strawberries/frangipane-backend
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

reworked api errors, now returning proper error codes

Browse Source
This commit is contained in:
eiiko6
2026-01-28 19:51:23 +01:00
parent 30dc7475c2
commit fbf7eea59a
12 changed files with 463 additions and 563 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
src/routes/users.rs
View File

@@ -12,13 +12,12 @@ use uuid::Uuid;
use validator::ValidateEmail;
use crate::{
AppConfig,
AppConfig, MAX_USERNAME_LENGTH,
auth::{create_jwt, hash_password, validate_token, verify_jwt, verify_password},
db::{user_id_from_uuid, username_from_uuid},
errors::APIError,
};
const DUMMY_HASH: &str = "$argon2id$v=19$m=4096,t=3,p=1$YWFhYWFhYWFhYWFhYWFhYQ$aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
#[derive(sqlx::FromRow, serde::Serialize)]
pub struct User {
pub uuid: Uuid,
@@ -92,14 +91,15 @@ async fn registration_guard(
pub async fn login(
Extension(db): Extension<PgPool>,
Json(payload): Json<LoginPayload>,
) -> Result<Json<LoginResponse>, (StatusCode, String)> {
) -> Result<Json<LoginResponse>, APIError> {
const DUMMY_HASH: &str = "$argon2id$v=19$m=4096,t=3,p=1$YWFhYWFhYWFhYWFhYWFhYQ$aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
let user = sqlx::query_as::<_, User>(
"SELECT uuid, email, username, password_hash FROM user_ WHERE email = $1",
)
.bind(&payload.email)
.fetch_optional(&db)
.await
.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB error".into()))?;
.await?;
let (user_uuid, password_hash) = if let Some(u) = user {
(u.uuid, u.password_hash)
@@ -109,10 +109,10 @@ pub async fn login(
};
if !verify_password(&password_hash, &payload.password) {
return Err((StatusCode::UNAUTHORIZED, "Invalid credentials".into()));
return Err(APIError::WrongCredentials);
}
let token = create_jwt(user_uuid).map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e))?;
let token = create_jwt(user_uuid)?;
let username = username_from_uuid(&db, user_uuid).await?;
Ok(Json(LoginResponse {
@@ -126,31 +126,27 @@ pub async fn login(
pub async fn register_user(
Extension(db): Extension<PgPool>,
Json(payload): Json<NewUserPayload>,
) -> Result<(StatusCode, Json<LoginResponse>), (StatusCode, String)> {
) -> Result<(StatusCode, Json<LoginResponse>), APIError> {
if payload.email.is_empty() || payload.username.is_empty() || payload.password.is_empty() {
return Err((
StatusCode::BAD_REQUEST,
"Cannot create a user with empty fields".into(),
));
return Err(APIError::EmptyFields);
}
if !ValidateEmail::validate_email(&payload.email) {
return Err((StatusCode::BAD_REQUEST, "Invalid email format".into()));
return Err(APIError::InvalidEmail);
}
{
let username_length = payload.username.len();
if username_length > MAX_USERNAME_LENGTH || username_length < 1 {
return Err(APIError::UsernameLength);
}
}
if payload.password.len() < 8 {
return Err((
StatusCode::BAD_REQUEST,
"Password must be at least 8 characters long".into(),
));
return Err(APIError::PasswordTooShort);
}
let password_hash = hash_password(&payload.password).map_err(|_| {
(
StatusCode::INTERNAL_SERVER_ERROR,
"Failed to hash password".into(),
)
})?;
let password_hash = hash_password(&payload.password)?;
let user_uuid = uuid::Uuid::now_v7();
@@ -167,16 +163,17 @@ pub async fn register_user(
.map_err(|e| {
if let Some(db_err) = e.as_database_error() {
if db_err.code().map(|c| c == "23505").unwrap_or(false) {
return (
StatusCode::CONFLICT,
"Email or username already taken".into(),
);
match db_err.constraint() {
Some("user__username_key") => return APIError::UsernameTaken,
Some("user__email_key") => return APIError::EmailTaken,
_ => return APIError::Internal("".to_string()), // TODO: handle this case
}
}
}
(StatusCode::INTERNAL_SERVER_ERROR, e.to_string())
APIError::DatabaseError(e)
})?;
let token = create_jwt(user_uuid).map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e))?;
let token = create_jwt(user_uuid)?;
Ok((
StatusCode::CREATED,
@@ -193,53 +190,33 @@ pub async fn update_user(
headers: HeaderMap,
Extension(db): Extension<PgPool>,
Json(payload): Json<UpdateUserPayoad>,
) -> Result<(StatusCode, Json<UpdateUserResponse>), (StatusCode, String)> {
) -> Result<(StatusCode, Json<UpdateUserResponse>), APIError> {
