(refactor) removed username from logic
This commit is contained in:
parent
0977d47ec2
commit
e4cfc5eee5
15 changed files with 233 additions and 122 deletions
|
|
@ -6,3 +6,4 @@ pub mod middleware;
|
|||
pub mod password;
|
||||
|
||||
pub use jwt::Claims;
|
||||
pub use middleware::auth_middleware;
|
||||
|
|
|
|||
|
|
@ -1,8 +1,11 @@
|
|||
// src/auth/handlers.rs
|
||||
// Authentication HTTP handlers
|
||||
// User registers with bank_user_number (1-10) + password
|
||||
// Gets JWT for accessing Multiberry endpoints
|
||||
// Real credentials: bank_user_id + password
|
||||
|
||||
use axum::{
|
||||
extract::{Extension, State},
|
||||
extract::State,
|
||||
http::StatusCode,
|
||||
response::IntoResponse,
|
||||
Json,
|
||||
|
|
@ -11,24 +14,23 @@ use serde::{Deserialize, Serialize};
|
|||
use serde_json::json;
|
||||
|
||||
use crate::{state::AppState, db};
|
||||
use super::{jwt::{generate_token, Claims}, password::{hash_password, verify_password}};
|
||||
use super::{jwt::generate_token, password::{hash_password, verify_password}};
|
||||
|
||||
#[derive(Debug, Deserialize)]
|
||||
pub struct RegisterRequest {
|
||||
pub username: String,
|
||||
pub password: String,
|
||||
pub bank_user_number: u8, // 1-10: User picks their slot (e.g., 6 → team275-6)
|
||||
pub password: String, // User-created password
|
||||
}
|
||||
|
||||
#[derive(Debug, Deserialize)]
|
||||
pub struct LoginRequest {
|
||||
pub username: String,
|
||||
pub bank_user_id: String, // e.g., "team275-6"
|
||||
pub password: String,
|
||||
}
|
||||
|
||||
#[derive(Debug, Serialize)]
|
||||
pub struct AuthResponse {
|
||||
pub token: String,
|
||||
pub username: String,
|
||||
pub bank_user_id: String,
|
||||
}
|
||||
|
||||
|
|
@ -36,6 +38,7 @@ pub async fn register_handler(
|
|||
State(state): State<AppState>,
|
||||
Json(payload): Json<RegisterRequest>,
|
||||
) -> impl IntoResponse {
|
||||
// Validate password length
|
||||
if payload.password.len() < 3 {
|
||||
return Err((
|
||||
StatusCode::BAD_REQUEST,
|
||||
|
|
@ -43,23 +46,34 @@ pub async fn register_handler(
|
|||
));
|
||||
}
|
||||
|
||||
// Validate bank_user_number (1-10)
|
||||
if payload.bank_user_number < 1 || payload.bank_user_number > 10 {
|
||||
return Err((
|
||||
StatusCode::BAD_REQUEST,
|
||||
Json(json!({ "error": "bank_user_number must be between 1 and 10" }))
|
||||
));
|
||||
}
|
||||
|
||||
// Hash password
|
||||
let password_hash = hash_password(&payload.password)
|
||||
.map_err(|_| (
|
||||
StatusCode::INTERNAL_SERVER_ERROR,
|
||||
Json(json!({ "error": "Failed to hash password" }))
|
||||
))?;
|
||||
|
||||
// Generate bank_user_id based on username (you can make this more sophisticated)
|
||||
let bank_user_id = format!("team275-{}", payload.username);
|
||||
// Build bank_user_id from environment + number
|
||||
let bank_user_id = format!("{}-{}", state.bank_team_id, payload.bank_user_number);
|
||||
|
||||
let user = db::users::create_user(&state.db_pool, &payload.username, &password_hash, &bank_user_id)
|
||||
// Create user in database
|
||||
let user = db::users::create_user(&state.db_pool, &bank_user_id, &password_hash)
|
||||
.await
|
||||
.map_err(|e| (
|
||||
StatusCode::CONFLICT,
|
||||
Json(json!({ "error": format!("Username already exists or database error: {}", e) }))
|
||||
Json(json!({ "error": format!("User already exists or database error: {}", e) }))
|
||||
))?;
|
||||
|
||||
let token = generate_token(user.id, &user.username, &user.bank_user_id)
|
||||
// Generate JWT token
|
||||
let token = generate_token(user.id, &user.bank_user_id)
|
||||
.map_err(|_| (
|
||||
StatusCode::INTERNAL_SERVER_ERROR,
|
||||
Json(json!({ "error": "Failed to generate token" }))
|
||||
|
|
@ -69,7 +83,6 @@ pub async fn register_handler(
|
|||
StatusCode::CREATED,
|
||||
Json(AuthResponse {
|
||||
token,
|
||||
username: user.username,
|
||||
bank_user_id: user.bank_user_id,
|
||||
})
|
||||
))
|
||||
|
|
@ -79,7 +92,8 @@ pub async fn login_handler(
|
|||
State(state): State<AppState>,
|
||||
Json(payload): Json<LoginRequest>,
|
||||
) -> impl IntoResponse {
|
||||
let user_data = db::users::get_user_by_username(&state.db_pool, &payload.username)
|
||||
// Look up user by bank_user_id
|
||||
let user_data = db::users::get_user_by_bank_user_id(&state.db_pool, &payload.bank_user_id)
|
||||
.await
|
||||
.map_err(|_| (
|
||||
StatusCode::INTERNAL_SERVER_ERROR,
|
||||
|
|
@ -87,11 +101,12 @@ pub async fn login_handler(
|
|||
))?
