diff options
| author | bryan newbold <bnewbold@robocracy.org> | 2023-03-04 15:50:09 -0800 |
|---|---|---|
| committer | bryan newbold <bnewbold@robocracy.org> | 2023-03-04 15:50:09 -0800 |
| commit | 0ea7cd1d360f2ef56ec4dad8ff316db6f2875ac0 (patch) | |
| tree | 969587f510c2c0dd5ae62ee708b3995278b1142f | |
| parent | ae9b55206d174a89a84453c7499ca87b3ce6df0f (diff) | |
| download | adenosine-0ea7cd1d360f2ef56ec4dad8ff316db6f2875ac0.tar.gz adenosine-0ea7cd1d360f2ef56ec4dad8ff316db6f2875ac0.zip | |
add basic support for admin 'Basic' auth
| -rw-r--r-- | adenosine/src/xrpc.rs | 35 |
1 files changed, 29 insertions, 6 deletions
diff --git a/adenosine/src/xrpc.rs b/adenosine/src/xrpc.rs index 62f50cd..df7e2ac 100644 --- a/adenosine/src/xrpc.rs +++ b/adenosine/src/xrpc.rs @@ -2,6 +2,8 @@ use crate::auth::parse_did_from_jwt; use crate::identifiers::{Did, Nsid}; use anyhow::anyhow; pub use anyhow::Result; +use base64; +use log::warn; use reqwest::header; use serde_json::{json, Value}; use std::collections::HashMap; @@ -33,10 +35,15 @@ pub struct XrpcClient { host: String, auth_token: Option<String>, refresh_token: Option<String>, + admin_password: Option<String>, } impl XrpcClient { - pub fn new(host: String, auth_token: Option<String>) -> Result<Self> { + pub fn new( + host: String, + auth_token: Option<String>, + admin_password: Option<String>, + ) -> Result<Self> { let http_client = reqwest::blocking::Client::builder() .user_agent(APP_USER_AGENT) .timeout(Duration::from_secs(30)) @@ -49,11 +56,27 @@ impl XrpcClient { host, auth_token: auth_token.clone(), refresh_token: auth_token, + admin_password, }) } - fn auth_headers(&self) -> reqwest::header::HeaderMap { + fn auth_headers(&self, endpoint: &str) -> reqwest::header::HeaderMap { let mut headers = header::HeaderMap::new(); + if endpoint == "com.atproto.account.createInviteCode" + || endpoint.starts_with("com.atproto.admin.") + { + if let Some(admin_password) = &self.admin_password { + let enc = + base64::encode_config(format!("admin:{admin_password}"), base64::STANDARD); + let mut auth_value = header::HeaderValue::from_str(&format!("Basic {enc}")) + .expect("header formatting"); + auth_value.set_sensitive(true); + headers.insert(header::AUTHORIZATION, auth_value); + return headers; + } else { + warn!("endpoint requires admin auth, but password not supplied: {endpoint}") + }; + }; if let Some(token) = &self.auth_token { let mut auth_value = header::HeaderValue::from_str(&format!("Bearer {token}")) .expect("header formatting"); @@ -107,7 +130,7 @@ impl XrpcClient { let res = self .http_client .get(format!("{}/xrpc/{nsid}", self.host)) - .headers(self.auth_headers()) + .headers(self.auth_headers(nsid)) .query(¶ms) .send()?; // TODO: refactor this error handling stuff into single method @@ -138,7 +161,7 @@ impl XrpcClient { let res = self .http_client .get(format!("{}/xrpc/{}", self.host, nsid)) - .headers(self.auth_headers()) + .headers(self.auth_headers(nsid)) .query(¶ms) .send()?; if res.status() == 400 { @@ -174,7 +197,7 @@ impl XrpcClient { let mut req = self .http_client .post(format!("{}/xrpc/{}", self.host, nsid)) - .headers(self.auth_headers()) + .headers(self.auth_headers(nsid)) .query(¶ms); req = if let Some(b) = body { req.json(&b) @@ -215,7 +238,7 @@ impl XrpcClient { let res = self .http_client .post(format!("{}/xrpc/{}", self.host, nsid)) - .headers(self.auth_headers()) + .headers(self.auth_headers(nsid)) .query(¶ms) .header(reqwest::header::CONTENT_TYPE, "application/cbor") .body(buf) |