GKaszewski/thoughts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): implement user registration and login with JWT authentication

Browse Source 
- Added `bcrypt`, `jsonwebtoken`, and `once_cell` dependencies to manage password hashing and JWT handling.
- Created `Claims` struct for JWT claims and implemented token generation in the login route.
- Implemented user registration and authentication logic in the `auth` module.
- Updated error handling to include validation errors.
- Created new routes for user registration and login, and integrated them into the main router.
- Added tests for the authentication flow, including registration and login scenarios.
- Updated user model to include a password hash field.
- Refactored user creation logic to include password validation.
- Adjusted feed and user routes to utilize JWT for authentication.
This commit is contained in:
Gabriel Kaszewski
2025-09-06 00:06:30 +02:00
parent d70015c887
commit 3d73c7f198
33 changed files with 575 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
thoughts-backend/tests/api/auth.rs Normal file
View File

@@ -0,0 +1,60 @@
use crate::api::main::setup;
use axum::http::StatusCode;
use http_body_util::BodyExt;
use serde_json::{json, Value};
use utils::testing::{make_jwt_request, make_post_request};
#[tokio::test]
async fn test_auth_flow() {
std::env::set_var("AUTH_SECRET", "test-secret");
let app = setup().await;
let register_body = json!({
"username": "testuser",
"password": "password123"
})
.to_string();
let response =
make_post_request(app.router.clone(), "/auth/register", register_body, None).await;
assert_eq!(response.status(), StatusCode::CREATED);
let body = response.into_body().collect().await.unwrap().to_bytes();
let v: Value = serde_json::from_slice(&body).unwrap();
assert_eq!(v["username"], "testuser");
assert!(v["id"].is_number());
let response = make_post_request(
app.router.clone(),
"/auth/register",
json!({
"username": "testuser",
"password": "password456"
})
.to_string(),
None,
)
.await;
assert_eq!(response.status(), StatusCode::BAD_REQUEST);
let login_body = json!({
"username": "testuser",
"password": "password123"
})
.to_string();
let response = make_post_request(app.router.clone(), "/auth/login", login_body, None).await;
assert_eq!(response.status(), StatusCode::OK);
let body = response.into_body().collect().await.unwrap().to_bytes();
let v: Value = serde_json::from_slice(&body).unwrap();
let token = v["token"].as_str().expect("token not found").to_string();
assert!(!token.is_empty());
let bad_login_body = json!({
"username": "testuser",
"password": "wrongpassword"
})
.to_string();
let response = make_post_request(app.router.clone(), "/auth/login", bad_login_body, None).await;
assert_eq!(response.status(), StatusCode::NOT_FOUND);
let response = make_jwt_request(app.router.clone(), "/feed", "GET", None, &token).await;
assert_eq!(response.status(), StatusCode::OK);
}