|
||||
.ok_or_else(|| (
|
||||
StatusCode::UNAUTHORIZED,
|
||||
Json(json!({ "error": "Invalid username or password" }))
|
||||
Json(json!({ "error": "Invalid bank_user_id or password" }))
|
||||
))?;
|
||||
|
||||
let (user_id, password_hash, bank_user_id) = user_data;
|
||||
let (user_id, password_hash) = user_data;
|
||||
|
||||
// Verify password
|
||||
let is_valid = verify_password(&payload.password, &password_hash)
|
||||
.map_err(|_| (
|
||||
StatusCode::INTERNAL_SERVER_ERROR,
|
||||
|
|
@ -101,11 +116,12 @@ pub async fn login_handler(
|
|||
if !is_valid {
|
||||
return Err((
|
||||
StatusCode::UNAUTHORIZED,
|
||||
Json(json!({ "error": "Invalid username or password" }))
|
||||
Json(json!({ "error": "Invalid bank_user_id or password" }))
|
||||
));
|
||||
}
|
||||
|
||||
let token = generate_token(user_id, &payload.username, &bank_user_id)
|
||||
// Generate JWT token
|
||||
let token = generate_token(user_id, &payload.bank_user_id)
|
||||
.map_err(|_| (
|
||||
StatusCode::INTERNAL_SERVER_ERROR,
|
||||
Json(json!({ "error": "Failed to generate token" }))
|
||||
|
|
@ -115,20 +131,18 @@ pub async fn login_handler(
|
|||
StatusCode::OK,
|
||||
Json(AuthResponse {
|
||||
token,
|
||||
username: payload.username,
|
||||
bank_user_id,
|
||||
bank_user_id: payload.bank_user_id,
|
||||
})
|
||||
))
|
||||
}
|
||||
|
||||
pub async fn me_handler(
|
||||
Extension(claims): Extension<Claims>,
|
||||
axum::extract::Extension(claims): axum::extract::Extension<super::jwt::Claims>,
|
||||
) -> impl IntoResponse {
|
||||
(
|
||||
StatusCode::OK,
|
||||
Json(json!({
|
||||
"user_id": claims.sub,
|
||||
"username": claims.username,
|
||||
"bank_user_id": claims.bank_user_id,
|
||||
}))
|
||||
)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
// src/auth/jwt.rs
|
||||
// JWT token generation and validation
|
||||
// Token contains bank_user_id so backend knows which Multiberry user is calling
|
||||
|
||||
use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation};
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
|
@ -8,18 +9,16 @@ use std::env;
|
|||
|
||||
#[derive(Debug, Serialize, Deserialize, Clone)]
|
||||
pub struct Claims {
|
||||
pub sub: i32, // user_id
|
||||
pub username: String,
|
||||
pub bank_user_id: String,
|
||||
pub exp: i64,
|
||||
pub sub: i32, // Internal user_id from database
|
||||
pub bank_user_id: String, // e.g., "team275-6" - identifies which Multiberry user
|
||||
pub exp: i64, // Expiration timestamp
|
||||
}
|
||||
|
||||
pub fn generate_token(user_id: i32, username: &str, bank_user_id: &str) -> Result<String, jsonwebtoken::errors::Error> {
|
||||
pub fn generate_token(user_id: i32, bank_user_id: &str) -> Result<String, jsonwebtoken::errors::Error> {
|
||||
let secret = env::var("JWT_SECRET").unwrap_or_else(|_| "super_secret_key_change_in_production".to_string());
|
||||
|
||||
let claims = Claims {
|
||||
sub: user_id,
|
||||
username: username.to_string(),
|
||||
bank_user_id: bank_user_id.to_string(),
|
||||
exp: (Utc::now() + Duration::days(7)).timestamp(),
|
||||
};
|
||||
|
|
|
|||
|
|
@ -0,0 +1,62 @@
|
|||
