Add authentication

Cargo.toml

@@ -7,11 +7,12 @@ edition = "2021"
 
 [dependencies]
 chrono = { version = "0.4", features = ["serde"] }
-uuid = { version = "1.8.0", features = ["v4"] }
+uuid = { version = "1.8.0", features = ["v4", "serde"] }
 axum = { version = "0.7", features = ["macros"] }
 tokio = { version = "1.36", features = ["full"] }
 tower = "0.4"
-sqlx = { version = "0.7", features = ["sqlite", "macros", "migrate", "runtime-tokio", "chrono"] }
+sqlx = { version = "0.7", features = ["sqlite", "macros", "migrate", "runtime-tokio", "chrono", "uuid"] }
 serde = "1.0"
 serde_with = "3.7"
 dotenv = "0.15"
+argon2 = { version = "0.5", features = ["std"] }

migrations/0001_initial_schema.sql

@@ -0,0 +1,22 @@
+CREATE TABLE Accounts(
+  id     INTEGER PRIMARY KEY NOT NULL,
+  username      VARCHAR(255) NOT NULL,
+  password_hash VARCHAR(255) NOT NULL,
+  UNIQUE(username)
+);
+
+CREATE TABLE AuthTokens(
+  id VARCHAR(64) PRIMARY KEY NOT NULL,
+  account_id         INTEGER NOT NULL
+    REFERENCES Accounts(id) ON DELETE CASCADE
+);
+
+CREATE TABLE Tasks(
+  id  INTEGER PRIMARY KEY NOT NULL,
+  timespan_start DATETIME NOT NULL,
+  timespan_end   DATETIME NOT NULL,
+  duration       INTEGER  NOT NULL,
+  effect         REAL     NOT NULL,
+  account_id     INTEGER  NOT NULL
+    REFERENCES Accounts(id) ON DELETE CASCADE
+);

src/extractors/auth.rs

@@ -0,0 +1,92 @@
+use axum::{
+    async_trait,
+    extract::FromRequestParts,
+    http::{request::Parts, HeaderMap, StatusCode},
+};
+use serde::{Deserialize, Serialize};
+use sqlx::SqlitePool;
+use uuid::Uuid;
+
+#[derive(Deserialize, Serialize, sqlx::Type)]
+#[sqlx(transparent)]
+pub struct AuthToken(Uuid);
+
+impl AuthToken {
+    fn new() -> Self {
+        AuthToken(Uuid::new_v4())
+    }
+
+    fn try_parse(input: &str) -> Result<AuthToken, uuid::Error> {
+        let uuid = Uuid::try_parse(input)?;
+        Ok(AuthToken(uuid))
+    }
+}
+
+// Account id
+pub struct Authentication(pub i64);
+
+#[async_trait]
+impl FromRequestParts<SqlitePool> for Authentication {
+    type Rejection = (StatusCode, String);
+
+    async fn from_request_parts(
+        parts: &mut Parts,
+        pool: &SqlitePool,
+    ) -> Result<Self, Self::Rejection> {
+        match get_auth_token(&parts.headers) {
+            Some(token) => {
+                if let Some(account_id) = get_account_id_from_token(token, pool).await {
+                    Ok(Authentication(account_id))
+                } else {
+                    Err((
+                        StatusCode::UNAUTHORIZED,
+                        "Auth token is not in the database".to_string(),
+                    ))
+                }
+            }
+            _ => Err((
+                StatusCode::UNAUTHORIZED,
+                "Auth token invalid or missing".to_string(),
+            )),
+        }
+    }
+}
+
+fn get_auth_token(headers: &HeaderMap) -> Option<AuthToken> {
+    let string = headers.get("X-Auth-Token")?.to_str().ok()?;
+    AuthToken::try_parse(string).ok()
+}
+
+async fn get_account_id_from_token(token: AuthToken, pool: &SqlitePool) -> Option<i64> {
+    sqlx::query_scalar!(
+        r#"
+        SELECT account_id
+        FROM AuthTokens
+        WHERE id = ?
+        "#,
+        token
+    )
+    .fetch_optional(pool)
+    .await
+    .ok()?
+}
+
+pub async fn create_auth_token(
+    account_id: i64,
+    pool: &SqlitePool,
+) -> Result<AuthToken, sqlx::Error> {
+    let auth_token = AuthToken::new();
+
+    sqlx::query!(
+        r#"
+        INSERT INTO AuthTokens (id, account_id)
+        VALUES (?, ?)
+        "#,
+        auth_token,
+        account_id
+    )
+    .execute(pool)
+    .await?;
+
+    Ok(auth_token)
+}

src/extractors/mod.rs

@@ -0,0 +1 @@
+pub mod auth;

