use axum::{ extract::{FromRequestParts, OptionalFromRequestParts, State}, http::request::Parts, response::{IntoResponse, Response}, }; use super::IdentityCookie; use crate::{ app::App, clock::RequestedAt, error::{Internal, Unauthorized}, token::{self, app::ValidateError}, user::User, }; #[derive(Clone, Debug)] pub struct Identity { pub token: token::Id, pub user: User, } impl FromRequestParts for Identity { type Rejection = LoginError; async fn from_request_parts(parts: &mut Parts, state: &App) -> Result { let Ok(cookie) = IdentityCookie::from_request_parts(parts, state).await; let RequestedAt(used_at) = RequestedAt::from_request_parts(parts, state).await?; let secret = cookie.secret().ok_or(LoginError::Unauthorized)?; let app = State::::from_request_parts(parts, state).await?; app.tokens() .validate(&secret, &used_at) .await .map_err(|err| match err { ValidateError::InvalidToken => LoginError::Unauthorized, other => other.into(), }) } } impl OptionalFromRequestParts for Identity { type Rejection = LoginError; async fn from_request_parts( parts: &mut Parts, state: &App, ) -> Result, Self::Rejection> { match >::from_request_parts(parts, state).await { Ok(identity) => Ok(Some(identity)), Err(LoginError::Unauthorized) => Ok(None), Err(other) => Err(other), } } } pub enum LoginError { Failure(E), Unauthorized, } impl IntoResponse for LoginError where E: IntoResponse, { fn into_response(self) -> Response { match self { Self::Unauthorized => Unauthorized.into_response(), Self::Failure(e) => e.into_response(), } } } impl From for LoginError where E: Into, { fn from(err: E) -> Self { Self::Failure(err.into()) } }