feat(auth): implement user registration and login with JWT authentication

- Added `bcrypt`, `jsonwebtoken`, and `once_cell` dependencies to manage password hashing and JWT handling. - Created `Claims` struct for JWT claims and implemented token generation in the login route. - Implemented user registration and authentication logic in the `auth` module. - Updated error handling to include validation errors. - Created new routes for user registration and login, and integrated them into the main router. - Added tests for the authentication flow, including registration and login scenarios. - Updated user model to include a password hash field. - Refactored user creation logic to include password validation. - Adjusted feed and user routes to utilize JWT for authentication.
2025-09-06 00:06:30 +02:00
parent d70015c887
commit 3d73c7f198
33 changed files with 575 additions and 136 deletions
--- a/thoughts-backend/tests/api/follow.rs
+++ b/thoughts-backend/tests/api/follow.rs
@@ -1,48 +1,69 @@
-use super::main::{create_test_user, setup};
+use super::main::{create_user_with_password, setup};
 use axum::http::StatusCode;
-use utils::testing::{make_delete_request, make_post_request};
+use utils::testing::make_jwt_request;

 #[tokio::test]
 async fn test_follow_endpoints() {
+    std::env::set_var("AUTH_SECRET", "test-secret");
    let app = setup().await;
-    create_test_user(&app.db, "user1").await; // AuthUser is ID 1
-    create_test_user(&app.db, "user2").await;
+
+    create_user_with_password(&app.db, "user1", "password1").await;
+    create_user_with_password(&app.db, "user2", "password2").await;
+
+    let token = super::main::login_user(app.router.clone(), "user1", "password1").await;

    // 1. user1 follows user2
-    let response = make_post_request(
+    let response = make_jwt_request(
        app.router.clone(),
        "/users/user2/follow",
-        "".to_string(),
+        "POST",
        None,
+        &token,
    )
    .await;
    assert_eq!(response.status(), StatusCode::NO_CONTENT);

    // 2. user1 tries to follow user2 again (should fail)
-    let response = make_post_request(
+    let response = make_jwt_request(
        app.router.clone(),
        "/users/user2/follow",
-        "".to_string(),
+        "POST",
        None,
+        &token,
    )
    .await;
    assert_eq!(response.status(), StatusCode::BAD_REQUEST);

    // 3. user1 tries to follow a non-existent user
-    let response = make_post_request(
+    let response = make_jwt_request(
        app.router.clone(),
        "/users/nobody/follow",
-        "".to_string(),
+        "POST",
        None,
+        &token,
    )
    .await;
    assert_eq!(response.status(), StatusCode::NOT_FOUND);

    // 4. user1 unfollows user2
-    let response = make_delete_request(app.router.clone(), "/users/user2/follow", None).await;
+    let response = make_jwt_request(
+        app.router.clone(),
+        "/users/user2/follow",
+        "DELETE",
+        None,
+        &token,
+    )
+    .await;
    assert_eq!(response.status(), StatusCode::NO_CONTENT);

    // 5. user1 tries to unfollow user2 again (should fail)
-    let response = make_delete_request(app.router.clone(), "/users/user2/follow", None).await;
+    let response = make_jwt_request(
+        app.router.clone(),
+        "/users/user2/follow",
+        "DELETE",
+        None,
+        &token,
+    )
+    .await;
    assert_eq!(response.status(), StatusCode::NOT_FOUND);
 }