 +12,8 @@ pub struct User {
     pub updated_at: NaiveDateTime,
 }
 
-#[derive(Insertable, Deserialize)]
+#[derive(Insertable)]
+#[diesel(table_name = crate::schema::users)]
 pub struct NewUser {
     pub username: String,
     pub password_hash: String,

src/routes/auth.rs

@@ -0,0 +1,69 @@
+use crate::auth::user::Claims;
+use crate::db;
+use crate::models::user::{NewUser, User};
+use crate::schema::users::dsl::*;
+use bcrypt::{hash, verify, DEFAULT_COST};
+use diesel::prelude::*;
+use jsonwebtoken::{encode, EncodingKey, Header};
+use rocket::http::Status;
+use rocket::serde::json::Json;
+use serde::{Deserialize, Serialize};
+#[derive(Deserialize)]
+pub struct RegisterInfo {
+    username: String,
+    password: String,
+}
+
+#[derive(Deserialize)]
+pub struct LoginInfo {
+    username: String,
+    password: String,
+}
+#[derive(Serialize)]
+pub struct TokenResponse {
+    token: String,
+}
+
+#[post("/register", data = "<info>")]
+pub fn register(info: Json<RegisterInfo>) -> Result<Json<User>, Status> {
+    let conn = &mut db::establish_connection();
+    let hashed_password = hash(&info.password, DEFAULT_COST)
+        .map_err(|_| Status::InternalServerError)?;
+
+    let new_user = NewUser {
+        username: info.username.clone(),
+        password_hash: hashed_password,
+        role: "user".to_string(),
+    };
+
+    diesel::insert_into(users)
+        .values(new_user)
+        .get_result::<User>(conn)
+        .map(Json)
+        .map_err(|_| Status::InternalServerError)
+}
+
+#[post("/login", data = "<info>")]
+pub fn login(info: Json<LoginInfo>) -> Result<Json<TokenResponse>, Status> {
+    let conn = &mut db::establish_connection();
+    let user = users
+        .filter(username.eq(&info.username))
+        .first::<User>(conn)
+        .map_err(|_| Status::Unauthorized)?;
+    if verify(&info.password, &user.password_hash).map_err(|_| Status::InternalServerError)? {
+        let claims = Claims {
+            sub: user.id,
+            role: user.role.clone(),
+            exp: 10000000000,
+        };
+        let token = encode(
+            &Header::default(),
+            &claims,
+            &EncodingKey::from_secret("SECRET".as_ref()),
+        )
+            .map_err(|_| Status::InternalServerError)?;
+        Ok(Json(TokenResponse { token }))
+    } else {
+        Err(Status::Unauthorized)
+    }
+}

src/routes/snack.rs

@@ -1,7 +1,6 @@
-use crate::auth::ApiKey;
 use crate::db;
 use crate::models::snack::{NewSnack, Snack};
-use crate::schema::snacks::dsl::{id, snacks};
+use crate::schema::snacks::dsl::snacks;
 use diesel::prelude::*;
 use rocket::http::Status;
 use rocket::serde::json::Json;

src/schema.rs

@@ -9,6 +9,7 @@ diesel::table! {
         image_url -> Varchar,
         created_at -> Timestamp,
         updated_at -> Timestamp,
+        user_id -> Int4,
     }
 }
 
@@ -23,6 +24,8 @@ diesel::table! {
     }
 }
 
+diesel::joinable!(snacks -> users (user_id));
+
 diesel::allow_tables_to_appear_in_same_query!(
     snacks,
     users,