// src/db/accounts.rs
|
||||
|
||||
use sqlx::PgPool;
|
||||
use chrono::{DateTime, Utc, NaiveDate};
|
||||
|
||||
pub async fn store_account(
|
||||
pool: &PgPool,
|
||||
account_id: &str,
|
||||
user_id: &str, // team275-6
|
||||
bank_code: &str, // vbank
|
||||
status: &str,
|
||||
currency: &str,
|
||||
account_type: &str,
|
||||
account_sub_type: Option<&str>,
|
||||
nickname: &str,
|
||||
description: Option<&str>,
|
||||
opening_date: Option<NaiveDate>,
|
||||
) -> Result<(), sqlx::Error> {
|
||||
sqlx::query!(
|
||||
r#"
|
||||
INSERT INTO accounts
|
||||
(account_id, user_id, bank_code, status, currency, account_type,
|
||||
account_sub_type, nickname, description, opening_date)
|
||||
VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)
|
||||
ON CONFLICT (account_id, bank_code)
|
||||
DO UPDATE SET updated_at = NOW()
|
||||
"#,
|
||||
account_id,
|
||||
user_id,
|
||||
bank_code,
|
||||
status,
|
||||
currency,
|
||||
account_type,
|
||||
account_sub_type,
|
||||
nickname,
|
||||
description,
|
||||
opening_date
|
||||
)
|
||||
.execute(pool)
|
||||
.await?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub async fn get_accounts_for_user(
|
||||
pool: &PgPool,
|
||||
user_id: &str,
|
||||
bank_code: &str,
|
||||
) -> Result<Vec<(String, String)>, sqlx::Error> { // Returns (account_id, nickname)
|
||||
sqlx::query!(
|
||||
r#"
|
||||
SELECT account_id, nickname
|
||||
FROM accounts
|
||||
WHERE user_id = $1 AND bank_code = $2
|
||||
"#,
|
||||
user_id,
|
||||
bank_code
|
||||
)
|
||||
.fetch_all(pool)
|
||||
.await
|
||||
.map(|rows| rows.into_iter().map(|r| (r.account_id, r.nickname)).collect())
|
||||
}
|
||||
|
|
@ -5,46 +5,43 @@ use sqlx::PgPool;
|
|||
#[derive(Debug, Clone)]
|
||||
pub struct User {
|
||||
pub id: i32,
|
||||
pub username: String,
|
||||
pub bank_user_id: String, // Keep this - it's team275-X
|
||||
pub bank_user_id: String,
|
||||
}
|
||||
|
||||
pub async fn create_user(
|
||||
pool: &PgPool,
|
||||
username: &str,
|
||||
password_hash: &str,
|
||||
bank_user_id: &str,
|
||||
password_hash: &str,
|
||||
) -> Result<User, sqlx::Error> {
|
||||
sqlx::query_as!(
|
||||
User,
|
||||
r#"
|
||||
INSERT INTO users (username, password_hash, bank_user_id)
|
||||
VALUES ($1, $2, $3)
|
||||
RETURNING id, username, bank_user_id
|
||||
INSERT INTO users (bank_user_id, password_hash)
|
||||
VALUES ($1, $2)
|
||||
RETURNING id, bank_user_id
|
||||
"#,
|
||||
username,
|
||||
password_hash,
|
||||
bank_user_id
|
||||
bank_user_id,
|
||||
password_hash
|
||||
)
|
||||
.fetch_one(pool)
|
||||
.await
|
||||
}
|
||||
|
||||
pub async fn get_user_by_username(
|
||||
pub async fn get_user_by_bank_user_id(
|
||||
pool: &PgPool,
|
||||
username: &str,
|
||||
) -> Result<Option<(i32, String, String)>, sqlx::Error> {
|
||||
bank_user_id: &str,
|
||||
) -> Result<Option<(i32, String)>, sqlx::Error> {
|
||||
sqlx::query!(
|
||||
r#"
|
||||
SELECT id, password_hash, bank_user_id
|
||||
SELECT id, password_hash
|
||||
FROM users
|
||||
WHERE username = $1
|
||||
WHERE bank_user_id = $1
|
||||
"#,
|
||||
username
|
||||
bank_user_id
|
