phil/ezidam
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

jwt: get user roles in jwt

Browse source
This commit is contained in:
Philippe Loctaux 2023-05-08 18:13:09 +02:00
parent ba2bb90852
commit 04b0b1dd05
2 changed files with 20 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

14
crates/ezidam/src/guards/jwt.rs
View file

@ -7,6 +7,7 @@ use hash::SecretString;
use id::{KeyID, UserID}; use id::{KeyID, UserID};
use jwt::database::Key; use jwt::database::Key;
use jwt::{JwtClaims, PrivateKey}; use jwt::{JwtClaims, PrivateKey};
use permissions::Permission;
use refresh_tokens::RefreshToken; use refresh_tokens::RefreshToken;
use rocket::http::Status; use rocket::http::Status;
use rocket::http::{Cookie, CookieJar, SameSite}; use rocket::http::{Cookie, CookieJar, SameSite};
@ -53,6 +54,7 @@ pub enum Error {
ImportKey(jwt::Error), ImportKey(jwt::Error),
JwtValidation(jwt::Error), JwtValidation(jwt::Error),
BlockingTask(String), BlockingTask(String),
GetPermissions(permissions::Error),
} }
pub struct SpecificUser<'a> { pub struct SpecificUser<'a> {
@ -382,8 +384,16 @@ pub async fn use_refresh_token(
} }
}; };
// TODO: get user roles // Get user roles
let roles = vec![]; let roles = match Permission::get_all(&mut transaction, Some(user.id()), None).await {
Ok(roles) => roles
.into_iter()
.map(|role| role.role().to_string())
.collect(),
Err(e) => {
return Outcome::Failure((Status::InternalServerError, Error::GetPermissions(e)));
}
};
// Create jwt, sign and serialize // Create jwt, sign and serialize
let jwt_claims = JwtClaims::new(home_page.clone(), "ezidam", &user, roles); let jwt_claims = JwtClaims::new(home_page.clone(), "ezidam", &user, roles);

10
crates/ezidam/src/tokens.rs
View file

@ -1,6 +1,7 @@
use hash::SecretString; use hash::SecretString;
use id::{AppID, UserID}; use id::{AppID, UserID};
use jwt::{JwtClaims, PrivateKey}; use jwt::{JwtClaims, PrivateKey};
use permissions::Permission;
use refresh_tokens::RefreshToken; use refresh_tokens::RefreshToken;
use rocket::tokio::task; use rocket::tokio::task;
use rocket_db_pools::sqlx::SqliteExecutor; use rocket_db_pools::sqlx::SqliteExecutor;
@ -46,8 +47,13 @@ pub async fn generate_jwt(
audience: &str, audience: &str,
user: &User, user: &User,
) -> Result<String, String> { ) -> Result<String, String> {
// TODO: get user roles // Get user roles
let roles = vec![]; let roles = Permission::get_all(conn, Some(user.id()), None)
.await
.map_err(|e| e.to_string())?
.into_iter()
.map(|role| role.role().to_string())
.collect();
// Create jwt, sign and serialize // Create jwt, sign and serialize
let jwt = JwtClaims::new(issuer, audience, user, roles) let jwt = JwtClaims::new(issuer, audience, user, roles)