savanni
/
monorepo
1
0
Fork 0
Code Issues 77 Pull Requests Projects 6 Releases Wiki Activity

Set up authentication routes

This commit is contained in:
Savanni D'Gerinel 2023-10-03 11:10:37 -04:00
parent 2cabcc46aa
commit 791adbb085
6 changed files with 936 additions and 554 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

758
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

51
file-service/Cargo.toml
View File

@ -7,29 +7,28 @@ edition = "2018"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
build_html = { version = "2" }
chrono = { version = "0.4", features = ["serde"] }
hex-string = "0.1.0"
http = { version = "0.2" }
image = "0.23.5"
iron = "0.6.1"
logger = "*"
mime = "0.3.16"
mime_guess = "2.0.3"
mustache = "0.9.0"
orizentic = { path = "../orizentic" }
params = "*"
router = "*"
serde_json = "*"
serde = { version = "1.0", features = ["derive"] }
sha2 = "0.10"
thiserror = "1.0.20"
tokio = { version = "1", features = [ "full" ] }
uuid = { version = "0.4", features = [ "serde", "v4" ] }
warp = { version = "0.3" }
pretty_env_logger = { version = "0.5" }
log = { version = "0.4" }
bytes = { version = "1" }
futures-util = { version = "0.3" }
cool_asserts = { version = "2" }
tempdir = { version = "0.3" }
build_html = { version = "2" }
bytes = { version = "1" }
chrono = { version = "0.4", features = ["serde"] }
futures-util = { version = "0.3" }
hex-string = "0.1.0"
http = { version = "0.2" }
image = "0.23.5"
logger = "*"
log = { version = "0.4" }
mime = "0.3.16"
mime_guess = "2.0.3"
pretty_env_logger = { version = "0.5" }
serde_json = "*"
serde = { version = "1.0", features = ["derive"] }
sha2 = "0.10"
sqlx = { version = "0.7", features = [ "runtime-tokio", "sqlite" ] }
thiserror = "1.0.20"
tokio = { version = "1", features = [ "full" ] }
uuid = { version = "0.4", features = [ "serde", "v4" ] }
warp = { version = "0.3" }
[dev-dependencies]
cool_asserts = { version = "2" }
tempdir = { version = "0.3" }

113
file-service/src/handlers.rs Normal file
View File

@ -0,0 +1,113 @@
use build_html::Html;
use http::{Error, StatusCode};
use std::{collections::HashMap, future::Future};
use warp::http::Response;
use crate::{pages, App, FileHandle, FileId, FileInfo, ReadFileError, SessionToken};
pub async fn handle_index(
app: App,
token: Option<SessionToken>,
) -> Result<Response<String>, Error> {
match token {
Some(token) => match app.auth_session(token).await {
Ok(_) => render_gallery_page(app).await,
Err(err) => render_auth_page(Some(format!("authentication refused: {:?}", err))),
},
None => render_auth_page(None),
}
}
pub fn render_auth_page(message: Option<String>) -> Result<Response<String>, Error> {
Response::builder()
.status(StatusCode::OK)
.body(pages::auth(message).to_html_string())
}
pub async fn render_gallery_page(app: App) -> Result<Response<String>, Error> {
match app.list_files().await {
Ok(ids) => {
let mut files = vec![];
for id in ids.into_iter() {
let file = app.get_file(&id).await;
files.push(file);
}
Response::builder()
.header("content-type", "text/html")
.status(StatusCode::OK)
.body(pages::gallery(files).to_html_string())
}
Err(_) => Response::builder()
.header("content-type", "text/html")
.status(StatusCode::INTERNAL_SERVER_ERROR)
.body("".to_owned()),
}
}
pub async fn thumbnail(
app: App,
id: String,
old_etags: Option<String>,
) -> Result<Response<Vec<u8>>, Error> {
match app.get_file(&FileId::from(id)).await {
Ok(file) => serve_file(file.info.clone(), || file.thumbnail(), old_etags),
Err(_err) => Response::builder()
.status(StatusCode::NOT_FOUND)
.body(vec![]),
}
}
pub async fn file(
app: App,
id: String,
old_etags: Option<String>,
) -> Result<Response<Vec<u8>>, Error> {
match app.get_file(&FileId::from(id)).await {
Ok(file) => serve_file(file.info.clone(), || file.thumbnail(), old_etags),
Err(_err) => Response::builder()
.status(StatusCode::NOT_FOUND)
.body(vec![]),
}
}
pub async fn handle_auth(_form: HashMap<String, String>) -> Result<http::Response<String>, Error> {
Response::builder()
.status(StatusCode::NOT_IMPLEMENTED)
.body("".to_owned())
}
pub async fn handle_upload(
_app: App,
_token: SessionToken,
) -> Result<http::Response<String>, Error> {
println!("handle_upload");
Response::builder()
.status(StatusCode::NOT_IMPLEMENTED)
.body("".to_owned())
}
fn serve_file<F>(
info: FileInfo,
file: F,
old_etags: Option<String>,
) -> http::Result<http::Response<Vec<u8>>>
where
F: FnOnce() -> Result<Vec<u8>, ReadFileError>,
{
match old_etags {
Some(old_etags) if old_etags != info.hash => Response::builder()
.header("content-type", info.file_type)
.status(StatusCode::NOT_MODIFIED)
.body(vec![]),
_ => match file() {
Ok(content) => Response::builder()
.header("content-type", info.file_type)
.header("etag", info.hash)
.status(StatusCode::OK)
.body(content),
Err(_) => Response::builder()
.status(StatusCode::INTERNAL_SERVER_ERROR)
.body(vec![]),
},
}
}