105
thoughts-backend/tests/api/feed.rs
View File

@@ -1,69 +1,86 @@
use super::main::{create_test_user, setup};
use super::main::{create_user_with_password, setup};
use axum::http::StatusCode;
use http_body_util::BodyExt;
use serde_json::json;
use utils::testing::{make_get_request, make_post_request};
use utils::testing::make_jwt_request;
#[tokio::test]
async fn test_feed_and_user_thoughts() {
let app = setup().await;
create_test_user(&app.db, "user1").await; // AuthUser is ID 1
create_test_user(&app.db, "user2").await;
create_test_user(&app.db, "user3").await;
create_user_with_password(&app.db, "user1", "password1").await;
create_user_with_password(&app.db, "user2", "password2").await;
create_user_with_password(&app.db, "user3", "password3").await;
// As user1, post a thought
let token = super::main::login_user(app.router.clone(), "user1", "password1").await;
let body = json!({ "content": "A thought from user1" }).to_string();
make_post_request(app.router.clone(), "/thoughts", body, Some(1)).await;
make_jwt_request(app.router.clone(), "/thoughts", "POST", Some(body), &token).await;
// As a different "user", create thoughts for user2 and user3 (we cheat here since auth is hardcoded)
app::persistence::thought::create_thought(
&app.db,
2,
models::params::thought::CreateThoughtParams {
content: "user2 was here".to_string(),
},
// As a different "user", create thoughts for user2 and user3
let token2 = super::main::login_user(app.router.clone(), "user2", "password2").await;
let body2 = json!({ "content": "user2 was here" }).to_string();
make_jwt_request(
app.router.clone(),
"/thoughts",
"POST",
Some(body2),
&token2,
)
.await
.unwrap();
app::persistence::thought::create_thought(
&app.db,
3,
models::params::thought::CreateThoughtParams {
content: "user3 checking in".to_string(),
},
)
.await
.unwrap();
.await;
// 1. Get thoughts for user2 - should only see their thought
let response = make_get_request(app.router.clone(), "/users/user2/thoughts", Some(2)).await;
let token3 = super::main::login_user(app.router.clone(), "user3", "password3").await;
let body3 = json!({ "content": "user3 checking in" }).to_string();
make_jwt_request(
app.router.clone(),
"/thoughts",
"POST",
Some(body3),
&token3,
)
.await;
// 1. Get thoughts for user2 - should only see their thought plus their own
let response = make_jwt_request(
app.router.clone(),
"/users/user2/thoughts",
"GET",
None,
&token2,
)
.await;
assert_eq!(response.status(), StatusCode::OK);
let body = response.into_body().collect().await.unwrap().to_bytes();
let v: serde_json::Value = serde_json::from_slice(&body).unwrap();
assert_eq!(v["thoughts"].as_array().unwrap().len(), 1);
assert_eq!(v["thoughts"][0]["content"], "user2 was here");
// 2. user1's feed is initially empty
let response = make_get_request(app.router.clone(), "/feed", Some(1)).await;
assert_eq!(response.status(), StatusCode::OK);
let body = response.into_body().collect().await.unwrap().to_bytes();
let v: serde_json::Value = serde_json::from_slice(&body).unwrap();
assert!(v["thoughts"].as_array().unwrap().is_empty());
// 3. user1 follows user2
make_post_request(
app.router.clone(),
"/users/user2/follow",
"".to_string(),
Some(1),
)
.await;
// 4. user1's feed now has user2's thought
let response = make_get_request(app.router.clone(), "/feed", Some(1)).await;
// 2. user1's feed has only their own thought (not following anyone)
let response = make_jwt_request(app.router.clone(), "/feed", "GET", None, &token).await;
assert_eq!(response.status(), StatusCode::OK);
let body = response.into_body().collect().await.unwrap().to_bytes();
let v: serde_json::Value = serde_json::from_slice(&body).unwrap();
assert_eq!(v["thoughts"].as_array().unwrap().len(), 1);
assert_eq!(v["thoughts"][0]["author_username"], "user1");
assert_eq!(v["thoughts"][0]["content"], "A thought from user1");
// 3. user1 follows user2
make_jwt_request(
app.router.clone(),
"/users/user2/follow",
"POST",
None,
&token,
)
.await;
// 4. user1's feed now has user2's thought
let response = make_jwt_request(app.router.clone(), "/feed", "GET", None, &token).await;
assert_eq!(response.status(), StatusCode::OK);
let body = response.into_body().collect().await.unwrap().to_bytes();
let v: serde_json::Value = serde_json::from_slice(&body).unwrap();
assert_eq!(v["thoughts"].as_array().unwrap().len(), 2);
assert_eq!(v["thoughts"][0]["author_username"], "user2");
assert_eq!(v["thoughts"][0]["content"], "user2 was here");
assert_eq!(v["thoughts"][1]["author_username"], "user1");
assert_eq!(v["thoughts"][1]["content"], "A thought from user1");
}

45
thoughts-backend/tests/api/follow.rs
View File

@@ -1,48 +1,69 @@
use super::main::{create_test_user, setup};
use super::main::{create_user_with_password, setup};
use axum::http::StatusCode;
use utils::testing::{make_delete_request, make_post_request};
use utils::testing::make_jwt_request;
#[tokio::test]
async fn test_follow_endpoints() {
std::env::set_var("AUTH_SECRET", "test-secret");
let app = setup().await;
create_test_user(&app.db, "user1").await; // AuthUser is ID 1
create_test_user(&app.db, "user2").await;
create_user_with_password(&app.db, "user1", "password1").await;
create_user_with_password(&app.db, "user2", "password2").await;
let token = super::main::login_user(app.router.clone(), "user1", "password1").await;
// 1. user1 follows user2
let response = make_post_request(
let response = make_jwt_request(
app.router.clone(),
"/users/user2/follow",
"".to_string(),
"POST",
None,
&token,
)
.await;
assert_eq!(response.status(), StatusCode::NO_CONTENT);
// 2. user1 tries to follow user2 again (should fail)
let response = make_post_request(
let response = make_jwt_request(
app.router.clone(),
"/users/user2/follow",
"".to_string(),
"POST",
None,
&token,
)
.await;
assert_eq!(response.status(), StatusCode::BAD_REQUEST);
// 3. user1 tries to follow a non-existent user
let response = make_post_request(
let response = make_jwt_request(
app.router.clone(),
"/users/nobody/follow",
"".to_string(),
"POST",
None,
&token,
)
.await;
assert_eq!(response.status(), StatusCode::NOT_FOUND);
// 4. user1 unfollows user2
let response = make_delete_request(app.router.clone(), "/users/user2/follow", None).await;
let response = make_jwt_request(
app.router.clone(),
"/users/user2/follow",
"DELETE",
None,
&token,
)
.await;
assert_eq!(response.status(), StatusCode::NO_CONTENT);
// 5. user1 tries to unfollow user2 again (should fail)
let response = make_delete_request(app.router.clone(), "/users/user2/follow", None).await;
let response = make_jwt_request(
app.router.clone(),
"/users/user2/follow",
"DELETE",
None,
&token,
)
.await;
assert_eq!(response.status(), StatusCode::NOT_FOUND);
}

