refactoring token -> claim processing

src/utils/auth.rs

@@ -47,6 +47,8 @@ pub async fn token_tester(
     )
 }
 
+
+
 pub struct AuthUser(pub Claims); //??
 
 #[derive(Debug, Clone)]
@@ -56,44 +58,51 @@ pub struct AuthClaims {
     //pub username: String,
 }
 
+pub fn auth_claims_from_token(
+    token: &str,
+    keys: &JwtKeys,
+) -> Result<AuthClaims, (StatusCode, String)> {
+    let token_data = decode::<Claims>(
+        token,
+        &keys.decoding,
+        &Validation::new(Algorithm::HS256),
+    ).map_err(|_| (StatusCode::UNAUTHORIZED, "Invalid token".into()))?;
+
+    Ok(AuthClaims {
+        user_id: token_data.claims.id,
+        hotel_id: token_data.claims.hotel_id,
+    })
+}
+
+
 impl<S> FromRequestParts<S> for AuthClaims
 where
     S: Send + Sync + 'static,
-    AppState: Clone + Send + Sync + 'static, AppState: FromRef<S>
-    {
+    AppState: FromRef<S>,
+{
     type Rejection = (StatusCode, String);
 
-    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
-        // We assume your state has a `jwt_secret` field
+    async fn from_request_parts(
+        parts: &mut Parts,
+        state: &S,
+    ) -> Result<Self, Self::Rejection> {
         let Extension(keys): Extension<JwtKeys> =
-            Extension::from_request_parts(parts, state).await.map_err(|_| (StatusCode::UNAUTHORIZED, "Missing keys".to_string()))?;
+            Extension::from_request_parts(parts, state)
+                .await
+                .map_err(|_| (StatusCode::UNAUTHORIZED, "Missing keys".into()))?;
 
-        // 1️⃣ Extract the token from the Authorization header
         let auth_header = parts
             .headers
-            .get("Authorization")
-            .ok_or((StatusCode::UNAUTHORIZED, "Missing Authorization header".to_string()))?
+            .get(axum::http::header::AUTHORIZATION)
+            .ok_or((StatusCode::UNAUTHORIZED, "Missing Authorization header".into()))?
             .to_str()
-            .map_err(|_| (StatusCode::BAD_REQUEST, "Invalid Authorization header".to_string()))?;
+            .map_err(|_| (StatusCode::BAD_REQUEST, "Invalid Authorization header".into()))?;
 
-        // Bearer token?
         let token = auth_header
             .strip_prefix("Bearer ")
-            .ok_or((StatusCode::BAD_REQUEST, "Expected Bearer token".to_string()))?;
-
-        // 2️⃣ Decode the token
-        let token_data = decode::<Claims>(
-            token,
-            &keys.decoding,
-            &Validation::new(Algorithm::HS256),
-        ).map_err(|_| (StatusCode::UNAUTHORIZED, "Invalid token".to_string()))?;
-
-        Ok(AuthClaims {
-            user_id: token_data.claims.id,
-            hotel_id: token_data.claims.hotel_id,
-            //username: token_data.claims.username,
-        })
+            .ok_or((StatusCode::BAD_REQUEST, "Expected Bearer token".into()))?;
 
+        auth_claims_from_token(token, &keys)
     }
 }
 

src/utils/routes.rs

@@ -16,7 +16,7 @@ pub fn utils_routes() -> Router<AppState> {
     Router::new()
         .route("/login", put(clean_auth_loging))
         .route("/register", put(register_user))
-        .route("/ws/", get(ws_handler))
+
         .route("/tokentest", put(token_tester))
         .route("/force_update_password", put(force_update_password))
         .route("/update_password", put(update_password))
@@ -27,7 +27,7 @@ pub fn utils_routes() -> Router<AppState> {
         .route("/logout_single_device", post(logout_from_single_device))
         .route("/logout_all_devices", post(logout_from_all_devices))
 
-        
+        .route("/ws/{req_token}", get(ws_handler))
 
         //.with_state(state)
     }

src/utils/websocket.rs

@@ -1,13 +1,14 @@
 use dashmap::DashMap;
+use reqwest::StatusCode;
 use std::sync::Arc;
-use axum::extract::{ws::{Message, WebSocket, WebSocketUpgrade}, State};
+use axum::{Extension, extract::{State, ws::{Message, WebSocket, WebSocketUpgrade}}};
 use tokio::sync::mpsc;
 use axum::extract::Path;
 use axum::response::IntoResponse;
 //use futures_util::stream::stream::StreamExt;
 use futures_util::{StreamExt, SinkExt};
 
-use crate::utils::{auth::AuthClaims, db_pool::{AppState, HotelPool}};
+use crate::utils::{auth::{AuthClaims, JwtKeys, auth_claims_from_token}, db_pool::{AppState, HotelPool}};
 
 
 
@@ -89,12 +90,37 @@ async fn handle_socket(
 }
 
 pub async fn ws_handler(
-    AuthClaims {user_id, hotel_id}: AuthClaims,
+    //AuthClaims {user_id, hotel_id}: AuthClaims,
     ws: WebSocketUpgrade,
+    Extension(keys): Extension<JwtKeys>,
     State(state): State<AppState>,
-    //Path((hotel_id, user_id)): Path<(i32, i32)>,
+    Path((req_token)): Path<(String)>,
 ) -> impl IntoResponse {
-    ws.on_upgrade(move |socket| handle_socket(socket, state, hotel_id, user_id))
+
+
+    let token = req_token;
+   
+    let claims =  match auth_claims_from_token(&token, &keys) {
+        Err(_) => {
+            print!("error during auth claims processing");
+            return StatusCode::UNAUTHORIZED.into_response();
+        
+        }
+        Ok(c) => c
+
+    };
+    
+    print!("{token}, web socket tried to connect", );
+
+    /*
+    let claims = match auth_claims_from_token(&token, &keys) {
+        Ok(c) => c,
+        Err(_) => return StatusCode::UNAUTHORIZED.into_response(),
+    };
+    */
+
+
+    ws.on_upgrade(move |socket| handle_socket(socket, state, claims.hotel_id, claims.user_id))
 }
 
 fn print_ws_state(state: &AppState) {