Fix token parsing and require Auth for list files

src/main.rs

@@ -3,11 +3,14 @@ extern crate diesel;
 
 use actix_web::web::{HttpResponse, Json};
 use actix_web::{get, post, App, HttpServer, Responder};
+use chrono::{Duration, Utc};
 use data::{LoginRequest, ThumbnailRequest};
+use jsonwebtoken::{encode, EncodingKey, Header};
 use std::path::PathBuf;
 
-use crate::files::list_files;
+use crate::data::{Claims, Token};
 use crate::database::{create_user, get_user};
+use crate::files::list_files;
 
 mod data;
 mod database;
@@ -23,14 +26,24 @@ async fn register() -> impl Responder {
 #[post("/login")]
 async fn login(creds: Json<LoginRequest>) -> impl Responder {
     if let Some(user) = get_user(&creds.username, &creds.password) {
-        HttpResponse::Ok().json(user)
+        let claims = Claims {
+            sub: user.id.to_string(),
+            exp: (Utc::now() + Duration::seconds(30)).timestamp(),
+        };
+        let token = encode(
+            &Header::default(),
+            &claims,
+            &EncodingKey::from_secret("secret_token".as_ref()),
+        )
+        .unwrap();
+        HttpResponse::Ok().json(Token { token: &token })
     } else {
         HttpResponse::NotFound().finish()
     }
 }
 
 #[get("/photos")]
-async fn list_photos(req: Json<ThumbnailRequest>) -> impl Responder {
+async fn list_photos(_claims: Claims, req: Json<ThumbnailRequest>) -> impl Responder {
     println!("{}", req.path);
 
     let path = &req.path;
@@ -54,8 +67,13 @@ async fn list_photos(req: Json<ThumbnailRequest>) -> impl Responder {
 
 #[actix_rt::main]
 async fn main() -> std::io::Result<()> {
-    HttpServer::new(|| App::new().service(login).service(list_photos).service(register))
-        .bind("127.0.0.1:8088")?
-        .run()
-        .await
+    HttpServer::new(|| {
+        App::new()
+            .service(login)
+            .service(list_photos)
+            .service(register)
+    })
+    .bind("127.0.0.1:8088")?
+    .run()
+    .await
 }