From dda356ea0008ce140c5323412ae91c20c79cc457 Mon Sep 17 00:00:00 2001
From: Andras Schmelczer <andras@schmelczer.dev>
Date: Sun, 8 Dec 2024 18:14:14 +0000
Subject: [PATCH] Add auth

---
 backend/sync_server/src/config/user_config.rs      |  8 ++++++++
 backend/sync_server/src/server.rs                  |  1 +
 backend/sync_server/src/server/auth.rs             | 14 ++++++++++++++
 backend/sync_server/src/server/create_document.rs  |  7 +++++++
 backend/sync_server/src/server/delete_document.rs  |  7 +++++++
 .../src/server/fetch_latest_document_version.rs    |  8 ++++++++
 .../src/server/fetch_latest_documents.rs           |  8 ++++++++
 backend/sync_server/src/server/update_document.rs  |  7 +++++++
 8 files changed, 60 insertions(+)
 create mode 100644 backend/sync_server/src/server/auth.rs

diff --git a/backend/sync_server/src/config/user_config.rs b/backend/sync_server/src/config/user_config.rs
index af7d298..3ab31f3 100644
--- a/backend/sync_server/src/config/user_config.rs
+++ b/backend/sync_server/src/config/user_config.rs
@@ -1,11 +1,19 @@
 use rand::distributions::Alphanumeric;
 use rand::{thread_rng, Rng};
 use serde::{Deserialize, Serialize};
+
 #[derive(Debug, Deserialize, Serialize, Clone)]
 pub struct UserConfig {
     #[serde(default = "default_users")]
     pub user_tokens: Vec<User>,
 }
+
+impl UserConfig {
+    pub fn get_user(&self, token: &str) -> Option<&User> {
+        self.user_tokens.iter().find(|u| u.token == token)
+    }
+}
+
 #[derive(Debug, Deserialize, Serialize, Clone)]
 pub struct User {
     pub name: String,
diff --git a/backend/sync_server/src/server.rs b/backend/sync_server/src/server.rs
index 6dc1ff3..cb1bcb5 100644
--- a/backend/sync_server/src/server.rs
+++ b/backend/sync_server/src/server.rs
@@ -13,6 +13,7 @@ use axum::response::{IntoResponse, Response};
 use axum::{extract::DefaultBodyLimit, Extension};
 use axum::{extract::WebSocketUpgrade, Json};
 use log::info;
+mod auth;
 mod create_document;
 mod delete_document;
 mod fetch_latest_document_version;
diff --git a/backend/sync_server/src/server/auth.rs b/backend/sync_server/src/server/auth.rs
new file mode 100644
index 0000000..9d2dd31
--- /dev/null
+++ b/backend/sync_server/src/server/auth.rs
@@ -0,0 +1,14 @@
+use crate::{
+    app_state::AppState,
+    config::user_config::User,
+    errors::{unauthorized_error, SyncServerError},
+};
+
+pub fn auth(app_state: &AppState, token: &str) -> Result<User, SyncServerError> {
+    app_state
+        .config
+        .users
+        .get_user(token)
+        .cloned()
+        .ok_or_else(|| unauthorized_error(anyhow::anyhow!("Invalid token")))
+}
diff --git a/backend/sync_server/src/server/create_document.rs b/backend/sync_server/src/server/create_document.rs
index f749c8d..ee50c35 100644
--- a/backend/sync_server/src/server/create_document.rs
+++ b/backend/sync_server/src/server/create_document.rs
@@ -9,16 +9,23 @@ use anyhow::Context;
 use axum::extract::Path;
 use axum::extract::State;
 use axum::Json;
+use axum_extra::headers::authorization::Bearer;
+use axum_extra::headers::Authorization;
+use axum_extra::TypedHeader;
 use sync_lib::base64_to_bytes;
 
+use super::auth::auth;
 use super::requests::CreateDocumentVersion;
 
 #[axum::debug_handler]
 pub async fn create_document(
+    TypedHeader(auth_header): TypedHeader<Authorization<Bearer>>,
     Path(vault_id): Path<VaultId>,
     State(state): State<AppState>,
     Json(request): Json<CreateDocumentVersion>,
 ) -> Result<Json<DocumentVersionWithoutContent>, SyncServerError> {
+    auth(&state, auth_header.token())?;
+
     let new_version = StoredDocumentVersion {
         vault_id,
         document_id: uuid::Uuid::new_v4(),
diff --git a/backend/sync_server/src/server/delete_document.rs b/backend/sync_server/src/server/delete_document.rs
index d3d2a9a..b3853c2 100644
--- a/backend/sync_server/src/server/delete_document.rs
+++ b/backend/sync_server/src/server/delete_document.rs
@@ -10,15 +10,22 @@ use anyhow::Context;
 use axum::extract::Path;
 use axum::extract::State;
 use axum::Json;
+use axum_extra::headers::authorization::Bearer;
+use axum_extra::headers::Authorization;
+use axum_extra::TypedHeader;
 