||||
)
|
||||
.fetch_optional(pool)
|
||||
.await
|
||||
.map(|row| row.map(|r| (r.id, r.password_hash, r.bank_user_id)))
|
||||
.map(|row| row.map(|r| (r.id, r.password_hash)))
|
||||
}
|
||||
|
||||
pub async fn get_user_by_id(
|
||||
|
|
@ -54,7 +51,7 @@ pub async fn get_user_by_id(
|
|||
sqlx::query_as!(
|
||||
User,
|
||||
r#"
|
||||
SELECT id, username, bank_user_id
|
||||
SELECT id, bank_user_id
|
||||
FROM users
|
||||
WHERE id = $1
|
||||
"#,
|
||||
|
|
|
|||
16
src/route.rs
16
src/route.rs
|
|
@ -2,29 +2,29 @@
|
|||
|
||||
pub mod handlers;
|
||||
|
||||
use axum::{routing::{get, post}, Router};
|
||||
use crate::state::AppState;
|
||||
use axum::{middleware, routing::{get, post}, Router};
|
||||
use crate::{state::AppState, auth};
|
||||
|
||||
pub fn router(app_state: AppState) -> Router {
|
||||
Router::new()
|
||||
// Health check
|
||||
// Public routes (no auth required)
|
||||
.route("/api/health", get(handlers::health_handler))
|
||||
.route("/api/auth/register", post(auth::handlers::register_handler))
|
||||
.route("/api/auth/login", post(auth::handlers::login_handler))
|
||||
|
||||
// Consent management
|
||||
// Protected routes (auth required)
|
||||
.route("/api/auth/me", get(auth::handlers::me_handler))
|
||||
.route("/api/consent/:bank/:user_id",
|
||||
post(handlers::create_consent_handler)
|
||||
.get(handlers::get_consent_handler)
|
||||
)
|
||||
|
||||
// Account access
|
||||
.route("/api/accounts/:bank/:user_id",
|
||||
get(handlers::get_accounts_handler)
|
||||
)
|
||||
|
||||
// Transaction access
|
||||
.route("/api/transactions/:bank/:user_id/:account_id",
|
||||
get(handlers::get_transactions_handler)
|
||||
)
|
||||
.layer(middleware::from_fn(auth::auth_middleware))
|
||||
|
||||
.with_state(app_state)
|
||||
}
|
||||
|
|
|
|||
13
src/state.rs
13
src/state.rs
|
|
@ -3,12 +3,14 @@
|
|||
use crate::db;
|
||||
use crate::api::BankingClients;
|
||||
use sqlx::PgPool;
|
||||
use std::env;
|
||||
|
||||
/// Общее состояние приложения, доступное во всех handlers
|
||||
/// Global application state, accessible in all handlers
|
||||
#[derive(Clone)]
|
||||
pub struct AppState {
|
||||
pub db_pool: PgPool,
|
||||
pub banking_clients: BankingClients,
|
||||
pub bank_team_id: String, // e.g., "team275" from VBANK_CLIENT_ID env var
|
||||
}
|
||||
|
||||
impl AppState {
|
||||
|
|
@ -16,13 +18,18 @@ impl AppState {
|
|||
let db_pool = db::init_pool().await;
|
||||
println!("✅ Database connection pool created successfully.");
|
||||
|
||||
// FIX: Add .await and handle the potential error
|
||||
let banking_clients = BankingClients::new().await.expect("Failed to initialize banking clients");
|
||||
let banking_clients = BankingClients::new()
|
||||
.await
|
||||
.expect("Failed to initialize banking clients");
|
||||
println!("✅ Banking API clients initialized.");
|
||||
|
||||
let bank_team_id = env::var("VBANK_CLIENT_ID")
|
||||
.expect("VBANK_CLIENT_ID environment variable must be set");
|
||||
|
||||
Self {
|
||||
db_pool,
|
||||
banking_clients,
|
||||
bank_team_id,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue