julienfroidefond/stripstream-librarian
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
54f972db17039fbf7d131dedf88b35cb4bfe5c5d
stripstream-librarian/apps/api/src/auth.rs
Froidefond Julien a2da5081ea feat(api): enrichir GET /books et series avec filtres et pagination 
- fix(auth): parse_prefix supporte les préfixes de token contenant '_'
- feat: GET /books expose reading_status, reading_current_page, reading_last_read_at
- feat: GET /books accepte ?reading_status=unread,reading (CSV multi-valeur)
- feat: SeriesItem expose books_read_count pour dériver le statut de lecture
- feat: GET /libraries/:id/series accepte ?reading_status=unread,reading
- feat: BooksPage et SeriesPage exposent total (count matchant les filtres)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-11 09:25:31 +01:00

110 lines
3.3 KiB
Rust
Raw Blame History

use argon2::{Argon2, PasswordHash, PasswordVerifier};
use axum::{
extract::{Request, State},
http::header::AUTHORIZATION,
middleware::Next,
response::Response,
};
use chrono::Utc;
use sqlx::Row;
use crate::{error::ApiError, state::AppState};
#[derive(Clone, Debug)]
pub enum Scope {
Admin,
Read,
}
pub async fn require_admin(
State(state): State<AppState>,
mut req: Request,
next: Next,
) -> Result<Response, ApiError> {
let token = bearer_token(&req).ok_or_else(|| ApiError::unauthorized("missing bearer token"))?;
let scope = authenticate(&state, token).await?;
if !matches!(scope, Scope::Admin) {
return Err(ApiError::forbidden("admin scope required"));
}
req.extensions_mut().insert(scope);
Ok(next.run(req).await)
}
pub async fn require_read(
State(state): State<AppState>,
mut req: Request,
next: Next,
) -> Result<Response, ApiError> {
let token = bearer_token(&req).ok_or_else(|| ApiError::unauthorized("missing bearer token"))?;
let scope = authenticate(&state, token).await?;
req.extensions_mut().insert(scope);
Ok(next.run(req).await)
}
fn bearer_token(req: &Request) -> Option<&str> {
req.headers()
.get(AUTHORIZATION)
.and_then(|value| value.to_str().ok())
.and_then(|value| value.strip_prefix("Bearer "))
}
async fn authenticate(state: &AppState, token: &str) -> Result<Scope, ApiError> {
if token == state.bootstrap_token.as_ref() {
return Ok(Scope::Admin);
}
let prefix = parse_prefix(token).ok_or_else(|| ApiError::unauthorized("invalid token format"))?;
let maybe_row = sqlx::query(
r#"
SELECT id, token_hash, scope
FROM api_tokens
WHERE prefix = $1 AND revoked_at IS NULL AND (expires_at IS NULL OR expires_at > NOW())
"#,
)
.bind(prefix)
.fetch_optional(&state.pool)
.await?;
let row = maybe_row.ok_or_else(|| ApiError::unauthorized("invalid token"))?;
let token_hash: String = row.try_get("token_hash").map_err(|_| ApiError::unauthorized("invalid token"))?;
let parsed_hash = PasswordHash::new(&token_hash).map_err(|_| ApiError::unauthorized("invalid token"))?;
Argon2::default()
.verify_password(token.as_bytes(), &parsed_hash)
.map_err(|_| ApiError::unauthorized("invalid token"))?;
let token_id: uuid::Uuid = row.try_get("id").map_err(|_| ApiError::unauthorized("invalid token"))?;
sqlx::query("UPDATE api_tokens SET last_used_at = $1 WHERE id = $2")
.bind(Utc::now())
.bind(token_id)
.execute(&state.pool)
.await?;
let scope: String = row.try_get("scope").map_err(|_| ApiError::unauthorized("invalid token"))?;
match scope.as_str() {
"admin" => Ok(Scope::Admin),
"read" => Ok(Scope::Read),
_ => Err(ApiError::unauthorized("invalid token scope")),
}
}
fn parse_prefix(token: &str) -> Option<&str> {
// Format: stl_{8-char prefix}_{secret}
// Base64 URL_SAFE peut contenir '_', donc on ne peut pas splitter aveuglément
let rest = token.strip_prefix("stl_")?;
if rest.len() < 10 {
// 8 (prefix) + 1 ('_') + 1 (secret min)
return None;
}
let prefix = &rest[..8];
if rest.as_bytes().get(8) != Some(&b'_') {
return None;
}
Some(prefix)
}
Reference in New Issue View Git Blame Copy Permalink