ChipsEater/Polevoy_SUBD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Бэкенд: добавлены администраторы и авторизация

Browse Source
This commit is contained in:
Сергей Полевой 2023-05-10 22:02:30 +04:00
parent f7eb534027
commit 202f9711ef
23 changed files with 587 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
backend/Cargo.lock generated
View File

@ -271,8 +271,11 @@ dependencies = [
"chrono",
"dotenv",
"dotenv_codegen",
"nanoid",
"pbkdf2",
"serde",
"serde_json",
"sha2",
"tokio",
"tokio-postgres",
]
@ -884,6 +887,15 @@ dependencies = [
"windows-sys",
]
[[package]]
name = "nanoid"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3ffa00dec017b5b1a8b7cf5e2c008bfda1aa7e0697ac1508b491fdf2622fb4d8"
dependencies = [
"rand",
]
[[package]]
name = "num-integer"
version = "0.1.45"
@ -948,6 +960,16 @@ version = "1.0.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9f746c4065a8fa3fe23974dd82f15431cc8d40779821001404d10d2e79ca7d79"
[[package]]
name = "pbkdf2"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0ca0b5a68607598bf3bad68f32227a8164f6254833f84eafaac409cd6746c31"
dependencies = [
"digest",
"hmac",
]
[[package]]
name = "percent-encoding"
version = "2.2.0"

5
backend/Cargo.toml
View File

@ -14,4 +14,7 @@ chrono = { version = "0.4.24", features = ["serde"] }
serde_json = "1.0"
serde = { version = "1.0.159", features = ["derive"] }
async-trait = "0.1.68"
dotenv_codegen = "0.15.0"
dotenv_codegen = "0.15.0"
pbkdf2 = "0.12.1"
nanoid = "0.4.0"
sha2 = "0.10.6"

28
backend/src/endpoints/auth.rs Normal file
View File

@ -0,0 +1,28 @@
use std::sync::Mutex;
use actix_web::{web, post, Responder, HttpResponse};
use crate::State;
#[derive(serde::Deserialize)]
pub struct LoginInfo {
username: String,
password: String
}
#[post("/login")]
pub async fn login(state: web::Data<Mutex<State>>, json: web::Json<LoginInfo>) -> impl Responder {
match state.lock() {
Ok(guard) => match guard.auth_service.login(guard.administrator_repository.as_ref(), &json.username, &json.password).await {
Ok(token) => HttpResponse::Ok().json(token),
Err(error) => HttpResponse::InternalServerError().json(error.to_string())
},
Err(error) => HttpResponse::InternalServerError().json(error.to_string())
}
}
#[post("/logout")]
pub async fn logout(state: web::Data<Mutex<State>>, json: web::Json<String>) -> impl Responder {
match state.lock() {
Ok(guard) => { guard.auth_service.logout(&json.0); HttpResponse::Ok().body("Success") },
Err(error) => HttpResponse::InternalServerError().json(error.to_string())
}
}

72
backend/src/endpoints/car.rs
View File

@ -1,10 +1,22 @@
use std::sync::Mutex;
use crate::models::car::*;
use actix_web::{web, get, post, patch, delete, Responder, HttpResponse};
use actix_web::{web, get, post, patch, delete, Responder, HttpResponse, HttpRequest};
use crate::State;
#[get("/")]
pub async fn get_cars(state: web::Data<Mutex<State>>) -> impl Responder {
pub async fn get_cars(state: web::Data<Mutex<State>>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.car_repository.read_all().await {
Ok(result) => HttpResponse::Ok().json(result),
@ -15,7 +27,19 @@ pub async fn get_cars(state: web::Data<Mutex<State>>) -> impl Responder {
}
#[get("/{id}")]
pub async fn get_car(state: web::Data<Mutex<State>>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn get_car(state: web::Data<Mutex<State>>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.car_repository.read(path.into_inner().0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -26,7 +50,19 @@ pub async fn get_car(state: web::Data<Mutex<State>>, path: web::Path<(u32, )>) -
}
#[post("/")]
pub async fn create_car(state: web::Data<Mutex<State>>, json: web::Json<BindingCar>) -> impl Responder {
pub async fn create_car(state: web::Data<Mutex<State>>, json: web::Json<BindingCar>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.car_repository.create(json.0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -37,7 +73,19 @@ pub async fn create_car(state: web::Data<Mutex<State>>, json: web::Json<BindingC
}
#[patch("/{id}")]
pub async fn update_car(state: web::Data<Mutex<State>>, json: web::Json<BindingCar>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn update_car(state: web::Data<Mutex<State>>, json: web::Json<BindingCar>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.car_repository.update(path.into_inner().0, json.0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -48,7 +96,19 @@ pub async fn update_car(state: web::Data<Mutex<State>>, json: web::Json<BindingC
}
#[delete("/{id}")]
pub async fn delete_car(state: web::Data<Mutex<State>>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn delete_car(state: web::Data<Mutex<State>>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.car_repository.delete(path.into_inner().0).await {
Ok(result) => HttpResponse::Ok().json(result),

