refactor: remove dead code annotations from UserService and SettingsStore traits

apps/api/src/cmd/start_server.rs

@@ -147,6 +147,7 @@ fn get_app_state(
 ) -> AppState {
     AppState {
         database_connection: db_connection.clone(),
+        config: Arc::new(settings.clone()),
         service: Arc::new(AppService {
             server_state: Arc::new(ServerStateService::new(db_connection.clone())),
             settings: Arc::new(SettingsService::new(db_connection.clone())),

apps/api/src/configs.rs

@@ -11,6 +11,8 @@ use tracing::{debug, error};
 pub trait FromConfig: Sized {
     fn from_config(config: &Config) -> Result<Self, String>;
     fn validate(&self) -> Result<(), String>;
+    #[cfg(test)]
+    fn mock() -> Self;
 }
 
 #[derive(Debug, Clone)]
@@ -40,6 +42,16 @@ impl FromConfig for ProgramSettings {
         self.auth.validate()?;
         Ok(())
     }
+
+    #[cfg(test)]
+    fn mock() -> Self {
+        ProgramSettings {
+            logging: logging::LoggingSettings::mock(),
+            database: database::DatabaseSettings::mock(),
+            server: server::ServerSettings::mock(),
+            auth: auth::AuthSettings::mock(),
+        }
+    }
 }
 
 pub fn get_program_settings() -> ProgramSettings {

apps/api/src/configs/auth.rs

@@ -48,4 +48,13 @@ impl FromConfig for AuthSettings {
     fn validate(&self) -> Result<(), String> {
         Ok(())
     }
+
+    #[cfg(test)]
+    fn mock() -> Self {
+        AuthSettings {
+            jwt_secret: Some("mock_jwt_secret".to_string()),
+            default_admin_username: Some("admin".to_string()),
+            default_admin_password: Some("password".to_string()),
+        }
+    }
 }

apps/api/src/configs/database.rs

@@ -50,4 +50,13 @@ impl FromConfig for DatabaseSettings {
     fn validate(&self) -> Result<(), String> {
         Ok(())
     }
+
+    #[cfg(test)]
+    fn mock() -> Self {
+        DatabaseSettings {
+            url: "sqlite::memory:".to_string(),
+            max_connections: 5,
+            migrate_on_startup: true,
+        }
+    }
 }

apps/api/src/configs/key.rs

@@ -5,6 +5,7 @@ pub(crate) const SERVER_ADDRESS_KEY: &str = "SERVER.ADDRESS";
 pub(crate) const SERVER_PORT_KEY: &str = "SERVER.PORT";
 pub(crate) const SERVER_SERVE_OPENAPI_KEY: &str = "SERVER.SERVE_OPENAPI";
 pub(crate) const SERVER_CORS_ALLOWED_ORIGINS_KEY: &str = "SERVER.CORS.ALLOWED_ORIGINS";
+pub(crate) const SERVER_COOKIES_SECURE_KEY: &str = "SERVER.COOKIES.SECURE";
 //
 pub(crate) const DATABASE_URL_KEY: &str = "DATABASE.URL";
 pub(crate) const DATABASE_MAX_CONNECTIONS_KEY: &str = "DATABASE.MAX_CONNECTIONS";

apps/api/src/configs/logging.rs

@@ -49,4 +49,12 @@ impl FromConfig for LoggingSettings {
     fn validate(&self) -> Result<(), String> {
         Ok(())
     }
+
+    #[cfg(test)]
+    fn mock() -> Self {
+        LoggingSettings {
+            level: Level::INFO,
+            utc: false,
+        }
+    }
 }

apps/api/src/configs/server.rs

@@ -3,7 +3,7 @@ use std::net::IpAddr;
 use config::{Config, ConfigError};
 use tracing::warn;
 
-use crate::configs::key::{SERVER_CORS_ALLOWED_ORIGINS_KEY, SERVER_SERVE_OPENAPI_KEY};
+use crate::configs::key::{SERVER_COOKIES_SECURE_KEY, SERVER_CORS_ALLOWED_ORIGINS_KEY, SERVER_SERVE_OPENAPI_KEY};
 
 use super::{
     FromConfig,
@@ -16,6 +16,7 @@ pub struct ServerSettings {
     pub port: u16,
     pub serve_openapi: bool,
     pub cors: CORSSettings,
+    pub cookies: CookiesSettings,
 }
 
 #[derive(Debug, Clone)]
@@ -23,6 +24,11 @@ pub struct CORSSettings {
     pub allowed_origins: Vec<String>,
 }
 
+#[derive(Debug, Clone)]
+pub struct CookiesSettings {
+    pub secure: bool,
+}
+
 impl FromConfig for ServerSettings {
     fn from_config(_config: &Config) -> Result<Self, String> {
         Ok(ServerSettings {
@@ -81,6 +87,24 @@ impl FromConfig for ServerSettings {
                     })
                     .collect(),
             },
+
+            cookies: CookiesSettings {
+                secure: _config
+                    .get_bool(SERVER_COOKIES_SECURE_KEY)
+                    .inspect(|is_secure| {
+                        if !*is_secure {
+                            warn!("Cookie 'secure' flag is disabled; this is not recommended in production environments.");
+                        } 
+                    })
+                    .unwrap_or_else(|err| {
+                        const DEFAULT_COOKIES_SECURE: bool = true;
+                        warn!(
+                            "{} not set or invalid in configuration, defaulting to {}. Error: {}",
+                            SERVER_COOKIES_SECURE_KEY, DEFAULT_COOKIES_SECURE, err
+                        );
+                        DEFAULT_COOKIES_SECURE
+                    }),
+            },
         })
     }
 
