first commit

2025-05-31 18:20:37 -04:00 · 2025-05-31 18:20:37 -04:00 · 2da598738b
commit 2da598738b
15 changed files with 3758 additions and 0 deletions
--- a/src/routes/auth.rs
+++ b/src/routes/auth.rs
@ -0,0 +1,207 @@
+use crate::db::AppState;
+
+use crate::types::JsonMessage;
+use axum::{
+    Json,
+    extract::{Query, State},
+    http::{HeaderMap, StatusCode},
+    response::IntoResponse,
+};
+use headers::{Cookie, HeaderMapExt};
+use redis::AsyncCommands;
+use serde::{Deserialize, Serialize};
+use std::env;
+use uuid::Uuid;
+
+#[derive(Deserialize)]
+pub struct CallbackQuery {
+    code: String,
+}
+
+#[derive(Deserialize, Serialize)]
+pub struct DiscordUser {
+    pub id: String,
+    pub username: String,
+    pub discriminator: String,
+    pub avatar: Option<String>,
+}
+
+#[derive(Serialize)]
+pub struct AuthResponse {
+    user: DiscordUser,
+    session: String,
+}
+
+pub async fn get_user_from_session(
+    headers: &HeaderMap,
+    state: &AppState,
+) -> Result<DiscordUser, impl IntoResponse> {
+    let Some(cookie_header) = headers.typed_get::<Cookie>() else {
+        return Err((
+            StatusCode::UNAUTHORIZED,
+            Json(JsonMessage {
+                message: "Missing session cookie".into(),
+            }),
+        ));
+    };
+
+    let Some(session_id) = cookie_header.get("session") else {
+        return Err((
+            StatusCode::UNAUTHORIZED,
+            Json(JsonMessage {
+                message: "Missing session ID".into(),
+            }),
+        ));
+    };
+
+    let mut redis = state.redis.clone();
+    let key = format!("session:{}", session_id);
+    let Ok(json) = redis.get::<_, String>(&key).await else {
+        return Err((
+            StatusCode::UNAUTHORIZED,
+            Json(JsonMessage {
+                message: "Session not found".into(),
+            }),
+        ));
+    };
+
+    let Ok(user) = serde_json::from_str::<DiscordUser>(&json) else {
+        return Err((
+            StatusCode::UNAUTHORIZED,
+            Json(JsonMessage {
+                message: "Invalid user session".into(),
+            }),
+        ));
+    };
+
+    Ok(user)
+}
+
+pub async fn start_oauth(State(_): State<AppState>) -> impl IntoResponse {
+    let client_id = env::var("CLIENT_ID").unwrap_or_default();
+    let redirect_uri = env::var("REDIRECT_URI").unwrap_or_default();
+
+    let url = format!(
+        "https://discord.com/oauth2/authorize?client_id={}&redirect_uri={}&response_type=code&scope=identify",
+        client_id, redirect_uri
+    );
+
+    (StatusCode::FOUND, [(axum::http::header::LOCATION, url)]).into_response()
+}
+
+pub async fn handle_callback(
+    State(state): State<AppState>,
+    Query(query): Query<CallbackQuery>,
+) -> impl IntoResponse {
+    let client_id = env::var("CLIENT_ID").unwrap();
+    let client_secret = env::var("CLIENT_SECRET").unwrap();
+    let redirect_uri = env::var("REDIRECT_URI").unwrap();
+
+    let form = [
+        ("client_id", client_id.as_str()),
+        ("client_secret", client_secret.as_str()),
+        ("grant_type", "authorization_code"),
+        ("code", &query.code),
+        ("redirect_uri", redirect_uri.as_str()),
+    ];
+
+    let token_res = reqwest::Client::new()
+        .post("https://discord.com/api/oauth2/token")
+        .form(&form)
+        .send()
+        .await;
+
+    let Ok(res) = token_res else {
+        return (
+            StatusCode::BAD_REQUEST,
+            Json(JsonMessage {
+                message: "Failed to exchange token".into(),
+            }),
+        )
+            .into_response();
+    };
+
+    let Ok(token_json) = res.json::<serde_json::Value>().await else {
+        return (
+            StatusCode::INTERNAL_SERVER_ERROR,
+            Json(JsonMessage {
+                message: "Invalid token response".into(),
+            }),
+        )
+            .into_response();
+    };
+
+    let Some(access_token) = token_json["access_token"].as_str() else {
+        return (
+            StatusCode::UNAUTHORIZED,
+            Json(JsonMessage {
+                message: "Access token not found".into(),
+            }),
+        )
+            .into_response();
+    };
+
+    let user_res = reqwest::Client::new()
+        .get("https://discord.com/api/users/@me")
+        .header("Authorization", format!("Bearer {}", access_token))
+        .send()
+        .await;
+
+    let Ok(user_res) = user_res else {
+        return (
+            StatusCode::BAD_REQUEST,
+            Json(JsonMessage {
+                message: "Failed to fetch user".into(),
+            }),
+        )
+            .into_response();
+    };
+
+    let Ok(user) = user_res.json::<DiscordUser>().await else {
+        return (
+            StatusCode::INTERNAL_SERVER_ERROR,
+            Json(JsonMessage {
+                message: "Failed to parse user".into(),
+            }),
+        )
+            .into_response();
+    };
+
+    let session_id = Uuid::now_v7().to_string();
+    let mut redis = state.redis.clone();
+    let _ = redis
+        .set_ex::<_, _, ()>(
+            format!("session:{}", session_id),
+            serde_json::to_string(&user).unwrap(),
+            3600,
+        )
+        .await;
+
+    let mut headers = HeaderMap::new();
+    headers.insert(
+        "Set-Cookie",
+        format!(
+            "session={}; Max-Age=3600; Path=/; SameSite=None; Secure; HttpOnly",
+            session_id
+        )
+        .parse()
+        .unwrap(),
+    );
+
+    (
+        StatusCode::OK,
+        headers,
+        Json(AuthResponse {
+            user,
+            session: session_id,
+        }),
+    )
+        .into_response()
+}
+
+pub async fn me(State(state): State<AppState>, headers: HeaderMap) -> impl IntoResponse {
+    match get_user_from_session(&headers, &state).await {
+        Ok(user) => (StatusCode::OK, Json(user)).into_response(),
+        Err(err) => err.into_response(),
+    }
+}