72
backend/src/endpoints/car_station.rs
View File

@ -1,10 +1,22 @@
use std::sync::Mutex;
use crate::models::car_station::*;
use actix_web::{web, get, post, patch, delete, Responder, HttpResponse};
use actix_web::{web, get, post, patch, delete, Responder, HttpResponse, HttpRequest};
use crate::State;
#[get("/")]
pub async fn get_car_stations(state: web::Data<Mutex<State>>) -> impl Responder {
pub async fn get_car_stations(state: web::Data<Mutex<State>>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.car_station_repository.read_all().await {
Ok(result) => HttpResponse::Ok().json(result),
@ -15,7 +27,19 @@ pub async fn get_car_stations(state: web::Data<Mutex<State>>) -> impl Responder
}
#[get("/{id}")]
pub async fn get_car_station(state: web::Data<Mutex<State>>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn get_car_station(state: web::Data<Mutex<State>>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.car_station_repository.read(path.into_inner().0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -26,7 +50,19 @@ pub async fn get_car_station(state: web::Data<Mutex<State>>, path: web::Path<(u3
}
#[post("/")]
pub async fn create_car_station(state: web::Data<Mutex<State>>, json: web::Json<BindingCarStation>) -> impl Responder {
pub async fn create_car_station(state: web::Data<Mutex<State>>, json: web::Json<BindingCarStation>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.car_station_repository.create(json.0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -37,7 +73,19 @@ pub async fn create_car_station(state: web::Data<Mutex<State>>, json: web::Json<
}
#[patch("/{id}")]
pub async fn update_car_station(state: web::Data<Mutex<State>>, json: web::Json<BindingCarStation>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn update_car_station(state: web::Data<Mutex<State>>, json: web::Json<BindingCarStation>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.car_station_repository.update(path.into_inner().0, json.0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -48,7 +96,19 @@ pub async fn update_car_station(state: web::Data<Mutex<State>>, json: web::Json<
}
#[delete("/{id}")]
pub async fn delete_car_station(state: web::Data<Mutex<State>>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn delete_car_station(state: web::Data<Mutex<State>>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.car_station_repository.delete(path.into_inner().0).await {
Ok(result) => HttpResponse::Ok().json(result),