414
file-service/src/main.rs
View File

@ -1,250 +1,44 @@
#[macro_use]
extern crate log;
use handlers::{file, handle_auth, handle_upload, thumbnail};
use http::status::StatusCode;
// use mustache::{compile_path, Template};
// use orizentic::{Permissions, ResourceName, Secret};
use build_html::Html;
use bytes::Buf;
use futures_util::StreamExt;
use std::{
collections::HashMap,
convert::Infallible,
io::Read,
net::{IpAddr, Ipv4Addr, SocketAddr},
path::PathBuf,
sync::{Arc, RwLock},
};
use warp::{filters::multipart::Part, Filter};
use store::Username;
use warp::{filters::multipart::Part, Filter, Rejection};
// mod cookies;
mod handlers;
mod html;
// mod middleware;
mod pages;
mod store;
pub use store::{FileHandle, FileId, FileInfo, ReadFileError, Store};
pub use handlers::handle_index;
pub use store::{App, AuthDB, FileHandle, FileId, FileInfo, ReadFileError, SessionToken, Store};
/*
fn is_admin(resource: &ResourceName, permissions: &Permissions) -> bool {
let Permissions(perms) = permissions;
ResourceName(String::from(
"https://savanni.luminescent-dreams.com/file-service/",
)) == *resource
&& perms.contains(&String::from("admin"))
}
pub fn compare_etags(info: FileInfo, etag_list: &headers::IfNoneMatch) -> bool {
let current_etag = headers::EntityTag::new(false, info.hash);
match etag_list {
headers::IfNoneMatch::Any => false,
headers::IfNoneMatch::Items(lst) => lst.iter().any(|etag| etag.weak_eq(&current_etag)),
async fn authenticate_user(app: App, auth_token: String) -> Result<Username, warp::Rejection> {
match app.auth_session(SessionToken::from(auth_token)).await {
Ok(username) => Ok(username),
Err(_) => Err(warp::reject::not_found()),
}
}
mod files {
use super::*;
pub struct GetHandler {
pub app: Arc<RwLock<App>>,
}
impl Handler for GetHandler {
fn handle(&self, req: &mut Request) -> IronResult<Response> {
let app = self.app.read().unwrap();
let capture = req.extensions.get::<Router>().unwrap().clone();
let old_etags = req.headers.get::<headers::IfNoneMatch>();
match capture.find("id") {
Some(id) => {
let info = app.get_metadata(String::from(id));
match (info, old_etags) {
(Ok(info_), Some(if_none_match)) => {
if compare_etags(info_, if_none_match) {
return Ok(Response::with(status::NotModified));
}
}
_ => (),
}
match app.get_file(String::from(id)) {
Ok((info, stream)) => Ok(Response::with((
status::Ok,
Header(headers::ContentType(
info.file_type.parse::<iron::mime::Mime>().unwrap(),
)),
Header(headers::ETag(headers::EntityTag::new(false, info.hash))),
BodyReader(stream),
))),
Err(_err) => Ok(Response::with(status::NotFound)),
}
}
_ => Ok(Response::with(status::BadRequest)),
}
}
}
pub struct GetThumbnailHandler {
pub app: Arc<RwLock<App>>,
}
impl Handler for GetThumbnailHandler {
fn handle(&self, req: &mut Request) -> IronResult<Response> {
let app = self.app.read().unwrap();
let capture = req.extensions.get::<Router>().unwrap().clone();
let old_etags = req.headers.get::<headers::IfNoneMatch>();
match capture.find("id") {
Some(id) => {
let info = app.get_metadata(String::from(id));
match (info, old_etags) {
