GKaszewski/k-photos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c251a5c41fc3b8165d5f07a23438df0cd4fb14eb
k-photos/crates/presentation/src/extractors/auth.rs
Gabriel Kaszewski c6f82090d2 feat: auth hardening + codebase quality sweep 
Refresh tokens: RefreshToken entity, PostgresRefreshTokenRepository,
login returns refresh token, POST /auth/refresh (rotation), POST /auth/logout,
JWT expiry 24h→1h, configurable via with_expiry().

Route protection: require_auth middleware on protected routes,
public routes split (register, login, refresh, sharing/access).

Authorization: caller_id added to ReadAssetFileQuery, ReadDerivativeQuery,
GetStackQuery, DeleteStackCommand with ownership checks. Admin-only gates
on processing, storage, sidecar, duplicates handlers.

Quality fixes: visibility filtering bypass in search(), unwrap panics in
date parsing, DRY auth header parsing, centralized parsers module,
email validation via email_address crate, value objects (Username, MimeType,
RelativePath), domain events (UserCreated, UserDeleted, AlbumCreated,
TagCreated, DuplicateDetected), postgres error mapping for constraint
violations, OptionExt::or_not_found helper, in_memory_repo! macro,
GetStackQuery moved to queries, album add_entry 200→201.
2026-05-31 22:26:02 +02:00

31 lines
933 B
Rust
Raw Blame History

use crate::{middleware::auth::extract_bearer_token, state::AppState};
use axum::{extract::FromRequestParts, http::request::Parts, response::Response};
use domain::value_objects::SystemId;
pub struct JwtClaims {
pub user_id: SystemId,
pub role: String,
}
impl FromRequestParts<AppState> for JwtClaims {
type Rejection = Response;
async fn from_request_parts(
parts: &mut Parts,
state: &AppState,
) -> Result<Self, Self::Rejection> {
let token = extract_bearer_token(&parts.headers)?;
let (user_id, role) = state.token_issuer.verify(token).await.map_err(|_| {
use axum::{Json, http::StatusCode, response::IntoResponse};
(
StatusCode::UNAUTHORIZED,
Json(serde_json::json!({ "error": "Invalid or expired token" })),
)
.into_response()
})?;
Ok(JwtClaims { user_id, role })
}
}
Reference in New Issue View Git Blame Copy Permalink