72
backend/src/endpoints/client.rs
View File

@ -1,10 +1,22 @@
use std::sync::Mutex;
use crate::models::client::*;
use actix_web::{web, get, post, patch, delete, Responder, HttpResponse};
use actix_web::{web, get, post, patch, delete, Responder, HttpResponse, HttpRequest};
use crate::State;
#[get("/")]
pub async fn get_clients(state: web::Data<Mutex<State>>) -> impl Responder {
pub async fn get_clients(state: web::Data<Mutex<State>>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.client_repository.read_all().await {
Ok(result) => HttpResponse::Ok().json(result),
@ -15,7 +27,19 @@ pub async fn get_clients(state: web::Data<Mutex<State>>) -> impl Responder {
}
#[get("/{id}")]
pub async fn get_client(state: web::Data<Mutex<State>>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn get_client(state: web::Data<Mutex<State>>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.client_repository.read(path.into_inner().0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -26,7 +50,19 @@ pub async fn get_client(state: web::Data<Mutex<State>>, path: web::Path<(u32, )>
}
#[post("/")]
pub async fn create_client(state: web::Data<Mutex<State>>, json: web::Json<BindingClient>) -> impl Responder {
pub async fn create_client(state: web::Data<Mutex<State>>, json: web::Json<BindingClient>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.client_repository.create(json.0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -37,7 +73,19 @@ pub async fn create_client(state: web::Data<Mutex<State>>, json: web::Json<Bindi
}
#[patch("/{id}")]
pub async fn update_client(state: web::Data<Mutex<State>>, json: web::Json<BindingClient>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn update_client(state: web::Data<Mutex<State>>, json: web::Json<BindingClient>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.client_repository.update(path.into_inner().0, json.0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -48,7 +96,19 @@ pub async fn update_client(state: web::Data<Mutex<State>>, json: web::Json<Bindi
}
#[delete("/{id}")]
pub async fn delete_client(state: web::Data<Mutex<State>>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn delete_client(state: web::Data<Mutex<State>>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.client_repository.delete(path.into_inner().0).await {
Ok(result) => HttpResponse::Ok().json(result),

3
backend/src/endpoints/mod.rs
View File

@ -2,4 +2,5 @@ pub mod client;
pub mod car_station;
pub mod car;
pub mod rent;
pub mod owner;
pub mod owner;
pub mod auth;

72
backend/src/endpoints/owner.rs
View File

@ -1,10 +1,22 @@
use std::sync::Mutex;
use crate::models::client::*;
use actix_web::{web, get, post, patch, delete, Responder, HttpResponse};
use actix_web::{web, get, post, patch, delete, Responder, HttpResponse, HttpRequest};
use crate::State;
#[get("/")]
pub async fn get_owners(state: web::Data<Mutex<State>>) -> impl Responder {
pub async fn get_owners(state: web::Data<Mutex<State>>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.owner_repository.read_all().await {
Ok(result) => HttpResponse::Ok().json(result),
@ -15,7 +27,19 @@ pub async fn get_owners(state: web::Data<Mutex<State>>) -> impl Responder {
}
#[get("/{id}")]
pub async fn get_owner(state: web::Data<Mutex<State>>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn get_owner(state: web::Data<Mutex<State>>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.owner_repository.read(path.into_inner().0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -26,7 +50,19 @@ pub async fn get_owner(state: web::Data<Mutex<State>>, path: web::Path<(u32, )>)
}
#[post("/")]
pub async fn create_owner(state: web::Data<Mutex<State>>, json: web::Json<BindingClient>) -> impl Responder {
pub async fn create_owner(state: web::Data<Mutex<State>>, json: web::Json<BindingClient>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.owner_repository.create(json.0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -37,7 +73,19 @@ pub async fn create_owner(state: web::Data<Mutex<State>>, json: web::Json<Bindin
}
#[patch("/{id}")]
pub async fn update_owner(state: web::Data<Mutex<State>>, json: web::Json<BindingClient>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn update_owner(state: web::Data<Mutex<State>>, json: web::Json<BindingClient>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.owner_repository.update(path.into_inner().0, json.0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -48,7 +96,19 @@ pub async fn update_owner(state: web::Data<Mutex<State>>, json: web::Json<Bindin
}
#[delete("/{id}")]
pub async fn delete_owner(state: web::Data<Mutex<State>>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn delete_owner(state: web::Data<Mutex<State>>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.owner_repository.delete(path.into_inner().0).await {
Ok(result) => HttpResponse::Ok().json(result),