(Ok(info_), Some(if_none_match)) => {
if compare_etags(info_, if_none_match) {
return Ok(Response::with(status::NotModified));
}
}
_ => (),
}
match app.get_thumbnail(id) {
Ok((info, stream)) => Ok(Response::with((
status::Ok,
Header(headers::ContentType(
info.file_type.parse::<iron::mime::Mime>().unwrap(),
)),
Header(headers::ETag(headers::EntityTag::new(false, info.hash))),
BodyReader(stream),
))),
Err(_err) => Ok(Response::with(status::NotFound)),
}
}
_ => Ok(Response::with(status::BadRequest)),
}
}
}
pub struct PostHandler {
pub app: Arc<RwLock<App>>,
}
impl Handler for PostHandler {
fn handle(&self, req: &mut Request) -> IronResult<Response> {
let mut app = self.app.write().unwrap();
let m_token = req.extensions.get::<Authentication>();
match m_token {
Some(token) => {
if token.check_authorizations(is_admin) {
let params = req.get_ref::<Params>().unwrap();
if let Value::File(f_info) = params.get("file").unwrap() {
match app.add_file(
&f_info.path,
&f_info.filename.clone().map(|fname| PathBuf::from(fname)),
) {
Ok(_) => Ok(Response::with((
status::MovedPermanently,
Redirect(router::url_for(req, "index", HashMap::new())),
))),
Err(_) => Ok(Response::with(status::InternalServerError)),
}
} else {
Ok(Response::with(status::BadRequest))
}
} else {
Ok(Response::with(status::Forbidden))
}
}
None => Ok(Response::with(status::Forbidden)),
}
}
}
pub struct DeleteHandler {
pub app: Arc<RwLock<App>>,
}
impl Handler for DeleteHandler {
fn handle(&self, req: &mut Request) -> IronResult<Response> {
let mut app = self.app.write().unwrap();
let capture = req.extensions.get::<Router>().unwrap().clone();
let m_token = req.extensions.get::<Authentication>();
match m_token {
Some(token) => {
if token.check_authorizations(is_admin) {
match capture.find("id") {
Some(id) => match app.delete_file(String::from(id)) {
Ok(()) => Ok(Response::with((
status::MovedPermanently,
Redirect(router::url_for(req, "index", HashMap::new())),
))),
Err(_) => Ok(Response::with(status::InternalServerError)),
},
None => Ok(Response::with(status::BadRequest)),
}
} else {
Ok(Response::with(status::Forbidden))
}
}
None => Ok(Response::with(status::Forbidden)),
}
}
}
}
fn css(_: &mut Request) -> IronResult<Response> {
let mut css: String = String::from("");
File::open("templates/style.css")
.unwrap()
.read_to_string(&mut css)
.unwrap();
Ok(Response::with((
status::Ok,
Header(headers::ContentType(iron::mime::Mime(
iron::mime::TopLevel::Text,
iron::mime::SubLevel::Css,
vec![],
))),
css,
)))
}
fn script(_: &mut Request) -> IronResult<Response> {
let mut js: String = String::from("");
File::open("templates/script.js")
.unwrap()
.read_to_string(&mut js)
.unwrap();
Ok(Response::with((
status::Ok,
Header(headers::ContentType(iron::mime::Mime(
iron::mime::TopLevel::Text,
iron::mime::SubLevel::Javascript,
vec![],
))),
js,
)))
}
*/
fn serve_file<F>(
info: FileInfo,
file: F,
old_etags: Option<String>,
) -> http::Result<http::Response<Vec<u8>>>
where
F: FnOnce() -> Result<Vec<u8>, ReadFileError>,
{
match old_etags {
Some(old_etags) if old_etags != info.hash => warp::http::Response::builder()
