feat: organize code into layers

- Service layer: core business logic. App is a collection of services. Services can optionally have underlying implementors (e.g. Firebase as an auth service).
- Repo ports: business logic around persistence
- Repo adapters: handle read/write of primitive (json) data in e.g. postgres.
- Router ports: business logic for handling incoming requests.
- Router adapters (e.g. axum): Parse raw requests into technology agnostic requests.

Routing adapter -> Router -> Service -> Repo -> Repo adapter.

App is a trait/struct that contains the service layer. Each service has it's own repo (if necessary). Routers are top level functions because there's nowhere to keep an instance. The global-ish app instance is the one given to Axum as the app's state. That's how services are called upon when handling a request.

Author: jifalops

Cargo.lock

@@ -11,11 +11,19 @@ lambda = ["dep:lambda_http"]
 
 [dependencies]
 api-rust-macros = { version = "*", path = "../macros" }
+argon2 = "0.5.3"
+async-trait = "0.1.83"
 axum = { version = "0.7.9", features = ["macros"] }
 lambda_http = { version = "0.13.0", optional = true, features = ["apigw_http"] }
+serde = { version = "1.0.215", features = ["derive"] }
+serde_json = "1.0.133"
+short-uuid = "0.1.4"
+sqlx = { version = "0.8.2", features = ["postgres"] }
+thiserror = "2.0.4"
 tokio = { version = "1", features = ["full"] }
 tracing = "0.1.41"
 tracing-subscriber = { version = "0.3.19", features = ["env-filter"] }
+validator = { version = "0.19.0", features = ["derive"] }
 
 # https://www.cargo-lambda.info/commands/build.html#build-configuration-in-cargo-s-metadata
 # [package.metadata.lambda.build]

lib/Cargo.toml

@@ -1,25 +1,42 @@
-use crate::auth::AuthService;
+use crate::{
+    auth::AuthService,
+    user::{UserRepoAdapter, UserService},
+};
 
-pub trait App {
+pub trait Service: Sync + Send + 'static {}
+impl<T: Sync + Send + 'static> Service for T {}
+
+pub trait App: Sync + Send + 'static {
     type Auth: AuthService;
+    type UserRepo: UserRepoAdapter;
 
     fn auth(&self) -> &Self::Auth;
+
+    fn user(&self) -> &UserService<Self::UserRepo>;
 }
 
-pub struct NewApp<Auth>
+pub struct NewApp<Auth, UserRepo>
 where
     Auth: AuthService,
+    UserRepo: UserRepoAdapter,
 {
     pub auth: Auth,
+    pub user: UserService<UserRepo>,
 }
 
-impl<Auth> App for NewApp<Auth>
+impl<Auth, UserRepo> App for NewApp<Auth, UserRepo>
 where
     Auth: AuthService,
+    UserRepo: UserRepoAdapter,
 {
     type Auth = Auth;
+    type UserRepo = UserRepo;
 
     fn auth(&self) -> &Self::Auth {
         &self.auth
     }
+
+    fn user(&self) -> &UserService<Self::UserRepo> {
+        &self.user
+    }
 }

lib/src/app.rs

@@ -1,5 +1,9 @@
+mod models;
+mod router;
+pub mod router_axum;
 mod service;
 mod service_jwt;
 
-pub use service::AuthService;
+pub use models::*;
+pub use service::*;
 pub use service_jwt::AuthServiceJwt;

lib/src/auth/mod.rs

@@ -0,0 +1,35 @@
+use serde::{Deserialize, Serialize};
+use validator::Validate;
+
+#[derive(Debug, thiserror::Error)]
+pub enum AuthError {
+    #[error("Invalid credential")]
+    InvalidCredential,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct Token {
+    pub user_id: String,
+    pub token: String,
+    pub expires: u64,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Validate)]
+pub struct SignUpData {
+    #[validate(email)]
+    pub email: String,
+    #[validate(length(min = 4, max = 64))]
+    pub password: String,
+    #[validate(length(min = 1, max = 64))]
+    pub name: Option<String>,
+    #[validate(url)]
+    pub photo_url: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Validate)]
+pub struct SignInData {
+    #[validate(email)]
+    pub email: String,
+    #[validate(length(min = 4, max = 64))]
+    pub password: String,
+}

lib/src/auth/models.rs

@@ -0,0 +1,28 @@
+use crate::{
+    user::{NewUser, UserIdentifier},
+    App, AppError,
+};
+
+use super::{AuthService, SignInData, SignUpData, Token};
+
+pub async fn sign_up<A: App>(data: SignUpData, app: &A) -> Result<Token, AppError> {
+    let new_user = NewUser {
+        email: data.email,
+        password_hash: app.auth().hash_password(data.password)?,
+        name: data.name,
+        photo_url: data.photo_url,
+    };
+    let user = app.user().create_user(new_user).await?;
+    let token = app.auth().generate_token(user).await?;
+    Ok(token)
+}
+
+pub async fn sign_in<A: App>(data: SignInData, app: &A) -> Result<Token, AppError> {
+    let user = app
+        .user()
+        .get_user(UserIdentifier::new(None, Some(data.email))?)
+        .await?;
+    app.auth()
+        .verify_password(data.password, &user.password_hash)?;
+    app.auth().generate_token(user).await
+}

