0.6.0

Добавлена проверка токена пользователя для перед обработкой запроса.

src/extractors/authorized_user.rs

@@ -10,20 +10,18 @@ use actix_web::{HttpRequest, web};
 use derive_more::Display;
 use serde::{Deserialize, Serialize};
 use std::fmt::Debug;
+use actix_web::http::header;
 
 #[derive(Clone, Debug, Serialize, Deserialize, Display, ResponseErrorMessage)]
 #[status_code = "actix_web::http::StatusCode::UNAUTHORIZED"]
 #[serde(rename_all = "SCREAMING_SNAKE_CASE")]
 pub enum Error {
-    #[display("No authorization header found")]
+    #[display("No Authorization header found")]
     NoHeader,
 
     #[display("Bearer token is required")]
     UnknownAuthorizationType,
 
-    #[display("No bearer token provided")]
-    NoBearerToken,
-
     #[display("Invalid or expired access token")]
     InvalidAccessToken,
 
@@ -43,7 +41,7 @@ impl FromRequestSync for User {
     fn from_request_sync(req: &HttpRequest, _: &mut Payload) -> Result<Self, Self::Error> {
         let authorization = req
             .headers()
-            .get("Authorization")
+            .get(header::AUTHORIZATION)
             .ok_or(Error::NoHeader.into_err())?
             .to_str()
             .map_err(|_| Error::NoHeader.into_err())?
@@ -51,14 +49,10 @@ impl FromRequestSync for User {
 
         let parts: Vec<&str> = authorization.split(' ').collect();
 
-        if parts.len() == 0 || parts[0] != "Bearer" {
+        if parts.len() != 2 || parts[0] != "Bearer" {
             return Err(Error::UnknownAuthorizationType.into_err());
         }
 
-        if parts.len() < 2 {
-            return Err(Error::NoBearerToken.into());
-        }
-
         let user_id = jwt::verify_and_decode(&parts[1].to_string())
             .map_err(|_| Error::InvalidAccessToken.into_err())?;
 

src/main.rs

@@ -1,8 +1,9 @@
-use crate::app_state::{AppState, app_state};
+use crate::app_state::{app_state, AppState};
+use crate::middlewares::authorization::Authorization;
 use crate::routes::auth::sign_in::{sign_in_default, sign_in_vk};
 use crate::routes::auth::sign_up::{sign_up_default, sign_up_vk};
 use crate::routes::users::me::me;
-use actix_web::{App, HttpServer, web};
+use actix_web::{web, App, HttpServer};
 use dotenvy::dotenv;
 
 mod app_state;
@@ -13,6 +14,7 @@ mod parser;
 mod xls_downloader;
 
 mod extractors;
+mod middlewares;
 mod routes;
 
 mod utility;
@@ -32,7 +34,10 @@ async fn main() {
             .service(sign_in_vk)
             .service(sign_up_default)
             .service(sign_up_vk);
-        let users_scope = web::scope("/users").service(me);
+
+        let users_scope = web::scope("/users")
+            .wrap(Authorization)
+            .service(me);
 
         let api_scope = web::scope("/api/v1")
             .service(auth_scope)

src/middlewares/authorization.rs

@@ -0,0 +1,79 @@
+use crate::database::models::User;
+use crate::extractors::authorized_user;
+use crate::extractors::base::FromRequestSync;
+use actix_web::body::{BoxBody, EitherBody};
+use actix_web::dev::{Payload, Service, ServiceRequest, ServiceResponse, Transform, forward_ready};
+use actix_web::{Error, HttpRequest, ResponseError};
+use futures_util::future::LocalBoxFuture;
+use std::future::{Ready, ready};
+
+pub struct Authorization;
+
+impl<S, B> Transform<S, ServiceRequest> for Authorization
+where
+    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error>,
+    S::Future: 'static,
+    B: 'static,
+{
+    type Response = ServiceResponse<EitherBody<B, BoxBody>>;
+    type Error = Error;
+    type Transform = AuthorizationMiddleware<S>;
+    type InitError = ();
+    type Future = Ready<Result<Self::Transform, Self::InitError>>;
+
+    fn new_transform(&self, service: S) -> Self::Future {
+        ready(Ok(AuthorizationMiddleware { service }))
+    }
+}
+
+pub struct AuthorizationMiddleware<S> {
+    service: S,
+}
+
+impl<S, B> AuthorizationMiddleware<S>
+where
+    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error>,
+    S::Future: 'static,
+    B: 'static,
+{
+    pub fn check_authorization(
+        &self,
+        req: &HttpRequest,
+        payload: &mut Payload,
+    ) -> Result<(), authorized_user::Error> {
+        User::from_request_sync(req, payload)
+            .map(|_| ())
+            .map_err(|e| e.as_error::<authorized_user::Error>().unwrap().clone())
+    }
+}
+
+impl<S, B> Service<ServiceRequest> for AuthorizationMiddleware<S>
+where
+    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error>,
+    S::Future: 'static,
+    B: 'static,
+{
+    type Response = ServiceResponse<EitherBody<B, BoxBody>>;
+    type Error = Error;
+    type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;
+
+    forward_ready!(service);
+
+    fn call(&self, req: ServiceRequest) -> Self::Future {
+        let (http_req, mut payload) = req.into_parts();
+
+        if let Err(err) = self.check_authorization(&http_req, &mut payload) {
+            return Box::pin(async move {
+                Ok(ServiceResponse::new(
+                    http_req,
+                    err.error_response().map_into_right_body(),
+                ))
+            });
+        }
+
+        let req = ServiceRequest::from_parts(http_req, payload);
+        let fut = self.service.call(req);
+
+        Box::pin(async move { Ok(fut.await?.map_into_left_body()) })
+    }
+}

src/middlewares/mod.rs

@@ -0,0 +1 @@
+pub mod authorization;