72
backend/src/endpoints/rent.rs
View File

@ -1,10 +1,22 @@
use std::sync::Mutex;
use crate::models::rent::*;
use actix_web::{web, get, post, patch, delete, Responder, HttpResponse};
use actix_web::{web, get, post, patch, delete, Responder, HttpResponse, HttpRequest};
use crate::State;
#[get("/")]
pub async fn get_rents(state: web::Data<Mutex<State>>) -> impl Responder {
pub async fn get_rents(state: web::Data<Mutex<State>>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.rent_repository.read_all().await {
Ok(result) => HttpResponse::Ok().json(result),
@ -15,7 +27,19 @@ pub async fn get_rents(state: web::Data<Mutex<State>>) -> impl Responder {
}
#[get("/{id}")]
pub async fn get_rent(state: web::Data<Mutex<State>>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn get_rent(state: web::Data<Mutex<State>>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.rent_repository.read(path.into_inner().0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -26,7 +50,19 @@ pub async fn get_rent(state: web::Data<Mutex<State>>, path: web::Path<(u32, )>)
}
#[post("/")]
pub async fn create_rent(state: web::Data<Mutex<State>>, json: web::Json<BindingRent>) -> impl Responder {
pub async fn create_rent(state: web::Data<Mutex<State>>, json: web::Json<BindingRent>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.rent_repository.create(json.0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -37,7 +73,19 @@ pub async fn create_rent(state: web::Data<Mutex<State>>, json: web::Json<Binding
}
#[patch("/{id}")]
pub async fn update_rent(state: web::Data<Mutex<State>>, json: web::Json<BindingRent>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn update_rent(state: web::Data<Mutex<State>>, json: web::Json<BindingRent>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.rent_repository.update(path.into_inner().0, json.0).await {
Ok(result) => HttpResponse::Ok().json(result),
@ -48,7 +96,19 @@ pub async fn update_rent(state: web::Data<Mutex<State>>, json: web::Json<Binding
}
#[delete("/{id}")]
pub async fn delete_rent(state: web::Data<Mutex<State>>, path: web::Path<(u32, )>) -> impl Responder {
pub async fn delete_rent(state: web::Data<Mutex<State>>, path: web::Path<(i32, )>, request: HttpRequest) -> impl Responder {
let token = request.headers().get("Authorization");
if token.is_none() {
return HttpResponse::Unauthorized().body("There is no token");
}
let token = token.unwrap();
if let Ok(guard) = state.lock() {
if guard.auth_service.administrator_by_token(guard.administrator_repository.as_ref(), token.to_str().unwrap()).await.is_err() {
return HttpResponse::Unauthorized().body("Invalid token");
}
}
match state.lock() {
Ok(guard) => match guard.rent_repository.delete(path.into_inner().0).await {
Ok(result) => HttpResponse::Ok().json(result),

8
backend/src/lib.rs
View File

@ -1,15 +1,19 @@
use storages::traits::OwnerRepository;
use services::auth::AuthService;
use storages::traits::{OwnerRepository, AdministratorRepository};
use crate::storages::traits::{CarRepository, CarStationRepository, ClientRepository, RentRepository};
pub mod endpoints;
pub mod models;
pub mod storages;
pub mod services;
pub struct State {
pub car_repository: Box<dyn CarRepository + Send>,
pub car_station_repository: Box<dyn CarStationRepository + Send>,
pub client_repository: Box<dyn ClientRepository + Send>,
pub owner_repository: Box<dyn OwnerRepository + Send>,
pub rent_repository: Box<dyn RentRepository + Send>
pub rent_repository: Box<dyn RentRepository + Send>,
pub administrator_repository: Box<dyn AdministratorRepository + Send>,
pub auth_service: AuthService
}

