feat: Implement token-based authentication for user data endpoints.

2025-11-30 21:55:01 +01:00 · 2025-11-30 21:55:01 +01:00 · 0222332d3f
commit 0222332d3f
parent 73791a0760
3 changed files with 43 additions and 3 deletions
--- a/backend/src/auth.rs
+++ b/backend/src/auth.rs
@ -18,6 +18,38 @@ impl AuthState {
    }
 }

+#[derive(Debug)]
+#[allow(dead_code)]
+pub struct Token(pub String);
+
+#[rocket::async_trait]
+impl<'r> rocket::request::FromRequest<'r> for Token {
+    type Error = ();
+
+    async fn from_request(
+        request: &'r rocket::Request<'_>,
+    ) -> rocket::request::Outcome<Self, Self::Error> {
+        let token = request.headers().get_one("Authorization");
+
+        match token {
+            Some(token) => {
+                // Check if token starts with "Bearer "
+                if let Some(token) = token.strip_prefix("Bearer ") {
+                    let state = request.guard::<&State<AuthState>>().await.unwrap();
+                    let tokens = state.tokens.lock().unwrap();
+
+                    if tokens.contains_key(token) {
+                        return rocket::request::Outcome::Success(Token(token.to_string()));
+                    }
+                }
+
+                rocket::request::Outcome::Error((rocket::http::Status::Unauthorized, ()))
+            }
+            None => rocket::request::Outcome::Error((rocket::http::Status::Unauthorized, ())),
+        }
+    }
+}
+
 #[post("/login", data = "<request>")]
 pub fn login(
    state: &State<AuthState>,
--- a/backend/src/main.rs
+++ b/backend/src/main.rs
@ -25,7 +25,11 @@ impl std::ops::Deref for User {
 }

 #[get("/<name>")]
-fn get_user(user_list: &rocket::State<Vec<User>>, name: String) -> Option<items::Person> {
+fn get_user(
+    _token: auth::Token,
+    user_list: &rocket::State<Vec<User>>,
+    name: String,
+) -> Option<items::Person> {
    user_list
        .iter()
        .find(|user| user.person.name == name)
@ -33,7 +37,7 @@ fn get_user(user_list: &rocket::State<Vec<User>>, name: String) -> Option<items:
 }

 #[get("/")]
-fn get_users(user_list: &rocket::State<Vec<User>>) -> items::PersonList {
+fn get_users(_token: auth::Token, user_list: &rocket::State<Vec<User>>) -> items::PersonList {
    items::PersonList {
        person: user_list
            .inner()
--- a/frontend/src/App.tsx
+++ b/frontend/src/App.tsx
@ -10,7 +10,11 @@ function App() {
  useEffect(() => {
    if (!token) return;

-    fetch("/api")
+    fetch("/api", {
+      headers: {
+        Authorization: `Bearer ${token}`,
+      },
+    })
      .then((res) => res.arrayBuffer())
      .then((buffer) => {
        const list = PersonList.decode(new Uint8Array(buffer));