Merge pull request #129 from sohosai/bugfix/auth-bearer

認証周りのバグを修正

docker-compose.prod.yml

@@ -13,6 +13,12 @@ services:
       DATABASE_URL: ${DATABASE_URL}
       MEILI_MASTER_KEY: ${MEILI_MASTER_KEY}
       MEILI_URL: ${MEILI_URL}
+      ADMINISTRATOR_PASS_KEY: ${ADMINISTRATOR_PASS_KEY}
+      ADMINISTRATOR_LIMIT_DAYS: ${ADMINISTRATOR_LIMIT_DAYS}
+      EQUIPMENT_MANAGER_PASS_KEY: ${EQUIPMENT_MANAGER_PASS_KEY}
+      EQUIPMENT_MANAGER_LIMIT_DAYS: ${EQUIPMENT_MANAGER_LIMIT_DAYS}
+      GENERAL_PASS_KEY: ${GENERAL_PASS_KEY}
+      GENERAL_LIMIT_DAYS: ${GENERAL_LIMIT_DAYS}
     depends_on:
       postgres:
         condition: service_healthy

docker-compose.yml

@@ -14,6 +14,12 @@ services:
       DATABASE_URL: ${DATABASE_URL}
       MEILI_MASTER_KEY: ${MEILI_MASTER_KEY}
       MEILI_URL: ${MEILI_URL}
+      ADMINISTRATOR_PASS_KEY: ${ADMINISTRATOR_PASS_KEY}
+      ADMINISTRATOR_LIMIT_DAYS: ${ADMINISTRATOR_LIMIT_DAYS}
+      EQUIPMENT_MANAGER_PASS_KEY: ${EQUIPMENT_MANAGER_PASS_KEY}
+      EQUIPMENT_MANAGER_LIMIT_DAYS: ${EQUIPMENT_MANAGER_LIMIT_DAYS}
+      GENERAL_PASS_KEY: ${GENERAL_PASS_KEY}
+      GENERAL_LIMIT_DAYS: ${GENERAL_LIMIT_DAYS}
     depends_on:
       - db
     networks:

src/app.rs

@@ -17,7 +17,7 @@ use tracing::*;
 use crate::search_engine;
 
 /// 認証まわりのエンドポイントの定義
-pub mod certification;
+pub mod authentication;
 /// コンテナの管理を行うエンドポイントの定義
 pub mod container;
 /// 物品情報の登録を行うエンドポイントの定義
@@ -231,7 +231,7 @@ pub async fn app(bind: SocketAddr) -> Result<()> {
                 info!("POST /gen_passtoken");
                 let conn = Arc::clone(&conn);
                 move |TypedHeader(Authorization(basic)): TypedHeader<Authorization<Basic>>| {
-                    certification::api_gen_passtoken(basic, conn)
+                    authentication::api_gen_passtoken(basic, conn)
                 }
             }),
         )

src/app/certification.rs → src/app/authentication.rs

@@ -1,5 +1,5 @@
 use crate::{
-    certification::{self, str_to_role_opt},
+    authentication::{self, str_to_role_opt},
     error_handling::{result_to_handler_with_log, QrError, Result, ReturnData},
 };
 use axum::headers::authorization::Basic;
@@ -23,8 +23,8 @@ pub async fn gen_passtoken(token_info: Basic, conn: Arc<Pool<Postgres>>) -> Resu
     let key = token_info.password();
     match str_to_role_opt(role_str) {
         Some(role) => {
-            let passtoken = certification::gen_passtoken(role, key)?;
-            certification::insert_passtoken(&*conn, &passtoken).await?;
+            let passtoken = authentication::gen_passtoken(role, key)?;
+            authentication::insert_passtoken(&*conn, &passtoken).await?;
             Ok(passtoken.token)
         }
         None => Err(QrError::Authorized),

src/app/container.rs

@@ -1,4 +1,4 @@
-use crate::certification::{get_role, Role};
+use crate::authentication::{get_role, Role};
 use crate::{
     error_handling::{result_to_handler, result_to_handler_with_log, QrError, ReturnData},
     Container,
@@ -14,7 +14,7 @@ pub async fn insert_container(
     conn: Arc<Pool<Postgres>>,
 ) -> ReturnData<()> {
     let role = get_role(&*conn, bearer.token()).await;
-    if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role {
+    if Ok(Role::EquipmentManager) == role || Ok(Role::Administrator) == role {
         info!("Try insert container: {container:?}");
         let res =
             crate::database::insert_container::insert_container(&*conn, container.clone()).await;

