remove actix-web-httpauth

Cargo.toml

@@ -11,7 +11,6 @@ actix-http = "3.2.2"
 actix-rt = "2.7.0"
 actix-web = "4.9.0"
 actix-web-grants = "4.1.2"
-actix-web-httpauth = "0.8.0"
 actix-ws = "0.3.0"
 anyhow = "1.0.66"
 awc = "3.5.1"

src/lib.rs

@@ -242,7 +242,6 @@ pub fn configure_app(
             .service(
                 web::scope("/api")
                     .wrap(api_rate_limiter())
-                    // .wrap(HttpAuthentication::bearer(bearer_auth))
                     .wrap(GrantsMiddleware::with_extractor(
                         routes::auth::extract,
                     ))

src/routes/auth.rs

@@ -5,12 +5,10 @@ use crate::models::users::{UserId, UserLogin, Username};
 use crate::utils::redis_credentials_repo::RedisCredentialsRepo;
 use crate::AppData;
 use actix_http::header::{HeaderName, HeaderValue};
-use actix_http::Payload;
 use actix_web::dev::ServiceRequest;
 use actix_web::error::ErrorUnauthorized;
 use actix_web::web::{self, Data};
 use actix_web::{Error, HttpResponse};
-use actix_web_httpauth::extractors::bearer::BearerAuth;
 use awc::cookie::{Cookie, SameSite};
 use bcrypt::verify;
 use jwt_simple::prelude::*;
@@ -81,28 +79,6 @@ pub async fn validate_token(
     }
 }
 
-#[tracing::instrument(level = "info", skip(req))]
-pub async fn bearer_auth(
-    req: ServiceRequest,
-    credentials: BearerAuth,
-) -> Result<ServiceRequest, (Error, ServiceRequest)> {
-    let app_data = &req
-        .app_data::<Data<AppData>>()
-        .cloned()
-        .expect("AppData not initialized");
-    let credentials_repo = &app_data.credentials_repo;
-    let jwt_key = &app_data.jwt_key;
-    let token: String = credentials.token().into();
-    let (http_req, payload) = req.into_parts();
-    match validate_token(credentials_repo, jwt_key, token).await {
-        Ok(_) => Ok(ServiceRequest::from_parts(http_req, payload)),
-        Err(err) => Err((
-            Error::from(err),
-            ServiceRequest::from_parts(http_req.clone(), Payload::None),
-        )),
-    }
-}
-
 #[tracing::instrument(level = "info", skip(app_data))]
 pub async fn login(
     user_login: web::Json<UserLogin>,

src/routes/ws.rs

@@ -125,7 +125,7 @@ pub fn extract_auth_token(headers: &HeaderMap) -> Result<String, DomainError> {
         .get("cookie")
         .and_then(|hv| hv.to_str().ok())
         .ok_or_else(|| {
-            DomainError::new_bad_input_error(format!("Cookie header not set"))
+            DomainError::new_bad_input_error("Cookie header not set".to_owned())
         })?;
 
     let token = header

src/telemetry.rs

@@ -1,14 +1,12 @@
 use actix_http::body::MessageBody;
-use actix_http::header::Header;
 use actix_web::dev::{ServiceRequest, ServiceResponse};
 use actix_web::web::Data;
 use actix_web::Error;
-use actix_web_httpauth::headers::authorization;
 use tracing::Span;
 use tracing_actix_web::{DefaultRootSpanBuilder, RootSpanBuilder};
 
 use crate::routes::auth::get_claims;
-use crate::AppData;
+use crate::{utils, AppData};
 
 pub struct DomainRootSpanBuilder;
 
@@ -19,13 +17,10 @@ impl RootSpanBuilder for DomainRootSpanBuilder {
             .cloned()
             .expect("AppData not initialized");
         let jwt_key = &app_data.jwt_key;
-        let claims =
-            authorization::Authorization::<authorization::Bearer>::parse(req)
-                .map(|auth| auth.into_scheme())
-                .ok()
-                .and_then(|b| get_claims(jwt_key, b.token()).ok());
+        let claims = utils::extract_auth_token(req.headers())
+            .and_then(|token| get_claims(jwt_key, &token));
 
-        let auth_user_id = claims.map(|c| c.custom.user_id.as_uint());
+        let auth_user_id = claims.map(|c| c.custom.user_id.as_uint()).ok();
         tracing_actix_web::root_span!(req, auth_user_id,)
     }