auth: Extract authenticate_via_cookie/token() fns

Turbo87 · Turbo87 · commit 3fa1eba64c28 · 2023-01-07T18:06:28.000+01:00
diff --git a/src/auth.rs b/src/auth.rs
@@ -9,6 +9,7 @@ use crate::util::errors::{
     account_locked, forbidden, internal, AppError, AppResult, InsecurelyGeneratedTokenRevoked,
 };
 use chrono::Utc;
+use diesel::PgConnection;
 use http::header;
 
 #[derive(Debug, Clone)]
@@ -152,11 +153,10 @@ impl Authentication {
     }
 }
 
-fn authenticate_user<T: RequestPartsExt>(req: &T) -> AppResult<Authentication> {
-    controllers::util::verify_origin(req)?;
-
-    let conn = req.app().db_write()?;
-
+fn authenticate_via_cookie<T: RequestPartsExt>(
+    req: &T,
+    conn: &PgConnection,
+) -> AppResult<Option<CookieAuthentication>> {
     let user_id_from_session = req
         .session_get("user_id")
         .and_then(|s| s.parse::<i32>().ok());
@@ -169,10 +169,16 @@ fn authenticate_user<T: RequestPartsExt>(req: &T) -> AppResult<Authentication> {
 
         req.add_custom_metadata("uid", id);
 
-        return Ok(Authentication::Cookie(CookieAuthentication { user }));
+        return Ok(Some(CookieAuthentication { user }));
     }
 
-    // Otherwise, look for an `Authorization` header on the request
+    return Ok(None);
+}
+
+fn authenticate_via_token<T: RequestPartsExt>(
+    req: &T,
+    conn: &PgConnection,
+) -> AppResult<Option<TokenAuthentication>> {
     let maybe_authorization = req
         .headers()
         .get(header::AUTHORIZATION)
@@ -195,7 +201,27 @@ fn authenticate_user<T: RequestPartsExt>(req: &T) -> AppResult<Authentication> {
         req.add_custom_metadata("uid", token.user_id);
         req.add_custom_metadata("tokenid", token.id);
 
-        return Ok(Authentication::Token(TokenAuthentication { user, token }));
+        return Ok(Some(TokenAuthentication { user, token }));
+    }
+
+    return Ok(None);
+}
+
+fn authenticate_user<T: RequestPartsExt>(req: &T) -> AppResult<Authentication> {
+    controllers::util::verify_origin(req)?;
+
+    let conn = req.app().db_write()?;
+
+    match authenticate_via_cookie(req, &conn) {
+        Ok(None) => {}
+        Ok(Some(auth)) => return Ok(Authentication::Cookie(auth)),
+        Err(err) => return Err(err),
+    }
+
+    match authenticate_via_token(req, &conn) {
+        Ok(None) => {}
+        Ok(Some(auth)) => return Ok(Authentication::Token(auth)),
+        Err(err) => return Err(err),
     }
 
     // Unable to authenticate the user
