file-service/migrations/20231003154201_initial_auth_db.sql

@@ -1,3 +1,4 @@
+-- Add migration script here
 CREATE TABLE IF NOT EXISTS users (
     id          INTEGER PRIMARY KEY NOT NULL,
     username    TEXT NOT NULL,

file-service/src/cookies.rs

@@ -0,0 +1,61 @@
+use iron::headers;
+use std::collections::HashMap;
+
+#[derive(Clone, Debug)]
+pub struct Cookie {
+    pub name: String,
+    pub value: String,
+}
+
+impl From<&str> for Cookie {
+    fn from(s: &str) -> Cookie {
+        let parts: Vec<&str> = s.split("=").collect();
+        Cookie {
+            name: String::from(parts[0]),
+            value: String::from(parts[1]),
+        }
+    }
+}
+
+impl From<&String> for Cookie {
+    fn from(s: &String) -> Cookie {
+        Cookie::from(s.as_str())
+    }
+}
+
+impl From<String> for Cookie {
+    fn from(s: String) -> Cookie {
+        Cookie::from(s.as_str())
+    }
+}
+
+#[derive(Debug)]
+pub struct CookieJar(HashMap<String, Cookie>);
+
+impl CookieJar {
+    pub fn new() -> CookieJar {
+        CookieJar(HashMap::new())
+    }
+
+    pub fn add_cookie(&mut self, name: String, value: Cookie) {
+        self.0.insert(name, value);
+    }
+
+    pub fn lookup(&self, name: &str) -> Option<&Cookie> {
+        self.0.get(name)
+    }
+}
+
+// Some(Cookie(["auth=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJhYzNhNDZjNi0zZmExLTRkMGEtYWYxMi1lN2QzZmVmZGM4NzgiLCJhdWQiOiJzYXZhbm5pIiwiZXhwIjoxNjIxMzUxNDM2LCJpc3MiOiJzYXZhbm5pIiwiaWF0IjoxNTg5NzI5MDM2LCJzdWIiOiJodHRwczovL3NhdmFubmkubHVtaW5lc2NlbnQtZHJlYW1zLmNvbS9maWxlLXNlcnZpY2UvIiwicGVybXMiOlsiYWRtaW4iXX0.8zjAbZ7Ut0d6EcDeyik39GKhXvH4qkMDdaiQVNKWiuM"]))
+impl From<&headers::Cookie> for CookieJar {
+    fn from(c: &headers::Cookie) -> CookieJar {
+        let jar = CookieJar::new();
+
+        let headers::Cookie(cs) = c;
+        cs.iter().fold(jar, |mut jar, c_| {
+            let cookie = Cookie::from(c_);
+            jar.add_cookie(cookie.name.clone(), cookie);
+            jar
+        })
+    }
+}

file-service/src/main.rs

@@ -29,6 +29,27 @@ pub use file_service::{
 };
 pub use handlers::handle_index;
 
+/*
+async fn authenticate_user(app: App, auth_token: String) -> Result<Username, warp::Rejection> {
+    match app.auth_session(SessionToken::from(auth_token)).await {
+        Ok(username) => Ok(username),
+        Err(_) => Err(warp::reject::not_found()),
+    }
+}
+*/
+
+/*
+*/
+
+/*
+*/
+
+/*
+*/
+
+/*
+*/
+
 #[derive(Clone)]
 pub struct App {
     authdb: Arc<RwLock<AuthDB>>,

file-service/src/middleware/authentication.rs

@@ -0,0 +1,51 @@
+use iron::headers;
+use iron::middleware::BeforeMiddleware;
+use iron::prelude::*;
+use iron::typemap::Key;
+use orizentic::{filedb, OrizenticCtx, Secret};
+use params::{FromValue, Params};
+
+use crate::cookies::{Cookie, CookieJar};
+
+pub struct Authentication {
+    pub auth: OrizenticCtx,
+}
+
+impl Key for Authentication {
+    type Value = orizentic::VerifiedToken;
+}
+
+impl Authentication {
+    pub fn new(secret: Secret, auth_db_path: String) -> Authentication {
+        let claims = filedb::load_claims_from_file(&auth_db_path).expect("claims did not load");
+        let orizentic = OrizenticCtx::new(secret, claims);
+        Authentication { auth: orizentic }
+    }
+
+    fn authenticate_user(
+        &self,
+        token_str: String,
+    ) -> Result<orizentic::VerifiedToken, orizentic::Error> {
+        self.auth.decode_and_validate_text(token_str)
+    }
+}
+
+impl BeforeMiddleware for Authentication {
+    fn before(&self, req: &mut Request) -> IronResult<()> {
+        let params = req.get_ref::<Params>().unwrap();
+        let token = match params.get("auth").and_then(|v| String::from_value(v)) {
+            Some(token_str) => self.authenticate_user(token_str).ok(),
+            None => {
+                let m_jar = req
+                    .headers
+                    .get::<headers::Cookie>()
+                    .map(|cookies| CookieJar::from(cookies));
+                m_jar
+                    .and_then(|jar| jar.lookup("auth").cloned())
+                    .and_then(|Cookie { value, .. }| self.authenticate_user(value.clone()).ok())
+            }
+        };
+        token.map(|t| req.extensions.insert::<Authentication>(t));
+        Ok(())
+    }
+}

file-service/src/middleware/logging.rs

@@ -0,0 +1,16 @@
+use iron::middleware::{AfterMiddleware, BeforeMiddleware};
+use iron::prelude::*;
+
+pub struct Logging {}
+
+impl BeforeMiddleware for Logging {
+    fn before(&self, _: &mut Request) -> IronResult<()> {
+        Ok(())
+    }
+}
+
+impl AfterMiddleware for Logging {
+    fn after(&self, _: &mut Request, res: Response) -> IronResult<Response> {
+        Ok(res)
+    }
+}

file-service/src/middleware/mod.rs

@@ -0,0 +1,6 @@
+mod authentication;
+mod logging;
+mod restform;
+
+pub use authentication::Authentication;
+pub use restform::RestForm;

file-service/src/middleware/restform.rs

@@ -0,0 +1,34 @@
+use iron::method::Method;
+use iron::middleware::BeforeMiddleware;
+use iron::prelude::*;
+use params::{Params, Value};
+
+pub struct RestForm {}
+
+impl RestForm {
+    fn method(&self, v: &Value) -> Option<Method> {
+        match v {
+            Value::String(method_str) => match method_str.as_str() {
+                "delete" => Some(Method::Delete),
+                _ => None,
+            },
+            _ => None,
+        }
+    }
+}
+
+impl BeforeMiddleware for RestForm {
+    fn before(&self, req: &mut Request) -> IronResult<()> {
+        if req.method == Method::Post {
+            let method = {
+                let params = req.get_ref::<Params>().unwrap();
+                params
+                    .get("_method")
+                    .and_then(|m| self.method(m))
+                    .unwrap_or(Method::Post)
+            };
+            req.method = method;
+        }
+        Ok(())
+    }
+}