getdozer / dozer / 5686483572

pub async fn auth_route(

    access: Option<ReqData<Access>>,

    req: HttpRequest,

    tenant_access: web::Json<Access>,

) -> Result<HttpResponse, ApiError> {

    let access = match access {

        Some(access) => access.into_inner(),

    match access {

            let secret = get_secret(&req)?;

            let auth = Authorizer::new(secret, None, None);

            let token = auth.generate_token(tenant_access.0, None).unwrap();

            Ok(HttpResponse::Ok().body(json!({ "token": token }).to_string()))

}

fn get_secret(req: &HttpRequest) -> Result<&str, AuthError> {

    let api_security = req

        .app_data::<ApiSecurity>()

        .ok_or(AuthError::Unauthorized)?;

    match api_security {

        ApiSecurity::Jwt(secret) => Ok(secret.as_str()),

}

pub async fn validate(

    req: ServiceRequest,

    credentials: BearerAuth,

) -> Result<ServiceRequest, (Error, ServiceRequest)> {

    let api_security = req

        .app_data::<ApiSecurity>()

        .expect("We only validate bearer tokens if ApiSecurity is set");

    match api_security {

        ApiSecurity::Jwt(secret) => {

            let api_auth = Authorizer::new(secret, None, None);

            let res = api_auth

                .validate_token(credentials.token())

                .map_err(|e| (Error::from(ApiError::ApiAuthError(e))));

            match res {

                Ok(claims) => {

                    // Provide access to all

                    req.extensions_mut().insert(claims.access);

                    Ok(req)

}