+8 -7

src/auth.rs

··· 1 1 + use crate::{error::AppError, models::Claims}; 1 2 use actix_web::{dev::Payload, FromRequest, HttpRequest}; 2 3 use jsonwebtoken::{decode, DecodingKey, Validation}; 3 4 use std::future::{ready, Ready}; 4 4 - use crate::{error::AppError, models::Claims}; 5 5 6 6 pub struct AuthenticatedUser { 7 7 pub user_id: i32, ··· 12 12 type Future = Ready<Result<Self, Self::Error>>; 13 13 14 14 fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future { 15 15 - let auth_header = req.headers() 15 15 + let auth_header = req 16 16 + .headers() 16 17 .get("Authorization") 17 18 .and_then(|h| h.to_str().ok()); 18 19 19 20 if let Some(auth_header) = auth_header { 20 21 if auth_header.starts_with("Bearer ") { 21 22 let token = &auth_header[7..]; 22 22 - let secret = std::env::var("JWT_SECRET").unwrap_or_else(|_| "default_secret".to_string()); 23 23 - 23 23 + let secret = 24 24 + std::env::var("JWT_SECRET").unwrap_or_else(|_| "default_secret".to_string()); 24 25 match decode::<Claims>( 25 26 token, 26 27 &DecodingKey::from_secret(secret.as_bytes()), 27 27 - &Validation::default() 28 28 + &Validation::default(), 28 29 ) { 29 30 Ok(token_data) => { 30 31 return ready(Ok(AuthenticatedUser { ··· 35 36 } 36 37 } 37 38 } 38 38 - 39 39 ready(Err(AppError::Unauthorized)) 40 40 } 41 41 - } 41 41 + } 42 42 +

+1 -1

src/handlers.rs

··· 131 131 Ok(()) 132 132 } 133 133 134 134 - fn validate_url(url: &String) -> Result<(), AppError> { 134 134 + fn validate_url(url: &str) -> Result<(), AppError> { 135 135 if url.is_empty() { 136 136 return Err(AppError::InvalidInput("URL cannot be empty".to_string())); 137 137 }

+102

src/main.rs

··· 1 1 use actix_cors::Cors; 2 2 use actix_web::{web, App, HttpResponse, HttpServer}; 3 3 use anyhow::Result; 4 4 + use clap::Parser; 4 5 use rust_embed::RustEmbed; 5 6 use simplelink::check_and_generate_admin_token; 7 7 + use simplelink::models::DatabasePool; 6 8 use simplelink::{create_db_pool, run_migrations}; 7 9 use simplelink::{handlers, AppState}; 8 10 use sqlx::{Postgres, Sqlite}; ··· 24 26 } 25 27 None => HttpResponse::NotFound().body("404 Not Found"), 26 28 } 29 29 + } 30 30 + 31 31 + async fn create_initial_links(pool: &DatabasePool) -> Result<()> { 32 32 + if let Ok(links) = std::env::var("INITIAL_LINKS") { 33 33 + for link_entry in links.split(';') { 34 34 + let parts: Vec<&str> = link_entry.split(',').collect(); 35 35 + if parts.len() >= 2 { 36 36 + let url = parts[0]; 37 37 + let code = parts[1]; 38 38 + 39 39 + match pool { 40 40 + DatabasePool::Postgres(pool) => { 41 41 + sqlx::query( 42 42 + "INSERT INTO links (original_url, short_code, user_id) 43 43 + VALUES ($1, $2, $3) 44 44 + ON CONFLICT (short_code) 45 45 + DO UPDATE SET short_code = EXCLUDED.short_code 46 46 + WHERE links.original_url = EXCLUDED.original_url", 47 47 + ) 48 48 + .bind(url) 49 49 + .bind(code) 50 50 + .bind(1) 51 51 + .execute(pool) 52 52 + .await?; 53 53 + } 54 54 + DatabasePool::Sqlite(pool) => { 55 55 + // First check if the exact combination exists 56 56 + let exists = sqlx::query_scalar::<_, bool>( 57 57 + "SELECT EXISTS( 58 58 + SELECT 1 FROM links 59 59 + WHERE original_url = ?1 60 60 + AND short_code = ?2 61 61 + )", 62 62 + ) 63 63 + .bind(url) 64 64 + .bind(code) 65 65 + .fetch_one(pool) 66 66 + .await?; 67 67 + 68 68 + // Only insert if the exact combination doesn't exist 69 69 + if !exists { 70 70 + sqlx::query( 71 71 + "INSERT INTO links (original_url, short_code, user_id) 72 72 + VALUES (?1, ?2, ?3)", 73 73 + ) 74 74 + .bind(url) 75 75 + .bind(code) 76 76 + .bind(1) 77 77 + .execute(pool) 78 78 + .await?; 79 79 + info!("Created initial link: {} -> {} for user_id: 1", code, url); 80 80 + } else { 81 81 + info!("Skipped existing link: {} -> {} for user_id: 1", code, url); 82 82 + } 83 83 + } 84 84 + } 85 85 + } 86 86 + } 87 87 + } 88 88 + Ok(()) 89 89 + } 90 90 + 91 91 + async fn create_admin_user(pool: &DatabasePool, email: &str, password: &str) -> Result<()> { 92 92 + use argon2::{ 93 93 + password_hash::{rand_core::OsRng, SaltString}, 94 94 + Argon2, PasswordHasher, 95 95 + }; 96 96 + 97 97 + let salt = SaltString::generate(&mut OsRng); 98 98 + let argon2 = Argon2::default(); 99 99 + let password_hash = argon2 100 100 + .hash_password(password.as_bytes(), &salt) 101 101 + .map_err(|e| anyhow::anyhow!("Password hashing error: {}", e))? 102 102 + .to_string(); 103 103 + 104 104 + match pool { 105 105 + DatabasePool::Postgres(pool) => { 106 106 + sqlx::query( 107 107 + "INSERT INTO users (email, password_hash) 108 108 + VALUES ($1, $2) 109 109 + ON CONFLICT (email) DO NOTHING", 110 110 + ) 111 111 + .bind(email) 112 112 + .bind(&password_hash) 113 113 + .execute(pool) 114 114 + .await?; 115 115 + } 116 116 + DatabasePool::Sqlite(pool) => { 117 117 + sqlx::query( 118 118 + "INSERT OR IGNORE INTO users (email, password_hash) 119 119 + VALUES (?1, ?2)", 120 120 + ) 121 121 + .bind(email) 122 122 + .bind(&password_hash) 123 123 + .execute(pool) 124 124 + .await?; 125 125 + } 126 126 + } 127 127 + info!("Created admin user: {}", email); 128 128 + Ok(()) 27 129 } 28 130 29 131 #[actix_web::main]