web3-proxy/web3_proxy/src/frontend/users.rs

// So the API needs to show for any given user:
// - show balance in USD
// - show deposits history (currency, amounts, transaction id)
// - show number of requests used (so we can calculate average spending over a month, burn rate for a user etc, something like "Your balance will be depleted in xx days)
// - the email address of a user if he opted in to get contacted via email
// - all the monitoring and stats but that will come from someplace else if I understand corectly?
// I wonder how we handle payment
// probably have to do manual withdrawals

use super::errors::FrontendResult;
use super::rate_limit::rate_limit_by_ip;
use crate::{app::Web3ProxyApp, users::new_api_key};
use anyhow::Context;
use axum::{
    extract::{Path, Query},
    response::IntoResponse,
    Extension, Json,
};
use axum_auth::AuthBearer;
use axum_client_ip::ClientIp;
use axum_macros::debug_handler;
use http::StatusCode;
use uuid::Uuid;
// use entities::sea_orm_active_enums::Role;
use entities::{user, user_keys};
use ethers::{prelude::Address, types::Bytes};
use hashbrown::HashMap;
use redis_rate_limit::redis::AsyncCommands;
use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, QueryFilter, TransactionTrait};
use serde::{Deserialize, Serialize};
use siwe::Message;
use std::ops::Add;
use std::sync::Arc;
use time::{Duration, OffsetDateTime};
use ulid::Ulid;

// TODO: how do we customize axum's error response? I think we probably want an enum that implements IntoResponse instead
#[debug_handler]
pub async fn get_login(
    Extension(app): Extension<Arc<Web3ProxyApp>>,
    ClientIp(ip): ClientIp,
    // TODO: what does axum's error handling look like if the path fails to parse?
    // TODO: allow ENS names here?
    Path(mut params): Path<HashMap<String, String>>,
) -> FrontendResult {
    let _ip = rate_limit_by_ip(&app, ip).await?;

    // at first i thought about checking that user_address is in our db
    // but theres no need to separate the registration and login flows
    // its a better UX to just click "login with ethereum" and have the account created if it doesn't exist
    // we can prompt for an email and and payment after they log in

    // create a message and save it in redis

    // TODO: how many seconds? get from config?
    // TODO: while developing, we put a giant number here
    let expire_seconds: usize = 28800;

    let nonce = Ulid::new();

    let issued_at = OffsetDateTime::now_utc();

    let expiration_time = issued_at.add(Duration::new(expire_seconds as i64, 0));

    // TODO: proper errors. the first unwrap should be impossible, but the second will happen with bad input
    let user_address: Address = params.remove("user_address").unwrap().parse().unwrap();

    // TODO: get most of these from the app config
    let message = Message {
        domain: "staging.llamanodes.com".parse().unwrap(),
        address: user_address.to_fixed_bytes(),
        statement: Some("🦙🦙🦙🦙🦙".to_string()),
        uri: "https://staging.llamanodes.com/".parse().unwrap(),
        version: siwe::Version::V1,
        chain_id: 1,
        expiration_time: Some(expiration_time.into()),
        issued_at: issued_at.into(),
        nonce: nonce.to_string(),
        not_before: None,
        request_id: None,
        resources: vec![],
    };

    let session_key = format!("pending:{}", nonce);

    // TODO: if no redis server, store in local cache?
    // the address isn't enough. we need to save the actual message so we can read the nonce
    // TODO: what message format is the most efficient to store in redis? probably eip191_string
    // we add 1 to expire_seconds just to be sure redis has the key for the full expiration_time
    app.redis_conn()
        .await?
        .set_ex(session_key, message.to_string(), expire_seconds + 1)
        .await?;

    // there are multiple ways to sign messages and not all wallets support them
    let message_eip = params
        .remove("message_eip")
        .unwrap_or_else(|| "eip4361".to_string());

    let message: String = match message_eip.as_str() {
        "eip4361" => message.to_string(),
        // https://github.com/spruceid/siwe/issues/98
        "eip191_string" => Bytes::from(message.eip191_string().unwrap()).to_string(),
        "eip191_hash" => Bytes::from(&message.eip191_hash().unwrap()).to_string(),
        _ => return Err(anyhow::anyhow!("invalid message eip given").into()),
    };

