Extract user information from session

moneymgr_backend/src/extractors/auth_extractor.rs

@@ -0,0 +1,61 @@
+use crate::app_config::AppConfig;
+use crate::extractors::money_session::MoneySession;
+use crate::models::users::User;
+use crate::services::users_service;
+use actix_web::dev::Payload;
+use actix_web::error::ErrorUnauthorized;
+use actix_web::{Error, FromRequest, HttpRequest};
+
+#[derive(Debug, Clone)]
+pub enum AuthenticatedMethod {
+    /// User is authenticated using a cookie
+    Cookie,
+    /// User is authenticated through command line, for debugging purposes only
+    Dev,
+}
+
+/// Authentication extractor. Extract authentication information from request
+pub struct AuthExtractor {
+    pub method: AuthenticatedMethod,
+    pub user: User,
+}
+
+impl FromRequest for AuthExtractor {
+    type Error = Error;
+    type Future = futures_util::future::LocalBoxFuture<'static, Result<Self, Self::Error>>;
+
+    fn from_request(req: &HttpRequest, _payload: &mut Payload) -> Self::Future {
+        let req = req.clone();
+        Box::pin(async move {
+            // Check if login is hard-coded as program argument
+            if let Some(email) = &AppConfig::get().unsecure_auto_login_email {
+                let user = users_service::get_user_by_email(email).map_err(|e| {
+                    log::error!("Failed to retrieve dev user: {e}");
+                    ErrorUnauthorized("Unable to retrieve dev user!")
+                })?;
+                return Ok(Self {
+                    method: AuthenticatedMethod::Dev,
+                    user,
+                });
+            }
+
+            // Check for cookie authentication
+            let session = MoneySession::extract(&req).await?;
+            if let Some(user_id) = session.current_user().map_err(|e| {
+                log::error!("Failed to retrieve user id: {e}");
+                ErrorUnauthorized("Failed to read session information!")
+            })? {
+                let user = users_service::get_user_by_id(user_id).map_err(|e| {
+                    log::error!("Failed to retrieve user from cookie session: {e}");
+                    ErrorUnauthorized("Failed to retrieve user information!")
+                })?;
+                return Ok(Self {
+                    method: AuthenticatedMethod::Cookie,
+                    user,
+                });
+            };
+
+            Err(ErrorUnauthorized("Authentication required!"))
+        })
+    }
+}

moneymgr_backend/src/extractors/mod.rs

@@ -1 +1,2 @@
+pub mod auth_extractor;
 pub mod money_session;

moneymgr_backend/src/extractors/money_session.rs

@@ -1,5 +1,5 @@
 use crate::constants;
-use crate::models::users::User;
+use crate::models::users::{User, UserID};
 use crate::utils::rand_utils::rand_string;
 use actix_session::Session;
 use actix_web::dev::Payload;
@@ -63,6 +63,17 @@ impl MoneySession {
         self.0.insert(constants::sessions::USER_ID, user.id())?;
         Ok(())
     }
+
+    /// Get current user
+    pub fn current_user(&self) -> anyhow::Result<Option<UserID>> {
+        Ok(self.0.get(constants::sessions::USER_ID)?)
+    }
+
+    /// Remove defined user
+    pub fn unset_current_user(&self) -> anyhow::Result<()> {
+        self.0.remove(constants::sessions::USER_ID);
+        Ok(())
+    }
 }
 
 impl FromRequest for MoneySession {