.header("content-type", info.file_type)
.status(StatusCode::NOT_MODIFIED)
.body(vec![]),
_ => match file() {
Ok(content) => warp::http::Response::builder()
.header("content-type", info.file_type)
.header("etag", info.hash)
.status(StatusCode::OK)
.body(content),
Err(_) => warp::http::Response::builder()
.status(StatusCode::INTERNAL_SERVER_ERROR)
.body(vec![]),
},
}
}
/*
*/
/*
async fn collect_content(
mut part: Part,
) -> Result<(Option<String>, Option<String>, Vec<u8>), String> {
@ -261,7 +55,9 @@ async fn collect_content(
content,
))
}
*/
/*
async fn collect_multipart(
mut stream: warp::filters::multipart::FormData,
) -> Result<Vec<(Option<String>, Option<String>, Vec<u8>)>, warp::Error> {
@ -276,10 +72,12 @@ async fn collect_multipart(
Ok(content)
}
*/
/*
async fn handle_upload(
form: warp::filters::multipart::FormData,
app: Arc<RwLock<Store>>,
app: App,
) -> warp::http::Result<warp::http::Response<String>> {
let files = collect_multipart(form).await;
match files {
@ -287,7 +85,7 @@ async fn handle_upload(
for (_, filename, content) in files {
match filename {
Some(filename) => {
app.write().unwrap().add_file(filename, content).unwrap();
app.add_file(filename, content).unwrap();
}
None => {
return warp::http::Response::builder()
@ -310,150 +108,84 @@ async fn handle_upload(
.status(StatusCode::SEE_OTHER)
.body("".to_owned())
}
*/
fn with_app(app: App) -> impl Filter<Extract = (App,), Error = Infallible> + Clone {
warp::any().map(move || app.clone())
}
fn maybe_with_session() -> impl Filter<Extract = (Option<SessionToken>,), Error = Rejection> + Copy
{
warp::any()
.and(warp::header::optional::<String>("cookie"))
.map(|cookies| {
println!("cookies retrieved: {:?}", cookies);
None
})
}
fn with_session() -> impl Filter<Extract = (SessionToken,), Error = Rejection> + Copy {
warp::any()
.and(warp::header::<String>("cookie"))
.map(|token: String| SessionToken::from(token))
}
#[tokio::main]
pub async fn main() {
/*
let auth_db_path = std::env::var("ORIZENTIC_DB").unwrap();
let secret = Secret(Vec::from(
std::env::var("ORIZENTIC_SECRET").unwrap().as_bytes(),
));
let auth_middleware = Authentication::new(secret, auth_db_path);
let mut router = Router::new();
router.post("/", files::PostHandler { app: app.clone() }, "upload-file");
router.delete(
"/:id",
files::DeleteHandler { app: app.clone() },
"delete-file",
);
router.get("/css", css, "styles");
router.get("/script", script, "script");
let mut chain = Chain::new(router);
chain.link_before(auth_middleware);
chain.link_before(RestForm {});
Iron::new(chain).http("0.0.0.0:3000").unwrap();
*/
/*
let root = warp::path!().and(warp::get()).map({
|| {
warp::http::Response::builder()
.header("content-type", "text/html")
.status(StatusCode::NOT_MODIFIED)
.body(())
}
});
let server = warp::serve(root);
server
.run(SocketAddr::new(IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)), 8002))
.await;
*/
pretty_env_logger::init();
let app = Arc::new(RwLock::new(Store::new(PathBuf::from(
&std::env::var("FILE_SHARE_DIR").unwrap(),
))));
let authdb = AuthDB::new(PathBuf::from(":memory:")).await.unwrap();
