jbell730
/
axum-api-template
1
0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 提交
1 分支
55 KiB
目錄樹: 20a4ca698e
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 '20a4ca698e'
${ noResults }
axum-api-template/src/middleware/auth.rs

auth.rs 2.4 KiB
原始文件 Normal View 歷史記錄

Initial commit
2 週之前
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 
  1. //! Bearer-token authentication extractor.

  2. //!

  3. //! Use `AuthenticatedUser` as a handler parameter to require a valid JWT.

  4. //! Unauthenticated requests are rejected with `401 Unauthorized` before the

  5. //! handler body ever executes.

  6. //!

  7. //! # Example

  8. //!

  9. //! ```rust,ignore

  10. //! async fn protected_handler(

  11. //!     user: AuthenticatedUser,

  12. //!     State(state): State<AppState>,

  13. //! ) -> Result<impl IntoResponse, ApiError> {

  14. //!     // user.id and user.roles are guaranteed valid here

  15. //!     Ok(Json(json!({ "sub": user.id })))

  16. //! }

  17. //! ```

  18. 

  19. use axum::{

  20.     async_trait,

  21.     extract::FromRequestParts,

  22.     http::request::Parts,

  23.     RequestPartsExt,

  24. };

  25. use axum_extra::{

  26.     headers::{authorization::Bearer, Authorization},

  27.     TypedHeader,

  28. };

  29. use uuid::Uuid;

  30. 

  31. use crate::errors::ApiError;

  32. 

  33. // ── Authenticated user claim ──────────────────────────────────────────────────

  34. 

  35. /// Injected into handlers that require authentication.

  36. #[derive(Debug, Clone)]

  37. pub struct AuthenticatedUser {

  38.     pub id: Uuid,

  39.     pub roles: Vec<String>,

  40. }

  41. 

  42. // ── FromRequestParts impl ─────────────────────────────────────────────────────

  43. 

  44. #[async_trait]

  45. impl<S> FromRequestParts<S> for AuthenticatedUser

  46. where

  47.     S: Send + Sync,

  48. {

  49.     type Rejection = ApiError;

  50. 

  51.     async fn from_request_parts(parts: &mut Parts, _state: &S) -> Result<Self, Self::Rejection> {

  52.         // Extract the Bearer token from the Authorization header.

  53.         let TypedHeader(Authorization(bearer)) = parts

  54.             .extract::<TypedHeader<Authorization<Bearer>>>()

  55.             .await

  56.             .map_err(|_| ApiError::Unauthorized("Missing or malformed Authorization header".to_string()))?;

  57. 

  58.         // TODO: replace this stub with real JWT validation.

  59.         //

  60.         // Example using `jsonwebtoken`:

  61.         //   let secret = state.config().auth.jwt_secret.as_bytes();

  62.         //   let token_data = decode::<Claims>(bearer.token(), &DecodingKey::from_secret(secret), &Validation::default())?;

  63.         //   return Ok(AuthenticatedUser { id: token_data.claims.sub, roles: token_data.claims.roles });

  64. 

  65.         let _ = bearer.token(); // silence unused-variable lint on the stub

  66. 

  67.         Err(ApiError::Unauthorized("JWT validation not yet implemented".to_string()))

  68.     }

  69. }