Issue auth

Cargo.toml

@@ -2,13 +2,18 @@
 name = "stacker"
 version = "0.1.0"
 edition = "2021"
+default-run= "server"
 
 [lib]
 path="src/lib.rs"
 
 [[bin]]
 path = "src/main.rs"
-name = "stacker"
+name = "server"
+
+[[bin]]
+path = "src/console/main.rs"
+name = "console"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
@@ -46,6 +51,7 @@ indexmap = { version = "2.0.0", features = ["serde"], optional = true }
 serde_yaml = "0.9"
 lapin = { version = "2.3.1", features = ["serde_json"] }
 futures-lite = "1.13.0"
+clap = { version = "4.4.8", features = ["derive"] }
 
 [dependencies.sqlx]
 version = "0.6.3"
@@ -65,3 +71,4 @@ indexmap = ["dep:indexmap"]
 
 [dev-dependencies]
 glob = "0.3"
+wiremock = "0.5.22"

configuration.yaml.dist

@@ -0,0 +1,17 @@
+#auth_url: http://127.0.0.1:8080/me
+app_host: 127.0.0.1
+app_port: 8000
+auth_url: https://dev.try.direct/server/user/oauth_server/api/me
+max_clients_number: 2
+database:
+  host: 127.0.0.1
+  port: 5432
+  username: postgres
+  password: postgres
+  database_name: stacker
+
+amqp:
+  host: 127.0.0.1
+  port: 5672
+  username: guest
+  password: guest

src/console/commands/appclient/mod.rs

@@ -0,0 +1,3 @@
+mod new;
+
+pub use new::*;

src/console/commands/appclient/new.rs

@@ -0,0 +1,40 @@
+use crate::configuration::get_configuration;
+use actix_web::rt;
+use actix_web::web;
+use sqlx::PgPool;
+
+pub struct NewCommand {
+    user_id: i32,
+}
+
+impl NewCommand {
+    pub fn new(user_id: i32) -> Self {
+        Self { user_id }
+    }
+}
+
+impl crate::console::commands::CallableTrait for NewCommand {
+    fn call(&self) -> Result<(), Box<dyn std::error::Error>> {
+        rt::System::new().block_on(async {
+            let settings = get_configuration().expect("Failed to read configuration.");
+            let db_pool = PgPool::connect(&settings.database.connection_string())
+                .await
+                .expect("Failed to connect to database.");
+
+            let settings = web::Data::new(settings);
+            let db_pool = web::Data::new(db_pool);
+
+            //todo get user from trydirect
+            let user = crate::models::user::User {
+                id: "first_name".to_string(),
+                first_name: "first_name".to_string(),
+                last_name: "last_name".to_string(),
+                email: "email".to_string(),
+                email_confirmed: true,
+            };
+            crate::routes::client::add_handler_inner(&user.id, settings, db_pool).await?;
+
+            Ok(())
+        })
+    }
+}

src/console/commands/callable.rs

@@ -0,0 +1,3 @@
+pub trait CallableTrait {
+    fn call(&self) -> Result<(), Box<dyn std::error::Error>>;
+}

src/console/commands/mod.rs

@@ -0,0 +1,4 @@
+pub mod appclient;
+mod callable;
+
+pub use callable::*;

src/console/main.rs

@@ -0,0 +1,43 @@
+use clap::{Parser, Subcommand};
+
+#[derive(Parser, Debug)]
+struct Cli {
+    #[command(subcommand)]
+    command: Commands,
+}
+
+#[derive(Debug, Subcommand)]
+enum Commands {
+    AppClient {
+        #[command(subcommand)]
+        command: AppClientCommands,
+    },
+}
+
+#[derive(Debug, Subcommand)]
+enum AppClientCommands {
+    New {
+        #[arg(long)]
+        user_id: i32,
+    },
+}
+
+//todo add documentation about how to add a new command
+//todo the helper from console should have a nicer display
+
+fn main() -> Result<(), Box<dyn std::error::Error>> {
+    let cli = Cli::parse();
+
+    get_command(cli)?.call()
+}
+
+fn get_command(cli: Cli) -> Result<Box<dyn stacker::console::commands::CallableTrait>, String> {
+    match cli.command {
+        Commands::AppClient { command } => match command {
+            AppClientCommands::New { user_id } => Ok(Box::new(
+                stacker::console::commands::appclient::NewCommand::new(user_id),
+            )),
+        },
+        _ => Err("command does not match".to_string()),
+    }
+}

src/console/mod.rs

@@ -0,0 +1 @@
+pub mod commands;

src/lib.rs

@@ -1,4 +1,5 @@
 pub mod configuration;
+pub mod console;
 pub mod forms;
 pub mod helpers;
 mod middleware;

