refactoring token -> claim processing

2026-01-03 17:15:34 +01:00
parent c0d70077d7
commit 170fedbcbd
12 changed files with 95 additions and 60 deletions
--- a/src/utils/auth.rs
+++ b/src/utils/auth.rs
@@ -47,6 +47,8 @@ pub async fn token_tester(
    )
 }

+
+
 pub struct AuthUser(pub Claims); //??

 #[derive(Debug, Clone)]
@@ -56,44 +58,51 @@ pub struct AuthClaims {
    //pub username: String,
 }

+pub fn auth_claims_from_token(
+    token: &str,
+    keys: &JwtKeys,
+) -> Result<AuthClaims, (StatusCode, String)> {
+    let token_data = decode::<Claims>(
+        token,
+        &keys.decoding,
+        &Validation::new(Algorithm::HS256),
+    ).map_err(|_| (StatusCode::UNAUTHORIZED, "Invalid token".into()))?;
+
+    Ok(AuthClaims {
+        user_id: token_data.claims.id,
+        hotel_id: token_data.claims.hotel_id,
+    })
+}
+
+
 impl<S> FromRequestParts<S> for AuthClaims
 where
    S: Send + Sync + 'static,
-    AppState: Clone + Send + Sync + 'static, AppState: FromRef<S>
-    {
+    AppState: FromRef<S>,
+{
    type Rejection = (StatusCode, String);

-    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
-        // We assume your state has a `jwt_secret` field
+    async fn from_request_parts(
+        parts: &mut Parts,
+        state: &S,
+    ) -> Result<Self, Self::Rejection> {
        let Extension(keys): Extension<JwtKeys> =
-            Extension::from_request_parts(parts, state).await.map_err(|_| (StatusCode::UNAUTHORIZED, "Missing keys".to_string()))?;
+            Extension::from_request_parts(parts, state)
+                .await
+                .map_err(|_| (StatusCode::UNAUTHORIZED, "Missing keys".into()))?;

-        // 1️⃣ Extract the token from the Authorization header
        let auth_header = parts
            .headers
-            .get("Authorization")
-            .ok_or((StatusCode::UNAUTHORIZED, "Missing Authorization header".to_string()))?
+            .get(axum::http::header::AUTHORIZATION)
+            .ok_or((StatusCode::UNAUTHORIZED, "Missing Authorization header".into()))?
            .to_str()
-            .map_err(|_| (StatusCode::BAD_REQUEST, "Invalid Authorization header".to_string()))?;
+            .map_err(|_| (StatusCode::BAD_REQUEST, "Invalid Authorization header".into()))?;

-        // Bearer token?
        let token = auth_header
            .strip_prefix("Bearer ")
-            .ok_or((StatusCode::BAD_REQUEST, "Expected Bearer token".to_string()))?;
-
-        // 2️⃣ Decode the token
-        let token_data = decode::<Claims>(
-            token,
-            &keys.decoding,
-            &Validation::new(Algorithm::HS256),
-        ).map_err(|_| (StatusCode::UNAUTHORIZED, "Invalid token".to_string()))?;
-
-        Ok(AuthClaims {
-            user_id: token_data.claims.id,
-            hotel_id: token_data.claims.hotel_id,
-            //username: token_data.claims.username,
-        })
+            .ok_or((StatusCode::BAD_REQUEST, "Expected Bearer token".into()))?;

+        auth_claims_from_token(token, &keys)
    }
 }