feat: support name for oauth sign in (#65)

* feat: support name for oauth sign in

* fix: add sqlx metadata

* feat: improve api, add name modifications

* fix: add sqlx query metadata

.sqlx/query-4cd579c6421d05807fb8433d14ea312db0977353e34ef04e2bab31e009151bb2.json

@@ -1,15 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n        INSERT INTO af_user (uuid, email)\n        SELECT $1, $2\n        WHERE NOT EXISTS (\n            SELECT 1 FROM public.af_user WHERE email = $2\n        )\n        AND NOT EXISTS (\n            SELECT 1 FROM public.af_user WHERE uuid = $1\n        )\n        ",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "Uuid",
-        "Text"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "4cd579c6421d05807fb8433d14ea312db0977353e34ef04e2bab31e009151bb2"
-}

.sqlx/query-6bbb6f2e06a63df25a7a50624f1931b50c481f29a36b0f9264c1c1d4439f5935.json

@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        INSERT INTO af_user (uuid, email, name)\n        SELECT $1, $2, $3\n        WHERE NOT EXISTS (\n            SELECT 1 FROM public.af_user WHERE email = $2\n        )\n        AND NOT EXISTS (\n            SELECT 1 FROM public.af_user WHERE uuid = $1\n        )\n        ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Uuid",
+        "Text",
+        "Text"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "6bbb6f2e06a63df25a7a50624f1931b50c481f29a36b0f9264c1c1d4439f5935"
+}

.sqlx/query-d9003caf83e3c1d85e9a2b732c1d1853e919f5af088d9e670b507599fc0fb331.json

@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        UPDATE af_user\n        SET name = $1\n        WHERE uuid = $2\n        ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Text",
+        "Uuid"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "d9003caf83e3c1d85e9a2b732c1d1853e919f5af088d9e670b507599fc0fb331"
+}

libs/client-api/src/http.rs

@@ -3,6 +3,8 @@ use gotrue_entity::OAuthURL;
 use reqwest::Method;
 use reqwest::RequestBuilder;
 use shared_entity::data::AppResponse;
+use shared_entity::dto::SignInParams;
+use shared_entity::dto::UserUpdateParams;
 use shared_entity::dto::WorkspaceMembersParams;
 use std::time::SystemTime;
 use storage_entity::AFWorkspaceMember;
@@ -205,11 +207,11 @@ impl Client {
 
   pub async fn sign_in_password(&mut self, email: &str, password: &str) -> Result<(), AppError> {
     let url = format!("{}/api/user/sign_in/password", self.base_url);
-    let payload = serde_json::json!({
-        "email": email,
-        "password": password,
-    });
-    let resp = self.http_client.post(&url).json(&payload).send().await?;
+    let params = SignInParams {
+      email: email.to_owned(),
+      password: password.to_owned(),
+    };
+    let resp = self.http_client.post(&url).json(&params).send().await?;
     self
       .token
       .set(AppResponse::from_response(resp).await?.into_data()?);
@@ -233,11 +235,11 @@ impl Client {
 
   pub async fn sign_up(&self, email: &str, password: &str) -> Result<(), AppError> {
     let url = format!("{}/api/user/sign_up", self.base_url);
-    let payload = serde_json::json!({
-        "email": email,
-        "password": password,
-    });
-    let resp = self.http_client.post(&url).json(&payload).send().await?;
+    let params = SignInParams {
+      email: email.to_owned(),
+      password: password.to_owned(),
+    };
+    let resp = self.http_client.post(&url).json(&params).send().await?;
     AppResponse::<()>::from_response(resp).await?.into_error()?;
     Ok(())
   }
@@ -254,16 +256,22 @@ impl Client {
     Ok(())
   }
 
