refactor

pemattern · pemattern · commit 1caadff90e8b · 2025-10-17T21:20:15.000+02:00
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -33,19 +33,19 @@ services:
       timeout: 5s
       retries: 5
 
-  open-erase-iso-builder:
-    container_name: open-erase-iso-builder
-    image: open-erase-iso-builder
-    cap_add:
-      - SYS_ADMIN
-    stdin_open: true
-    build:
-      context: .
-      dockerfile: iso-builder.Dockerfile
-    volumes:
-      - iso:/iso/out
-    command: >
-      sh -c "ls -a && mkarchiso -v -w /tmp/archiso-tmp -o /iso/out /iso"
+  # open-erase-iso-builder:
+  #   container_name: open-erase-iso-builder
+  #   image: open-erase-iso-builder
+  #   cap_add:
+  #     - SYS_ADMIN
+  #   stdin_open: true
+  #   build:
+  #     context: .
+  #     dockerfile: iso-builder.Dockerfile
+  #   volumes:
+  #     - iso:/iso/out
+  #   command: >
+  #     sh -c "ls -a && mkarchiso -v -w /tmp/archiso-tmp -o /iso/out /iso"
 
 volumes:
   db:
diff --git a/server/Cargo.toml b/server/Cargo.toml
@@ -13,6 +13,7 @@ chrono = { version = "0.4.42", features = ["serde"] }
 getrandom = "0.3.4"
 jsonwebtoken = "9.3.1"
 serde = { version = "1.0.228", features = ["derive"] }
+serde_json = "1.0.145"
 sqlx = { version = "0.8.6", features = [
   "chrono",
   "postgres",
@@ -37,4 +38,3 @@ utoipa-swagger-ui = { version = "9.0.2", features = ["axum"] }
 uuid = { version = "1.18.1", features = ["serde"] }
 
 [dev-dependencies]
-serde_json = "1.0.145"
diff --git a/server/src/error.rs b/server/src/error.rs
@@ -58,6 +58,7 @@ pub enum ServiceError {
     Hash(argon2::password_hash::Error),
     Token(jsonwebtoken::errors::Error),
     Uuid(uuid::Error),
+    Serialization(serde_json::Error),
 }
 
 impl IntoResponse for ServiceError {
@@ -92,6 +93,12 @@ impl From<uuid::Error> for ServiceError {
     }
 }
 
+impl From<serde_json::Error> for ServiceError {
+    fn from(value: serde_json::Error) -> Self {
+        Self::Serialization(value)
+    }
+}
+
 #[allow(dead_code)]
 #[derive(Debug)]
 pub enum RepositoryError {
@@ -118,6 +125,7 @@ impl From<ServiceError> for ErrorResponse {
             ServiceError::Hash(_error) => ErrorResponse::unauthorized(),
             ServiceError::Token(_error) => ErrorResponse::internal_server_error(),
             ServiceError::Uuid(_error) => ErrorResponse::internal_server_error(),
+            ServiceError::Serialization(_error) => ErrorResponse::internal_server_error(),
         }
     }
 }
diff --git a/server/src/handlers/auth.rs b/server/src/handlers/auth.rs
@@ -1,9 +1,9 @@
-use axum::{Extension, extract::State};
+use axum::{Extension, Json, extract::State};
 
 use crate::{
     error::AppResult,
     models::User,
-    schemas::token::{LoginResponse, RefreshResponse},
+    schemas::token::{LoginResponse, RefreshRequest, RefreshResponse},
     state::AppState,
 };
 