+use super::auth::auth;
 use super::requests::DeleteDocumentVersion;
 
 #[axum::debug_handler]
 pub async fn delete_document(
+    TypedHeader(auth_header): TypedHeader<Authorization<Bearer>>,
     Path((vault_id, document_id)): Path<(VaultId, DocumentId)>,
     State(state): State<AppState>,
     Json(request): Json<DeleteDocumentVersion>,
 ) -> Result<(), SyncServerError> {
+    auth(&state, auth_header.token())?;
+
     let mut transaction = state
         .database
         .create_transaction()
diff --git a/backend/sync_server/src/server/fetch_latest_document_version.rs b/backend/sync_server/src/server/fetch_latest_document_version.rs
index f1a515c..dccfeea 100644
--- a/backend/sync_server/src/server/fetch_latest_document_version.rs
+++ b/backend/sync_server/src/server/fetch_latest_document_version.rs
@@ -9,12 +9,20 @@ use anyhow::anyhow;
 use axum::extract::Path;
 use axum::extract::State;
 use axum::Json;
+use axum_extra::headers::authorization::Bearer;
+use axum_extra::headers::Authorization;
+use axum_extra::TypedHeader;
+
+use super::auth::auth;
 
 #[axum::debug_handler]
 pub async fn fetch_latest_document_version(
+    TypedHeader(auth_header): TypedHeader<Authorization<Bearer>>,
     Path((vault_id, document_id)): Path<(VaultId, DocumentId)>,
     State(state): State<AppState>,
 ) -> Result<Json<DocumentVersion>, SyncServerError> {
+    auth(&state, auth_header.token())?;
+
     let latest_version = state
         .database
         .get_latest_document_version(&vault_id, &document_id, None)
diff --git a/backend/sync_server/src/server/fetch_latest_documents.rs b/backend/sync_server/src/server/fetch_latest_documents.rs
index d0bb23a..09a4cf3 100644
--- a/backend/sync_server/src/server/fetch_latest_documents.rs
+++ b/backend/sync_server/src/server/fetch_latest_documents.rs
@@ -6,12 +6,20 @@ use crate::errors::SyncServerError;
 use axum::extract::Path;
 use axum::extract::State;
 use axum::Json;
+use axum_extra::headers::authorization::Bearer;
+use axum_extra::headers::Authorization;
+use axum_extra::TypedHeader;
+
+use super::auth::auth;
 
 #[axum::debug_handler]
 pub async fn fetch_latest_documents(
+    TypedHeader(auth_header): TypedHeader<Authorization<Bearer>>,
     Path(vault_id): Path<VaultId>,
     State(state): State<AppState>,
 ) -> Result<Json<Vec<DocumentVersionWithoutContent>>, SyncServerError> {
+    auth(&state, auth_header.token())?;
+
     let latest_version = state
         .database
         .get_latest_documents(&vault_id, None)
diff --git a/backend/sync_server/src/server/update_document.rs b/backend/sync_server/src/server/update_document.rs
index 626b057..7b84452 100644
--- a/backend/sync_server/src/server/update_document.rs
+++ b/backend/sync_server/src/server/update_document.rs
@@ -12,17 +12,24 @@ use anyhow::Context;
 use axum::extract::Path;
 use axum::extract::State;
 use axum::Json;
+use axum_extra::headers::authorization::Bearer;
+use axum_extra::headers::Authorization;
+use axum_extra::TypedHeader;
 use sync_lib::base64_to_bytes;
 use sync_lib::base64_to_string;
 
+use super::auth::auth;
 use super::requests::UpdateDocumentVersion;
 
 #[axum::debug_handler]
 pub async fn update_document(
+    TypedHeader(auth_header): TypedHeader<Authorization<Bearer>>,
     Path((vault_id, document_id)): Path<(VaultId, DocumentId)>,
     State(state): State<AppState>,
     Json(request): Json<UpdateDocumentVersion>,
 ) -> Result<Json<DocumentVersionWithoutContent>, SyncServerError> {
+    auth(&state, auth_header.token())?;
+
     let parent = state
         .database
         .get_document_version(&vault_id, &document_id, &request.parent_version_id, None)