Compare commits

...

2 Commits

5 changed files with 51 additions and 8 deletions

View File

@ -1,43 +1,62 @@
# `/account/tokens` - GET
Lists all active auth tokens for the account.
## HTTP Headers
| Header | Content |
|---------------|--------------------|
|---------------|------------------|
| Authorization | `Bearer {token}` |
## Responses
### 200 - Success
__Content - JSON:__
| Field | Description |
|--------|-------------------------------------------------------------------------------------------------|
| tokens | A list of (token, expiration date) pairs. The expiration date is given as a UTC UNIX timestamp. |
### 401 - Error: Unauthorized
The provided auth token doesn't allow you to perform this operation.
### 403 - Error: Forbidden
Blocked for security reasons.
# `/account/tokens` - DELETE
Deletes a token of the authenticated account.
## HTTP Headers
| Header | Content |
|---------------|--------------------|
| Authorization | `Bearer {token}` |
| Content-Type | `application/json` |
## Content - JSON
| Field | Description |
|-------|-----------------------------------|
| token | The token that should be deleted. |
## Responses
### 200 - Success
The token was deleted.
### 401 - Error: Unauthorized
The provided auth token doesn't allow you to perform this operation.
### 403 - Error: Forbidden
Blocked for security reasons.
### 404 - Error: Not Found
The token that should be deleted wasn't found.

View File

@ -1,22 +1,37 @@
# `/account/verify` - POST
Verifies a requested account.
## HTTP Headers
| Header | Content |
|--------------|--------------------|
| Content-Type | `application/json` |
## Content - JSON
| Field | Description |
|-------|--------------------------------------------------------------------------------|
| token | The verification token you received via an email after requesting the account. |
## Responses
### 200 - Success
The account was verified. You can login now.
The account was verified.
| Field | Description |
|-------|--------------------------------------------------|
| token | An authorization token for the verified account. |
### 400 - Error: Bad Request
The request was malformed.
### 403 - Error: Forbidden
Blocked for security reasons.
### 404 - Error: Forbidden
The provided token is unknown.

View File

@ -29,7 +29,7 @@ async fn register(
async fn verify(data: web::Data<ApiState>, body: web::Json<data::VerifyRequest>) -> impl Responder {
match handlers::verify(&data.pool, body.into_inner()).await {
Ok(resp) => match resp {
data::VerifyResponse::Success => HttpResponse::Ok().finish(),
data::VerifyResponse::Success(b) => HttpResponse::Ok().json(web::Json(b)),
data::VerifyResponse::TokenUnknown => HttpResponse::NotFound().finish(),
data::VerifyResponse::Blocked => HttpResponse::Forbidden().finish(),
},

View File

@ -34,9 +34,14 @@ pub struct VerifyRequest {
pub token: String,
}
#[derive(Debug, Serialize)]
pub struct VerifySuccess {
pub token: String,
}
#[derive(Debug)]
pub enum VerifyResponse {
Success,
Success(VerifySuccess),
Blocked,
TokenUnknown,
}

View File

@ -103,7 +103,11 @@ pub async fn verify(pool: &PgPool, request: data::VerifyRequest) -> Result<data:
token.apply(pool).await?;
Ok(data::VerifyResponse::Success)
let auth_token = AuthToken::new(pool, &token.account, chrono::Duration::days(7)).await?;
Ok(data::VerifyResponse::Success(data::VerifySuccess {
token: auth_token.token
}))
}
pub async fn authenticate(