@@ -91,4 +115,19 @@ impl FromConfig for ServerSettings {
         }
         Ok(())
     }
-}
+
+    #[cfg(test)]
+    fn mock() -> Self {
+        ServerSettings {
+            address: "0.0.0.0".parse().unwrap(),
+            port: 8080,
+            serve_openapi: false,
+            cors: CORSSettings {
+                allowed_origins: vec![],
+            },
+            cookies: CookiesSettings {
+                secure: true,
+            },
+        }
+    }
+}

apps/api/src/middlewares/require_auth.rs

@@ -7,6 +7,7 @@ use axum::{
     response::Response,
 };
 use axum_extra::extract::cookie::CookieJar;
+use tracing::debug;
 use uuid::Uuid;
 
 use crate::{
@@ -25,6 +26,7 @@ pub async fn require_auth(
     let token = if let Some(cookie) = cookies.get(JWT_COOKIE_NAME) {
         cookie.value().to_string()
     } else {
+        debug!("No JWT cookie found. cookies: {:?}", cookies);
         return handle_unauthenticated().await;
     };
 

apps/api/src/routes.rs

@@ -9,7 +9,7 @@ use axum::{Extension, Router};
 use migration::sea_orm::DatabaseConnection;
 
 use crate::{
-    configs::server::CORSSettings,
+    configs::{ProgramSettings, server::CORSSettings},
     middlewares,
     services::{
         auth::{
@@ -23,10 +23,9 @@ use crate::{
 
 #[derive(Clone)]
 pub struct AppState {
-    #[allow(dead_code)]
     pub database_connection: Arc<DatabaseConnection>,
-    #[allow(dead_code)]
     pub service: Arc<AppService>,
+    pub config: Arc<ProgramSettings>,
 }
 
 pub type ServiceState<T> = Arc<T>;

apps/api/src/routes/api/auth/login.rs

@@ -11,7 +11,10 @@ use serde::{Deserialize, Serialize};
 use serde_json::{Value, from_value};
 use tracing::{error, warn};
 
-use crate::routes::{AppState, api::openapi::tag::AUTH_TAG};
+use crate::{
+    helpers::constants::JWT_COOKIE_NAME,
+    routes::{AppState, api::openapi::tag::AUTH_TAG},
+};
 
 /// Login request payload
 #[derive(Serialize, Deserialize, utoipa::ToSchema)]
@@ -81,9 +84,15 @@ pub async fn login(State(state): State<Arc<AppState>>, Json(payload): Json<Value
         .header(
             SET_COOKIE,
             format!(
-                "token={}; HttpOnly; Path=/; Max-Age={}; SameSite=Strict;",
+                "{}={}; HttpOnly; Path=/; Max-Age={}; SameSite=Strict;{}",
+                JWT_COOKIE_NAME,
                 jwt,
-                claims.exp - claims.iat
+                claims.exp - claims.iat,
+                if state.config.server.cookies.secure {
+                    " Secure;"
+                } else {
+                    ""
+                }
             ),
         )
         .body(Body::from(()));

apps/api/src/routes/api/health/info.rs

@@ -78,6 +78,7 @@ pub async fn get_health_info(
 
 #[cfg(test)]
 mod test {
+    use crate::configs::FromConfig;
     use crate::{
         routes::{AppState, api::health::state::HealthState},
         services::{
@@ -112,6 +113,7 @@ mod test {
 
         let app_state = Arc::new(AppState {
             database_connection: db.clone(),
+            config: Arc::new(crate::configs::ProgramSettings::mock()),
             service: Arc::new(crate::routes::AppService {
                 settings: Arc::new(SettingsService::new(db.clone())),
                 auth_state: crate::routes::AuthState {

apps/api/src/services/auth/authentication.rs

@@ -5,7 +5,7 @@ use std::{collections::HashSet, sync::Arc};
 use argon2::password_hash::{SaltString, rand_core::OsRng};
 use jsonwebtoken::{
     DecodingKey, EncodingKey, Header, Validation, decode, encode,
-    errors::ErrorKind::{ExpiredSignature, InvalidSubject, InvalidToken},
+    errors::ErrorKind::{ExpiredSignature, InvalidSignature, InvalidSubject, InvalidToken},
 };
 use sea_orm::prelude::Uuid;
 use serde::{Deserialize, Serialize};
@@ -124,7 +124,7 @@ impl AuthenticationService for AuthenticationServiceImpl {
         match decode::<Claims>(token, &decoding_key, &validation) {
             Ok(data) => Ok(Some(data.claims)),
             Err(err) => match *err.kind() {
-                InvalidToken | InvalidSubject | ExpiredSignature => Ok(None),
+                InvalidToken | InvalidSubject | ExpiredSignature | InvalidSignature => Ok(None),
                 _ => Err(ServiceError::InternalError(format!(
                     "JWT validation error: {}",
                     err

apps/api/src/services/auth/user.rs

@@ -51,7 +51,6 @@ pub trait UserService: Send + Sync {
 
 pub struct User {
     pub id: Uuid,
-    #[allow(dead_code)] // TODO: remove when used
     pub username: String,
     #[allow(dead_code)] // TODO: remove when used
     pub is_admin: bool,

apps/api/src/services/settings.rs

@@ -11,14 +11,11 @@ use crate::errors::service_error::ServiceError;
 
 #[async_trait::async_trait]
 pub trait SettingsStore: Send + Sync {
-    #[allow(dead_code)] // TODO: remove when used
     async fn get_setting(&self, key: &str) -> Result<String, ServiceError>;
-    #[allow(dead_code)] // TODO: remove when used
     async fn set_setting(&self, key: &str, value: String) -> Result<(), ServiceError>;
 }
 
 pub struct SettingsService {
-    #[allow(dead_code)] // TODO: remove when used
     connection: Arc<DatabaseConnection>,
 }