98
backend/src/main.rs
View File

@ -1,8 +1,10 @@
use std::sync::{Arc, Mutex};
use actix_web::{App, HttpServer, web};
use actix_web::web::Data;
use backend::endpoints::auth::*;
use backend::storages::postgres::administrator::PostgresAdministratorRepository;
use dotenv_codegen::dotenv;
use backend::State;
use backend::{State, services};
use tokio_postgres::NoTls;
use backend::storages::postgres::car::PostgresCarRepository;
use backend::storages::postgres::car_station::PostgresCarStationRepository;
@ -18,7 +20,7 @@ use backend::endpoints::owner::*;
#[actix_web::main]
async fn main() -> std::io::Result<()> {
let (client, connection) = tokio_postgres::connect(
&format!("host={} user={} password={} dbname={}", dotenv!("HOST"), dotenv!("USER"), dotenv!("PASSWORD"), dotenv!("DBNAME")),
&format!("host={} user={} password={} dbname={}", dotenv!("HOST"), dotenv!("USER"), dotenv!("PASSWORD"), dotenv!("DBNAMEE")),
NoTls
).await.unwrap();
@ -40,56 +42,66 @@ async fn main() -> std::io::Result<()> {
let rent_repository = PostgresRentRepository { connection: Arc::clone(&client) };
let administrator_repository = PostgresAdministratorRepository { connection: Arc::clone(&client) };
let auth_service = services::auth::AuthService::new();
let state = Data::new(Mutex::new(State {
car_repository: Box::new(car_repository),
car_station_repository: Box::new(car_station_repository),
client_repository: Box::new(client_repository),
owner_repository: Box::new(owner_repository),
rent_repository: Box::new(rent_repository)
rent_repository: Box::new(rent_repository),
administrator_repository: Box::new(administrator_repository),
auth_service
}));
HttpServer::new(move || {
App::new()
.app_data(Data::clone(&state))
.service(
web::scope("/cars")
.service(get_cars)
.service(get_car)
.service(create_car)
.service(update_car)
.service(delete_car)
)
.service(
web::scope("/clients")
.service(get_clients)
.service(get_client)
.service(create_client)
.service(update_client)
.service(delete_client)
)
.service(
web::scope("/owners")
.service(get_owners)
.service(get_owner)
.service(create_owner)
.service(update_owner)
.service(delete_owner)
)
.service(
web::scope("/car_stations")
.service(get_car_stations)
.service(get_car_station)
.service(create_car_station)
.service(update_car_station)
.service(delete_car_station)
)
.service(
web::scope("/rents")
.service(get_rents)
.service(get_rent)
.service(create_rent)
.service(update_rent)
.service(delete_rent)
.service(web::scope("/api")
.service(
web::scope("/cars")
.service(get_cars)
.service(get_car)
.service(create_car)
.service(update_car)
.service(delete_car)
)
.service(
web::scope("/clients")
.service(get_clients)
.service(get_client)
.service(create_client)
.service(update_client)
.service(delete_client)
)
.service(
web::scope("/owners")
.service(get_owners)
.service(get_owner)
.service(create_owner)
.service(update_owner)
.service(delete_owner)
)
.service(
web::scope("/car_stations")
.service(get_car_stations)
.service(get_car_station)
.service(create_car_station)
.service(update_car_station)
.service(delete_car_station)
)
.service(
web::scope("/rents")
.service(get_rents)
.service(get_rent)
.service(create_rent)
.service(update_rent)
.service(delete_rent)
)
.service(login)
.service(logout)
)
})
.bind("127.0.0.1:8080")?

12
backend/src/models/administrator.rs Normal file
View File

@ -0,0 +1,12 @@
use serde::{Serialize, Deserialize};
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Administrator {
pub id: i32,
pub username: String,
pub password: String,
pub name: String,
pub surname: String,
pub middlename: String,
pub car_station_id: i32
}

3
backend/src/models/mod.rs
View File

@ -1,4 +1,5 @@
pub mod client;
pub mod car_station;
pub mod car;
pub mod rent;
pub mod rent;
pub mod administrator;

34
backend/src/services/auth.rs Normal file
View File

@ -0,0 +1,34 @@
use crate::{storages::traits::AdministratorRepository, models::administrator::Administrator};
use nanoid::nanoid;
use sha2::Sha256;
use std::cell::RefCell;
pub struct AuthService {
authed: RefCell<Vec::<(String, i32)>>
}
impl AuthService {
pub fn new() -> Self {
AuthService { authed: RefCell::new(Vec::new()) }
}
pub async fn login(&self, storage: &dyn AdministratorRepository, username: &str, password: &str) -> Result<String, String> {
let administrator = storage.find_by_username(&username).await?;
if pbkdf2::pbkdf2_hmac_array::<Sha256, 32>(password.as_bytes(), dotenv_codegen::dotenv!("SALT").as_bytes(), 4096).iter().map(|x| format!("{:x}", x)).collect::<String>() != administrator.password {
Err("Invalid password or login!".to_owned())
} else {
let token = nanoid!(32);
self.authed.borrow_mut().push((token.clone(), administrator.id));
Ok(token)
}
}
pub fn logout(&self, token: &str) {
self.authed.borrow_mut().retain(|x| x.0 != token);
}
pub async fn administrator_by_token(&self, storage: &dyn AdministratorRepository, token: &str) -> Result<Administrator, String> {
let id = self.authed.borrow().iter().find(|&x| x.0.starts_with(token)).ok_or("Invalid token")?.1;
storage.read(id).await
}
}