lib/src/auth/router.rs

@@ -0,0 +1,29 @@
+use std::sync::Arc;
+
+use axum::{extract::State, routing::post, Json, Router};
+
+use crate::{app::App, AppError};
+
+use super::{router, SignInData, SignUpData, Token};
+
+pub fn create_router<A: App>() -> Router<Arc<A>> {
+    Router::new()
+        .route("/sign-up", post(sign_up))
+        .route("/sign-in", post(sign_in))
+}
+
+async fn sign_up<A: App>(
+    State(app): State<Arc<A>>,
+    Json(data): Json<SignUpData>,
+) -> Result<Json<Token>, AppError> {
+    let token = router::sign_up(data, app.as_ref()).await?;
+    Ok(Json(token))
+}
+
+async fn sign_in<A: App>(
+    State(app): State<Arc<A>>,
+    Json(data): Json<SignInData>,
+) -> Result<Json<Token>, AppError> {
+    let token = router::sign_in(data, app.as_ref()).await?;
+    Ok(Json(token))
+}

lib/src/auth/router_axum.rs

@@ -1,6 +1,28 @@
-use axum::async_trait;
+use argon2::{
+    password_hash::{rand_core::OsRng, PasswordHash, PasswordHasher, PasswordVerifier, SaltString},
+    Argon2,
+};
+use async_trait::async_trait;
+
+use crate::{app::Service, user::User, AppError};
+
+use super::{AuthError, Token};
 
 #[async_trait]
-pub trait AuthService {
-    async fn authenticate(&self, token: &str) -> Result<(), ()>;
+pub trait AuthService: Service {
+    fn hash_password(&self, password: String) -> Result<String, AppError> {
+        let salt = SaltString::generate(&mut OsRng);
+        let hashed = Argon2::default()
+            .hash_password(password.as_bytes(), &salt)
+            .map_err(|e| AppError::Internal(e.to_string()))?
+            .to_string();
+        Ok(hashed)
+    }
+    fn verify_password(&self, password: String, hash: &str) -> Result<(), AppError> {
+        let parsed = PasswordHash::new(hash).map_err(|e| AppError::Internal(e.to_string()))?;
+        Argon2::default()
+            .verify_password(password.as_bytes(), &parsed)
+            .map_err(|_| AuthError::InvalidCredential.into())
+    }
+    async fn generate_token(&self, user: User) -> Result<Token, AppError>;
 }

lib/src/auth/service.rs

@@ -1,16 +1,14 @@
-use axum::async_trait;
+use async_trait::async_trait;
 
-use super::AuthService;
+use crate::{user::User, AppError};
+
+use super::{AuthService, Token};
 
 pub struct AuthServiceJwt;
 
 #[async_trait]
 impl AuthService for AuthServiceJwt {
-    async fn authenticate(&self, token: &str) -> Result<(), ()> {
-        if token == "valid" {
-            Ok(())
-        } else {
-            Err(())
-        }
+    async fn generate_token(&self, user: User) -> Result<Token, AppError> {
+        todo!()
     }
 }

lib/src/auth/service_jwt.rs

@@ -0,0 +1,59 @@
+use axum::{
+    body::Body,
+    http::{Response, StatusCode},
+    response::IntoResponse,
+    Json,
+};
+use serde_json::json;
+
+use crate::auth::AuthError;
+
+#[derive(Debug, thiserror::Error)]
+pub enum AppError {
+    #[error("Authentication failed: {0}")]
+    Auth(#[from] AuthError),
+
+    #[error("Database error: {0}")]
+    Database(#[from] sqlx::Error),
+
+    #[error("Not found: {0}")]
+    NotFound(String),
+
+    #[error("Validation failed: {0}")]
+    Validation(String),
+
+    #[error("Internal error: {0}")]
+    Internal(String),
+
+    #[error("Internal error: {0}")]
+    MalformedData(#[from] serde_json::Error),
+}
+
+impl IntoResponse for AppError {
+    fn into_response(self) -> Response<Body> {
+        let (status, error_message) = match self {
+            AppError::Auth(_) => (StatusCode::UNAUTHORIZED, self.to_string()),
+            AppError::Database(_) => (
+                StatusCode::INTERNAL_SERVER_ERROR,
+                "Internal server error".to_string(),
+            ),
+            AppError::NotFound(msg) => (StatusCode::NOT_FOUND, msg),
+            AppError::Validation(msg) => (StatusCode::BAD_REQUEST, msg),
+            AppError::Internal(_) => (
+                StatusCode::INTERNAL_SERVER_ERROR,
+                "Internal server error".to_string(),
+            ),
+            AppError::MalformedData(_) => (
+                StatusCode::INTERNAL_SERVER_ERROR,
+                "Internal server error: Malformed data.".to_string(),
+            ),
+        };
+
+        let body = Json(json!({
+            "error": error_message,
+            "code": status.as_u16()
+        }));
+
+        (status, body).into_response()
+    }
+}