server/src/auth_middleware.rs

use axum::{
    extract::{FromRef, FromRequestParts},
    http::{header, StatusCode},
};
use std::sync::Arc;
use uuid::Uuid;

use crate::AppState;
use crate::api::auth::verify_access_token;

#[derive(Debug, Clone)]
pub struct AuthUser {
    pub user_id: Uuid,
}

impl<S> FromRequestParts<S> for AuthUser
where
    S: Send + Sync,
    Arc<AppState>: FromRef<S>,
{
    type Rejection = (StatusCode, axum::Json<serde_json::Value>);

    fn from_request_parts<'life0, 'life1, 'async_trait>(
        parts: &'life0 mut axum::http::request::Parts,
        state: &'life1 S,
    ) -> ::core::pin::Pin<Box<
        dyn ::core::future::Future<Output = Result<Self, Self::Rejection>>
            + ::core::marker::Send
            + 'async_trait,
    >>
    where
        'life0: 'async_trait,
        'life1: 'async_trait,
        Self: 'async_trait,
    {
        Box::pin(async move {
            let state = Arc::<AppState>::from_ref(state);
            let auth_header = parts
                .headers
                .get(header::AUTHORIZATION)
                .and_then(|v| v.to_str().ok())
                .and_then(|v| v.strip_prefix("Bearer "));

            match auth_header {
                Some(token) => match verify_access_token(token, &state.jwt_secret) {
                    Ok(claims) => Ok(AuthUser { user_id: claims.sub }),
                    Err(_) => Err((
                        StatusCode::UNAUTHORIZED,
                        axum::Json(serde_json::json!({"error": "invalid or expired token"})),
                    )),
                },
                None => Err((
                    StatusCode::UNAUTHORIZED,
                    axum::Json(serde_json::json!({"error": "missing authorization header"})),
                )),
            }
        })
    }
}
Initial commit: FunConnect project with server, relay, client and admin panel Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-24 20:56:36 +08:00			`use axum::{`
			`extract::{FromRef, FromRequestParts},`
			`http::{header, StatusCode},`
			`};`
			`use std::sync::Arc;`
			`use uuid::Uuid;`

			`use crate::AppState;`
			`use crate::api::auth::verify_access_token;`

			`#[derive(Debug, Clone)]`
			`pub struct AuthUser {`
			`pub user_id: Uuid,`
			`}`

			`impl<S> FromRequestParts<S> for AuthUser`
			`where`
			`S: Send + Sync,`
			`Arc<AppState>: FromRef<S>,`
			`{`
			`type Rejection = (StatusCode, axum::Json<serde_json::Value>);`

			`fn from_request_parts<'life0, 'life1, 'async_trait>(`
			`parts: &'life0 mut axum::http::request::Parts,`
			`state: &'life1 S,`
			`) -> ::core::pin::Pin<Box<`
			`dyn ::core::future::Future<Output = Result<Self, Self::Rejection>>`
			`+ ::core::marker::Send`
			`+ 'async_trait,`
			`>>`
			`where`
			`'life0: 'async_trait,`
			`'life1: 'async_trait,`
			`Self: 'async_trait,`
			`{`
			`Box::pin(async move {`
			`let state = Arc::<AppState>::from_ref(state);`
			`let auth_header = parts`
			`.headers`
			`.get(header::AUTHORIZATION)`
			`.and_then(\|v\| v.to_str().ok())`
			`.and_then(\|v\| v.strip_prefix("Bearer "));`

			`match auth_header {`
			`Some(token) => match verify_access_token(token, &state.jwt_secret) {`
			`Ok(claims) => Ok(AuthUser { user_id: claims.sub }),`
			`Err(_) => Err((`
			`StatusCode::UNAUTHORIZED,`
			`axum::Json(serde_json::json!({"error": "invalid or expired token"})),`
			`)),`
			`},`
			`None => Err((`
			`StatusCode::UNAUTHORIZED,`
			`axum::Json(serde_json::json!({"error": "missing authorization header"})),`
			`)),`
			`}`
			`})`
			`}`
			`}`