Middleware for validate token

[josejachuf]

I am trying to create a middleware to validate a token. The Token gives me an authentication center (another app) and it comes in the Header

Authorization "Bearer my-token"

I'm not using features = ["jwt-auth"], I directly use jsonwebtoken crate

Taking the example (from jsonwebtoken [https://github.com/Keats/jsonwebtoken/blob/master/examples/validation.rs]) to validate the token I have the following:

const SECRET_KEY: &[u8] = b"SECRET_KEY";

#[derive(Debug, Serialize, Deserialize)]
pub struct JwtClaims {
    user_id: String,
    exp: i64,
}

#[handler]
async fn validate_token(req: &mut Request, res: &mut Response) {
    let headers = req.headers();
    if headers.contains_key("authorization") {
        let token = headers["authorization"].to_str().unwrap();
        let token: Vec<&str> = token.split(' ').collect();

        let validation = Validation::new(Algorithm::HS256);
        let token_data = match decode::<JwtClaims>(
            &token[1],
            &DecodingKey::from_secret(SECRET_KEY),
            &validation,
        ) {
            Ok(c) => c,
            Err(err) => match *err.kind() {
                ErrorKind::InvalidToken => panic!("Token is invalid"),
                ErrorKind::InvalidIssuer => panic!("Issuer is invalid"),
                ErrorKind::ExpiredSignature => panic!("Expired Signature"),
                // ErrorKind::ExpiredSignature => {
                //     res.set_status_code(StatusCode::from_u16(401).unwrap());
                //     res.render("401 Unauthorized!");
                // },
                _ => panic!("Some other errors"),
            },
        };

        println!("token_data.claims {:?}", token_data.claims);
        println!("token_data.header {:?}", token_data.header);
    }
    // println!("Mis headers {:?}", headers);
    res.headers_mut()
        .insert(header::SERVER, HeaderValue::from_static("Salvo"));
}

But it's not really what I want and I need. I want something similar to:

   ```
     // ErrorKind::ExpiredSignature => {
            //     res.set_status_code(StatusCode::from_u16(401).unwrap());
            //     res.render("401 Unauthorized!");
            // },

  What I see is in the documentation:

  https://next.salvo.rs/book/middlewares/jwt-auth.html#sample-code

  How can I do what I want (validate a token given by my CAS) using "jwt-auth" feature?

[josejachuf]

Hi @chrislearn,

this seems to works as I need, only that I must change the answers when the Token is not valid.
Do you see something bad?
What can be improved?

use dotenv;
use reqwest;
/*
use salvo::http::header::{self, HeaderValue};
use salvo::http::StatusCode;
*/
// use serde_json::Value;
use salvo::jwt_auth::HeaderFinder;

use salvo::prelude::*;
use serde::{Deserialize, Serialize};

#[derive(Debug, Serialize, Deserialize)]
pub struct JwtClaims {
    user_id: String,
    exp: i64,
}

#[handler]
pub async fn get_albums(req: &mut Request, res: &mut Response) {
    let client = reqwest::Client::new();
    let url = "https://jsonplaceholder.typicode.com/users/1/albums";
    let result: serde_json::Value = client
        .get(url)
        .send()
        .await
        .unwrap()
        .json()
        .await
        .unwrap();

    res.render(Json(&result));
}


#[handler]
async fn validate_token(req: &mut Request, depot: &mut Depot, res: &mut Response) {
    match depot.jwt_auth_state() {
        JwtAuthState::Authorized => {
            // let data = depot.jwt_auth_data::<JwtClaims>().unwrap();
            // res.render(Text::Plain(format!(
            //     "Hi {}, have logged in successfully!",
            //     data.claims.user_id
            // )));
        }
        JwtAuthState::Unauthorized => {
            res.render("Unauthorized");
        }
        JwtAuthState::Forbidden => {
            res.set_status_error(StatusError::forbidden());
        }
    }
}



#[tokio::main]
async fn main() {
    tracing_subscriber::fmt().init();
    dotenv::dotenv().ok();

    let host = std::env::var("HOST").unwrap_or("127.0.0.1".to_string());
    let port = std::env::var("PORT").unwrap_or("7887".to_string());
    let secret_key = std::env::var("SECRET_KEY").expect("missing SECRET_KEY");
    let listener = format!("{}:{}", host, port);
    print!("Listener: {}\n", listener);

    let auth_handler: JwtAuth<JwtClaims> = JwtAuth::new(secret_key)
        .with_finders(vec![
            Box::new(HeaderFinder::new()),
        ])
        .with_response_error(false);

    let router = Router::with_hoop(auth_handler)
        .push(Router::with_path("albums")
        .hoop(validate_token)
        .get(get_albums));


    Server::new(TcpListener::bind(&listener))
        .serve(router)
        .await;
}

[josejachuf]

In this way it allows me to return in JSON with something more personalized

#[handler]
async fn validate_token(depot: &mut Depot, res: &mut Response) {
    match depot.jwt_auth_state() {
        JwtAuthState::Authorized => {
            // let data = depot.jwt_auth_data::<JwtClaims>().unwrap();
            // res.render(Text::Plain(format!(
            //     "Hi {}, have logged in successfully!",
            //     data.claims.user_id
            // )));
        }
        JwtAuthState::Unauthorized => {
            let resp = r#"{ "msg": "Unauthorized" }"#;
            let resp_json: serde_json::Value = serde_json::from_str(resp).unwrap();
            res.set_status_code(StatusCode::from_u16(401).unwrap());
            res.render(Json(resp_json));
        }
        JwtAuthState::Forbidden => {
            let resp = r#"{ "msg": "Forbidden" }"#;
            let resp_json: serde_json::Value = serde_json::from_str(resp).unwrap();
            res.set_status_code(StatusCode::from_u16(403).unwrap());
            res.render(Json(resp_json));
        }
    }
}