1
backend/src/services/mod.rs Normal file
View File

@ -0,0 +1 @@
pub mod auth;

52
backend/src/storages/postgres/administrator.rs Normal file
View File

@ -0,0 +1,52 @@
use tokio_postgres::Client as PgClient;
use std::sync::Arc;
use crate::models::administrator::Administrator;
use crate::storages::traits::AdministratorRepository;
use async_trait::async_trait;
pub struct PostgresAdministratorRepository {
pub connection: Arc<PgClient>
}
#[async_trait]
impl AdministratorRepository for PostgresAdministratorRepository {
async fn read(&self, id: i32) -> Result<Administrator, String> {
let result = self.connection.query(
"SELECT * FROM administrator WHERE id = $1", &[&id]
).await;
if let Ok(rows) = result {
let row = rows.get(0).ok_or("Administrator not found".to_owned())?;
Ok(Administrator {
id: row.get("id"),
username: row.get("username"),
password: row.get("password"),
name: row.get("name"),
surname: row.get("surname"),
middlename: row.get("middlename"),
car_station_id: row.get("car_station_id")
})
} else {
Err("Something gone wrong during reading of Administrator".to_owned())
}
}
async fn find_by_username(&self, username: &str) -> Result<Administrator, String> {
let result = self.connection.query("SELECT * FROM administrator WHERE username LIKE $1", &[&username]).await;
if let Ok(rows) = result {
let row = rows.get(0).ok_or("Administrator not found".to_owned())?;
Ok(Administrator {
id: row.get("id"),
username: row.get("username"),
password: row.get("password"),
name: row.get("name"),
surname: row.get("surname"),
middlename: row.get("middlename"),
car_station_id: row.get("car_station_id")
})
} else {
Err("Something gone wrong during reading of Administrator".to_owned())
}
}
}

6
backend/src/storages/postgres/car.rs
View File

@ -32,7 +32,7 @@ impl CarRepository for PostgresCarRepository {
}
}
async fn read(&self, id: u32) -> Result<Car, String> {
async fn read(&self, id: i32) -> Result<Car, String> {
let result = self.connection.query(
"SELECT * FROM Car WHERE id = $1", &[&id]
).await;
@ -73,7 +73,7 @@ impl CarRepository for PostgresCarRepository {
}
}
async fn update(&self, id: u32, car: BindingCar) -> Result<Car, String> {
async fn update(&self, id: i32, car: BindingCar) -> Result<Car, String> {
let result = self.connection.query(
"UPDATE Car SET brand = $1, model = $2, price = $3, owner_id = $4, car_station_id = $5 WHERE id = $6 RETURNING *",
&[&car.brand, &car.model, &car.price, &car.owner_id, &car.car_station_id, &id]
@ -94,7 +94,7 @@ impl CarRepository for PostgresCarRepository {
}
}
async fn delete(&self, id: u32) -> Result<(), String> {
async fn delete(&self, id: i32) -> Result<(), String> {
let result = self.connection.execute(
"DELETE FROM Car WHERE id = $1",
&[&id]