    Ok(message.into_response())
}

/// Query params to our `post_login` handler.
#[derive(Debug, Deserialize)]
pub struct PostLoginQuery {
    invite_code: Option<String>,
}

/// JSON body to our `post_login` handler.
#[derive(Deserialize)]
pub struct PostLogin {
    address: Address,
    msg: String,
    sig: Bytes,
    // TODO: do we care about these? we should probably check the version is something we expect
    // version: String,
    // signer: String,
}

#[derive(Serialize)]
pub struct PostLoginResponse {
    bearer_token: Ulid,
    // TODO: change this Ulid
    api_key: Uuid,
}

#[debug_handler]
/// Post to the user endpoint to register or login.
pub async fn post_login(
    ClientIp(ip): ClientIp,
    Extension(app): Extension<Arc<Web3ProxyApp>>,
    Json(payload): Json<PostLogin>,
    Query(query): Query<PostLoginQuery>,
) -> FrontendResult {
    let _ip = rate_limit_by_ip(&app, ip).await?;

    if let Some(invite_code) = &app.config.invite_code {
        // we don't do per-user referral codes because we shouldn't collect what we don't need.
        // we don't need to build a social graph between addresses like that.
        if query.invite_code.as_ref() != Some(invite_code) {
            todo!("if address is already registered, allow login! else, error")
        }
    }

    // we can't trust that they didn't tamper with the message in some way
    let their_msg: siwe::Message = payload.msg.parse().unwrap();

    let their_sig: [u8; 65] = payload.sig.as_ref().try_into().unwrap();

    // fetch the message we gave them from our redis
    // TODO: use getdel
    let our_msg: String = app.redis_conn().await?.get(&their_msg.nonce).await?;

    let our_msg: siwe::Message = our_msg.parse().unwrap();

    // check the domain and a nonce. let timestamp be automatic
    if let Err(e) = their_msg.verify(their_sig, Some(&our_msg.domain), Some(&our_msg.nonce), None) {
        // message cannot be correctly authenticated
        todo!("proper error message: {}", e)
    }

    let bearer_token = Ulid::new();

    let db = app.db_conn.as_ref().unwrap();

    // TODO: limit columns or load whole user?
    let u = user::Entity::find()
        .filter(user::Column::Address.eq(our_msg.address.as_ref()))
        .one(db)
        .await
        .unwrap();

    let (u_id, response) = match u {
        None => {
            let txn = db.begin().await?;

            // the only thing we need from them is an address
            // everything else is optional
            let u = user::ActiveModel {
                address: sea_orm::Set(payload.address.to_fixed_bytes().into()),
                ..Default::default()
            };

            let u = u.insert(&txn).await?;

            let uk = user_keys::ActiveModel {
                user_id: sea_orm::Set(u.id),
                api_key: sea_orm::Set(new_api_key()),
                requests_per_minute: sea_orm::Set(app.config.default_requests_per_minute),
                ..Default::default()
            };

            // TODO: if this fails, revert adding the user, too
            let uk = uk
                .insert(&txn)
                .await
                .context("Failed saving new user key")?;

            txn.commit().await?;

            let response_json = PostLoginResponse {
                bearer_token,
                api_key: uk.api_key,
            };

            let response = (StatusCode::CREATED, Json(response_json)).into_response();

            (u.id, response)
        }
        Some(u) => {
            // the user is already registered
            // TODO: what if the user has multiple keys?
            let uk = user_keys::Entity::find()
                .filter(user_keys::Column::UserId.eq(u.id))
                .one(db)
                .await
                .context("failed loading user's key")?
                .unwrap();

            let response_json = PostLoginResponse {
                bearer_token,
                api_key: uk.api_key,
            };

            let response = (StatusCode::OK, Json(response_json)).into_response();

            (u.id, response)
        }
    };

    // TODO: set a session cookie with the bearer token?
    // save the bearer token in redis with a long (7 or 30 day?) expiry. or in database?
    let mut redis_conn = app.redis_conn().await?;

    let bearer_key = format!("bearer:{}", bearer_token);

    redis_conn.set(bearer_key, u_id.to_string()).await?;

