Исправление работы авторизации с помощью VK ID.

2025-12-06 09:47:50 +03:00 · 2025-04-17 23:07:19 +04:00
parent 9a517519db
commit 22af02464d
4 changed files with 18 additions and 28 deletions
--- a/src/routes/auth/shared.rs
+++ b/src/routes/auth/shared.rs
@@ -1,9 +1,6 @@
 use crate::utility::jwt::DEFAULT_ALGORITHM;
 use jsonwebtoken::errors::ErrorKind;
-use jsonwebtoken::{decode, DecodingKey, Validation};
+use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
 use serde::{Deserialize, Serialize};
 use std::env;
 use std::sync::LazyLock;
 #[derive(Deserialize, Serialize)]
 struct TokenData {
@@ -17,7 +14,7 @@ struct TokenData {
 #[derive(Debug, Serialize, Deserialize)]
 struct Claims {
-    sub: String,
+    sub: i32,
    iis: String,
    jti: i32,
    app: i32,
@@ -52,17 +49,10 @@ const VK_PUBLIC_KEY: &str = concat!(
    "-----END PUBLIC KEY-----"
 );
-static VK_ID_CLIENT_ID: LazyLock<i32> = LazyLock::new(|| {
+pub fn parse_vk_id(token_str: &String, client_id: i32) -> Result<i32, Error> {
    env::var("VK_ID_CLIENT_ID")
        .expect("VK_ID_CLIENT_ID must be set")
        .parse::<i32>()
        .expect("VK_ID_CLIENT_ID must be i32")
 });
 pub fn parse_vk_id(token_str: &String) -> Result<i32, Error> {
    let dkey = DecodingKey::from_rsa_pem(VK_PUBLIC_KEY.as_bytes()).unwrap();
-    match decode::<Claims>(&token_str, &dkey, &Validation::new(DEFAULT_ALGORITHM)) {
+    match decode::<Claims>(&token_str, &dkey, &Validation::new(Algorithm::RS256)) {
        Ok(token_data) => {
            let claims = token_data.claims;
@@ -70,13 +60,10 @@ pub fn parse_vk_id(token_str: &String) -> Result<i32, Error> {
                Err(Error::UnknownIssuer(claims.iis))
            } else if claims.jti != 21 {
                Err(Error::UnknownType(claims.jti))
-            } else if claims.app != *VK_ID_CLIENT_ID {
+            } else if claims.app != client_id {
                Err(Error::UnknownClientId(claims.app))
            } else {
-                match claims.sub.parse::<i32>() {
+                Ok(claims.sub)
                    Ok(sub) => Ok(sub),
                    Err(_) => Err(Error::InvalidToken),
                }
            }
        }
        Err(err) => Err(match err.into_kind() {
--- a/src/routes/auth/sign_in.rs
+++ b/src/routes/auth/sign_in.rs
@@ -71,7 +71,7 @@ pub async fn sign_in_vk(
 ) -> ServiceResponse {
    let data = data_json.into_inner();
-    match parse_vk_id(&data.access_token) {
+    match parse_vk_id(&data.access_token, app_state.vk_id.client_id) {
        Ok(id) => sign_in_combined(Vk(id), &app_state).await.into(),
        Err(_) => ErrorCode::InvalidVkAccessToken.into_response(),
    }
--- a/src/routes/auth/sign_up.rs
+++ b/src/routes/auth/sign_up.rs
@@ -79,7 +79,7 @@ pub async fn sign_up_vk(
 ) -> ServiceResponse {
    let data = data_json.into_inner();
-    match parse_vk_id(&data.access_token) {
+    match parse_vk_id(&data.access_token, app_state.vk_id.client_id) {
        Ok(id) => sign_up_combined(
            SignUpData {
                username: data.username,
--- a/src/routes/vk_id/oauth.rs
+++ b/src/routes/vk_id/oauth.rs
@@ -59,15 +59,18 @@ async fn oauth(data: web::Json<Request>, app_state: web::Data<AppState>) -> Serv
                return ErrorCode::VkIdError.into_response();
            }
-            if let Ok(auth_data) = res.json::<VkIdAuthResponse>().await {
+            match res.json::<VkIdAuthResponse>().await {
                Ok(auth_data) =>
                    Ok(Response {
                        access_token: auth_data.id_token,
-                })
+                    }).into(),
-                .into()
+                Err(error) => {
-            } else {
+                    sentry::capture_error(&error);
                    ErrorCode::VkIdError.into_response()
                }
            }
        }
        Err(_) => ErrorCode::VkIdError.into_response(),
    }
 }