認証トークン発行API

Cargo.toml

@@ -7,7 +7,7 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-axum = "0.6.20"
+axum = { version = "0.6.20", features = ["json", "headers"] }
 chrono = { version = "0.4.26", features = ["serde"] }
 meilisearch-sdk = "0.24.2"
 rand = "0.8.5"

logfile

@@ -58,3 +58,7 @@
 	    limit_day: int NOT NULL,
 	);
 
+2023-10-27 03:06:56.693 JST [13295] LOG:  received smart shutdown request
+2023-10-27 03:06:56.696 JST [13295] LOG:  background worker "logical replication launcher" (PID 13302) exited with exit code 1
+2023-10-27 03:06:56.696 JST [13297] LOG:  shutting down
+2023-10-27 03:06:56.710 JST [13295] LOG:  database system is shut down

src/app.rs

@@ -1,12 +1,13 @@
 use crate::error_handling::{QrError, Result};
 use axum::{
-    extract::Query,
+    extract::{Query, TypedHeader},
+    headers::authorization::{Authorization, Basic},
     http::Method,
     routing::{delete, get, post},
     Router,
 };
 use chrono::Utc;
-use reqwest::header::CONTENT_TYPE;
+use reqwest::header::{AUTHORIZATION, CONTENT_TYPE};
 use std::collections::HashMap;
 use std::net::SocketAddr;
 use std::sync::Arc;
@@ -15,6 +16,8 @@ use tracing::*;
 
 use crate::search_engine;
 
+/// 認証まわりのエンドポイントの定義
+pub mod certification;
 /// コンテナの管理を行うエンドポイントの定義
 pub mod container;
 /// 物品情報の登録を行うエンドポイントの定義
@@ -208,10 +211,20 @@ pub async fn app(bind: SocketAddr) -> Result<()> {
                 move |body| container::insert_container(body, conn)
             }),
         )
+        .route(
+            "/gen_passtoken",
+            post({
+                info!("POST /gen_passtoken");
+                let conn = Arc::clone(&conn);
+                move |TypedHeader(Authorization(basic)): TypedHeader<Authorization<Basic>>| {
+                    certification::api_gen_passtoken(basic, conn)
+                }
+            }),
+        )
         .layer(
             CorsLayer::new()
                 .allow_methods([Method::GET, Method::POST, Method::DELETE])
-                .allow_headers([CONTENT_TYPE])
+                .allow_headers([CONTENT_TYPE, AUTHORIZATION])
                 .allow_origin(Any),
         );
 

src/app/certification.rs

@@ -0,0 +1,32 @@
+use crate::{
+    certification::{self, str_to_role_opt},
+    error_handling::{result_to_handler_with_log, QrError, Result, ReturnData},
+};
+use axum::headers::authorization::Basic;
+use sqlx::{pool::Pool, postgres::Postgres};
+use std::sync::Arc;
+use tracing::*;
+
+pub async fn api_gen_passtoken(token_info: Basic, conn: Arc<Pool<Postgres>>) -> ReturnData<String> {
+    info!("Try gen passtoken");
+    let res = gen_passtoken(token_info, conn).await;
+    result_to_handler_with_log(
+        |_| Some("Success gen passtoken".to_string()),
+        |e| Some(format!("Failed gen passtoken: {e}")),
+        &res,
+    )
+    .await
+}
+
+pub async fn gen_passtoken(token_info: Basic, conn: Arc<Pool<Postgres>>) -> Result<String> {
+    let role_str = token_info.username();
+    let key = token_info.password();
+    match str_to_role_opt(role_str) {
+        Some(role) => {
+            let passtoken = certification::gen_passtoken(role, key)?;
+            certification::insert_passtoken(&*conn, &passtoken).await?;
+            Ok(passtoken.token)
+        }
+        None => Err(QrError::Authorized),
+    }
+}

src/certification.rs

@@ -40,6 +40,15 @@ pub enum Role {
     General,
 }
 
+pub fn str_to_role_opt(item: &str) -> Option<Role> {
+    match item {
+        "administrator" => Some(Role::Administrator),
+        "equipment_manager" => Some(Role::EquipmentManager),
+        "general" => Some(Role::General),
+        _ => None,
+    }
+}
+
 impl std::fmt::Display for Role {
     fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
         match self {
@@ -53,11 +62,9 @@ impl std::fmt::Display for Role {
 
 impl From<std::string::String> for Role {
     fn from(item: String) -> Self {
-        match item.as_str() {
-            "administrator" => Role::Administrator,
-            "equipment_manager" => Role::EquipmentManager,
-            "general" => Role::General,
-            _ => panic!("Undefined role: {item}"),
+        match str_to_role_opt(&item) {
+            Some(r) => r,
+            None => panic!("unkown role: {item}"),
         }
     }
 }
@@ -135,7 +142,7 @@ pub fn gen_passtoken(role: Role, key: &str) -> Result<Passtoken> {
     }
 }
 
-pub async fn insert_passtoken<'a, E>(conn: E, passtoken: Passtoken) -> Result<()>
+pub async fn insert_passtoken<'a, E>(conn: E, passtoken: &Passtoken) -> Result<()>
 where
     E: sqlx::Executor<'a, Database = sqlx::Postgres>,
 {