px_auth/application/
verify_key.rs

1use crate::domain::key_store::{ApiKeyRecord, KeyStore};
2use argon2::Argon2;
3use argon2::password_hash::{PasswordHash, PasswordVerifier};
4use px_errors::AppError;
5use std::sync::Arc;
6
7pub struct VerifyKey {
8    store: Arc<dyn KeyStore>,
9}
10
11impl VerifyKey {
12    pub fn new(store: Arc<dyn KeyStore>) -> Self {
13        Self { store }
14    }
15
16    pub async fn execute(&self, key_id: &str, secret: &str) -> Result<ApiKeyRecord, AppError> {
17        let record = self
18            .store
19            .find_by_id(key_id)
20            .await?
21            .ok_or_else(|| AppError::Unauthorized("unknown api key id".into()))?;
22        let parsed = PasswordHash::new(&record.argon2_hash)
23            .map_err(|e| AppError::InternalError(format!("hash parse: {e}")))?;
24        Argon2::default()
25            .verify_password(secret.as_bytes(), &parsed)
26            .map_err(|_| AppError::Unauthorized("invalid api key secret".into()))?;
27        Ok(record)
28    }
29}
px_auth/application/verify_key.rs

px_auth/application/
verify_key.rs
