feat: adding mfa verifying as a data route in data api

finnish-app · Jul 8, 2024 · e61c174 · e61c174
1 parent a4b18e2
commit e61c174
Show file tree

Hide file tree

Showing 7 changed files with 30 additions and 8 deletions.
diff --git a/flake.nix b/flake.nix
@@ -48,7 +48,7 @@
             buildInputs = [
               bacon
               cargo-nextest
-              cargo-shuttle
+              # cargo-shuttle
               jq
               nixpkgs-fmt
               openssl

diff --git a/src/data/mod.rs b/src/data/mod.rs
@@ -1,2 +1,2 @@
 pub mod router;
-mod service;
+pub mod service;
diff --git a/src/data/router/auth.rs b/src/data/router/auth.rs
@@ -0,0 +1,19 @@
+use std::sync::Arc;
+
+use askama_axum::IntoResponse;
+use axum::{extract::State, routing::post, Json, Router};
+
+use crate::{auth::AuthSession, hypermedia::schema::auth::MfaTokenForm, AppState};
+
+pub fn private_router() -> Router<Arc<AppState>> {
+    Router::new().route("/api/auth/mfa", post(mfa_verify))
+}
+
+async fn mfa_verify(
+    auth_session: AuthSession,
+    State(shared_state): State<Arc<AppState>>,
+    Json(mfa_token): Json<MfaTokenForm>,
+) -> impl IntoResponse {
+    crate::hypermedia::service::auth::mfa_verify(auth_session, &shared_state.pool, mfa_token.token)
+        .await
+}
diff --git a/src/data/router.rs → src/data/router/expenses.rs b/src/data/router.rs → src/data/router/expenses.rs
@@ -13,7 +13,7 @@ use crate::{
     AppState,
 };
 
-pub fn data_router() -> Router<Arc<AppState>> {
+pub fn router() -> Router<Arc<AppState>> {
     Router::new()
         .route("/api/expenses", get(get_expenses).post(insert_expense))
         .route(

diff --git a/src/data/router/mod.rs b/src/data/router/mod.rs
@@ -0,0 +1,2 @@
+pub mod auth;
+pub mod expenses;
diff --git a/src/hypermedia/mod.rs b/src/hypermedia/mod.rs
@@ -1,3 +1,3 @@
 pub mod router;
-mod schema;
-mod service;
+pub mod schema;
+pub mod service;
diff --git a/src/main.rs b/src/main.rs
@@ -121,13 +121,14 @@ async fn axum(
 
     let shared_state = Arc::new(AppState { pool, secret_store });
     let router = Router::new()
-        .merge(data::router::data_router())
+        .merge(data::router::expenses::router())
         .merge(hypermedia::router::expenses::router())
         .route_layer(permission_required!(
             Backend,
             login_url = "/auth/mfa",
             "restricted:read",
         ))
+        .merge(data::router::auth::private_router())
         .merge(hypermedia::router::auth::private_router())
         .route_layer(permission_required!(
             Backend,
@@ -161,7 +162,7 @@ async fn axum(
                     if res.headers().get("content-security-policy").is_none() {
                         res.headers_mut().insert(
                             "content-security-policy",
-                            generate_defaut_csp()
+                            generate_default_csp()
                                 .to_string()
                                 .parse()
                                 .unwrap_or_else(|_| {
@@ -231,7 +232,7 @@ fn generate_general_helmet_headers() -> Helmet {
 
 /// Returns a default strict Content Security Policy.
 /// It's used whenever a custom CSP is not set.
-fn generate_defaut_csp() -> ContentSecurityPolicy<'static> {
+fn generate_default_csp() -> ContentSecurityPolicy<'static> {
     return ContentSecurityPolicy::new()
         .default_src(vec!["'self'"])
         .base_uri(vec!["'none'"])