    Ok(response)
}

/// the JSON input to the `post_user` handler
#[derive(Deserialize)]
pub struct PostUser {
    primary_address: Address,
    // TODO: make sure the email address is valid. probably have a "verified" column in the database
    email: Option<String>,
    // TODO: make them sign this JSON? cookie in session id is hard because its on a different domain
}

#[debug_handler]
/// post to the user endpoint to modify your account
pub async fn post_user(
    AuthBearer(bearer_token): AuthBearer,
    ClientIp(ip): ClientIp,
    Extension(app): Extension<Arc<Web3ProxyApp>>,
    Json(payload): Json<PostUser>,
) -> FrontendResult {
    let _ip = rate_limit_by_ip(&app, ip).await?;

    ProtectedAction::PostUser
        .verify(app.as_ref(), bearer_token, &payload.primary_address)
        .await?;

    // let user = user::ActiveModel {
    //     address: sea_orm::Set(payload.address.to_fixed_bytes().into()),
    //     email: sea_orm::Set(payload.email),
    //     ..Default::default()
    // };

    todo!("finish post_user");
}

// TODO: what roles should exist?
enum ProtectedAction {
    PostUser,
}

impl ProtectedAction {
    async fn verify(
        self,
        app: &Web3ProxyApp,
        bearer_token: String,
        primary_address: &Address,
    ) -> anyhow::Result<()> {
        // get the attached address from redis for the given auth_token.
        let bearer_key = format!("bearer:{}", bearer_token);

        let mut redis_conn = app.redis_conn().await?;

        // TODO: is this type correct?
        let u_id: Option<u64> = redis_conn.get(bearer_key).await?;

        // TODO: if auth_address == primary_address, allow
        // TODO: if auth_address != primary_address, only allow if they are a secondary user with the correct role
        todo!("verify token for the given user");
    }
}
just do one app for now 2022-07-14 00:49:57 +03:00			`// So the API needs to show for any given user:`
			`// - show balance in USD`
			`// - show deposits history (currency, amounts, transaction id)`
			`// - show number of requests used (so we can calculate average spending over a month, burn rate for a user etc, something like "Your balance will be depleted in xx days)`
			`// - the email address of a user if he opted in to get contacted via email`
			`// - all the monitoring and stats but that will come from someplace else if I understand corectly?`
			`// I wonder how we handle payment`
			`// probably have to do manual withdrawals`

delete unused code after the rate limit refactor 2022-08-21 12:44:53 +03:00			`use super::errors::FrontendResult;`
dry rate_limit_by_x 2022-08-21 12:39:38 +03:00			`use super::rate_limit::rate_limit_by_ip;`
more use login things 2022-08-27 08:42:25 +03:00			`use crate::{app::Web3ProxyApp, users::new_api_key};`
			`use anyhow::Context;`
better redirect and jsonrpc handling 2022-08-11 04:53:27 +03:00			`use axum::{`
it compiles 2022-08-21 11:18:57 +03:00			`extract::{Path, Query},`
delete unused code after the rate limit refactor 2022-08-21 12:44:53 +03:00			`response::IntoResponse,`
better redirect and jsonrpc handling 2022-08-11 04:53:27 +03:00			`Extension, Json,`
			`};`
dry redis connections and use bearer tokens 2022-08-23 21:48:27 +03:00			`use axum_auth::AuthBearer;`
rate limiting on user key 2022-08-04 04:10:27 +03:00			`use axum_client_ip::ClientIp;`
error refactor for user endpoints 2022-08-16 22:29:00 +03:00			`use axum_macros::debug_handler;`
more use login things 2022-08-27 08:42:25 +03:00			`use http::StatusCode;`
			`use uuid::Uuid;`
rearrange code 2022-08-24 02:13:56 +03:00			`// use entities::sea_orm_active_enums::Role;`
more use login things 2022-08-27 08:42:25 +03:00			`use entities::{user, user_keys};`
rate limiting on user key 2022-08-04 04:10:27 +03:00			`use ethers::{prelude::Address, types::Bytes};`
multiple ways to sign 2022-08-19 23:18:12 +03:00			`use hashbrown::HashMap;`
half the login page and better error handling 2022-08-17 01:52:12 +03:00			`use redis_rate_limit::redis::AsyncCommands;`
more use login things 2022-08-27 08:42:25 +03:00			`use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, QueryFilter, TransactionTrait};`
			`use serde::{Deserialize, Serialize};`
half the login page and better error handling 2022-08-17 01:52:12 +03:00			`use siwe::Message;`
better logs and minor cleanup 2022-08-27 05:13:36 +03:00			`use std::ops::Add;`
rate limiting on user key 2022-08-04 04:10:27 +03:00			`use std::sync::Arc;`
half the login page and better error handling 2022-08-17 01:52:12 +03:00			`use time::{Duration, OffsetDateTime};`
it compiles 2022-08-21 11:18:57 +03:00			`use ulid::Ulid;`

