From 33c2d2b7c5276ca4c9f5939a149dbe7f793672c3 Mon Sep 17 00:00:00 2001
From: Luc <luc@lucemans.nl>
Date: Mon, 29 Jul 2024 17:21:35 +0000
Subject: [PATCH] Update auth error handling

---
 engine/src/auth/middleware.rs |  1 -
 engine/src/routes/auth.rs     | 50 ++++++++++++++++++++++++-----------
 2 files changed, 34 insertions(+), 17 deletions(-)

diff --git a/engine/src/auth/middleware.rs b/engine/src/auth/middleware.rs
index 50be5f8..76574b6 100644
--- a/engine/src/auth/middleware.rs
+++ b/engine/src/auth/middleware.rs
@@ -1,7 +1,6 @@
 use std::sync::Arc;
 
 use poem::{web::Data, Error, FromRequest, Request, RequestBody, Result};
-use reqwest::StatusCode;
 use uuid::Uuid;
 
 use crate::state::AppState;
diff --git a/engine/src/routes/auth.rs b/engine/src/routes/auth.rs
index 6ff155e..b2c52c0 100644
--- a/engine/src/routes/auth.rs
+++ b/engine/src/routes/auth.rs
@@ -8,8 +8,9 @@ use poem::{
     handler,
     http::HeaderMap,
     web::{Data, Json, Query, RealIp, Redirect},
-    IntoResponse,
+    Error, IntoResponse,
 };
+use reqwest::StatusCode;
 use serde::Deserialize;
 use std::{collections::HashSet, sync::Arc};
 use url::Url;
@@ -109,27 +110,44 @@ pub async fn callback(
 
 #[handler]
 pub async fn me(state: Data<&Arc<AppState>>, token: AuthToken) -> impl IntoResponse {
-    let user = UserData::get_by_id(token.session.user_id, &state.database)
-        .await
-        .unwrap();
-
-    Json(user)
+    match token {
+        AuthToken::Active(active_user) => {
+            let user = UserData::get_by_id(active_user.session.user_id, &state.database)
+                .await
+                .unwrap();
+
+            Json(user).into_response()
+        }
+        _ => Error::from_string("Not Authenticated", StatusCode::UNAUTHORIZED).into_response(),
+    }
 }
 
 #[handler]
 pub async fn get_sessions(state: Data<&Arc<AppState>>, token: AuthToken) -> impl IntoResponse {
-    let sessions = SessionState::get_by_user_id(token.session.user_id, &state.database)
-        .await
-        .unwrap();
-
-    Json(sessions)
+    match token {
+        AuthToken::Active(active_user) => {
+            let sessions =
+                SessionState::get_by_user_id(active_user.session.user_id, &state.database)
+                    .await
+                    .unwrap();
+
+            Json(sessions).into_response()
+        }
+        _ => Error::from_string("Not Authenticated", StatusCode::UNAUTHORIZED).into_response(),
+    }
 }
 
 #[handler]
 pub async fn delete_sessions(state: Data<&Arc<AppState>>, token: AuthToken) -> impl IntoResponse {
-    let sessions = SessionState::invalidate_by_user_id(token.session.user_id, &state.database)
-        .await
-        .unwrap();
-
-    Json(sessions)
+    match token {
+        AuthToken::Active(active_user) => {
+            let sessions =
+                SessionState::invalidate_by_user_id(active_user.session.user_id, &state.database)
+                    .await
+                    .unwrap();
+
+            Json(sessions).into_response()
+        }
+        _ => Error::from_string("Not Authenticated", StatusCode::UNAUTHORIZED).into_response(),
+    }
 }