feat(auth): implement user registration and login with JWT authentication

- Added `bcrypt`, `jsonwebtoken`, and `once_cell` dependencies to manage password hashing and JWT handling. - Created `Claims` struct for JWT claims and implemented token generation in the login route. - Implemented user registration and authentication logic in the `auth` module. - Updated error handling to include validation errors. - Created new routes for user registration and login, and integrated them into the main router. - Added tests for the authentication flow, including registration and login scenarios. - Updated user model to include a password hash field. - Refactored user creation logic to include password validation. - Adjusted feed and user routes to utilize JWT for authentication.
2025-09-06 00:06:30 +02:00
parent d70015c887
commit 3d73c7f198
33 changed files with 575 additions and 136 deletions
--- a/thoughts-backend/app/src/persistence/auth.rs
+++ b/thoughts-backend/app/src/persistence/auth.rs
@@ -0,0 +1,54 @@
+use bcrypt::{hash, verify, BcryptError, DEFAULT_COST};
+use models::{
+    domains::user,
+    params::auth::{LoginParams, RegisterParams},
+};
+use sea_orm::{ActiveModelTrait, ColumnTrait, DbConn, EntityTrait, QueryFilter, Set};
+use validator::Validate; // Import the Validate trait
+
+use crate::error::UserError;
+
+fn hash_password(password: &str) -> Result<String, BcryptError> {
+    hash(password, DEFAULT_COST)
+}
+
+pub async fn register_user(db: &DbConn, params: RegisterParams) -> Result<user::Model, UserError> {
+    // Validate the parameters
+    params
+        .validate()
+        .map_err(|e| UserError::Validation(e.to_string()))?;
+
+    let hashed_password =
+        hash_password(&params.password).map_err(|e| UserError::Internal(e.to_string()))?;
+
+    let new_user = user::ActiveModel {
+        username: Set(params.username),
+        password_hash: Set(Some(hashed_password)),
+        ..Default::default()
+    };
+
+    new_user.insert(db).await.map_err(|e| {
+        if let Some(sea_orm::SqlErr::UniqueConstraintViolation { .. }) = e.sql_err() {
+            UserError::UsernameTaken
+        } else {
+            UserError::Internal(e.to_string())
+        }
+    })
+}
+
+pub async fn authenticate_user(db: &DbConn, params: LoginParams) -> Result<user::Model, UserError> {
+    let user = user::Entity::find()
+        .filter(user::Column::Username.eq(params.username))
+        .one(db)
+        .await
+        .map_err(|e| UserError::Internal(e.to_string()))?
+        .ok_or(UserError::NotFound)?;
+
+    let password_hash = user.password_hash.as_ref().ok_or(UserError::NotFound)?;
+
+    if verify(params.password, password_hash).map_err(|e| UserError::Internal(e.to_string()))? {
+        Ok(user)
+    } else {
+        Err(UserError::NotFound)
+    }
+}
--- a/thoughts-backend/app/src/persistence/mod.rs
+++ b/thoughts-backend/app/src/persistence/mod.rs
@@ -1,3 +1,4 @@
+pub mod auth;
 pub mod follow;
 pub mod thought;
 pub mod user;