cache api keys that are not in the database 2022-08-17 00:10:09 +03:00			`// TODO: how do we customize axum's error response? I think we probably want an enum that implements IntoResponse instead`
error refactor for user endpoints 2022-08-16 22:29:00 +03:00			`#[debug_handler]`
cache api keys that are not in the database 2022-08-17 00:10:09 +03:00			`pub async fn get_login(`
			`Extension(app): Extension<Arc<Web3ProxyApp>>,`
it compiles 2022-08-17 00:43:39 +03:00			`ClientIp(ip): ClientIp,`
half the login page and better error handling 2022-08-17 01:52:12 +03:00			`// TODO: what does axum's error handling look like if the path fails to parse?`
			`// TODO: allow ENS names here?`
multiple ways to sign 2022-08-19 23:18:12 +03:00			`Path(mut params): Path<HashMap<String, String>>,`
it compiles 2022-08-17 00:43:39 +03:00			`) -> FrontendResult {`
better logs and minor cleanup 2022-08-27 05:13:36 +03:00			`let _ip = rate_limit_by_ip(&app, ip).await?;`
it compiles 2022-08-17 00:43:39 +03:00
			`// at first i thought about checking that user_address is in our db`
it compiles 2022-08-21 11:18:57 +03:00			`// but theres no need to separate the registration and login flows`
it compiles 2022-08-17 00:43:39 +03:00			`// its a better UX to just click "login with ethereum" and have the account created if it doesn't exist`
			`// we can prompt for an email and and payment after they log in`

it compiles 2022-08-21 11:18:57 +03:00			`// create a message and save it in redis`

half the login page and better error handling 2022-08-17 01:52:12 +03:00			`// TODO: how many seconds? get from config?`
dry redis connections and use bearer tokens 2022-08-23 21:48:27 +03:00			`// TODO: while developing, we put a giant number here`
			`let expire_seconds: usize = 28800;`
half the login page and better error handling 2022-08-17 01:52:12 +03:00
it compiles 2022-08-21 11:18:57 +03:00			`let nonce = Ulid::new();`
half the login page and better error handling 2022-08-17 01:52:12 +03:00
			`let issued_at = OffsetDateTime::now_utc();`

			`let expiration_time = issued_at.add(Duration::new(expire_seconds as i64, 0));`

multiple ways to sign 2022-08-19 23:18:12 +03:00			`// TODO: proper errors. the first unwrap should be impossible, but the second will happen with bad input`
			`let user_address: Address = params.remove("user_address").unwrap().parse().unwrap();`
it compiles 2022-08-17 00:43:39 +03:00
half the login page and better error handling 2022-08-17 01:52:12 +03:00			`// TODO: get most of these from the app config`
			`let message = Message {`
			`domain: "staging.llamanodes.com".parse().unwrap(),`
			`address: user_address.to_fixed_bytes(),`
			`statement: Some("🦙🦙🦙🦙🦙".to_string()),`
			`uri: "https://staging.llamanodes.com/".parse().unwrap(),`
			`version: siwe::Version::V1,`
			`chain_id: 1,`
			`expiration_time: Some(expiration_time.into()),`
			`issued_at: issued_at.into(),`
			`nonce: nonce.to_string(),`
			`not_before: None,`
			`request_id: None,`
			`resources: vec![],`
			`};`

