aboutsummaryrefslogtreecommitdiffstats
path: root/rust/src/auth.rs
diff options
context:
space:
mode:
authorBryan Newbold <bnewbold@robocracy.org>2018-09-18 11:38:34 -0700
committerBryan Newbold <bnewbold@robocracy.org>2018-12-26 23:32:43 -0800
commit802bafc92160205a2a3068b7b780a6a5eeb331d9 (patch)
treedc471a11f7e7f5bdf5b94ba066ece79adf0a59f3 /rust/src/auth.rs
parent6a8d793eef101e72dbe44f94c30cbf5e6be75aeb (diff)
downloadfatcat-802bafc92160205a2a3068b7b780a6a5eeb331d9.tar.gz
fatcat-802bafc92160205a2a3068b7b780a6a5eeb331d9.zip
start skeleton of auth internal bits
Diffstat (limited to 'rust/src/auth.rs')
-rw-r--r--rust/src/auth.rs106
1 files changed, 106 insertions, 0 deletions
diff --git a/rust/src/auth.rs b/rust/src/auth.rs
new file mode 100644
index 00000000..651f7979
--- /dev/null
+++ b/rust/src/auth.rs
@@ -0,0 +1,106 @@
+//! Editor bearer token authentication
+
+use swagger::auth::{AuthData, Authorization, Scopes};
+//use macaroon::{Macaroon, Verifier};
+
+use std::collections::BTreeSet;
+//use database_models::*;
+//use database_schema::*;
+use api_helpers::*;
+use chrono;
+//use diesel;
+use iron;
+//use diesel::prelude::*;
+use errors::*;
+//use serde_json;
+//use std::str::FromStr;
+//use uuid::Uuid;
+
+#[derive(Debug)]
+pub struct OpenAuthMiddleware;
+
+impl OpenAuthMiddleware {
+ /// Create a middleware that authorizes with the configured subject.
+ pub fn new() -> OpenAuthMiddleware {
+ OpenAuthMiddleware
+ }
+}
+impl iron::middleware::BeforeMiddleware for OpenAuthMiddleware {
+ fn before(&self, req: &mut iron::Request) -> iron::IronResult<()> {
+ req.extensions.insert::<Authorization>(Authorization {
+ subject: "undefined".to_string(),
+ scopes: Scopes::All,
+ issuer: None,
+ });
+ Ok(())
+ }
+}
+
+#[derive(Debug)]
+pub struct MacaroonAuthMiddleware;
+
+impl MacaroonAuthMiddleware {
+
+ pub fn new() -> MacaroonAuthMiddleware {
+ MacaroonAuthMiddleware
+ }
+}
+
+impl iron::middleware::BeforeMiddleware for MacaroonAuthMiddleware {
+ fn before(&self, req: &mut iron::Request) -> iron::IronResult<()> {
+
+ let res: Option<(String, Vec<String>)> = match req.extensions.get::<AuthData>() {
+ Some(AuthData::ApiKey(header)) => {
+ let header: Vec<String> = header.split_whitespace().map(|s| s.to_string()).collect();
+ // TODO: error types
+ assert!(header.len() == 2);
+ assert!(header[0] == "Bearer");
+ parse_macaroon_token(&header[1]).expect("valid macaroon")
+ },
+ None => None,
+ _ => panic!("valid auth header, or none")
+ };
+ if let Some((editor_id, scopes)) = res {
+ let mut scope_set = BTreeSet::new();
+ for s in scopes {
+ scope_set.insert(s);
+ }
+ req.extensions.insert::<Authorization>(Authorization {
+ subject: editor_id,
+ scopes: Scopes::Some(scope_set),
+ issuer: None,
+ });
+ };
+ Ok(())
+ }
+}
+
+// DUMMY: parse macaroon
+pub fn parse_macaroon_token(s: &str) -> Result<Option<(String,Vec<String>)>> {
+ Ok(Some(("some_editor_id".to_string(), vec![])))
+}
+
+pub fn print_editors() -> Result<()>{
+ unimplemented!();
+ // iterate over all editors. format id, print flags, auth_epoch
+}
+
+pub fn create_editor(username: String, is_admin: bool, is_bot: bool) -> Result<()> { // TODO: EditorRow or something
+ unimplemented!();
+}
+
+pub fn create_token(editor_id: FatCatId, expires: Option<chrono::NaiveDateTime>) -> Result<String> {
+ unimplemented!();
+}
+
+pub fn inspect_token(token: &str) -> Result<()> {
+ unimplemented!();
+}
+
+pub fn revoke_tokens(editor_id: FatCatId) -> Result<()>{
+ unimplemented!();
+}
+
+pub fn revoke_tokens_everyone() -> Result<u64> {
+ unimplemented!();
+}