src/handlers/accounts.rs

@@ -0,0 +1,82 @@
+use argon2::{
+    password_hash::{rand_core::OsRng, SaltString},
+    Argon2, PasswordHash, PasswordHasher, PasswordVerifier,
+};
+use axum::{debug_handler, extract::State, http::StatusCode, Json};
+use sqlx::SqlitePool;
+
+use crate::{
+    extractors::auth::create_auth_token,
+    handlers::util::internal_error,
+    protocol::accounts::{RegisterOrLoginRequest, RegisterOrLoginResponse},
+};
+
+#[debug_handler]
+pub async fn register_account(
+    State(pool): State<SqlitePool>,
+    Json(register_request): Json<RegisterOrLoginRequest>,
+) -> Result<Json<RegisterOrLoginResponse>, (StatusCode, String)> {
+    let password = register_request.password;
+    let password_bytes = password.as_bytes();
+    let salt = SaltString::generate(&mut OsRng);
+
+    let argon2 = Argon2::default();
+
+    let password_hash = argon2
+        .hash_password(password_bytes, &salt)
+        .map_err(internal_error)?
+        .to_string();
+
+    let account_id = sqlx::query_scalar!(
+        r#"
+        INSERT INTO Accounts (username, password_hash)
+        VALUES (?, ?)
+        RETURNING id
+        "#,
+        register_request.username,
+        password_hash
+    )
+    .fetch_one(&pool)
+    .await
+    .map_err(internal_error)?;
+
+    let auth_token = create_auth_token(account_id, &pool)
+        .await
+        .map_err(internal_error)?;
+
+    Ok(Json(RegisterOrLoginResponse { auth_token }))
+}
+
+#[debug_handler]
+pub async fn login_to_account(
+    State(pool): State<SqlitePool>,
+    Json(login_request): Json<RegisterOrLoginRequest>,
+) -> Result<Json<RegisterOrLoginResponse>, (StatusCode, String)> {
+    let account = sqlx::query!(
+        r#"
+        SELECT id, password_hash
+        FROM Accounts
+        WHERE username = ?
+        "#,
+        login_request.username
+    )
+    .fetch_optional(&pool)
+    .await
+    .map_err(internal_error)?;
+
+    let account = account.ok_or((
+        StatusCode::NOT_FOUND,
+        "No account with username exists".to_string(),
+    ))?;
+
+    let password_hash = PasswordHash::new(&account.password_hash).map_err(internal_error)?;
+
+    Argon2::default()
+        .verify_password(login_request.password.as_bytes(), &password_hash)
+        .map_err(|_| (StatusCode::UNAUTHORIZED, "Invalid password".to_string()))?;
+
+    let auth_token = create_auth_token(account.id, &pool)
+        .await
+        .map_err(internal_error)?;
+    Ok(Json(RegisterOrLoginResponse { auth_token }))
+}

src/handlers/mod.rs

@@ -0,0 +1,3 @@
+pub mod accounts;
+pub mod tasks;
+pub mod util;

src/handlers/tasks.rs

@@ -0,0 +1,65 @@
+use axum::{debug_handler, extract::State, http::StatusCode, Json};
+use sqlx::SqlitePool;
+
+use crate::{
+    data_model::{task::Task, time::Timespan},
+    extractors::auth::Authentication,
+    handlers::util::internal_error,
+};
+
+#[debug_handler]
+pub async fn get_tasks(
+    State(pool): State<SqlitePool>,
+    Authentication(account_id): Authentication,
+) -> Result<Json<Vec<Task>>, (StatusCode, String)> {
+    let tasks = sqlx::query!(
+        r#"
+        SELECT id, timespan_start, timespan_end, duration, effect
+        FROM Tasks
+        WHERE account_id = ?
+        "#,
+        account_id
+    )
+    .fetch_all(&pool)
+    .await
+    .map_err(internal_error)?;
+
+    let my_tasks = tasks
+        .iter()
+        .map(|t| Task {
+            id: t.id,
+            timespan: Timespan::new_from_naive(t.timespan_start, t.timespan_end),
+            duration: t.duration.into(),
+            effect: t.effect,
+        })
+        .collect();
+
+    Ok(Json(my_tasks))
+}
+
+#[debug_handler]
+pub async fn create_task(
+    State(pool): State<SqlitePool>,
+    Authentication(account_id): Authentication,
+    Json(mut task): Json<Task>,
+) -> Result<Json<Task>, (StatusCode, String)> {
+    let id = sqlx::query_scalar!(
+        r#"
+        INSERT INTO Tasks (timespan_start, timespan_end, duration, effect, account_id)
+        VALUES (?, ?, ?, ?, ?)
+        RETURNING id
+        "#,
+        task.timespan.start,
+        task.timespan.end,
+        task.duration,
+        task.effect,
+        account_id
+    )
+    .fetch_one(&pool)
+    .await
+    .map_err(internal_error)?;
+
+    task.id = id;
+
+    Ok(Json(task))
+}