feat: implement authentication system

- Add auth.rs module with session management
- Implement login/logout/verify API endpoints
- Add authentication middleware
- Protect /api/v2/tree endpoint
- Default demo user (username: demo, password: demo123)
- Token-based auth with 24-hour expiration
- bcrypt password hashing
This commit is contained in:
Warren
2026-05-16 17:54:32 +08:00
parent 2e7d538712
commit 6e3de0169e
4 changed files with 277 additions and 14 deletions
+147
View File
@@ -0,0 +1,147 @@
use bcrypt::{hash, verify, DEFAULT_COST};
use chrono::{Duration, Utc};
use serde::{Deserialize, Serialize};
use std::collections::HashMap;
use std::sync::{Arc, Mutex};
use uuid::Uuid;
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct User {
pub user_id: String,
pub username: String,
pub password_hash: String,
pub created_at: String,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Session {
pub token: String,
pub user_id: String,
pub username: String,
pub created_at: String,
pub expires_at: String,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct LoginRequest {
pub username: String,
pub password: String,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct LoginResponse {
pub token: String,
pub expires_at: String,
pub user_id: String,
}
#[derive(Clone)]
pub struct AuthState {
pub sessions: Arc<Mutex<HashMap<String, Session>>>,
pub users: Arc<Mutex<HashMap<String, User>>>,
}
impl AuthState {
pub fn new() -> Self {
let mut users = HashMap::new();
// Create default demo user
let password_hash = hash("demo123", DEFAULT_COST).unwrap();
users.insert(
"demo".to_string(),
User {
user_id: "demo".to_string(),
username: "demo".to_string(),
password_hash,
created_at: Utc::now().format("%Y-%m-%dT%H:%M:%SZ").to_string(),
},
);
AuthState {
sessions: Arc::new(Mutex::new(HashMap::new())),
users: Arc::new(Mutex::new(users)),
}
}
pub fn login(&self, username: &str, password: &str) -> Option<LoginResponse> {
let users = self.users.lock().unwrap();
let user = users.get(username)?;
if verify(password, &user.password_hash).unwrap_or(false) {
let token = Uuid::new_v4().to_string();
let now = Utc::now();
let expires_at = now + Duration::hours(24);
let session = Session {
token: token.clone(),
user_id: user.user_id.clone(),
username: user.username.clone(),
created_at: now.format("%Y-%m-%dT%H:%M:%SZ").to_string(),
expires_at: expires_at.format("%Y-%m-%dT%H:%M:%SZ").to_string(),
};
let mut sessions = self.sessions.lock().unwrap();
sessions.insert(token.clone(), session);
Some(LoginResponse {
token,
expires_at: expires_at.format("%Y-%m-%dT%H:%M:%SZ").to_string(),
user_id: user.user_id.clone(),
})
} else {
None
}
}
pub fn verify_token(&self, token: &str) -> Option<Session> {
let sessions = self.sessions.lock().unwrap();
let session = sessions.get(token)?;
// Check expiration
let expires_at = chrono::DateTime::parse_from_rfc3339(&session.expires_at)
.ok()?
.with_timezone(&Utc);
if Utc::now() > expires_at {
return None;
}
Some(session.clone())
}
pub fn logout(&self, token: &str) -> bool {
let mut sessions = self.sessions.lock().unwrap();
sessions.remove(token).is_some()
}
pub fn create_user(&self, username: &str, password: &str) -> Result<String, String> {
let mut users = self.users.lock().unwrap();
if users.contains_key(username) {
return Err("User already exists".to_string());
}
let password_hash = hash(password, DEFAULT_COST)
.map_err(|e| e.to_string())?;
let user_id = Uuid::new_v4().to_string();
let user = User {
user_id: user_id.clone(),
username: username.to_string(),
password_hash,
created_at: Utc::now().format("%Y-%m-%dT%H:%M:%SZ").to_string(),
};
users.insert(username.to_string(), user);
Ok(user_id)
}
}
// Authorization header parser
pub fn parse_auth_header(header: &str) -> Option<String> {
if header.starts_with("Bearer ") {
Some(header.trim_start_matches("Bearer ").to_string())
} else {
None
}
}