let claims = verify_jwt(headers)?;
if payload.email.is_empty() || payload.username.is_empty() {
return Err((
StatusCode::BAD_REQUEST,
"Missing username or email fields".into(),
));
return Err(APIError::EmptyFields);
}
if !ValidateEmail::validate_email(&payload.email) {
return Err((StatusCode::BAD_REQUEST, "Invalid email format".into()));
return Err(APIError::InvalidEmail);
}
let user_id = user_id_from_uuid(&db, claims.sub).await?;
let mut tx = db
.begin()
.await
.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB error".into()))?;
let mut tx = db.begin().await?;
if !payload.password.is_empty() {
if payload.password.len() < 8 {
return Err((
StatusCode::BAD_REQUEST,
"Password must be at least 8 characters long".into(),
));
return Err(APIError::PasswordTooShort);
}
let password_hash = hash_password(&payload.password).map_err(|_| {
(
StatusCode::INTERNAL_SERVER_ERROR,
"Failed to hash password".into(),
)
})?;
let password_hash = hash_password(&payload.password)?;
sqlx::query("UPDATE user_ SET password_hash = $1 WHERE id = $2")
.bind(password_hash)
.bind(user_id)
.execute(&mut *tx)
.await
.map_err(|e| {
return (
StatusCode::INTERNAL_SERVER_ERROR,
format!("Failed to update password: {e}"),
);
})?;
.await?;
}
sqlx::query("UPDATE user_ SET username = $1, email = $2 WHERE id = $3")
@@ -251,21 +228,17 @@ pub async fn update_user(
.map_err(|e| {
if let Some(db_err) = e.as_database_error() {
if db_err.code().map(|c| c == "23505").unwrap_or(false) {
return (
StatusCode::CONFLICT,
"Email or username already taken".into(),
);
match db_err.constraint() {
Some("user__username_key") => return APIError::UsernameTaken,
Some("user__email_key") => return APIError::EmailTaken,
_ => return APIError::Internal("".to_string()), // TODO: handle this case
}
}
}
(StatusCode::INTERNAL_SERVER_ERROR, e.to_string())
APIError::DatabaseError(e)
})?;
tx.commit().await.map_err(|_| {
(
StatusCode::INTERNAL_SERVER_ERROR,
"Could not update account".into(),
)
})?;
tx.commit().await?;
Ok((
StatusCode::CREATED,
@@ -281,7 +254,7 @@ async fn upload_avatar(
Extension(db): Extension<PgPool>,
Extension(config): Extension<Arc<AppConfig>>,
body: axum::body::Bytes,
) -> Result<StatusCode, (StatusCode, String)> {
) -> Result<StatusCode, APIError> {
let claims = verify_jwt(headers)?;
let user_id = user_id_from_uuid(&db, claims.sub).await?;
@@ -292,31 +265,19 @@ async fn upload_avatar(
let filename = format!("{}.{}", claims.sub, file_extension);
let full_path = std::path::Path::new(&base_dir).join(&filename);
tokio::fs::create_dir_all(&base_dir).await.map_err(|e| {
tracing::error!("Failed to create storage: {}", e);
(
StatusCode::INTERNAL_SERVER_ERROR,
"Failed to upload file".into(),
)
})?;
tokio::fs::create_dir_all(&base_dir)
.await
.map_err(|e| APIError::Internal(format!("Failed to create storage: {e}")))?;
tokio::fs::write(&full_path, body).await.map_err(|e| {
tracing::error!("Failed to save file: {}", e);
(
StatusCode::INTERNAL_SERVER_ERROR,
"Failed to upload file".into(),
)
})?;
tokio::fs::write(&full_path, body)
.await
.map_err(|e| APIError::Internal(format!("Failed to save file: {e}")))?;
sqlx::query("UPDATE user_ SET avatar_url = $1 WHERE id = $2")
.bind(filename)
.bind(user_id)
.execute(&db)
.await
.map_err(|e| {
tracing::error!("DB error: {}", e);
(StatusCode::INTERNAL_SERVER_ERROR, "DB erorr".into())
})?;
.await?;
Ok(StatusCode::OK)
}
@@ -325,22 +286,18 @@ async fn upload_avatar(
async fn get_avatar(
Path(uuid): Path<Uuid>,
Extension(config): Extension<Arc<AppConfig>>,
) -> Result<Response, (StatusCode, String)> {
) -> Result<Response, APIError> {
let base_dir = &config.avatar_dir;
let filename = format!("{}.png", uuid);
let full_path = std::path::Path::new(&base_dir).join(filename);
if !full_path.exists() {
return Err((StatusCode::NOT_FOUND, "Avatar not found".into()));
return Err(APIError::AvatarNotFound);
}
let file_contents = tokio::fs::read(&full_path).await.map_err(|e| {
tracing::error!("Could not read avatar file: {}", e);
(
StatusCode::INTERNAL_SERVER_ERROR,
"Could not read file".into(),
)
})?;
let file_contents = tokio::fs::read(&full_path)
.await
.map_err(|e| APIError::Internal(format!("Could not read avatar file: {e}")))?;
Ok(Response::builder()
.header("Content-Type", "image/png")