chore: added user authentication

Utilitycoder · Utilitycoder · commit 40b733d02add · 2023-06-30T21:02:30.000+01:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -33,6 +33,7 @@ reqwest = { version = "0.11.18", default-features = false, features = ["json", "
 rand = { version = "0.8", features = ["std_rng"] }
 thiserror = "1"
 anyhow = "1"
+base64 = "0.13.0"
 
 [dev-dependencies]
 once_cell = "1"
diff --git a/migrations/20230630195909_create_users_table.sql b/migrations/20230630195909_create_users_table.sql
@@ -0,0 +1,6 @@
+-- Add migration script here
+CREATE TABLE users(
+    user_id uuid PRIMARY KEY,
+    username TEXT NOT NULL UNIQUE,
+    password TEXT NOT NULL
+);
diff --git a/src/routes/newsletters.rs b/src/routes/newsletters.rs
@@ -1,7 +1,9 @@
 use crate::{domain::SubscriberEmail, email_client::EmailClient, routes::error_chain_fmt};
-use actix_web::http::StatusCode;
-use actix_web::{web, HttpResponse, ResponseError};
+use actix_web::http::header::{HeaderMap, HeaderValue};
+use actix_web::http::{header, StatusCode};
+use actix_web::{web, HttpRequest, HttpResponse, ResponseError};
 use anyhow::Context;
+use secrecy::{ExposeSecret, Secret};
 use sqlx::PgPool;
 
 #[derive(serde::Deserialize)]
@@ -39,14 +41,26 @@ pub struct Content {
 
 #[derive(thiserror::Error)]
 pub enum PublishError {
+    #[error("Authentication failed")]
+    AuthError(#[source] anyhow::Error),
     #[error(transparent)]
     UnexpectedError(#[from] anyhow::Error),
 }
 
 impl ResponseError for PublishError {
-    fn status_code(&self) -> StatusCode {
+    fn error_response(&self) -> HttpResponse {
         match self {
-            PublishError::UnexpectedError(_) => StatusCode::INTERNAL_SERVER_ERROR,
+            PublishError::UnexpectedError(_) => {
+                HttpResponse::new(StatusCode::INTERNAL_SERVER_ERROR)
+            }
+            PublishError::AuthError(_) => {
+                let mut response = HttpResponse::new(StatusCode::UNAUTHORIZED);
+                let header_value = HeaderValue::from_str(r#"Basic realm="publish""#).unwrap();
+                response
+                    .headers_mut()
+                    .insert(header::WWW_AUTHENTICATE, header_value);
+                response
+            }
         }
     }
 }
@@ -61,7 +75,9 @@ pub async fn publish_newsletter(
     body: web::Json<BodyData>,
     pool: web::Data<PgPool>,
     email_client: web::Data<EmailClient>,
+    request: HttpRequest,
 ) -> Result<HttpResponse, PublishError> {
+    let credentials = basic_authentication(request.headers()).map_err(PublishError::AuthError)?;
     let subscribers = get_confirmed_subscribers(&pool).await?;
     for subscriber in subscribers {
         match subscriber {
@@ -86,3 +102,38 @@ pub async fn publish_newsletter(
     }
     Ok(HttpResponse::Ok().finish())
 }
+
+struct Credentials {
+    username: String,
+    password: Secret<String>,
+}
+
+fn basic_authentication(headers: &HeaderMap) -> Result<Credentials, anyhow::Error> {
+    let header_value = headers
+        .get("Authorization")
+        .context("Missing authorization header")?
+        .to_str()
+        .context("The authorization header value is invalid UTF-8")?;
+
+    let base64_encoded_segment = header_value
+        .strip_prefix("Basic ")
+        .context("The Authorization scheme was not 'Basic'. ")?;
+    let decoded_bytes = base64::decode_config(base64_encoded_segment, base64::STANDARD)
+        .context("Failed to base64 decode 'Basic' credentials.")?;
+    let decoded_credentials =
+        String::from_utf8(decoded_bytes).context("The decoded credentials are not valid UTF-8.")?;
+
+    let mut credentials = decoded_credentials.splitn(2, ':');
+    let username = credentials
+        .next()
+        .ok_or_else(|| anyhow::anyhow!("The username is missing."))?
+        .to_owned();
+    let password = credentials
+        .next()
+        .ok_or_else(|| anyhow::anyhow!("The password is missing. Username: {}", username))?;
+
+    Ok(Credentials {
+        username,
+        password: Secret::new(password.to_owned()),
+    })
+}
diff --git a/tests/api/helpers.rs b/tests/api/helpers.rs
@@ -68,6 +68,7 @@ impl TestApp {
     pub async fn post_newsletters(&self, body: serde_json::Value) -> reqwest::Response {
         reqwest::Client::new()
             .post(&format!("{}/newsletters", &self.address))
+            .basic_auth(Uuid::new_v4().to_string(), Some(Uuid::new_v4().to_string()))
             .json(&body)
             .send()
             .await
diff --git a/tests/api/newsletter.rs b/tests/api/newsletter.rs
@@ -124,3 +124,26 @@ async fn create_confirmed_subscriber(app: &TestApp) {
         .error_for_status()
         .unwrap();
 }
+
+#[tokio::test]
+async fn requests_missing_authorization_are_rejected() {
+    let app = spawn_app().await;
+    let response = reqwest::Client::new()
+        .post(&format!("{}/newsletters", &app.address))
+        .json(&serde_json::json!({
+            "title": "Newsletter title",
+            "content": {
+                "text": "Newsletter content",
+                "html": "<p>Newsletter content</p>",
+            }
+        }))
+        .send()
+        .await
+        .expect("Failed to execute request.");
+
+    assert_eq!(response.status().as_u16(), 401);
+    assert_eq!(
+        r#"Basic realm="publish""#,
+        response.headers()["WWW-Authenticate"]
+    );
+}