			`let session_key = format!("pending:{}", nonce);`

			`// TODO: if no redis server, store in local cache?`
it compiles 2022-08-21 11:18:57 +03:00			`// the address isn't enough. we need to save the actual message so we can read the nonce`
			`// TODO: what message format is the most efficient to store in redis? probably eip191_string`
dry redis connections and use bearer tokens 2022-08-23 21:48:27 +03:00			`// we add 1 to expire_seconds just to be sure redis has the key for the full expiration_time`
			`app.redis_conn()`
			`.await?`
			`.set_ex(session_key, message.to_string(), expire_seconds + 1)`
half the login page and better error handling 2022-08-17 01:52:12 +03:00			`.await?;`

multiple ways to sign 2022-08-19 23:18:12 +03:00			`// there are multiple ways to sign messages and not all wallets support them`
			`let message_eip = params`
			`.remove("message_eip")`
			`.unwrap_or_else(\|\| "eip4361".to_string());`

			`let message: String = match message_eip.as_str() {`
			`"eip4361" => message.to_string(),`
			`// https://github.com/spruceid/siwe/issues/98`
			`"eip191_string" => Bytes::from(message.eip191_string().unwrap()).to_string(),`
			`"eip191_hash" => Bytes::from(&message.eip191_hash().unwrap()).to_string(),`
it compiles 2022-08-21 11:18:57 +03:00			`_ => return Err(anyhow::anyhow!("invalid message eip given").into()),`
multiple ways to sign 2022-08-19 23:18:12 +03:00			`};`

			`Ok(message.into_response())`
error refactor for user endpoints 2022-08-16 22:29:00 +03:00			`}`
regenerate entities 2022-08-04 02:17:02 +03:00
it compiles 2022-08-21 11:18:57 +03:00			/// Query params to our `post_login` handler.
			`#[derive(Debug, Deserialize)]`
			`pub struct PostLoginQuery {`
			`invite_code: Option<String>,`
			`}`

			/// JSON body to our `post_login` handler.
			`#[derive(Deserialize)]`
			`pub struct PostLogin {`
			`address: Address,`
			`msg: String,`
			`sig: Bytes,`
dry rate_limit_by_x 2022-08-21 12:39:38 +03:00			`// TODO: do we care about these? we should probably check the version is something we expect`
			`// version: String,`
			`// signer: String,`
it compiles 2022-08-21 11:18:57 +03:00			`}`

more use login things 2022-08-27 08:42:25 +03:00			`#[derive(Serialize)]`
			`pub struct PostLoginResponse {`
			`bearer_token: Ulid,`
			`// TODO: change this Ulid`
			`api_key: Uuid,`
			`}`

cache api keys that are not in the database 2022-08-17 00:10:09 +03:00			`#[debug_handler]`
it compiles 2022-08-21 11:18:57 +03:00			`/// Post to the user endpoint to register or login.`
			`pub async fn post_login(`
rate limiting on user key 2022-08-04 04:10:27 +03:00			`ClientIp(ip): ClientIp,`
it compiles 2022-08-21 11:18:57 +03:00			`Extension(app): Extension<Arc<Web3ProxyApp>>,`
			`Json(payload): Json<PostLogin>,`
			`Query(query): Query<PostLoginQuery>,`
dry rate_limit_by_x 2022-08-21 12:39:38 +03:00			`) -> FrontendResult {`
better logs and minor cleanup 2022-08-27 05:13:36 +03:00			`let _ip = rate_limit_by_ip(&app, ip).await?;`
rate limiting on user key 2022-08-04 04:10:27 +03:00
it compiles 2022-08-21 11:18:57 +03:00			`if let Some(invite_code) = &app.config.invite_code {`
			`// we don't do per-user referral codes because we shouldn't collect what we don't need.`
			`// we don't need to build a social graph between addresses like that.`
			`if query.invite_code.as_ref() != Some(invite_code) {`
			`todo!("if address is already registered, allow login! else, error")`
			`}`
rate limiting on user key 2022-08-04 04:10:27 +03:00			`}`

it compiles 2022-08-21 11:18:57 +03:00			`// we can't trust that they didn't tamper with the message in some way`
			`let their_msg: siwe::Message = payload.msg.parse().unwrap();`