src/app/fixtures.rs

@@ -1,4 +1,4 @@
-use crate::certification::{get_role, Role};
+use crate::authentication::{get_role, Role};
 use crate::database::get_one_fixtures::{get_one_fixtures, IdType};
 use crate::error_handling::{result_to_handler, result_to_handler_with_log, QrError, ReturnData};
 use crate::search_engine::{SearchFixtures, SearchResult};
@@ -19,7 +19,7 @@ pub async fn insert_fixtures(
     context: Arc<SearchFixtures>,
 ) -> ReturnData<()> {
     let role = get_role(&*conn, bearer.token()).await;
-    if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role {
+    if Ok(Role::EquipmentManager) == role || Ok(Role::Administrator) == role {
         info!("Try insert fixtures: {fixtures:?}");
         let res = crate::database::insert_fixtures::insert_fixtures(&*conn, fixtures.clone()).await;
 
@@ -59,7 +59,7 @@ pub async fn update_fixtures(
     context: Arc<SearchFixtures>,
 ) -> ReturnData<()> {
     let role = get_role(&*conn, bearer.token()).await;
-    if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role {
+    if Ok(Role::EquipmentManager) == role || Ok(Role::Administrator) == role {
         info!("Try update fixtures: {fixtures:?}");
         let res = crate::database::update_fixtures::update_fixtures(&*conn, fixtures.clone()).await;
 

src/app/lending.rs

@@ -1,4 +1,4 @@
-use crate::certification::{get_role, Role};
+use crate::authentication::{get_role, Role};
 use crate::{
     error_handling::{result_to_handler, result_to_handler_with_log, QrError, ReturnData},
     Lending,
@@ -19,7 +19,7 @@ pub async fn insert_lending(
     conn: Arc<Pool<Postgres>>,
 ) -> ReturnData<()> {
     let role = get_role(&*conn, bearer.token()).await;
-    if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role {
+    if Ok(Role::EquipmentManager) == role || Ok(Role::Administrator) == role {
         info!("Try insert lending: {lending:?}");
         let res = crate::database::insert_lending::insert_lending(&*conn, lending.clone()).await;
         result_to_handler_with_log(
@@ -42,7 +42,7 @@ pub async fn returned_lending(
     use crate::database::get_one_fixtures::*;
     use crate::database::returned_lending::*;
     let role = get_role(&*conn, bearer.token()).await;
-    if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role {
+    if Ok(Role::EquipmentManager) == role || Ok(Role::Administrator) == role {
         match (query.get("id"), query.get("qr_id")) {
             (Some(id), _) => {
                 let uuid_opt = Uuid::parse_str(id).ok();
@@ -234,7 +234,7 @@ pub async fn update_lending(
     conn: Arc<Pool<Postgres>>,
 ) -> ReturnData<()> {
     let role = get_role(&*conn, bearer.token()).await;
-    if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role {
+    if Ok(Role::EquipmentManager) == role || Ok(Role::Administrator) == role {
         info!("Try update lending: {lending:?}");
         let res = crate::database::update_lending::update_lending(&*conn, lending.clone()).await;
         result_to_handler_with_log(

src/app/spot.rs

@@ -1,4 +1,4 @@
-use crate::certification::{get_role, Role};
+use crate::authentication::{get_role, Role};
 use crate::{
     error_handling::{result_to_handler, result_to_handler_with_log, QrError, ReturnData},
     Spot,
@@ -16,7 +16,8 @@ pub async fn insert_spot(
     conn: Arc<Pool<Postgres>>,
 ) -> ReturnData<()> {
     let role = get_role(&*conn, bearer.token()).await;
-    if Ok(Role::EquipmentManager) == role && Ok(Role::Administrator) == role {
+    info!("role: {role:?}");
+    if Ok(Role::EquipmentManager) == role || Ok(Role::Administrator) == role {
         info!("Try insert spot: {spot:?}");
         let res = crate::database::insert_spot::insert_spot(&*conn, spot.clone()).await;
         result_to_handler_with_log(

src/error_handling.rs

@@ -100,7 +100,7 @@ where
             (
                 code,
                 Json(Msg {
-                    ok: true,
+                    ok: false,
                     data: None,
                     error_type: Some(error_type.to_string()),
                     error_message: Some(e.to_string()),

src/lib.rs

@@ -11,7 +11,7 @@ use uuid::Uuid;
 /// サーバーの実体
 pub mod app;
 /// 認証まわりをやるところ
-pub mod certification;
+pub mod authentication;
 /// データベース周りのモジュール
 pub mod database;
 /// エラーハンドリング周り