@@ -23,6 +23,7 @@ pub async fn login(
 pub async fn refresh(
     State(state): State<AppState>,
     Extension(user): Extension<User>,
+    Json(refresh_request): Json<RefreshRequest>,
 ) -> AppResult<RefreshResponse> {
     let access_token = state.auth_service.generate_access_token(&user)?;
     Ok(RefreshResponse::new(access_token))
diff --git a/server/src/middleware/auth.rs b/server/src/middleware/auth.rs
@@ -42,15 +42,15 @@ pub async fn validate_basic_auth(
     next: Next,
 ) -> AppResult<impl IntoResponse> {
     let authorization_header = header_result.map_err(|_| ClientError::Unauthorized)?;
+
     let user = state
-        .user_service
-        .find_user_by_email(authorization_header.username())
+        .auth_service
+        .validate_basic_auth(
+            authorization_header.username(),
+            authorization_header.password(),
+        )
         .await?
         .ok_or(ClientError::Unauthorized)?;
-    state
-        .auth_service
-        .verify_password(authorization_header.password(), &user.password_hash)
-        .map_err(|_| ClientError::Unauthorized)?;
     request.extensions_mut().insert(user);
     Ok(next.run(request).await)
 }
diff --git a/server/src/models/refresh_token.rs b/server/src/models/refresh_token.rs
@@ -1,4 +1,4 @@
-use chrono::{DateTime, Local};
+use chrono::{DateTime, Utc};
 use sqlx::FromRow;
 use uuid::Uuid;
 
@@ -7,6 +7,6 @@ pub struct RefreshToken {
     pub id: Uuid,
     pub user_id: Uuid,
     pub refresh_token_hash: String,
-    pub created_at: DateTime<Local>,
-    pub updated_at: DateTime<Local>,
+    pub created_at: DateTime<Utc>,
+    pub updated_at: DateTime<Utc>,
 }
diff --git a/server/src/models/user.rs b/server/src/models/user.rs
@@ -1,4 +1,4 @@
-use chrono::{DateTime, Local};
+use chrono::{DateTime, Utc};
 use sqlx::prelude::FromRow;
 use uuid::Uuid;
 
@@ -7,6 +7,6 @@ pub struct User {
     pub id: Uuid,
     pub email: String,
     pub password_hash: String,
-    pub created_at: DateTime<Local>,
-    pub updated_at: DateTime<Local>,
+    pub created_at: DateTime<Utc>,
+    pub updated_at: DateTime<Utc>,
 }
diff --git a/server/src/repositories/mocks/refresh_token.rs b/server/src/repositories/mocks/refresh_token.rs
@@ -1,7 +1,7 @@
 use std::sync::{Arc, Mutex};
 
 use async_trait::async_trait;
-use chrono::{DateTime, Local};
+use chrono::DateTime;
 use uuid::Uuid;
 
 use crate::{
diff --git a/server/src/schemas/mod.rs b/server/src/schemas/mod.rs
@@ -1,2 +1,10 @@
+use serde::Serialize;
+
+use crate::error::ServiceResult;
+
 pub mod token;
 pub mod user;
+
+fn json<T: Serialize>(val: T) -> ServiceResult<String> {
+    Ok(serde_json::to_string_pretty(&val)?)
+}
diff --git a/server/src/schemas/token.rs b/server/src/schemas/token.rs
@@ -1,9 +1,11 @@
 use axum::{
-    Json,
     http::{StatusCode, header},
     response::{IntoResponse, Response},
 };
 use serde::{Deserialize, Serialize};
+use utoipa::ToSchema;
+
+use crate::schemas::json;
 
 #[derive(Serialize)]
 pub struct LoginResponse {
@@ -35,13 +37,13 @@ impl IntoResponse for LoginResponse {
                     &refresh_token_cookie(&self.refresh_token),
                 ),
             ],
-            Json(self),
+            json(self),
         )
             .into_response()
     }
 }
 
-#[derive(Deserialize)]
+#[derive(Deserialize, ToSchema)]
 pub struct RefreshRequest {
     pub access_token: String,
 }
@@ -70,7 +72,7 @@ impl IntoResponse for RefreshResponse {
                 (header::CACHE_CONTROL, "no-store"),
                 (header::PRAGMA, "no-cache"),
             ],
-            Json(self),
+            json(self),
         )
             .into_response()
     }
diff --git a/server/src/schemas/user.rs b/server/src/schemas/user.rs
@@ -1,25 +1,24 @@
 use axum::{
-    Json,
     http::{StatusCode, header},
     response::{IntoResponse, Response},
 };
-use chrono::{DateTime, Local};
+use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
 