let store = Store::new(PathBuf::from(&std::env::var("FILE_SHARE_DIR").unwrap()));
let app_filter = {
let app = App::new(authdb, store);
/*
let with_app = {
let app = app.clone();
warp::any().map(move || app.clone())
};
*/
let log = warp::log("file_service");
let root = warp::path!()
.and(warp::get())
.and(with_app(app.clone()))
.and(maybe_with_session())
.then(handle_index);
let root = warp::path!().and(warp::get()).and(app_filter.clone()).map({
move |app: Arc<RwLock<Store>>| {
info!("root handler");
let app = app.read().unwrap();
match app.list_files() {
Ok(ids) => {
let files = ids
.into_iter()
.map(|id| app.get_file(&id))
.collect::<Vec<Result<FileHandle, ReadFileError>>>();
warp::http::Response::builder()
.header("content-type", "text/html")
.status(StatusCode::OK)
.body(pages::index(files).to_html_string())
}
Err(_) => warp::http::Response::builder()
.header("content-type", "text/html")
.status(StatusCode::INTERNAL_SERVER_ERROR)
.body("".to_owned()),
}
}
});
let post_upload_handler = warp::path!("upload")
.and(warp::post())
.and(warp::filters::multipart::form().max_length(1024 * 1024 * 32))
.and(app_filter.clone())
.then(
|form: warp::filters::multipart::FormData, app: Arc<RwLock<Store>>| {
handle_upload(form, app)
},
);
/*
let post_delete_handler = warp::path!(String)
let auth = warp::path!("auth")
.and(warp::post())
.and(warp::filters::body::form())
.map(|id: String, form: HashMap<String, String>| {
info!("post_delete {}", id);
info!("form: {:?}", form);
warp::http::Response::builder()
.header("location", "/")
.status(StatusCode::SEE_OTHER)
.body(vec![])
});
*/
.then(handle_auth);
let upload_handler = warp::path!("upload")
.and(warp::post())
.and(with_app(app.clone()))
.and(with_session())
.then(handle_upload);
let thumbnail = warp::path!(String / "tn")
.and(warp::get())
.and(warp::header::optional::<String>("if-none-match"))
.map({
let app = app.clone();
move |id: String, old_etags: Option<String>| match app
.read()
.unwrap()
.get_file(&FileId::from(id))
{
Ok(file) => serve_file(file.info.clone(), || file.thumbnail(), old_etags),
Err(_err) => warp::http::Response::builder()
.status(StatusCode::NOT_FOUND)
.body(vec![]),
}
});
.and(with_app(app.clone()))
.then(move |id, old_etags, app: App| thumbnail(app, id, old_etags));
let file = warp::path!(String)
.and(warp::get())
.and(warp::header::optional::<String>("if-none-match"))
.map({
let app = app.clone();
move |id: String, old_etags: Option<String>| match app
.read()
.unwrap()
.get_file(&FileId::from(id))
{
Ok(file) => serve_file(file.info.clone(), || file.content(), old_etags),
Err(_err) => warp::http::Response::builder()
.status(StatusCode::NOT_FOUND)
.body(vec![]),
}
});
.and(with_app(app.clone()))
.then(move |id, old_etags, app: App| file(app, id, old_etags));
let server = warp::serve(
root.or(post_upload_handler)
.or(thumbnail)
.or(file)
.with(log),
root.or(auth).with(log), /*
root.or(auth)
.or(thumbnail)
.or(file)
.or(upload_handler)
.with(log),
*/
);
server
.run(SocketAddr::new(IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)), 8002))
.await;

