Turn auth into a middleware
This commit is contained in:
parent
297787739b
commit
fb71460fc3
1 changed files with 41 additions and 6 deletions
|
|
@ -1,3 +1,14 @@
|
||||||
|
use std::collections::HashMap;
|
||||||
|
|
||||||
|
use axum::{
|
||||||
|
extract::{Path, Request, State},
|
||||||
|
middleware::Next,
|
||||||
|
response::Response,
|
||||||
|
};
|
||||||
|
use axum_extra::{
|
||||||
|
TypedHeader,
|
||||||
|
headers::{Authorization, authorization::Bearer},
|
||||||
|
};
|
||||||
use log::info;
|
use log::info;
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
|
|
@ -6,9 +17,32 @@ use crate::{
|
||||||
errors::{SyncServerError, permission_denied_error, unauthenticated_error},
|
errors::{SyncServerError, permission_denied_error, unauthenticated_error},
|
||||||
};
|
};
|
||||||
|
|
||||||
// TODO: turn this into a middleware
|
|
||||||
pub fn auth(app_state: &AppState, token: &str, vault: &VaultId) -> Result<User, SyncServerError> {
|
pub async fn auth_middleware(
|
||||||
let user = app_state
|
State(state): State<AppState>,
|
||||||
|
Path(path_params): Path<HashMap<String, String>>,
|
||||||
|
TypedHeader(auth_header): TypedHeader<Authorization<Bearer>>,
|
||||||
|
mut req: Request,
|
||||||
|
next: Next,
|
||||||
|
) -> Result<Response, SyncServerError> {
|
||||||
|
let token = auth_header.token();
|
||||||
|
let vault_id = path_params
|
||||||
|
.get("vault_id")
|
||||||
|
.ok_or_else(|| unauthenticated_error(anyhow::anyhow!("Missing vault_id")))?;
|
||||||
|
|
||||||
|
let user = auth(&state, token, vault_id)?;
|
||||||
|
|
||||||
|
req.extensions_mut().insert(user);
|
||||||
|
|
||||||
|
Ok(next.run(req).await)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn auth(
|
||||||
|
state: &AppState,
|
||||||
|
token: &str,
|
||||||
|
vault_id: &VaultId,
|
||||||
|
) -> Result<User, SyncServerError> {
|
||||||
|
let user = state
|
||||||
.config
|
.config
|
||||||
.users
|
.users
|
||||||
.get_user(token)
|
.get_user(token)
|
||||||
|
|
@ -19,16 +53,17 @@ pub fn auth(app_state: &AppState, token: &str, vault: &VaultId) -> Result<User,
|
||||||
|
|
||||||
if match user.vault_access {
|
if match user.vault_access {
|
||||||
VaultAccess::AllowAccessToAll => true,
|
VaultAccess::AllowAccessToAll => true,
|
||||||
VaultAccess::AllowList(AllowListedVaults { ref allowed }) => allowed.contains(vault),
|
VaultAccess::AllowList(AllowListedVaults { ref allowed }) => allowed.contains(vault_id),
|
||||||
} {
|
} {
|
||||||
info!(
|
info!(
|
||||||
"User `{}` is authorised to access to vault `{}`",
|
"User `{}` is authorised to access to vault `{}`",
|
||||||
user.name, vault
|
user.name, vault_id
|
||||||
);
|
);
|
||||||
|
|
||||||
Ok(user)
|
Ok(user)
|
||||||
} else {
|
} else {
|
||||||
Err(permission_denied_error(anyhow::anyhow!(
|
Err(permission_denied_error(anyhow::anyhow!(
|
||||||
"Permission denied for vault `{vault}`"
|
"Permission denied for vault `{vault_id}`"
|
||||||
)))
|
)))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue