GKaszewski/movies-diary
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(auth): LoginDeps, RegisterDeps, RefreshDeps, RegisterAndLoginDeps, RefreshSessionCleanupJob

Browse Source
This commit is contained in:
Gabriel Kaszewski
2026-06-11 22:58:42 +02:00
parent 70d1f10e3d
commit 9ca5ada924
18 changed files with 359 additions and 232 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
crates/application/src/auth/deps.rs Normal file
View File

@@ -0,0 +1,33 @@
use std::sync::Arc;
use domain::ports::{AuthService, PasswordHasher, RefreshSessionRepository, UserRepository};
use crate::config::AppConfig;
pub struct LoginDeps {
pub user: Arc<dyn UserRepository>,
pub password_hasher: Arc<dyn PasswordHasher>,
pub auth: Arc<dyn AuthService>,
pub refresh_session: Arc<dyn RefreshSessionRepository>,
pub config: AppConfig,
}
pub struct RegisterDeps {
pub user: Arc<dyn UserRepository>,
pub password_hasher: Arc<dyn PasswordHasher>,
pub config: AppConfig,
}
pub struct RefreshDeps {
pub refresh_session: Arc<dyn RefreshSessionRepository>,
pub auth: Arc<dyn AuthService>,
pub config: AppConfig,
}
pub struct RegisterAndLoginDeps {
pub user: Arc<dyn UserRepository>,
pub password_hasher: Arc<dyn PasswordHasher>,
pub auth: Arc<dyn AuthService>,
pub refresh_session: Arc<dyn RefreshSessionRepository>,
pub config: AppConfig,
}

16
crates/application/src/auth/login.rs
View File

@@ -3,7 +3,7 @@ use uuid::Uuid;
use domain::{errors::DomainError, models::RefreshSession, value_objects::Email};
use crate::{auth::queries::LoginQuery, context::AppContext};
use crate::auth::{deps::LoginDeps, queries::LoginQuery};
pub struct LoginResult {
pub token: String,
@@ -14,17 +14,15 @@ pub struct LoginResult {
pub role: String,
}
pub async fn execute(ctx: &AppContext, query: LoginQuery) -> Result<LoginResult, DomainError> {
pub async fn execute(deps: &LoginDeps, query: LoginQuery) -> Result<LoginResult, DomainError> {
let email = Email::new(query.email)?;
let user = ctx
.repos
let user = deps
.user
.find_by_email(&email)
.await?
.ok_or_else(|| DomainError::Unauthorized("Invalid credentials".into()))?;
let valid = ctx
.services
let valid = deps
.password_hasher
.verify(&query.password, user.password_hash())
.await?;
@@ -32,10 +30,10 @@ pub async fn execute(ctx: &AppContext, query: LoginQuery) -> Result<LoginResult,
return Err(DomainError::Unauthorized("Invalid credentials".into()));
}
let generated = ctx.services.auth.generate_token(user.id()).await?;
let generated = deps.auth.generate_token(user.id()).await?;
let refresh_token = Uuid::new_v4().to_string();
let refresh_expires = Utc::now() + Duration::seconds(ctx.config.refresh_ttl_seconds as i64);
let refresh_expires = Utc::now() + Duration::seconds(deps.config.refresh_ttl_seconds as i64);
let session = RefreshSession {
id: Uuid::new_v4(),
user_id: user.id().clone(),
@@ -43,7 +41,7 @@ pub async fn execute(ctx: &AppContext, query: LoginQuery) -> Result<LoginResult,
expires_at: refresh_expires,
created_at: Utc::now(),
};
ctx.repos.refresh_session.create(&session).await?;
deps.refresh_session.create(&session).await?;
Ok(LoginResult {
token: generated.token,

11
crates/application/src/auth/logout.rs
View File

@@ -1,9 +1,12 @@
use domain::errors::DomainError;
use std::sync::Arc;
use crate::context::AppContext;
use domain::{errors::DomainError, ports::RefreshSessionRepository};
pub async fn execute(ctx: &AppContext, refresh_token: &str) -> Result<(), DomainError> {
ctx.repos.refresh_session.revoke(refresh_token).await
pub async fn execute(
refresh_session: Arc<dyn RefreshSessionRepository>,
refresh_token: &str,
) -> Result<(), DomainError> {
refresh_session.revoke(refresh_token).await
}
#[cfg(test)]

1
crates/application/src/auth/mod.rs
View File

@@ -1,4 +1,5 @@
pub mod commands;
pub mod deps;
pub mod login;
pub mod logout;
pub mod queries;

17
crates/application/src/auth/refresh.rs
View File

@@ -3,7 +3,7 @@ use uuid::Uuid;
use domain::{errors::DomainError, models::RefreshSession};
use crate::context::AppContext;
use crate::auth::deps::RefreshDeps;
pub struct RefreshResult {
pub token: String,
@@ -12,30 +12,29 @@ pub struct RefreshResult {
}
pub async fn execute(
ctx: &AppContext,
deps: &RefreshDeps,
old_refresh_token: &str,
) -> Result<RefreshResult, DomainError> {
let session = ctx
.repos
let session = deps
.refresh_session
.get_by_token(old_refresh_token)
.await?
.ok_or_else(|| DomainError::Unauthorized("Invalid refresh token".into()))?;
if session.expires_at < Utc::now() {
ctx.repos.refresh_session.revoke(old_refresh_token).await?;
deps.refresh_session.revoke(old_refresh_token).await?;
return Err(DomainError::Unauthorized("Refresh token expired".into()));
}
// Revoke old token (rotation)
ctx.repos.refresh_session.revoke(old_refresh_token).await?;
deps.refresh_session.revoke(old_refresh_token).await?;
// Generate new access token
let generated = ctx.services.auth.generate_token(&session.user_id).await?;
let generated = deps.auth.generate_token(&session.user_id).await?;
// Create new refresh session
let new_refresh_token = Uuid::new_v4().to_string();
let refresh_expires = Utc::now() + Duration::seconds(ctx.config.refresh_ttl_seconds as i64);
let refresh_expires = Utc::now() + Duration::seconds(deps.config.refresh_ttl_seconds as i64);
let new_session = RefreshSession {
id: Uuid::new_v4(),
user_id: session.user_id,
@@ -43,7 +42,7 @@ pub async fn execute(
expires_at: refresh_expires,
created_at: Utc::now(),
};
ctx.repos.refresh_session.create(&new_session).await?;
deps.refresh_session.create(&new_session).await?;
Ok(RefreshResult {
token: generated.token,

15
crates/application/src/auth/register.rs
View File

@@ -4,10 +4,10 @@ use domain::{
value_objects::{Email, Password, Username},
};
use crate::{auth::commands::RegisterCommand, context::AppContext};
use crate::auth::{commands::RegisterCommand, deps::RegisterDeps};
pub async fn execute(ctx: &AppContext, cmd: RegisterCommand) -> Result<(), DomainError> {
if !ctx.config.allow_registration {
pub async fn execute(deps: &RegisterDeps, cmd: RegisterCommand) -> Result<(), DomainError> {
if !deps.config.allow_registration {
return Err(DomainError::Unauthorized("Registration is disabled".into()));
}
@@ -15,21 +15,20 @@ pub async fn execute(ctx: &AppContext, cmd: RegisterCommand) -> Result<(), Domai
let email = Email::new(cmd.email)?;
let username = Username::new(cmd.username)?;
if ctx.repos.user.find_by_email(&email).await?.is_some() {
if deps.user.find_by_email(&email).await?.is_some() {
return Err(DomainError::ValidationError(
"Email already registered".into(),
));
}
if ctx.repos.user.find_by_username(&username).await?.is_some() {
if deps.user.find_by_username(&username).await?.is_some() {
return Err(DomainError::ValidationError(
"Username already taken".into(),
));
}
let hash = ctx.services.password_hasher.hash(password.value()).await?;
ctx.repos
.user
let hash = deps.password_hasher.hash(password.value()).await?;
deps.user
.save(&User::new(email, username, hash, cmd.role))
.await
}

34
crates/application/src/auth/register_and_login.rs
View File

@@ -1,18 +1,25 @@
use domain::errors::DomainError;
use crate::{
auth::commands::RegisterAndLoginCommand,
auth::{login, register},
context::AppContext,
use crate::auth::{
commands::{RegisterAndLoginCommand, RegisterCommand},
deps::{LoginDeps, RegisterAndLoginDeps, RegisterDeps},
login::{self, LoginResult},
queries::LoginQuery,
register,
};
pub async fn execute(
ctx: &AppContext,
deps: &RegisterAndLoginDeps,
cmd: RegisterAndLoginCommand,
) -> Result<login::LoginResult, DomainError> {
) -> Result<LoginResult, DomainError> {
let reg_deps = RegisterDeps {
user: deps.user.clone(),
password_hasher: deps.password_hasher.clone(),
config: deps.config.clone(),
};
register::execute(
ctx,
crate::auth::commands::RegisterCommand {
&reg_deps,
RegisterCommand {
email: cmd.email.clone(),
username: cmd.username,
password: cmd.password.clone(),
@@ -21,9 +28,16 @@ pub async fn execute(
)
.await?;
let log_deps = LoginDeps {
user: deps.user.clone(),
password_hasher: deps.password_hasher.clone(),
auth: deps.auth.clone(),
refresh_session: deps.refresh_session.clone(),
config: deps.config.clone(),
};
login::execute(
ctx,
crate::auth::queries::LoginQuery {
&log_deps,
LoginQuery {
email: cmd.email,
password: cmd.password,
},

63
crates/application/src/auth/tests/login.rs
View File

@@ -4,15 +4,24 @@ use domain::models::UserRole;
use domain::testing::InMemoryUserRepository;
use crate::{
auth::commands::RegisterCommand,
auth::queries::LoginQuery,
auth::{login, register},
auth::{
commands::RegisterCommand,
deps::{LoginDeps, RegisterDeps},
login,
queries::LoginQuery,
register,
},
test_helpers::TestContextBuilder,
};
async fn setup_user(ctx: &crate::context::AppContext, email: &str, password: &str) {
async fn setup_user(b: &TestContextBuilder, email: &str, password: &str) {
let deps = RegisterDeps {
user: b.user_repo.clone(),
password_hasher: b.password_hasher.clone(),
config: b.config.clone(),
};
register::execute(
ctx,
&deps,
RegisterCommand {
email: email.to_string(),
username: "testuser".to_string(),
@@ -27,14 +36,18 @@ async fn setup_user(ctx: &crate::context::AppContext, email: &str, password: &st
#[tokio::test]
async fn test_login_valid_credentials_returns_token() {
let users = InMemoryUserRepository::new();
let ctx = TestContextBuilder::new()
.with_users(Arc::clone(&users) as _)
.build();
setup_user(&ctx, "carol@example.com", "secret123").await;
let b = TestContextBuilder::new().with_users(Arc::clone(&users) as _);
setup_user(&b, "carol@example.com", "secret123").await;
let deps = LoginDeps {
user: b.user_repo.clone(),
password_hasher: b.password_hasher.clone(),
auth: b.auth_service.clone(),
refresh_session: b.refresh_session_repo.clone(),
config: b.config.clone(),
};
let result = login::execute(
&ctx,
&deps,
LoginQuery {
email: "carol@example.com".into(),
password: "secret123".into(),
@@ -51,14 +64,18 @@ async fn test_login_valid_credentials_returns_token() {
#[tokio::test]
async fn test_login_wrong_password_fails() {
let users = InMemoryUserRepository::new();
let ctx = TestContextBuilder::new()
.with_users(Arc::clone(&users) as _)
.build();
setup_user(&ctx, "dave@example.com", "correct_password").await;
let b = TestContextBuilder::new().with_users(Arc::clone(&users) as _);
setup_user(&b, "dave@example.com", "correct_password").await;
let deps = LoginDeps {
user: b.user_repo.clone(),
password_hasher: b.password_hasher.clone(),
auth: b.auth_service.clone(),
refresh_session: b.refresh_session_repo.clone(),
config: b.config.clone(),
};
let result = login::execute(
&ctx,
&deps,
LoginQuery {
email: "dave@example.com".into(),
password: "wrong_password".into(),
@@ -71,10 +88,16 @@ async fn test_login_wrong_password_fails() {
#[tokio::test]
async fn test_login_unknown_email_fails() {
let ctx = TestContextBuilder::new().build();
let b = TestContextBuilder::new();
let deps = LoginDeps {
user: b.user_repo.clone(),
password_hasher: b.password_hasher.clone(),
auth: b.auth_service.clone(),
refresh_session: b.refresh_session_repo.clone(),
config: b.config.clone(),
};
let result = login::execute(
&ctx,
&deps,
LoginQuery {
email: "nobody@example.com".into(),
password: "anything".into(),

49
crates/application/src/auth/tests/logout.rs
View File

@@ -4,21 +4,27 @@ use domain::models::UserRole;
use domain::testing::InMemoryUserRepository;
use crate::{
auth::commands::RegisterCommand,
auth::queries::LoginQuery,
auth::{login, logout, refresh, register},
auth::{
commands::RegisterCommand,
deps::{LoginDeps, RefreshDeps, RegisterDeps},
login, logout, refresh, register,
queries::LoginQuery,
},
test_helpers::TestContextBuilder,
};
#[tokio::test]
async fn logout_revokes_refresh_token() {
let users = InMemoryUserRepository::new();
let ctx = TestContextBuilder::new()
.with_users(Arc::clone(&users) as _)
.build();
let b = TestContextBuilder::new().with_users(Arc::clone(&users) as _);
let reg_deps = RegisterDeps {
user: b.user_repo.clone(),
password_hasher: b.password_hasher.clone(),
config: b.config.clone(),
};
register::execute(
&ctx,
&reg_deps,
RegisterCommand {
email: "bob@example.com".to_string(),
username: "bob".to_string(),
@@ -29,8 +35,15 @@ async fn logout_revokes_refresh_token() {
.await
.unwrap();
let login_deps = LoginDeps {
user: b.user_repo.clone(),
password_hasher: b.password_hasher.clone(),
auth: b.auth_service.clone(),
refresh_session: b.refresh_session_repo.clone(),
config: b.config.clone(),
};
let login_result = login::execute(
&ctx,
&login_deps,
LoginQuery {
email: "bob@example.com".into(),
password: "password123".into(),
@@ -39,17 +52,25 @@ async fn logout_revokes_refresh_token() {
.await
.unwrap();
logout::execute(&ctx, &login_result.refresh_token)
.await
.unwrap();
logout::execute(
b.refresh_session_repo.clone(),
&login_result.refresh_token,
)
.await
.unwrap();
let refresh_attempt = refresh::execute(&ctx, &login_result.refresh_token).await;
let refresh_deps = RefreshDeps {
refresh_session: b.refresh_session_repo.clone(),
auth: b.auth_service.clone(),
config: b.config.clone(),
};
let refresh_attempt = refresh::execute(&refresh_deps, &login_result.refresh_token).await;
assert!(refresh_attempt.is_err());
}
#[tokio::test]
async fn logout_with_unknown_token_succeeds() {
let ctx = TestContextBuilder::new().build();
let result = logout::execute(&ctx, "nonexistent-token").await;
let b = TestContextBuilder::new();
let result = logout::execute(b.refresh_session_repo.clone(), "nonexistent-token").await;
assert!(result.is_ok());
}

83
crates/application/src/auth/tests/refresh.rs
View File

@@ -4,15 +4,23 @@ use domain::models::UserRole;
use domain::testing::InMemoryUserRepository;
use crate::{
auth::commands::RegisterCommand,
auth::queries::LoginQuery,
auth::{login, refresh, register},
auth::{
commands::RegisterCommand,
deps::{LoginDeps, RefreshDeps, RegisterDeps},
login, refresh, register,
queries::LoginQuery,
},
test_helpers::TestContextBuilder,
};
async fn login_user(ctx: &crate::context::AppContext) -> login::LoginResult {
async fn login_user(b: &TestContextBuilder) -> login::LoginResult {
let reg_deps = RegisterDeps {
user: b.user_repo.clone(),
password_hasher: b.password_hasher.clone(),
config: b.config.clone(),
};
register::execute(
ctx,
&reg_deps,
RegisterCommand {
email: "alice@example.com".to_string(),
username: "alice".to_string(),
@@ -23,8 +31,15 @@ async fn login_user(ctx: &crate::context::AppContext) -> login::LoginResult {
.await
.unwrap();
let login_deps = LoginDeps {
user: b.user_repo.clone(),
password_hasher: b.password_hasher.clone(),
auth: b.auth_service.clone(),
refresh_session: b.refresh_session_repo.clone(),
config: b.config.clone(),
};
login::execute(
ctx,
&login_deps,
LoginQuery {
email: "alice@example.com".into(),
password: "password123".into(),
@@ -37,13 +52,15 @@ async fn login_user(ctx: &crate::context::AppContext) -> login::LoginResult {
#[tokio::test]
async fn refresh_returns_new_tokens() {
let users = InMemoryUserRepository::new();
let ctx = TestContextBuilder::new()
.with_users(Arc::clone(&users) as _)
.build();
let b = TestContextBuilder::new().with_users(Arc::clone(&users) as _);
let login_result = login_user(&b).await;
let login_result = login_user(&ctx).await;
let result = refresh::execute(&ctx, &login_result.refresh_token)
let deps = RefreshDeps {
refresh_session: b.refresh_session_repo.clone(),
auth: b.auth_service.clone(),
config: b.config.clone(),
};
let result = refresh::execute(&deps, &login_result.refresh_token)
.await
.unwrap();
@@ -55,33 +72,37 @@ async fn refresh_returns_new_tokens() {
#[tokio::test]
async fn refresh_rotates_token_old_one_invalid() {
let users = InMemoryUserRepository::new();
let ctx = TestContextBuilder::new()
.with_users(Arc::clone(&users) as _)
.build();
let login_result = login_user(&ctx).await;
let b = TestContextBuilder::new().with_users(Arc::clone(&users) as _);
let login_result = login_user(&b).await;
let old_token = login_result.refresh_token.clone();
refresh::execute(&ctx, &old_token).await.unwrap();
let deps = RefreshDeps {
refresh_session: b.refresh_session_repo.clone(),
auth: b.auth_service.clone(),
config: b.config.clone(),
};
refresh::execute(&deps, &old_token).await.unwrap();
let retry = refresh::execute(&ctx, &old_token).await;
let retry = refresh::execute(&deps, &old_token).await;
assert!(retry.is_err());
}
#[tokio::test]
async fn refresh_with_new_token_works() {
let users = InMemoryUserRepository::new();
let ctx = TestContextBuilder::new()
.with_users(Arc::clone(&users) as _)
.build();
let b = TestContextBuilder::new().with_users(Arc::clone(&users) as _);
let login_result = login_user(&b).await;
let login_result = login_user(&ctx).await;
let first = refresh::execute(&ctx, &login_result.refresh_token)
let deps = RefreshDeps {
refresh_session: b.refresh_session_repo.clone(),
auth: b.auth_service.clone(),
config: b.config.clone(),
};
let first = refresh::execute(&deps, &login_result.refresh_token)
.await
.unwrap();
let second = refresh::execute(&ctx, &first.refresh_token).await.unwrap();
let second = refresh::execute(&deps, &first.refresh_token).await.unwrap();
assert!(!second.token.is_empty());
assert_ne!(second.refresh_token, first.refresh_token);
@@ -89,8 +110,12 @@ async fn refresh_with_new_token_works() {
#[tokio::test]
async fn refresh_with_unknown_token_fails() {
let ctx = TestContextBuilder::new().build();
let result = refresh::execute(&ctx, "nonexistent-token").await;
let b = TestContextBuilder::new();
let deps = RefreshDeps {
refresh_session: b.refresh_session_repo.clone(),
auth: b.auth_service.clone(),
config: b.config.clone(),
};
let result = refresh::execute(&deps, "nonexistent-token").await;
assert!(result.is_err());
}

