likwid/backend/src/auth/middleware.rs

use axum::{
    extract::FromRequestParts,
    http::{request::Parts, StatusCode},
};
use uuid::Uuid;

use super::jwt::{verify_token, Claims};

pub struct AuthUser {
    pub user_id: Uuid,
    pub username: String,
}

impl<S> FromRequestParts<S> for AuthUser
where
    S: Send + Sync,
{
    type Rejection = (StatusCode, &'static str);

    async fn from_request_parts(parts: &mut Parts, _state: &S) -> Result<Self, Self::Rejection> {
        let auth_header = parts
            .headers
            .get("Authorization")
            .and_then(|value| value.to_str().ok())
            .ok_or((StatusCode::UNAUTHORIZED, "Missing authorization header"))?;

        let token = auth_header
            .strip_prefix("Bearer ")
            .ok_or((StatusCode::UNAUTHORIZED, "Invalid authorization header format"))?;

        let secret = std::env::var("JWT_SECRET").unwrap_or_else(|_| "dev-secret-change-in-production".to_string());

        let claims: Claims = verify_token(token, &secret)
            .map_err(|_| (StatusCode::UNAUTHORIZED, "Invalid token"))?;

        Ok(AuthUser {
            user_id: claims.sub,
            username: claims.username,
        })
    }
}
Initial commit: Likwid governance platform - Backend: Rust/Axum with PostgreSQL, plugin architecture - Frontend: Astro with polished UI - Voting methods: Approval, Ranked Choice, Schulze, STAR, Quadratic - Features: Liquid delegation, transparent moderation, structured deliberation - Documentation: User and admin guides in /docs - Deployment: Docker/Podman compose files for production and demo - Demo: Seeded data with 3 communities, 13 users, 7 proposals License: AGPLv3 2026-01-27 16:21:58 +00:00			`use axum::{`
			`extract::FromRequestParts,`
			`http::{request::Parts, StatusCode},`
			`};`
			`use uuid::Uuid;`

			`use super::jwt::{verify_token, Claims};`

			`pub struct AuthUser {`
			`pub user_id: Uuid,`
			`pub username: String,`
			`}`

			`impl<S> FromRequestParts<S> for AuthUser`
			`where`
			`S: Send + Sync,`
			`{`
			`type Rejection = (StatusCode, &'static str);`

			`async fn from_request_parts(parts: &mut Parts, _state: &S) -> Result<Self, Self::Rejection> {`
			`let auth_header = parts`
			`.headers`
			`.get("Authorization")`
			`.and_then(\|value\| value.to_str().ok())`
			`.ok_or((StatusCode::UNAUTHORIZED, "Missing authorization header"))?;`

			`let token = auth_header`
			`.strip_prefix("Bearer ")`
			`.ok_or((StatusCode::UNAUTHORIZED, "Invalid authorization header format"))?;`

			`let secret = std::env::var("JWT_SECRET").unwrap_or_else(\|_\| "dev-secret-change-in-production".to_string());`

			`let claims: Claims = verify_token(token, &secret)`
			`.map_err(\|_\| (StatusCode::UNAUTHORIZED, "Invalid token"))?;`

			`Ok(AuthUser {`
			`user_id: claims.sub,`
			`username: claims.username,`
			`})`
			`}`
			`}`