-  pub async fn update(&mut self, email: &str, password: &str) -> Result<(), AppError> {
+  pub async fn update(
+    &mut self,
+    email: &str,
+    password: &str,
+    name: Option<&str>,
+  ) -> Result<(), AppError> {
     let url = format!("{}/api/user/update", self.base_url);
-    let payload = serde_json::json!({
-        "email": email,
-        "password": password,
-    });
+    let params = UserUpdateParams {
+      email: email.to_owned(),
+      password: password.to_owned(),
+      name: name.map(String::from),
+    };
     let resp = self
       .http_client_with_auth(Method::POST, &url)
       .await?
-      .json(&payload)
+      .json(&params)
       .send()
       .await?;
     let new_user = AppResponse::<User>::from_response(resp)

libs/shared-entity/src/dto.rs

@@ -5,3 +5,16 @@ pub struct WorkspaceMembersParams {
   pub workspace_uuid: uuid::Uuid,
   pub member_emails: Vec<String>,
 }
+
+#[derive(serde::Deserialize, serde::Serialize)]
+pub struct SignInParams {
+  pub email: String,
+  pub password: String,
+}
+
+#[derive(serde::Deserialize, serde::Serialize)]
+pub struct UserUpdateParams {
+  pub email: String,
+  pub password: String,
+  pub name: Option<String>,
+}

libs/storage/src/workspace.rs

@@ -5,15 +5,35 @@ use sqlx::{
 
 use storage_entity::{AFRole, AFUserProfileView, AFWorkspace, AFWorkspaceMember};
 
+pub async fn update_user_name(
+  pool: &PgPool,
+  gotrue_uuid: &uuid::Uuid,
+  name: &str,
+) -> Result<(), sqlx::Error> {
+  sqlx::query!(
+    r#"
+        UPDATE af_user
+        SET name = $1
+        WHERE uuid = $2
+        "#,
+    name,
+    gotrue_uuid
+  )
+  .execute(pool)
+  .await?;
+  Ok(())
+}
+
 pub async fn create_user_if_not_exists(
   pool: &PgPool,
   gotrue_uuid: &uuid::Uuid,
   email: &str,
+  name: &str,
 ) -> Result<(), sqlx::Error> {
   sqlx::query!(
     r#"
-        INSERT INTO af_user (uuid, email)
-        SELECT $1, $2
+        INSERT INTO af_user (uuid, email, name)
+        SELECT $1, $2, $3
         WHERE NOT EXISTS (
             SELECT 1 FROM public.af_user WHERE email = $2
         )
@@ -22,7 +42,8 @@ pub async fn create_user_if_not_exists(
         )
         "#,
     gotrue_uuid,
-    email
+    email,
+    name
   )
   .execute(pool)
   .await?;

src/api/user.rs

@@ -9,6 +9,7 @@ use crate::domain::{UserEmail, UserName, UserPassword};
 use crate::state::AppState;
 use gotrue_entity::{AccessTokenResponse, OAuthProvider, OAuthURL, User};
 use shared_entity::data::{AppResponse, JsonAppResponse};
+use shared_entity::dto::{SignInParams, UserUpdateParams};
 use shared_entity::error::AppError;
 use shared_entity::error_code::ErrorCode;
 use storage_entity::AFUserProfileView;
@@ -77,12 +78,19 @@ async fn profile_handler(
 
 async fn update_handler(
   auth: Authorization,
-  req: Json<LoginRequest>,
+  req: Json<UserUpdateParams>,
   state: Data<AppState>,
 ) -> Result<JsonAppResponse<User>> {
   let req = req.into_inner();
-  let user =
-    biz::user::update(&state.gotrue_client, &auth.token, &req.email, &req.password).await?;
+  let user = biz::user::update(
+    &state.pg_pool,
+    &state.gotrue_client,
+    &auth.token,
+    &req.email,
+    &req.password,
+    req.name.as_deref(),
+  )
+  .await?;
   Ok(AppResponse::Ok().with_data(user).into())
 }
 