25
thoughts-backend/tests/api/main.rs
View File

@@ -1,9 +1,11 @@
use api::setup_router;
use app::persistence::user::create_user;
use axum::Router;
use models::params::user::CreateUserParams;
use http_body_util::BodyExt;
use models::params::{auth::RegisterParams, user::CreateUserParams};
use sea_orm::DatabaseConnection;
use utils::testing::setup_test_db;
use serde_json::{json, Value};
use utils::testing::{make_post_request, setup_test_db};
pub struct TestApp {
pub router: Router,
@@ -22,8 +24,27 @@ pub async fn setup() -> TestApp {
pub async fn create_test_user(db: &DatabaseConnection, username: &str) {
let params = CreateUserParams {
username: username.to_string(),
password: "password".to_string(),
};
create_user(db, params)
.await
.expect("Failed to create test user");
}
pub async fn create_user_with_password(db: &DatabaseConnection, username: &str, password: &str) {
let params = RegisterParams {
username: username.to_string(),
password: password.to_string(),
};
app::persistence::auth::register_user(db, params)
.await
.expect("Failed to create test user with password");
}
pub async fn login_user(router: Router, username: &str, password: &str) -> String {
let login_body = json!({ "username": username, "password": password }).to_string();
let response = make_post_request(router, "/auth/login", login_body, None).await;
let body = response.into_body().collect().await.unwrap().to_bytes();
let v: Value = serde_json::from_slice(&body).unwrap();
v["token"].as_str().unwrap().to_string()
}

1
thoughts-backend/tests/api/mod.rs
View File

@@ -1,3 +1,4 @@
mod auth;
mod feed;
mod follow;
mod main;

38
thoughts-backend/tests/api/user.rs
View File

@@ -9,13 +9,10 @@ use crate::api::main::setup;
#[tokio::test]
async fn test_post_users() {
let app = setup().await;
let response = make_post_request(
app.router,
"/users",
r#"{"username": "test"}"#.to_owned(),
None,
)
.await;
let body = r#"{"username": "test", "password": "password123"}"#.to_owned();
let response = make_post_request(app.router, "/auth/register", body, None).await;
assert_eq!(response.status(), StatusCode::CREATED);
let body = response.into_body().collect().await.unwrap().to_bytes();
@@ -25,36 +22,25 @@ async fn test_post_users() {
#[tokio::test]
pub(super) async fn test_post_users_error() {
let app = setup().await;
let response = make_post_request(
app.router,
"/users",
r#"{"username": "1"}"#.to_owned(),
None,
)
.await;
let body = r#"{"username": "1", "password": "password123"}"#.to_owned();
let response = make_post_request(app.router, "/auth/register", body, None).await;
println!("{:?}", response);
assert_eq!(response.status(), StatusCode::UNPROCESSABLE_ENTITY);
let body = response.into_body().collect().await.unwrap().to_bytes();
let result: Value = serde_json::from_slice(&body).unwrap();
assert_eq!(result["message"], "Validation error");
assert_eq!(result["details"]["username"][0]["code"], "length");
assert_eq!(result["details"]["username"][0]["message"], Value::Null);
assert_eq!(
result["details"]["username"][0]["params"]["min"],
Value::Number(2.into())
)
}
#[tokio::test]
pub async fn test_get_users() {
let app = setup().await;
make_post_request(
app.router.clone(),
"/users",
r#"{"username": "test"}"#.to_owned(),
None,
)
.await;
let body = r#"{"username": "test", "password": "password123"}"#.to_owned();
make_post_request(app.router.clone(), "/auth/register", body, None).await;
let response = make_get_request(app.router, "/users", None).await;
assert_eq!(response.status(), StatusCode::OK);

3
thoughts-backend/tests/app/persistence/user.rs
View File

@@ -7,12 +7,15 @@ use models::params::user::CreateUserParams;
pub(super) async fn test_user(db: &DatabaseConnection) {
let params = CreateUserParams {
username: "test".to_string(),
password: "password".to_string(),
};
let user = create_user(db, params).await.expect("Create user failed!");
let expected = user::ActiveModel {
id: Unchanged(1),
username: Unchanged("test".to_owned()),
password_hash: Unchanged(None),
..Default::default()
};
assert_eq!(user, expected);
}