Feature: Added authentication to REST and GraphQL

Author: tnsc

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "email-sanitizer"
-version = "0.9.0+sprint4"
+version = "0.10.0+sprint5"
 edition = "2024"
 
 [dependencies]
@@ -22,6 +22,10 @@ mockall = "0.13.1"
 redis = { version = "0.32.5", features = ["tokio-comp", "connection-manager"] }
 actix-http = "3.10.0"
 uuid = { version = "1.0", features = ["v4"] }
+async-trait = "0.1"
+jsonwebtoken = "9.3"
+sha2 = "0.10"
+bcrypt = "0.15"
 
 [dev-dependencies]
 husky = "0.3.0"

Cargo.toml

@@ -0,0 +1,30 @@
+# Manual Testing Guide
+
+## Authentication Flow
+
+1. **Register a user**: Run `POST-register.http` to create a user and get an API key
+2. **Copy the API key**: From the response, copy the `api_key` value
+3. **Use in authenticated requests**: Replace `YOUR_API_KEY_HERE` in auth test files
+
+## Test Files
+
+### Authentication Tests
+- `POST-register.http` - Register new user and generate API key
+- `POST-register_duplicate.http` - Test duplicate registration (should fail)
+- `POST-register_invalid.http` - Test invalid registration data
+- `POST-auth_invalid_key.http` - Test invalid API key formats
+
+### Email Validation (Authenticated)
+- `POST-email_valid_with_auth.http` - Validate email with API key
+- `POST-emails_bulk_with_auth.http` - Bulk validation with API key
+- `GET-job_status_with_auth.http` - Job status with API key
+
+### Email Validation (Public)
+- `POST-email_valid.http` - Public email validation
+- `POST-email_invalid_*.http` - Various invalid email tests
+
+## API Key Format
+
+Generated API keys have the format: `{hash_prefix}.{jwt_token}`
+- Hash prefix: First 16 chars of SHA-256(email + password_hash)
+- JWT token: Contains email and expiration (30 days)

manual-testing/README.md

@@ -0,0 +1,37 @@
+# Valid email validation with authentication
+# First run POST-register.http to get an API key, then add it to HTTP headers:
+# Authorization: Bearer YOUR_API_KEY_HERE
+query ValidateEmailWithAuth {
+  validateEmail(email: "test@example.com") {
+    isValid
+    status
+    error {
+      code
+      message
+    }
+  }
+}
+
+# Bulk validation with authentication
+query BulkValidationWithAuth {
+  validateEmailsBulk(emails: ["test@example.com", "user@example.org"]) {
+    results {
+      email
+      validation {
+        isValid
+        status
+        error {
+          code
+          message
+        }
+      }
+    }
+    validCount
+    invalidCount
+  }
+}
+
+# Job status with authentication
+query JobStatusWithAuth {
+  getJobStatus(jobId: "test-job-id")
+}

manual-testing/graphql/email-validation-with-auth.graphql

@@ -0,0 +1,9 @@
+### Job status with valid API key
+### First run POST-register.http to get an API key, then replace YOUR_API_KEY_HERE
+GET http://localhost:8080/api/v1/job-status/test-job-id
+Authorization: Bearer YOUR_API_KEY_HERE
+
+###
+
+### Job status without API key (should fail)
+GET http://localhost:8080/api/v1/job-status/test-job-id

manual-testing/rest/GET-job_status_with_auth.http

@@ -0,0 +1,19 @@
+### Test with invalid API key
+POST http://localhost:8080/api/v1/validate-email
+Authorization: Bearer invalid-key-format
+Content-Type: application/json
+
+{
+  "email": "test@example.com"
+}
+
+###
+
+### Test with malformed JWT
+POST http://localhost:8080/api/v1/validate-email
+Authorization: Bearer abcd1234.invalid-jwt-token
+Content-Type: application/json
+
+{
+  "email": "test@example.com"
+}

manual-testing/rest/POST-auth_invalid_key.http

@@ -0,0 +1,18 @@
+### Email validation without API key (should fail)
+POST http://localhost:8080/api/v1/validate-email
+Content-Type: application/json
+
+{
+  "email": "test@example.com"
+}
+
+###
+
+### Email validation with invalid API key (should fail)
+POST http://localhost:8080/api/v1/validate-email
+Authorization: Bearer invalid-key
+Content-Type: application/json
+
+{
+  "email": "test@example.com"
+}

manual-testing/rest/POST-email_unauthorized.http

@@ -0,0 +1,9 @@
+### Valid email with valid API key
+### First run POST-register.http to get an API key, then replace YOUR_API_KEY_HERE
+POST http://localhost:8080/api/v1/validate-email
+Authorization: Bearer YOUR_API_KEY_HERE
+Content-Type: application/json
+
+{
+  "email": "test@example.com"
+}

manual-testing/rest/POST-email_valid_with_auth.http

@@ -0,0 +1,9 @@
+### Bulk email validation with valid API key
+### First run POST-register.http to get an API key, then replace YOUR_API_KEY_HERE
+POST http://localhost:8080/api/v1/validate-emails-bulk
+Authorization: Bearer YOUR_API_KEY_HERE
+Content-Type: application/json
+
+{
+  "emails": ["test@example.com", "user@example.org"]
+}

manual-testing/rest/POST-emails_bulk_with_auth.http

@@ -0,0 +1,8 @@
+### Register user and generate API key
+POST http://localhost:8080/api/v1/register
+Content-Type: application/json
+
+{
+  "email": "test@example.com",
+  "password": "mypassword123"
+}