			`let their_sig: [u8; 65] = payload.sig.as_ref().try_into().unwrap();`

			`// fetch the message we gave them from our redis`
user login almost done 2022-08-17 02:03:50 +03:00			`// TODO: use getdel`
dry redis connections and use bearer tokens 2022-08-23 21:48:27 +03:00			`let our_msg: String = app.redis_conn().await?.get(&their_msg.nonce).await?;`
user login almost done 2022-08-17 02:03:50 +03:00
it compiles 2022-08-21 11:18:57 +03:00			`let our_msg: siwe::Message = our_msg.parse().unwrap();`
user login almost done 2022-08-17 02:03:50 +03:00
it compiles 2022-08-21 11:18:57 +03:00			`// check the domain and a nonce. let timestamp be automatic`
			`if let Err(e) = their_msg.verify(their_sig, Some(&our_msg.domain), Some(&our_msg.nonce), None) {`
rate limiting on user key 2022-08-04 04:10:27 +03:00			`// message cannot be correctly authenticated`
			`todo!("proper error message: {}", e)`
			`}`

more use login things 2022-08-27 08:42:25 +03:00			`let bearer_token = Ulid::new();`
create bearer and save bearer separately 2022-08-23 21:56:19 +03:00
more use login things 2022-08-27 08:42:25 +03:00			`let db = app.db_conn.as_ref().unwrap();`
just do one app for now 2022-07-14 00:49:57 +03:00
more use login things 2022-08-27 08:42:25 +03:00			`// TODO: limit columns or load whole user?`
			`let u = user::Entity::find()`
			`.filter(user::Column::Address.eq(our_msg.address.as_ref()))`
			`.one(db)`
			`.await`
			`.unwrap();`
regenerate entities 2022-08-04 02:17:02 +03:00
more use login things 2022-08-27 08:42:25 +03:00			`let (u_id, response) = match u {`
			`None => {`
			`let txn = db.begin().await?;`
regenerate entities 2022-08-04 02:17:02 +03:00
more use login things 2022-08-27 08:42:25 +03:00			`// the only thing we need from them is an address`
			`// everything else is optional`
			`let u = user::ActiveModel {`
			`address: sea_orm::Set(payload.address.to_fixed_bytes().into()),`
			`..Default::default()`
			`};`
user login almost done 2022-08-17 02:03:50 +03:00
more use login things 2022-08-27 08:42:25 +03:00			`let u = u.insert(&txn).await?;`
user login almost done 2022-08-17 02:03:50 +03:00
more use login things 2022-08-27 08:42:25 +03:00			`let uk = user_keys::ActiveModel {`
			`user_id: sea_orm::Set(u.id),`
			`api_key: sea_orm::Set(new_api_key()),`
			`requests_per_minute: sea_orm::Set(app.config.default_requests_per_minute),`
			`..Default::default()`
			`};`
it compiles 2022-08-21 11:18:57 +03:00
more use login things 2022-08-27 08:42:25 +03:00			`// TODO: if this fails, revert adding the user, too`
			`let uk = uk`
			`.insert(&txn)`
			`.await`
			`.context("Failed saving new user key")?;`
user login almost done 2022-08-17 02:03:50 +03:00
more use login things 2022-08-27 08:42:25 +03:00			`txn.commit().await?;`
use rpm flag when creating a user 2022-08-16 20:47:04 +03:00
more use login things 2022-08-27 08:42:25 +03:00			`let response_json = PostLoginResponse {`
			`bearer_token,`
			`api_key: uk.api_key,`
			`};`

			`let response = (StatusCode::CREATED, Json(response_json)).into_response();`

			`(u.id, response)`
			`}`
			`Some(u) => {`
			`// the user is already registered`
			`// TODO: what if the user has multiple keys?`
			`let uk = user_keys::Entity::find()`
			`.filter(user_keys::Column::UserId.eq(u.id))`
			`.one(db)`
			`.await`
			`.context("failed loading user's key")?`
			`.unwrap();`

			`let response_json = PostLoginResponse {`
			`bearer_token,`
			`api_key: uk.api_key,`
			`};`

			`let response = (StatusCode::OK, Json(response_json)).into_response();`

			`(u.id, response)`
			`}`
check ip rate limit on user post 2022-08-23 21:51:42 +03:00			`};`

more use login things 2022-08-27 08:42:25 +03:00			`// TODO: set a session cookie with the bearer token?`
			`// save the bearer token in redis with a long (7 or 30 day?) expiry. or in database?`
			`let mut redis_conn = app.redis_conn().await?;`

