diff --git a/project/src/handlers/authentication.rs b/project/src/handlers/authentication.rs index b6dd221..515f22f 100644 --- a/project/src/handlers/authentication.rs +++ b/project/src/handlers/authentication.rs @@ -2,7 +2,7 @@ use crate::{ db_connection::DbPool, errors::CustomError, handlers::pool_handler, - models::user::{AuthUser, RegisterUser, User}, + models::user::{AuthUser, DeleteUser, RegisterUser, User}, utils::jwt::{decode_token, encode_token, UserWithToken}, }; use actix_identity::Identity; @@ -42,10 +42,30 @@ pub async fn register( .map_err(|e| HttpResponse::InternalServerError().json(e.to_string()))?; User::create(register_user, &connection) - .map(|user| HttpResponse::Ok().json(user)) + .map(|_r| HttpResponse::Ok().json("User created successfully")) .map_err(|e| HttpResponse::InternalServerError().json(e.to_string())) } +#[post("/auth/delete")] +pub async fn delete( + user: LoggedUser, + user_to_delete: web::Json, + pool: web::Data, +) -> Result { + if user.admin || user.username == user_to_delete.username { + let connection = pool_handler(pool)?; + user_to_delete.delete(&connection).map_err(|e| match e { + CustomError::DBError(diesel::result::Error::NotFound) => { + HttpResponse::NotFound().json(e.to_string()) + } + _ => HttpResponse::InternalServerError().json(e.to_string()), + })?; + Ok(HttpResponse::Ok().json("User deleted successfully")) + } else { + Err(HttpResponse::Unauthorized().json("Only admins can delete users")) + } +} + #[post("/auth/login")] pub async fn login( id: Identity, @@ -65,8 +85,8 @@ pub async fn login( _ => HttpResponse::InternalServerError().finish(), })?; - id.remember(String::from(&token)); - Ok(HttpResponse::Ok().json(token)) + id.remember(String::from(token)); + Ok(HttpResponse::Ok().json(user)) } #[delete("/auth/logout")] diff --git a/project/src/main.rs b/project/src/main.rs index a1d9047..c745812 100644 --- a/project/src/main.rs +++ b/project/src/main.rs @@ -70,6 +70,7 @@ async fn main() -> std::io::Result<()> { .service(authentication::register) .service(authentication::login) .service(authentication::logout) + .service(authentication::delete) .service(handlers::hello_world::hello) }) .bind(address)? diff --git a/project/src/models/user.rs b/project/src/models/user.rs index 2a567b9..00c6f98 100644 --- a/project/src/models/user.rs +++ b/project/src/models/user.rs @@ -35,7 +35,7 @@ impl User { pub fn create( register_user: RegisterUser, connection: &MysqlConnection, - ) -> Result { + ) -> Result { use crate::schema::users::dsl::users; let new_user = NewUser { @@ -47,8 +47,7 @@ impl User { Ok(diesel::insert_into(users) .values(new_user) - .execute(connection) - .is_ok()) + .execute(connection)?) } } @@ -103,3 +102,18 @@ impl AuthUser { } } } + +#[derive(Deserialize)] +pub struct DeleteUser { + pub username: String, +} + +impl DeleteUser { + pub fn delete(&self, connection: &MysqlConnection) -> Result { + use crate::schema::users::dsl::*; + match diesel::delete(users.filter(username.eq(&self.username))).execute(connection) { + Ok(_r) => Ok(true), + Err(e) => Err(CustomError::DBError(e)), + } + } +} diff --git a/project/src/utils/jwt.rs b/project/src/utils/jwt.rs index 5889315..e16f7a5 100644 --- a/project/src/utils/jwt.rs +++ b/project/src/utils/jwt.rs @@ -15,6 +15,7 @@ struct Claims { exp: usize, } +#[derive(Deserialize)] pub struct UserWithToken { pub id: i32, pub username: String,