17
file-service/src/pages.rs
View File

@ -4,7 +4,22 @@ use crate::{
};
use build_html::{self, Container, ContainerType, Html, HtmlContainer};
pub fn index(handles: Vec<Result<FileHandle, ReadFileError>>) -> build_html::HtmlPage {
pub fn auth(_message: Option<String>) -> build_html::HtmlPage {
build_html::HtmlPage::new()
.with_title("Authentication")
.with_html(
Form::new()
.with_path("/auth")
.with_method("post")
.with_container(
Container::new(ContainerType::Div)
.with_html(Input::new("token", "token").with_id("for-token-input"))
.with_html(Label::new("for-token-input", "Authentication Token")),
),
)
}
pub fn gallery(handles: Vec<Result<FileHandle, ReadFileError>>) -> build_html::HtmlPage {
let mut page = build_html::HtmlPage::new()
.with_title("Admin list of files")
.with_header(1, "Admin list of files")

137
file-service/src/store/mod.rs
View File

@ -1,7 +1,9 @@
use serde::{Deserialize, Serialize};
use sqlx::sqlite::SqlitePool;
use std::collections::HashSet;
use std::{ops::Deref, path::PathBuf};
use std::{ops::Deref, path::PathBuf, sync::Arc};
use thiserror::Error;
use tokio::sync::RwLock;
mod filehandle;
mod fileinfo;
@ -57,6 +59,82 @@ pub enum ReadFileError {
IOError(#[from] std::io::Error),
}
#[derive(Debug, Error)]
pub enum AuthError {
#[error("database failed")]
SqlError,
}
#[derive(Clone, Debug, Serialize, Deserialize, Hash, PartialEq, Eq)]
pub struct Username(String);
impl From<String> for Username {
fn from(s: String) -> Self {
Self(s)
}
}
impl From<&str> for Username {
fn from(s: &str) -> Self {
Self(s.to_owned())
}
}
impl From<Username> for PathBuf {
fn from(s: Username) -> Self {
Self::from(&s)
}
}
impl From<&Username> for PathBuf {
fn from(s: &Username) -> Self {
let Username(s) = s;
Self::from(s)
}
}
impl Deref for Username {
type Target = String;
fn deref(&self) -> &Self::Target {
&self.0
}
}
#[derive(Clone, Debug, Serialize, Deserialize, Hash, PartialEq, Eq)]
pub struct SessionToken(String);
impl From<String> for SessionToken {
fn from(s: String) -> Self {
Self(s)
}
}
impl From<&str> for SessionToken {
fn from(s: &str) -> Self {
Self(s.to_owned())
}
}
impl From<SessionToken> for PathBuf {
fn from(s: SessionToken) -> Self {
Self::from(&s)
}
}
impl From<&SessionToken> for PathBuf {
fn from(s: &SessionToken) -> Self {
let SessionToken(s) = s;
Self::from(s)
}
}
impl Deref for SessionToken {
type Target = String;
fn deref(&self) -> &Self::Target {
&self.0
}
}
#[derive(Clone, Debug, Serialize, Deserialize, Hash, PartialEq, Eq)]
pub struct FileId(String);
@ -104,6 +182,63 @@ impl FileRoot for Context {
}
}
#[derive(Clone)]
pub struct App {
authdb: Arc<RwLock<AuthDB>>,
store: Arc<RwLock<Store>>,
}
impl App {
pub fn new(authdb: AuthDB, store: Store) -> Self {
Self {
authdb: Arc::new(RwLock::new(authdb)),
store: Arc::new(RwLock::new(store)),
}
}
pub async fn auth_session(&self, token: SessionToken) -> Result<Username, AuthError> {
let authdb = self.authdb.read();
// authdb.auth_session(token).await
unimplemented!()
}
pub async fn list_files(&self) -> Result<HashSet<FileId>, ReadFileError> {
self.store.read().await.list_files()
}
pub async fn get_file(&self, id: &FileId) -> Result<FileHandle, ReadFileError> {
self.store.read().await.get_file(id)
}
pub async fn add_file(
&self,
filename: String,
content: Vec<u8>,
) -> Result<FileHandle, WriteFileError> {
self.store.write().await.add_file(filename, content)
}
}
#[derive(Clone)]
pub struct AuthDB {
pool: SqlitePool,
}
impl AuthDB {
pub async fn new(path: PathBuf) -> Result<Self, sqlx::Error> {
let pool = SqlitePool::connect(&format!("sqlite://{}", path.to_str().unwrap())).await?;
Ok(Self { pool })
}
pub async fn auth_session(&self, _token: SessionToken) -> Result<Username, AuthError> {
/*
let conn = self.pool.acquire().await.map_err(|_| AuthError::SqlError)?;
conn.transaction(|tr| {})
*/
unimplemented!()
}
}
pub struct Store {
files_root: PathBuf,
}