@@ -100,7 +108,7 @@ async fn sign_out_handler(
 }
 
 async fn sign_in_password_handler(
-  req: Json<LoginRequest>,
+  req: Json<SignInParams>,
   state: Data<AppState>,
 ) -> Result<JsonAppResponse<AccessTokenResponse>> {
   let req = req.into_inner();
@@ -116,14 +124,15 @@ async fn sign_in_password_handler(
 }
 
 async fn sign_up_handler(
-  req: Json<LoginRequest>,
+  req: Json<SignInParams>,
   state: Data<AppState>,
 ) -> Result<JsonAppResponse<()>> {
+  let req = req.into_inner();
   biz::user::sign_up(
-    &state.gotrue_client,
-    &req.email,
-    &req.password,
     &state.pg_pool,
+    &state.gotrue_client,
+    req.email,
+    req.password,
   )
   .await?;
 

src/biz/user.rs

@@ -28,17 +28,17 @@ pub async fn refresh(
 
 #[instrument(level = "info", skip_all, err)]
 pub async fn sign_up(
-  gotrue_client: &Client,
-  email: &str,
-  password: &str,
   pg_pool: &PgPool,
+  gotrue_client: &Client,
+  email: String,
+  password: String,
 ) -> Result<(), AppError> {
-  validate_email_password(email, password)?;
-  let user = gotrue_client.sign_up(email, password).await??;
+  validate_email_password(&email, &password)?;
+  let user = gotrue_client.sign_up(&email, &password).await??;
   tracing::info!("user sign up: {:?}", user);
   if user.confirmed_at.is_some() {
     let gotrue_uuid = uuid::Uuid::from_str(&user.id)?;
-    storage::workspace::create_user_if_not_exists(pg_pool, &gotrue_uuid, &user.email).await?;
+    storage::workspace::create_user_if_not_exists(pg_pool, &gotrue_uuid, &user.email, "").await?;
   }
   Ok(())
 }
@@ -50,7 +50,8 @@ pub async fn info(
 ) -> Result<User, AppError> {
   let user = gotrue_client.user_info(access_token).await??;
   let user_uuid = uuid::Uuid::from_str(&user.id)?;
-  storage::workspace::create_user_if_not_exists(pg_pool, &user_uuid, &user.email).await?;
+  let name: String = name_from_user_metadata(&user.user_metadata);
+  storage::workspace::create_user_if_not_exists(pg_pool, &user_uuid, &user.email, &name).await?;
   Ok(user)
 }
 
@@ -88,20 +89,26 @@ pub async fn sign_in(
 ) -> Result<AccessTokenResponse, AppError> {
   let grant = Grant::Password(PasswordGrant { email, password });
   let token = gotrue_client.token(&grant).await??;
-
   let gotrue_uuid = uuid::Uuid::from_str(&token.user.id)?;
-  storage::workspace::create_user_if_not_exists(pg_pool, &gotrue_uuid, &token.user.email).await?;
+  storage::workspace::create_user_if_not_exists(pg_pool, &gotrue_uuid, &token.user.email, "")
+    .await?;
   Ok(token)
 }
 
 pub async fn update(
+  pg_pool: &PgPool,
   gotrue_client: &Client,
   token: &str,
   email: &str,
   password: &str,
+  name: Option<&str>,
 ) -> Result<User, AppError> {
   validate_email_password(email, password)?;
   let user = gotrue_client.update_user(token, email, password).await??;
+  let user_uuid = user.id.parse::<uuid::Uuid>()?;
+  if let Some(name) = name {
+    storage::workspace::update_user_name(pg_pool, &user_uuid, name).await?;
+  }
   Ok(user)
 }
 
@@ -114,3 +121,14 @@ fn validate_email_password(email: &str, password: &str) -> Result<(), AppError>
     Ok(())
   }
 }
+
+// Best effort to get user's name after oauth
+fn name_from_user_metadata(value: &serde_json::Value) -> String {
+  value
+    .get("name")
+    .or(value.get("full_name"))
+    .or(value.get("nickname"))
+    .and_then(serde_json::Value::as_str)
+    .map(str::to_string)
+    .unwrap_or(String::new())
+}

src/component/auth/jwt.rs

@@ -4,9 +4,10 @@ use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
 
 use secrecy::ExposeSecret;
 use serde::{Deserialize, Serialize};
-use sqlx::types::uuid;
+use sqlx::types::{uuid, Uuid};
 use std::fmt::{Display, Formatter};
 use std::ops::Deref;
+use std::str::FromStr;
 
 use crate::state::AppState;
 
@@ -19,21 +20,7 @@ pub struct UserUuid(uuid::Uuid);
 
 impl UserUuid {
   pub fn from_auth(auth: Authorization) -> Result<Self, actix_web::Error> {
-    let uuid = auth
-      .claims
-      .sub
-      .ok_or(actix_web::error::ErrorUnauthorized(
-        "Invalid Authorization header, missing sub(uuid)",
-      ))
-      .map(|sub| {
-        uuid::Uuid::parse_str(&sub).map_err(|e| {
-          actix_web::error::ErrorUnauthorized(format!(
-            "Invalid Authorization header, invalid sub(uuid): {}",
-            e
-          ))
-        })
-      })?;
-    Ok(Self(uuid?))
+    Ok(Self(auth.uuid()?))
   }
 }
 
@@ -83,8 +70,21 @@ pub struct Authorization {
 }
 
 impl Authorization {
-  pub fn uuid(&self) -> Option<String> {
-    self.claims.sub.clone()
+  pub fn uuid(&self) -> Result<uuid::Uuid, actix_web::Error> {
+    self
+      .claims
+      .sub
+      .as_deref()
+      .map(Uuid::from_str)
+      .ok_or(actix_web::error::ErrorUnauthorized(
+        "Invalid Authorization header, missing sub(uuid)",
+      ))?
+      .map_err(|e| {
+        actix_web::error::ErrorUnauthorized(format!(
+          "Invalid Authorization header, invalid sub(uuid): {}",
+          e
+        ))
+      })
   }
 }
 

tests/client/sign_in.rs

@@ -19,7 +19,6 @@ async fn sign_in_wrong_password() {
 
   let email = generate_unique_email();
   let password = "Hello123!";
-
   c.sign_up(&email, password).await.unwrap();
 
   let wrong_password = "Hllo123!";
@@ -37,7 +36,6 @@ async fn sign_in_unconfirmed_email() {
 
   let email = generate_unique_email();
   let password = "Hello123!";
-
   c.sign_up(&email, password).await.unwrap();
 
   let err = c.sign_in_password(&email, password).await.unwrap_err();

tests/client/sign_up.rs

@@ -18,8 +18,10 @@ async fn sign_up_success() {
 async fn sign_up_invalid_email() {
   let invalid_email = "not_email_address";
   let password = "Hello!123#";
-  let c = client_api_client();
-  let error = c.sign_up(invalid_email, password).await.unwrap_err();
+  let error = client_api_client()
+    .sign_up(invalid_email, password)
+    .await
+    .unwrap_err();
   assert_eq!(error.code, ErrorCode::InvalidEmail);
   assert_eq!(error.message, "invalid email: not_email_address");
 }

tests/client/update.rs

@@ -8,7 +8,7 @@ async fn update_but_not_logged_in() {
   let mut c = client_api_client();
   let new_email = generate_unique_email();
   let new_password = "Hello123!";
-  let res = c.update(&new_email, new_password).await;
+  let res = c.update(&new_email, new_password, None).await;
   assert!(res.is_err());
 }
 
@@ -21,7 +21,11 @@ async fn update_password_same_password() {
   c.sign_in_password(&user.email, &user.password)
     .await
     .unwrap();
-  let err = c.update(&user.email, &user.password).await.err().unwrap();
+  let err = c
+    .update(&user.email, &user.password, None)
+    .await
+    .err()
+    .unwrap();
   assert_eq!(err.code, ErrorCode::InvalidPassword);
   assert_eq!(
     err.message,
@@ -41,12 +45,12 @@ async fn update_password_and_revert() {
     c.sign_in_password(&user.email, &user.password)
       .await
       .unwrap();
-    c.update(&user.email, new_password).await.unwrap();
+    c.update(&user.email, new_password, None).await.unwrap();
   }
   {
     // revert password to old_password
     let mut c = client_api_client();
     c.sign_in_password(&user.email, new_password).await.unwrap();
-    c.update(&user.email, &user.password).await.unwrap();
+    c.update(&user.email, &user.password, None).await.unwrap();
   }
 }