|
1 | 1 | use std::collections::BTreeMap; |
2 | 2 |
|
3 | | -use axum::{ |
4 | | - extract::{Request, State}, |
5 | | - http::StatusCode, |
6 | | - middleware::Next, |
7 | | - response::{IntoResponse, Response}, |
8 | | -}; |
9 | | -use hypr_supabase_auth::{Error as SupabaseAuthError, SupabaseAuth}; |
10 | | - |
11 | | -const PRO_ENTITLEMENT: &str = "hyprnote_pro"; |
12 | | -pub const DEVICE_FINGERPRINT_HEADER: &str = "x-device-fingerprint"; |
13 | | - |
14 | | -#[derive(Clone)] |
15 | | -pub struct AuthState { |
16 | | - inner: SupabaseAuth, |
17 | | -} |
18 | | - |
19 | | -impl AuthState { |
20 | | - pub fn new(supabase_url: &str) -> Self { |
21 | | - Self { |
22 | | - inner: SupabaseAuth::new(supabase_url), |
23 | | - } |
24 | | - } |
25 | | -} |
26 | | - |
27 | | -pub struct AuthError(SupabaseAuthError); |
28 | | - |
29 | | -impl From<SupabaseAuthError> for AuthError { |
30 | | - fn from(err: SupabaseAuthError) -> Self { |
31 | | - Self(err) |
32 | | - } |
33 | | -} |
34 | | - |
35 | | -impl IntoResponse for AuthError { |
36 | | - fn into_response(self) -> Response { |
37 | | - let (status, message) = match self.0 { |
38 | | - SupabaseAuthError::MissingAuthHeader => { |
39 | | - (StatusCode::UNAUTHORIZED, "missing_authorization_header") |
40 | | - } |
41 | | - SupabaseAuthError::InvalidAuthHeader => { |
42 | | - (StatusCode::UNAUTHORIZED, "invalid_authorization_header") |
43 | | - } |
44 | | - SupabaseAuthError::JwksFetchFailed => { |
45 | | - (StatusCode::INTERNAL_SERVER_ERROR, "jwks_fetch_failed") |
46 | | - } |
47 | | - SupabaseAuthError::InvalidToken => (StatusCode::UNAUTHORIZED, "invalid_token"), |
48 | | - SupabaseAuthError::MissingEntitlement(_) => { |
49 | | - (StatusCode::FORBIDDEN, "subscription_required") |
50 | | - } |
51 | | - }; |
52 | | - (status, message).into_response() |
| 3 | +use axum::{extract::Request, middleware::Next, response::Response}; |
| 4 | + |
| 5 | +pub use hypr_api_auth::{AuthState, require_auth}; |
| 6 | +use hypr_api_auth::{Claims, DeviceFingerprint, UserId}; |
| 7 | + |
| 8 | +pub async fn sentry_and_analytics(mut request: Request, next: Next) -> Response { |
| 9 | + if let Some(claims) = request.extensions().get::<Claims>() { |
| 10 | + let device_fingerprint = request.extensions().get::<DeviceFingerprint>(); |
| 11 | + |
| 12 | + sentry::configure_scope(|scope| { |
| 13 | + scope.set_user(Some(sentry::User { |
| 14 | + id: device_fingerprint.map(|f| f.0.clone()), |
| 15 | + email: claims.email.clone(), |
| 16 | + username: Some(claims.sub.clone()), |
| 17 | + ..Default::default() |
| 18 | + })); |
| 19 | + scope.set_tag("user.id", &claims.sub); |
| 20 | + |
| 21 | + let mut ctx = BTreeMap::new(); |
| 22 | + ctx.insert( |
| 23 | + "entitlements".into(), |
| 24 | + sentry::protocol::Value::Array( |
| 25 | + claims |
| 26 | + .entitlements |
| 27 | + .iter() |
| 28 | + .map(|e| sentry::protocol::Value::String(e.clone())) |
| 29 | + .collect(), |
| 30 | + ), |
| 31 | + ); |
| 32 | + scope.set_context("user_claims", sentry::protocol::Context::Other(ctx)); |
| 33 | + }); |
53 | 34 | } |
54 | | -} |
55 | | - |
56 | | -pub async fn require_pro( |
57 | | - State(state): State<AuthState>, |
58 | | - mut request: Request, |
59 | | - next: Next, |
60 | | -) -> Result<Response, AuthError> { |
61 | | - let auth_header = request |
62 | | - .headers() |
63 | | - .get("Authorization") |
64 | | - .and_then(|h| h.to_str().ok()) |
65 | | - .ok_or(SupabaseAuthError::MissingAuthHeader)?; |
66 | | - |
67 | | - let device_fingerprint = request |
68 | | - .headers() |
69 | | - .get(DEVICE_FINGERPRINT_HEADER) |
70 | | - .and_then(|h| h.to_str().ok()) |
71 | | - .map(String::from); |
72 | | - |
73 | | - let token = |
74 | | - SupabaseAuth::extract_token(auth_header).ok_or(SupabaseAuthError::InvalidAuthHeader)?; |
75 | 35 |
|
76 | | - let claims = state |
77 | | - .inner |
78 | | - .require_entitlement(token, PRO_ENTITLEMENT) |
79 | | - .await?; |
| 36 | + let fingerprint = request |
| 37 | + .extensions() |
| 38 | + .get::<DeviceFingerprint>() |
| 39 | + .map(|f| f.0.clone()); |
| 40 | + let user_id = request.extensions().get::<UserId>().map(|u| u.0.clone()); |
80 | 41 |
|
81 | | - sentry::configure_scope(|scope| { |
82 | | - scope.set_user(Some(sentry::User { |
83 | | - id: device_fingerprint.clone(), |
84 | | - email: claims.email.clone(), |
85 | | - username: Some(claims.sub.clone()), |
86 | | - ..Default::default() |
87 | | - })); |
88 | | - scope.set_tag("user.id", &claims.sub); |
89 | | - |
90 | | - let mut ctx = BTreeMap::new(); |
91 | | - ctx.insert( |
92 | | - "entitlements".into(), |
93 | | - sentry::protocol::Value::Array( |
94 | | - claims |
95 | | - .entitlements |
96 | | - .iter() |
97 | | - .map(|e| sentry::protocol::Value::String(e.clone())) |
98 | | - .collect(), |
99 | | - ), |
100 | | - ); |
101 | | - scope.set_context("user_claims", sentry::protocol::Context::Other(ctx)); |
102 | | - }); |
103 | | - |
104 | | - if let Some(fingerprint) = device_fingerprint { |
| 42 | + if let Some(fingerprint) = fingerprint { |
105 | 43 | request |
106 | 44 | .extensions_mut() |
107 | 45 | .insert(hypr_analytics::DeviceFingerprint(fingerprint)); |
108 | 46 | } |
109 | 47 |
|
110 | | - let user_id = claims.sub.clone(); |
111 | | - request |
112 | | - .extensions_mut() |
113 | | - .insert(hypr_analytics::AuthenticatedUserId(user_id)); |
| 48 | + if let Some(user_id) = user_id { |
| 49 | + request |
| 50 | + .extensions_mut() |
| 51 | + .insert(hypr_analytics::AuthenticatedUserId(user_id)); |
| 52 | + } |
114 | 53 |
|
115 | | - Ok(next.run(request).await) |
| 54 | + next.run(request).await |
116 | 55 | } |
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?v=4&size=40){kind=avatar}
0 commit comments