6
backend/src/storages/postgres/car_station.rs
View File

@ -27,7 +27,7 @@ impl CarStationRepository for PostgresCarStationRepository {
}
}
async fn read(&self, id: u32) -> Result<CarStation, String> {
async fn read(&self, id: i32) -> Result<CarStation, String> {
let result = self.connection.query(
"SELECT * FROM Car_Station WHERE id = $1", &[&id]
).await;
@ -60,7 +60,7 @@ impl CarStationRepository for PostgresCarStationRepository {
}
}
async fn update(&self, id: u32, car_station: BindingCarStation) -> Result<CarStation, String> {
async fn update(&self, id: i32, car_station: BindingCarStation) -> Result<CarStation, String> {
let result = self.connection.query(
"UPDATE Car_Station SET address = $1 WHERE id = $2 RETURNING *",
&[&car_station.address, &id]
@ -77,7 +77,7 @@ impl CarStationRepository for PostgresCarStationRepository {
}
}
async fn delete(&self, id: u32) -> Result<(), String> {
async fn delete(&self, id: i32) -> Result<(), String> {
let result = self.connection.execute(
"DELETE FROM Car_Station WHERE id = $1",
&[&id]

6
backend/src/storages/postgres/client.rs
View File

@ -31,7 +31,7 @@ impl ClientRepository for PostgresClientRepository {
}
}
async fn read(&self, id: u32) -> Result<Client, String> {
async fn read(&self, id: i32) -> Result<Client, String> {
let result= self.connection.query(
"SELECT * FROM Client WHERE id = $1", &[&id]
).await;
@ -71,7 +71,7 @@ impl ClientRepository for PostgresClientRepository {
}
}
async fn update(&self, id: u32, client: BindingClient) -> Result<Client, String> {
async fn update(&self, id: i32, client: BindingClient) -> Result<Client, String> {
let result = self.connection.query(
"UPDATE Client SET name = $1, surname = $2, middlename = $3, phone = $4 \
WHERE id = $5 RETURNING *",
@ -92,7 +92,7 @@ impl ClientRepository for PostgresClientRepository {
}
}
async fn delete(&self, id: u32) -> Result<(), String> {
async fn delete(&self, id: i32) -> Result<(), String> {
let result = self.connection.execute(
"DELETE FROM Client WHERE id = $1",
&[&id]

3
backend/src/storages/postgres/mod.rs
View File

@ -2,4 +2,5 @@ pub mod client;
pub mod car_station;
pub mod car;
pub mod rent;
pub mod owner;
pub mod owner;
pub mod administrator;

6
backend/src/storages/postgres/owner.rs
View File

@ -31,7 +31,7 @@ impl OwnerRepository for PostgresOwnerRepository {
}
}
async fn read(&self, id: u32) -> Result<Client, String> {
async fn read(&self, id: i32) -> Result<Client, String> {
let result= self.connection.query(
"SELECT * FROM Owner WHERE id = $1", &[&id]
).await;
@ -71,7 +71,7 @@ impl OwnerRepository for PostgresOwnerRepository {
}
}
async fn update(&self, id: u32, client: BindingClient) -> Result<Client, String> {
async fn update(&self, id: i32, client: BindingClient) -> Result<Client, String> {
let result = self.connection.query(
"UPDATE Owner SET name = $1, surname = $2, middlename = $3, phone = $4 \
WHERE id = $5 RETURNING *",
@ -92,7 +92,7 @@ impl OwnerRepository for PostgresOwnerRepository {
}
}
async fn delete(&self, id: u32) -> Result<(), String> {
async fn delete(&self, id: i32) -> Result<(), String> {
let result = self.connection.execute(
"DELETE FROM Owner WHERE id = $1",
&[&id]

6
backend/src/storages/postgres/rent.rs
View File

@ -44,7 +44,7 @@ impl RentRepository for PostgresRentRepository {
}
}
async fn read(&self, id: u32) -> Result<Rent, String> {
async fn read(&self, id: i32) -> Result<Rent, String> {
let result = self.connection.query(
"SELECT * FROM Rent WHERE id = $1", &[&id]
).await;
@ -83,7 +83,7 @@ impl RentRepository for PostgresRentRepository {
}
}
async fn update(&self, id: u32, rent: BindingRent) -> Result<Rent, String> {
async fn update(&self, id: i32, rent: BindingRent) -> Result<Rent, String> {
let result = self.connection.query(
"UPDATE Rent SET time_amount = $2, client_id = $3, car_id = $4 WHERE id = $5 RETURNING *",
&[&rent.time_amount, &rent.client_id, &rent.car_id, &id]
@ -103,7 +103,7 @@ impl RentRepository for PostgresRentRepository {
}
}
async fn delete(&self, id: u32) -> Result<(), String> {
async fn delete(&self, id: i32) -> Result<(), String> {
let result = self.connection.execute(
"DELETE FROM Rent WHERE id = $1", &[&id]
).await;