			`let bearer_key = format!("bearer:{}", bearer_token);`

			`redis_conn.set(bearer_key, u_id.to_string()).await?;`
check ip rate limit on user post 2022-08-23 21:51:42 +03:00
create bearer and save bearer separately 2022-08-23 21:56:19 +03:00			`Ok(response)`
just do one app for now 2022-07-14 00:49:57 +03:00			`}`

it compiles 2022-08-21 11:18:57 +03:00			/// the JSON input to the `post_user` handler
just do one app for now 2022-07-14 00:49:57 +03:00			`#[derive(Deserialize)]`
it compiles 2022-08-21 11:18:57 +03:00			`pub struct PostUser {`
add stub verify_auth_token function 2022-08-23 22:08:47 +03:00			`primary_address: Address,`
it compiles 2022-08-21 11:18:57 +03:00			`// TODO: make sure the email address is valid. probably have a "verified" column in the database`
just do one app for now 2022-07-14 00:49:57 +03:00			`email: Option<String>,`
it compiles 2022-08-21 11:18:57 +03:00			`// TODO: make them sign this JSON? cookie in session id is hard because its on a different domain`
			`}`

			`#[debug_handler]`
			`/// post to the user endpoint to modify your account`
			`pub async fn post_user(`
more use login things 2022-08-27 08:42:25 +03:00			`AuthBearer(bearer_token): AuthBearer,`
check ip rate limit on user post 2022-08-23 21:51:42 +03:00			`ClientIp(ip): ClientIp,`
			`Extension(app): Extension<Arc<Web3ProxyApp>>,`
			`Json(payload): Json<PostUser>,`
it compiles 2022-08-21 11:18:57 +03:00			`) -> FrontendResult {`
better logs and minor cleanup 2022-08-27 05:13:36 +03:00			`let _ip = rate_limit_by_ip(&app, ip).await?;`
it compiles 2022-08-21 11:18:57 +03:00
use an enum and database roles for auth checks 2022-08-23 23:42:58 +03:00			`ProtectedAction::PostUser`
more use login things 2022-08-27 08:42:25 +03:00			`.verify(app.as_ref(), bearer_token, &payload.primary_address)`
use an enum and database roles for auth checks 2022-08-23 23:42:58 +03:00			`.await?;`
dry redis connections and use bearer tokens 2022-08-23 21:48:27 +03:00
it compiles 2022-08-21 11:18:57 +03:00			`// let user = user::ActiveModel {`
			`// address: sea_orm::Set(payload.address.to_fixed_bytes().into()),`
			`// email: sea_orm::Set(payload.email),`
			`// ..Default::default()`
			`// };`
check ip rate limit on user post 2022-08-23 21:51:42 +03:00
			`todo!("finish post_user");`
just do one app for now 2022-07-14 00:49:57 +03:00			`}`
add stub verify_auth_token function 2022-08-23 22:08:47 +03:00
use an enum and database roles for auth checks 2022-08-23 23:42:58 +03:00			`// TODO: what roles should exist?`
			`enum ProtectedAction {`
			`PostUser,`
			`}`
add stub verify_auth_token function 2022-08-23 22:08:47 +03:00
use an enum and database roles for auth checks 2022-08-23 23:42:58 +03:00			`impl ProtectedAction {`
			`async fn verify(`
			`self,`
			`app: &Web3ProxyApp,`
more use login things 2022-08-27 08:42:25 +03:00			`bearer_token: String,`
use an enum and database roles for auth checks 2022-08-23 23:42:58 +03:00			`primary_address: &Address,`
			`) -> anyhow::Result<()> {`
more use login things 2022-08-27 08:42:25 +03:00			`// get the attached address from redis for the given auth_token.`
			`let bearer_key = format!("bearer:{}", bearer_token);`

			`let mut redis_conn = app.redis_conn().await?;`

			`// TODO: is this type correct?`
			`let u_id: Option<u64> = redis_conn.get(bearer_key).await?;`

use an enum and database roles for auth checks 2022-08-23 23:42:58 +03:00			`// TODO: if auth_address == primary_address, allow`
			`// TODO: if auth_address != primary_address, only allow if they are a secondary user with the correct role`
			`todo!("verify token for the given user");`
			`}`
add stub verify_auth_token function 2022-08-23 22:08:47 +03:00			`}`