diff options
Diffstat (limited to 'src/auth.rs')
-rw-r--r-- | src/auth.rs | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/src/auth.rs b/src/auth.rs index 95f2378..ced9e8e 100644 --- a/src/auth.rs +++ b/src/auth.rs | |||
@@ -1,14 +1,18 @@ | |||
1 | use crate::error::Error; | 1 | use crate::error::{handle_rejection, Error}; |
2 | use crate::schema::{Db, Transaction}; | 2 | use crate::schema::{Db, Transaction}; |
3 | use anyhow::{anyhow, Context, Result}; | 3 | use std::convert::Infallible; |
4 | // use anyhow::{anyhow, Context, Result}; | ||
4 | use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; | 5 | use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; |
5 | use serde::{Deserialize, Serialize}; | 6 | use serde::{Deserialize, Serialize}; |
6 | use thiserror::Error; | 7 | // use std::fmt::Display; |
8 | // use thiserror::Error; | ||
7 | use warp::header::headers_cloned; | 9 | use warp::header::headers_cloned; |
8 | use warp::http::header::{HeaderMap, HeaderValue, AUTHORIZATION}; | 10 | use warp::http::header::{HeaderMap, HeaderValue, AUTHORIZATION}; |
11 | use warp::http::StatusCode; | ||
9 | use warp::reject; | 12 | use warp::reject; |
10 | use warp::reject::Reject; | 13 | use warp::reject::Reject; |
11 | use warp::{Filter, Rejection}; | 14 | use warp::reject::Rejection; |
15 | use warp::Filter; | ||
12 | 16 | ||
13 | const BEARER: &str = "Bearer "; | 17 | const BEARER: &str = "Bearer "; |
14 | const PUBLIC_KEY_PEM: &str = "-----BEGIN PUBLIC KEY----- | 18 | const PUBLIC_KEY_PEM: &str = "-----BEGIN PUBLIC KEY----- |
@@ -69,10 +73,13 @@ struct Claims { | |||
69 | // } | 73 | // } |
70 | // impl warp::reject::Reject for Nope {} | 74 | // impl warp::reject::Reject for Nope {} |
71 | 75 | ||
72 | #[derive(Debug)] | 76 | #[derive(Error, Debug)] |
73 | struct LessThanTenError {} | 77 | pub enum DataStoreError { |
78 | #[error("invalid header")] | ||
79 | InvalidHeader {}, | ||
80 | } | ||
74 | 81 | ||
75 | impl Reject for LessThanTenError {} | 82 | impl Reject for DataStoreError {} |
76 | 83 | ||
77 | // impl From<LessThanTenError> for Rejection { | 84 | // impl From<LessThanTenError> for Rejection { |
78 | // fn from(other: LessThanTenError) -> Self { | 85 | // fn from(other: LessThanTenError) -> Self { |
@@ -87,15 +94,15 @@ pub fn with_auth( | |||
87 | headers_cloned() | 94 | headers_cloned() |
88 | .map(move |headers: HeaderMap<HeaderValue>| (db.clone(), headers)) | 95 | .map(move |headers: HeaderMap<HeaderValue>| (db.clone(), headers)) |
89 | .and_then(authorize) | 96 | .and_then(authorize) |
97 | .recover(handle_rejection()) | ||
90 | } | 98 | } |
91 | 99 | ||
92 | async fn authorize((db, headers): (Db, HeaderMap<HeaderValue>)) -> Result<String, Error> { | 100 | async fn authorize((db, headers): (Db, HeaderMap<HeaderValue>)) -> Result<String, Infallible> { |
93 | match jwt_from_header(&headers) { | 101 | match jwt_from_header(&headers) { |
94 | Ok(jwt) => { | 102 | Ok(jwt) => { |
95 | let decoded = decode::<Claims>( | 103 | let decoded = decode::<Claims>( |
96 | &jwt, | 104 | &jwt, |
97 | // TODO: what key are we using here? pass db/pw store here to get the claimant's | 105 | // TODO: what key are we using here? pass db/pw store here to get the claimant's public key <10-04-21, yigit> // |
98 | // public key <10-04-21, yigit> // | ||
99 | &DecodingKey::from_rsa_pem(PUBLIC_KEY_PEM.as_bytes()).unwrap(), | 106 | &DecodingKey::from_rsa_pem(PUBLIC_KEY_PEM.as_bytes()).unwrap(), |
100 | &Validation::new(Algorithm::HS512), | 107 | &Validation::new(Algorithm::HS512), |
101 | ) | 108 | ) |
@@ -104,7 +111,7 @@ async fn authorize((db, headers): (Db, HeaderMap<HeaderValue>)) -> Result<String | |||
104 | 111 | ||
105 | Ok(decoded.claims.puk) | 112 | Ok(decoded.claims.puk) |
106 | } | 113 | } |
107 | Err(e) => return Err(anyhow!("missing!")), | 114 | Err(e) => return (StatusCode::UNAUTHORIZED, e.to_string()), |
108 | // warp error | 115 | // warp error |
109 | } | 116 | } |
110 | } | 117 | } |