38
crates/application/src/auth/tests/register.rs
View File

@@ -5,7 +5,10 @@ use domain::ports::UserRepository;
use domain::testing::InMemoryUserRepository;
use domain::value_objects::Email;
use crate::{auth::commands::RegisterCommand, auth::register, test_helpers::TestContextBuilder};
use crate::{
auth::{commands::RegisterCommand, deps::RegisterDeps, register},
test_helpers::TestContextBuilder,
};
fn cmd(email: &str) -> RegisterCommand {
RegisterCommand {
@@ -19,11 +22,14 @@ fn cmd(email: &str) -> RegisterCommand {
#[tokio::test]
async fn test_register_creates_user() {
let users = InMemoryUserRepository::new();
let ctx = TestContextBuilder::new()
.with_users(Arc::clone(&users) as _)
.build();
let b = TestContextBuilder::new().with_users(Arc::clone(&users) as _);
let deps = RegisterDeps {
user: b.user_repo.clone(),
password_hasher: b.password_hasher.clone(),
config: b.config.clone(),
};
register::execute(&ctx, cmd("alice@example.com"))
register::execute(&deps, cmd("alice@example.com"))
.await
.unwrap();
@@ -36,22 +42,30 @@ async fn test_register_creates_user() {
#[tokio::test]
async fn test_register_duplicate_email_fails() {
let users = InMemoryUserRepository::new();
let ctx = TestContextBuilder::new()
.with_users(Arc::clone(&users) as _)
.build();
let b = TestContextBuilder::new().with_users(Arc::clone(&users) as _);
let deps = RegisterDeps {
user: b.user_repo.clone(),
password_hasher: b.password_hasher.clone(),
config: b.config.clone(),
};
register::execute(&ctx, cmd("bob@example.com"))
register::execute(&deps, cmd("bob@example.com"))
.await
.unwrap();
let result = register::execute(&ctx, cmd("bob@example.com")).await;
let result = register::execute(&deps, cmd("bob@example.com")).await;
assert!(result.is_err(), "duplicate email should fail");
}
#[tokio::test]
async fn test_register_short_password_fails() {
let ctx = TestContextBuilder::new().build();
let b = TestContextBuilder::new();
let deps = RegisterDeps {
user: b.user_repo.clone(),
password_hasher: b.password_hasher.clone(),
config: b.config.clone(),
};
let result = register::execute(
&ctx,
&deps,
RegisterCommand {
email: "x@y.com".to_string(),
username: "testuser".to_string(),

12
crates/application/src/auth/tests/register_and_login.rs
View File

@@ -1,13 +1,21 @@
use crate::auth::commands::RegisterAndLoginCommand;
use crate::auth::deps::RegisterAndLoginDeps;
use crate::auth::register_and_login;
use crate::test_helpers::TestContextBuilder;
#[tokio::test]
async fn registers_and_returns_token() {
let ctx = TestContextBuilder::new().build();
let b = TestContextBuilder::new();
let deps = RegisterAndLoginDeps {
user: b.user_repo.clone(),
password_hasher: b.password_hasher.clone(),
auth: b.auth_service.clone(),
refresh_session: b.refresh_session_repo.clone(),
config: b.config.clone(),
};
let result = register_and_login::execute(
&ctx,
&deps,
RegisterAndLoginCommand {
email: "new@example.com".into(),
username: "newuser".into(),