-use crate::models::User;
+use crate::{models::User, schemas::json};
 
 #[derive(Serialize, Deserialize)]
 pub struct GetUserResponse {
     pub id: Uuid,
     pub email: String,
-    pub created_at: DateTime<Local>,
-    pub updated_at: DateTime<Local>,
+    pub created_at: DateTime<Utc>,
+    pub updated_at: DateTime<Utc>,
 }
 
 impl IntoResponse for GetUserResponse {
     fn into_response(self) -> Response {
-        (StatusCode::OK, Json(self)).into_response()
+        (StatusCode::OK, json(self)).into_response()
     }
 }
 
@@ -44,16 +43,16 @@ pub struct PostUserRequest {
 pub struct PostUserResponse {
     pub id: Uuid,
     pub email: String,
-    pub created_at: DateTime<Local>,
-    pub updated_at: DateTime<Local>,
+    pub created_at: DateTime<Utc>,
+    pub updated_at: DateTime<Utc>,
 }
 
 impl IntoResponse for PostUserResponse {
     fn into_response(self) -> Response {
         (
             StatusCode::CREATED,
             [(header::LOCATION, format!("/{}", self.id))],
-            Json(self),
+            json(self),
         )
             .into_response()
     }
@@ -79,13 +78,13 @@ pub struct PatchUserRequest {
 pub struct PatchUserResponse {
     pub id: Uuid,
     pub email: String,
-    pub created_at: DateTime<Local>,
-    pub updated_at: DateTime<Local>,
+    pub created_at: DateTime<Utc>,
+    pub updated_at: DateTime<Utc>,
 }
 
 impl IntoResponse for PatchUserResponse {
     fn into_response(self) -> Response {
-        (StatusCode::OK, Json(self)).into_response()
+        (StatusCode::OK, json(self)).into_response()
     }
 }
 
diff --git a/server/src/services/auth.rs b/server/src/services/auth.rs
@@ -3,7 +3,7 @@ use argon2::{
     password_hash::{SaltString, rand_core::OsRng},
 };
 use base64::{Engine, prelude::BASE64_URL_SAFE_NO_PAD};
-use chrono::Local;
+use chrono::Utc;
 use jsonwebtoken::{DecodingKey, EncodingKey, Header, Validation, decode, encode};
 use serde::{Deserialize, Serialize};
 use std::{
@@ -35,7 +35,7 @@ pub struct Claims {
 
 impl Claims {
     pub fn new(user_id: Uuid) -> Self {
-        let now = Local::now();
+        let now = Utc::now();
         let access_token_expires_at = now + ACCESS_TOKEN_VALIDITY_DURATION;
         let sub = user_id.to_string();
         let exp = access_token_expires_at.timestamp() as usize;
@@ -63,6 +63,18 @@ impl AuthService {
         }
     }
 
+    pub async fn validate_basic_auth(
+        &self,
+        email: &str,
+        password: &str,
+    ) -> ServiceResult<Option<User>> {
+        if let Some(user) = self.user_repository.find_by_email(email).await? {
+            verify_password(password, &user.password_hash)?;
+            return Ok(Some(user));
+        }
+        Ok(None)
+    }
+
     pub fn generate_access_token(&self, user: &User) -> ServiceResult<String> {
         let claims = Claims::new(user.id);
         let key = EncodingKey::from_secret(&*ENCRYPTION_KEY);
@@ -88,14 +100,22 @@ impl AuthService {
         Ok(BASE64_URL_SAFE_NO_PAD.encode(refresh_token))
     }
 
-    pub fn verify_password(&self, password: &str, password_hash: &str) -> ServiceResult<()> {
-        let parsed_hash = PasswordHash::new(password_hash).map_err(ServiceError::Hash)?;
-        ARGON2
-            .verify_password(password.as_bytes(), &parsed_hash)
-            .map_err(ServiceError::Hash)
+    pub fn validate_refresh_token(
+        &self,
+        user_id: Uuid,
+        refresh_token: String,
+    ) -> ServiceResult<String> {
+        todo!()
     }
 }
 
+fn verify_password(password: &str, password_hash: &str) -> ServiceResult<()> {
+    let parsed_hash = PasswordHash::new(password_hash).map_err(ServiceError::Hash)?;
+    ARGON2
+        .verify_password(password.as_bytes(), &parsed_hash)
+        .map_err(ServiceError::Hash)
+}
+
 fn generate_hash(password: &str) -> ServiceResult<String> {
     let salt_string = SaltString::generate(&mut OsRng);
     ARGON2

Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,7 @@ pub enum ServiceError {`
`58`	`58`	`Hash(argon2::password_hash::Error),`
`59`	`59`	`Token(jsonwebtoken::errors::Error),`
`60`	`60`	`Uuid(uuid::Error),`
	`61`	`+ Serialization(serde_json::Error),`
`61`	`62`	`}`
`62`	`63`
`63`	`64`	`impl IntoResponse for ServiceError {`
`@@ -92,6 +93,12 @@ impl From<uuid::Error> for ServiceError {`
`92`	`93`	`}`
`93`	`94`	`}`
`94`	`95`
	`96`	`+impl From<serde_json::Error> for ServiceError {`
	`97`	`+ fn from(value: serde_json::Error) -> Self {`
	`98`	`+ Self::Serialization(value)`
	`99`	`+ }`
	`100`	`+}`
	`101`	`+`
`95`	`102`	`#[allow(dead_code)]`
`96`	`103`	`#[derive(Debug)]`
`97`	`104`	`pub enum RepositoryError {`
`@@ -118,6 +125,7 @@ impl From<ServiceError> for ErrorResponse {`
`118`	`125`	`ServiceError::Hash(_error) => ErrorResponse::unauthorized(),`
`119`	`126`	`ServiceError::Token(_error) => ErrorResponse::internal_server_error(),`
`120`	`127`	`ServiceError::Uuid(_error) => ErrorResponse::internal_server_error(),`
	`128`	`+ ServiceError::Serialization(_error) => ErrorResponse::internal_server_error(),`
`121`	`129`	`}`
`122`	`130`	`}`
`123`	`131`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,9 +1,11 @@`
`1`	`1`	`use axum::{`
`2`		`- Json,`
`3`	`2`	`http::{StatusCode, header},`
`4`	`3`	`response::{IntoResponse, Response},`
`5`	`4`	`};`
`6`	`5`	`use serde::{Deserialize, Serialize};`
	`6`	`+use utoipa::ToSchema;`
	`7`	`+`
	`8`	`+use crate::schemas::json;`
`7`	`9`
`8`	`10`	`#[derive(Serialize)]`
`9`	`11`	`pub struct LoginResponse {`
`@@ -35,13 +37,13 @@ impl IntoResponse for LoginResponse {`
`35`	`37`	`&refresh_token_cookie(&self.refresh_token),`
`36`	`38`	`),`
`37`	`39`	`],`
`38`		`- Json(self),`
	`40`	`+ json(self),`
`39`	`41`	`)`
`40`	`42`	`.into_response()`
`41`	`43`	`}`
`42`	`44`	`}`
`43`	`45`
`44`		`-#[derive(Deserialize)]`
	`46`	`+#[derive(Deserialize, ToSchema)]`
`45`	`47`	`pub struct RefreshRequest {`
`46`	`48`	`pub access_token: String,`
`47`	`49`	`}`
`@@ -70,7 +72,7 @@ impl IntoResponse for RefreshResponse {`
`70`	`72`	`(header::CACHE_CONTROL, "no-store"),`
`71`	`73`	`(header::PRAGMA, "no-cache"),`
`72`	`74`	`],`
`73`		`- Json(self),`
	`75`	`+ json(self),`
`74`	`76`	`)`
`75`	`77`	`.into_response()`
`76`	`78`	`}`