feat(squashme): getting closer to token-based auth!

bitfl0wer · bitfl0wer · commit 9035fd8dd9d8 · 2025-07-12T20:58:40.000+02:00
diff --git a/src/api/middlewares/mod.rs b/src/api/middlewares/mod.rs
@@ -31,6 +31,24 @@ impl<E: Endpoint> Endpoint for AuthenticationMiddlewareImpl<E> {
 
         let token_store = req.data::<TokenStore>().unwrap();
         let hashed_user_token = hash_auth_token(auth);
+        // We first get the serial_number of the cert that this token is associated with...
+        let user_serial_number = token_store
+            .get_token_serial_number(&hashed_user_token)
+            .await
+            .map_err(|_| poem::error::Error::from_status(StatusCode::INTERNAL_SERVER_ERROR))?
+            .ok_or(poem::error::Error::from_status(StatusCode::UNAUTHORIZED))?;
+        // ...then we check, if this token has not been invalidated
+        let valid_token_in_db_for_user = token_store
+            .get_token_userid(&user_serial_number)
+            .await
+            .map_err(|_| poem::error::Error::from_status(StatusCode::INTERNAL_SERVER_ERROR))?
+            .ok_or(poem::error::Error::from_status(StatusCode::UNAUTHORIZED))?;
+        // And then we compare the two!
+        if valid_token_in_db_for_user.token == hashed_user_token.into() {
+            // TODO: Get actor uaid, set in request
+        } else {
+            return Err(poem::error::Error::from_status(StatusCode::UNAUTHORIZED));
+        }
 
         self.ep.call(req).await
     }
