раскидал структуру для монорепозитория

backend/src/auth.rs

@@ -0,0 +1,90 @@
+use axum_login::{AuthUser, AuthnBackend, UserId};
+use sea_orm::{DatabaseConnection, EntityTrait, ColumnTrait, QueryFilter};
+use argon2::{
+    password_hash::{rand_core::OsRng, PasswordHash, PasswordHasher, PasswordVerifier, SaltString},
+    Argon2,
+};
+
+use crate::models::{user, User};
+
+#[derive(Debug, Clone)]
+pub struct AuthBackend {
+    pub db: DatabaseConnection,
+}
+
+impl AuthUser for user::Model {
+    type Id = i32;
+
+    fn id(&self) -> Self::Id {
+        self.id
+    }
+
+    fn session_auth_hash(&self) -> &[u8] {
+        self.password_hash.as_bytes()
+    }
+}
+
+#[derive(Debug, thiserror::Error)]
+pub enum Error {
+    #[error("Database error: {0}")]
+    Database(#[from] sea_orm::DbErr),
+    #[error("Password hashing error")]
+    PasswordHash,
+    #[error("Invalid credentials")]
+    InvalidCredentials,
+}
+
+#[derive(Debug, Clone)]
+pub struct Credentials {
+    pub username: String,
+    pub password: String,
+}
+
+#[async_trait::async_trait]
+impl AuthnBackend for AuthBackend {
+    type User = user::Model;
+    type Credentials = Credentials;
+    type Error = Error;
+
+    async fn authenticate(
+        &self,
+        creds: Self::Credentials,
+    ) -> Result<Option<Self::User>, Self::Error> {
+        let user = User::find()
+            .filter(user::Column::Username.eq(&creds.username))
+            .one(&self.db)
+            .await?;
+
+        if let Some(user) = user {
+            let parsed_hash = PasswordHash::new(&user.password_hash)
+                .map_err(|_| Error::PasswordHash)?;
+
+            let is_valid = Argon2::default()
+                .verify_password(creds.password.as_bytes(), &parsed_hash)
+                .is_ok();
+
+            if is_valid {
+                Ok(Some(user))
+            } else {
+                Err(Error::InvalidCredentials)
+            }
+        } else {
+            Err(Error::InvalidCredentials)
+        }
+    }
+
+    async fn get_user(&self, user_id: &UserId<Self>) -> Result<Option<Self::User>, Self::Error> {
+        let user = User::find_by_id(*user_id).one(&self.db).await?;
+        Ok(user)
+    }
+}
+
+pub fn hash_password(password: &str) -> Result<String, Error> {
+    let salt = SaltString::generate(&mut OsRng);
+    let argon2 = Argon2::default();
+
+    argon2
+        .hash_password(password.as_bytes(), &salt)
+        .map(|hash| hash.to_string())
+        .map_err(|_| Error::PasswordHash)
+}