From e65edc7795efb541d73d3d5c9020d7dfe71e8d19 Mon Sep 17 00:00:00 2001 From: Bryan Stitt Date: Tue, 23 Aug 2022 19:08:47 +0000 Subject: [PATCH] add stub verify_auth_token function --- web3_proxy/src/frontend/users.rs | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/web3_proxy/src/frontend/users.rs b/web3_proxy/src/frontend/users.rs index a102fdf3..7c357051 100644 --- a/web3_proxy/src/frontend/users.rs +++ b/web3_proxy/src/frontend/users.rs @@ -207,7 +207,8 @@ pub async fn post_login( /// the JSON input to the `post_user` handler #[derive(Deserialize)] pub struct PostUser { - address: Address, + primary_address: Address, + secondary_address: Option
, // TODO: make sure the email address is valid. probably have a "verified" column in the database email: Option, // TODO: make them sign this JSON? cookie in session id is hard because its on a different domain @@ -223,7 +224,13 @@ pub async fn post_user( ) -> FrontendResult { let _ip: IpAddr = rate_limit_by_ip(&app, ip).await?; - // TODO: check the auth_token is valid for the user in PostUser (in a helper function) + verify_auth_token( + app.as_ref(), + auth_token, + &payload.primary_address, + payload.secondary_address.as_ref(), + ) + .await?; // let user = user::ActiveModel { // address: sea_orm::Set(payload.address.to_fixed_bytes().into()), @@ -233,3 +240,16 @@ pub async fn post_user( todo!("finish post_user"); } + +pub async fn verify_auth_token( + app: &Web3ProxyApp, + auth_token: String, + primary_address: &Address, + secondary_address: Option<&Address>, +) -> anyhow::Result<()> { + let auth_user = secondary_address.unwrap_or(primary_address); + + // TODO: Role-based access control? + + todo!("verify_auth_token") +}