src/middleware/client.rs

@@ -1,3 +1,4 @@
+use crate::helpers::JsonResponse;
 use crate::models::Client;
 use actix_http::header::CONTENT_LENGTH;
 use actix_web::error::{ErrorForbidden, ErrorInternalServerError, ErrorNotFound, PayloadError};
@@ -73,86 +74,42 @@ where
     fn call(&self, mut req: ServiceRequest) -> Self::Future {
         let service = self.service.clone();
         async move {
-            let client_id: i32 = get_header(&req, "stacker-id").map_err(|m| ErrorBadRequest(m))?;
-            let hash: String = get_header(&req, "stacker-hash").map_err(|m| ErrorBadRequest(m))?;
-
-            let query_span = tracing::info_span!("Fetching the client by ID");
-            let db_pool = req.app_data::<web::Data<Pool<Postgres>>>().unwrap();
-
-            let mut client: Client = match sqlx::query_as!(
-                Client,
-                r#"
-            SELECT
-               id, user_id, secret
-            FROM client c
-            WHERE c.id = $1
-            "#,
-                client_id,
-            )
-            .fetch_one(db_pool.get_ref())
-            .instrument(query_span)
-            .await
-            {
-                Ok(client) if client.secret.is_some() => client,
-                Ok(_client) => {
-                    return Err(ErrorForbidden("client is not active"));
-                }
-                Err(sqlx::Error::RowNotFound) => {
-                    return Err(ErrorNotFound("the client is not found"));
-                }
-                Err(e) => {
-                    tracing::error!("Failed to execute fetch query: {:?}", e);
+            let client_id: i32 = get_header(&req, "stacker-id")?;
+            let header_hash: String = get_header(&req, "stacker-hash")?;
 
-                    return Err(ErrorInternalServerError(""));
-                }
-            };
-
-            let content_length: usize =
-                get_header(&req, CONTENT_LENGTH.as_str()).map_err(|m| ErrorBadRequest(m))?;
-            let body = req
-                .take_payload()
-                .fold(
-                    BytesMut::with_capacity(content_length),
-                    |mut body, chunk| {
-                        let chunk = chunk.unwrap(); //todo process the potential error of unwrap
-                        body.extend_from_slice(&chunk); //todo
-
-                        ready(body)
-                    },
-                )
-                .await;
-
-            let mut mac =
-                match Hmac::<Sha256>::new_from_slice(client.secret.as_ref().unwrap().as_bytes()) {
-                    Ok(mac) => mac,
-                    Err(err) => {
-                        tracing::error!("error generating hmac {err:?}");
-
-                        return Err(ErrorInternalServerError(""));
-                    }
-                };
-
-            mac.update(body.as_ref());
-            let computed_hash = format!("{:x}", mac.finalize().into_bytes());
-            if hash != computed_hash {
-                return Err(ErrorBadRequest("hash is wrong"));
+            let db_pool = req.app_data::<web::Data<Pool<Postgres>>>().unwrap().get_ref();
+            let mut client: Client = db_fetch_client(db_pool, client_id).await?;
+            if client.secret.is_none() {
+                return Err("client is not active".to_string());
             }
 
-            let (_, mut payload) = actix_http::h1::Payload::create(true);
-            payload.unread_data(body.into());
-            req.set_payload(payload.into());
+            let client_secret = client.secret.as_ref().unwrap().as_bytes();
+            let body_hash = compute_body_hash(&mut req, client_secret).await?;
+            if header_hash != body_hash {
+                return Err("hash is wrong".to_string());
+            }
 
             match req.extensions_mut().insert(Arc::new(client)) {
                 Some(_) => {
                     tracing::error!("client middleware already called once");
-                    return Err(ErrorInternalServerError(""));
+                    return Err("".to_string());
                 }
                 None => {}
             }
 
-            let service = service.lock().await;
-            service.call(req).await
+            Ok(req)
         }
+        .then(|req| async move {
+            match req {
+                Ok(req) => {
+                    let service = service.lock().await;
+                    service.call(req).await
+                }
+                Err(msg) => Err(ErrorBadRequest(
+                    JsonResponse::<Client>::build().set_msg(msg).to_string(),
+                )),
+            }
+        })
         .boxed_local()
     }
 }
@@ -168,9 +125,56 @@ where
 
     let header_value: &str = header_value
         .to_str()
-        .map_err(|_| format!("header {header_name} can't be converted to string"))?; //map_err
-                                                                                     //
+        .map_err(|_| format!("header {header_name} can't be converted to string"))?; 
+
     header_value
         .parse::<T>()
         .map_err(|_| format!("header {header_name} has wrong type"))
 }
+
+async fn db_fetch_client(db_pool: &Pool<Postgres>, client_id: i32) -> Result<Client, String> {
+    let query_span = tracing::info_span!("Fetching the client by ID");
+
+    sqlx::query_as!(
+        Client,
+        r#"SELECT id, user_id, secret FROM client c WHERE c.id = $1"#,
+        client_id,
+        )
+        .fetch_one(db_pool)
+        .instrument(query_span)
+        .await
+        .map_err(|err| {
+            match err {
+                sqlx::Error::RowNotFound => "the client is not found".to_string(),
+                e => {
+                    tracing::error!("Failed to execute fetch query: {:?}", e);
+                    String::new()
+                }
+            }
+        })
+}
+
+async fn compute_body_hash(req: &mut ServiceRequest, client_secret: &[u8]) -> Result<String, String> {
+    let content_length: usize = get_header(req, CONTENT_LENGTH.as_str())?;
+    let mut body = BytesMut::with_capacity(content_length);
+    let mut payload = req.take_payload();
+    while let Some(chunk) = payload.next().await {
+        body.extend_from_slice(&chunk.expect("can't unwrap the chunk"));
+    }
+
+    let mut mac =
+        match Hmac::<Sha256>::new_from_slice(client_secret) {
+            Ok(mac) => mac,
+            Err(err) => {
+                tracing::error!("error generating hmac {err:?}");
+                return Err("".to_string());
+            }
+        };
+
+    mac.update(body.as_ref());
+    let (_, mut payload) = actix_http::h1::Payload::create(true);
+    payload.unread_data(body.into());
+    req.set_payload(payload.into());
+
+    Ok(format!("{:x}", mac.finalize().into_bytes()))
+}