37
backend/src/storages/traits.rs
View File

@ -1,3 +1,4 @@
use crate::models::administrator::Administrator;
use crate::models::client::*;
use crate::models::car_station::*;
use crate::models::car::*;
@ -7,44 +8,50 @@ use async_trait::async_trait;
#[async_trait]
pub trait ClientRepository {
async fn create(&self, client: BindingClient) -> Result<Client, String>;
async fn read(&self, id: u32) -> Result<Client, String>;
async fn read(&self, id: i32) -> Result<Client, String>;
async fn read_all(&self) -> Result<Vec<Client>, String>;
async fn update(&self, id: u32, client: BindingClient) -> Result<Client, String>;
async fn delete(&self, id: u32) -> Result<(), String>;
async fn update(&self, id: i32, client: BindingClient) -> Result<Client, String>;
async fn delete(&self, id: i32) -> Result<(), String>;
}
#[async_trait]
pub trait CarRepository {
async fn create(&self, car: BindingCar) -> Result<Car, String>;
async fn read(&self, id: u32) -> Result<Car, String>;
async fn read(&self, id: i32) -> Result<Car, String>;
async fn read_all(&self) -> Result<Vec<Car>, String>;
async fn update(&self, id: u32, car: BindingCar) -> Result<Car, String>;
async fn delete(&self, id: u32) -> Result<(), String>;
async fn update(&self, id: i32, car: BindingCar) -> Result<Car, String>;
async fn delete(&self, id: i32) -> Result<(), String>;
}
#[async_trait]
pub trait CarStationRepository {
async fn create(&self, car_station: BindingCarStation) -> Result<CarStation, String>;
async fn read(&self, id: u32) -> Result<CarStation, String>;
async fn read(&self, id: i32) -> Result<CarStation, String>;
async fn read_all(&self) -> Result<Vec<CarStation>, String>;
async fn update(&self, id: u32, car_station: BindingCarStation) -> Result<CarStation, String>;
async fn delete(&self, id: u32) -> Result<(), String>;
async fn update(&self, id: i32, car_station: BindingCarStation) -> Result<CarStation, String>;
async fn delete(&self, id: i32) -> Result<(), String>;
}
#[async_trait]
pub trait RentRepository {
async fn create(&self, rent: BindingRent) -> Result<Rent, String>;
async fn read(&self, id: u32) -> Result<Rent, String>;
async fn read(&self, id: i32) -> Result<Rent, String>;
async fn read_all(&self) -> Result<Vec<Rent>, String>;
async fn update(&self, id: u32, rent: BindingRent) -> Result<Rent, String>;
async fn delete(&self, id: u32) -> Result<(), String>;
async fn update(&self, id: i32, rent: BindingRent) -> Result<Rent, String>;
async fn delete(&self, id: i32) -> Result<(), String>;
}
#[async_trait]
pub trait OwnerRepository {
async fn create(&self, client: BindingClient) -> Result<Client, String>;
async fn read(&self, id: u32) -> Result<Client, String>;
async fn read(&self, id: i32) -> Result<Client, String>;
async fn read_all(&self) -> Result<Vec<Client>, String>;
async fn update(&self, id: u32, client: BindingClient) -> Result<Client, String>;
async fn delete(&self, id: u32) -> Result<(), String>;
async fn update(&self, id: i32, client: BindingClient) -> Result<Client, String>;
async fn delete(&self, id: i32) -> Result<(), String>;
}
#[async_trait]
pub trait AdministratorRepository {
async fn read(&self, id: i32) -> Result<Administrator, String>;
async fn find_by_username(&self, username: &str) -> Result<Administrator, String>;
}