diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/auth.rs | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/src/auth.rs b/src/auth.rs index 95f2378..ced9e8e 100644 --- a/src/auth.rs +++ b/src/auth.rs | |||
| @@ -1,14 +1,18 @@ | |||
| 1 | use crate::error::Error; | 1 | use crate::error::{handle_rejection, Error}; |
| 2 | use crate::schema::{Db, Transaction}; | 2 | use crate::schema::{Db, Transaction}; |
| 3 | use anyhow::{anyhow, Context, Result}; | 3 | use std::convert::Infallible; |
| 4 | // use anyhow::{anyhow, Context, Result}; | ||
| 4 | use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; | 5 | use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation}; |
| 5 | use serde::{Deserialize, Serialize}; | 6 | use serde::{Deserialize, Serialize}; |
| 6 | use thiserror::Error; | 7 | // use std::fmt::Display; |
| 8 | // use thiserror::Error; | ||
| 7 | use warp::header::headers_cloned; | 9 | use warp::header::headers_cloned; |
| 8 | use warp::http::header::{HeaderMap, HeaderValue, AUTHORIZATION}; | 10 | use warp::http::header::{HeaderMap, HeaderValue, AUTHORIZATION}; |
| 11 | use warp::http::StatusCode; | ||
| 9 | use warp::reject; | 12 | use warp::reject; |
| 10 | use warp::reject::Reject; | 13 | use warp::reject::Reject; |
| 11 | use warp::{Filter, Rejection}; | 14 | use warp::reject::Rejection; |
| 15 | use warp::Filter; | ||
| 12 | 16 | ||
| 13 | const BEARER: &str = "Bearer "; | 17 | const BEARER: &str = "Bearer "; |
| 14 | const PUBLIC_KEY_PEM: &str = "-----BEGIN PUBLIC KEY----- | 18 | const PUBLIC_KEY_PEM: &str = "-----BEGIN PUBLIC KEY----- |
| @@ -69,10 +73,13 @@ struct Claims { | |||
| 69 | // } | 73 | // } |
| 70 | // impl warp::reject::Reject for Nope {} | 74 | // impl warp::reject::Reject for Nope {} |
| 71 | 75 | ||
| 72 | #[derive(Debug)] | 76 | #[derive(Error, Debug)] |
| 73 | struct LessThanTenError {} | 77 | pub enum DataStoreError { |
| 78 | #[error("invalid header")] | ||
| 79 | InvalidHeader {}, | ||
| 80 | } | ||
| 74 | 81 | ||
| 75 | impl Reject for LessThanTenError {} | 82 | impl Reject for DataStoreError {} |
| 76 | 83 | ||
| 77 | // impl From<LessThanTenError> for Rejection { | 84 | // impl From<LessThanTenError> for Rejection { |
| 78 | // fn from(other: LessThanTenError) -> Self { | 85 | // fn from(other: LessThanTenError) -> Self { |
| @@ -87,15 +94,15 @@ pub fn with_auth( | |||
| 87 | headers_cloned() | 94 | headers_cloned() |
| 88 | .map(move |headers: HeaderMap<HeaderValue>| (db.clone(), headers)) | 95 | .map(move |headers: HeaderMap<HeaderValue>| (db.clone(), headers)) |
| 89 | .and_then(authorize) | 96 | .and_then(authorize) |
| 97 | .recover(handle_rejection()) | ||
| 90 | } | 98 | } |
| 91 | 99 | ||
| 92 | async fn authorize((db, headers): (Db, HeaderMap<HeaderValue>)) -> Result<String, Error> { | 100 | async fn authorize((db, headers): (Db, HeaderMap<HeaderValue>)) -> Result<String, Infallible> { |
| 93 | match jwt_from_header(&headers) { | 101 | match jwt_from_header(&headers) { |
| 94 | Ok(jwt) => { | 102 | Ok(jwt) => { |
| 95 | let decoded = decode::<Claims>( | 103 | let decoded = decode::<Claims>( |
| 96 | &jwt, | 104 | &jwt, |
| 97 | // TODO: what key are we using here? pass db/pw store here to get the claimant's | 105 | // TODO: what key are we using here? pass db/pw store here to get the claimant's public key <10-04-21, yigit> // |
| 98 | // public key <10-04-21, yigit> // | ||
| 99 | &DecodingKey::from_rsa_pem(PUBLIC_KEY_PEM.as_bytes()).unwrap(), | 106 | &DecodingKey::from_rsa_pem(PUBLIC_KEY_PEM.as_bytes()).unwrap(), |
| 100 | &Validation::new(Algorithm::HS512), | 107 | &Validation::new(Algorithm::HS512), |
| 101 | ) | 108 | ) |
| @@ -104,7 +111,7 @@ async fn authorize((db, headers): (Db, HeaderMap<HeaderValue>)) -> Result<String | |||
| 104 | 111 | ||
| 105 | Ok(decoded.claims.puk) | 112 | Ok(decoded.claims.puk) |
| 106 | } | 113 | } |
| 107 | Err(e) => return Err(anyhow!("missing!")), | 114 | Err(e) => return (StatusCode::UNAUTHORIZED, e.to_string()), |
| 108 | // warp error | 115 | // warp error |
| 109 | } | 116 | } |
| 110 | } | 117 | } |