aboutsummaryrefslogtreecommitdiffstats
path: root/rust/src/lib.rs
diff options
context:
space:
mode:
authorBryan Newbold <bnewbold@robocracy.org>2019-01-08 16:28:27 -0800
committerBryan Newbold <bnewbold@robocracy.org>2019-01-08 16:28:27 -0800
commit16f2e78298dbd2231f5f337ea17c89a6a131a052 (patch)
tree6e72581e625e73c97cbab72d0f9c35665c99e5d7 /rust/src/lib.rs
parenteb40a5f274f3608db34309cfd16739a7642ef5e7 (diff)
parentffb721f90c5d97ee80885209bf45feb85ca9625c (diff)
downloadfatcat-16f2e78298dbd2231f5f337ea17c89a6a131a052.tar.gz
fatcat-16f2e78298dbd2231f5f337ea17c89a6a131a052.zip
Merge branch 'bnewbold-crude-auth'
Fixed a conflict in: python/fatcat_export.py
Diffstat (limited to 'rust/src/lib.rs')
-rw-r--r--rust/src/lib.rs62
1 files changed, 51 insertions, 11 deletions
diff --git a/rust/src/lib.rs b/rust/src/lib.rs
index 0bed3471..b3e6c813 100644
--- a/rust/src/lib.rs
+++ b/rust/src/lib.rs
@@ -11,11 +11,10 @@ extern crate futures;
extern crate uuid;
#[macro_use]
extern crate hyper;
-//extern crate swagger;
+extern crate swagger;
#[macro_use]
extern crate error_chain;
extern crate iron;
-#[macro_use]
extern crate serde_json;
#[macro_use]
extern crate log;
@@ -23,12 +22,14 @@ extern crate data_encoding;
extern crate regex;
#[macro_use]
extern crate lazy_static;
+extern crate macaroon;
extern crate sha1;
pub mod api_entity_crud;
pub mod api_helpers;
pub mod api_server;
pub mod api_wrappers;
+pub mod auth;
pub mod database_models;
pub mod database_schema;
@@ -41,6 +42,8 @@ pub mod errors {
Uuid(::uuid::ParseError);
Io(::std::io::Error) #[cfg(unix)];
Serde(::serde_json::Error);
+ Utf8Decode(::std::string::FromUtf8Error);
+ StringDecode(::data_encoding::DecodeError);
}
errors {
InvalidFatcatId(id: String) {
@@ -71,6 +74,14 @@ pub mod errors {
description("Invalid Entity State Transform")
display("tried to mutate an entity which was not in an appropriate state: {}", message)
}
+ InvalidCredentials(message: String) {
+ description("auth token was missing, expired, revoked, or corrupt")
+ display("auth token was missing, expired, revoked, or corrupt: {}", message)
+ }
+ InsufficientPrivileges(message: String) {
+ description("editor account doesn't have authorization")
+ display("editor account doesn't have authorization: {}", message)
+ }
OtherBadRequest(message: String) {
description("catch-all error for bad or unallowed requests")
display("broke a constraint or made an otherwise invalid request: {}", message)
@@ -83,8 +94,8 @@ pub mod errors {
pub use errors::*;
pub use self::errors::*;
+use auth::AuthConfectionary;
use diesel::pg::PgConnection;
-use diesel::prelude::*;
use diesel::r2d2::ConnectionManager;
use dotenv::dotenv;
use iron::middleware::AfterMiddleware;
@@ -96,14 +107,38 @@ embed_migrations!("../migrations/");
pub type ConnectionPool = diesel::r2d2::Pool<ConnectionManager<diesel::pg::PgConnection>>;
-/// Establish a direct database connection. Not currently used, but could be helpful for
-/// single-threaded tests or utilities.
-pub fn establish_connection() -> PgConnection {
+/// Instantiate a new API server with a pooled database connection
+pub fn database_worker_pool() -> Result<ConnectionPool> {
dotenv().ok();
-
let database_url = env::var("DATABASE_URL").expect("DATABASE_URL must be set");
- PgConnection::establish(&database_url)
- .unwrap_or_else(|_| panic!("Error connecting to {}", database_url))
+ let manager = ConnectionManager::<PgConnection>::new(database_url);
+ let pool = diesel::r2d2::Pool::builder()
+ .build(manager)
+ .expect("Failed to create database pool.");
+ Ok(pool)
+}
+
+pub fn env_confectionary() -> Result<AuthConfectionary> {
+ let auth_location = env::var("AUTH_LOCATION").expect("AUTH_LOCATION must be set");
+ let auth_key = env::var("AUTH_SECRET_KEY").expect("AUTH_SECRET_KEY must be set");
+ let auth_key_ident = env::var("AUTH_KEY_IDENT").expect("AUTH_KEY_IDENT must be set");
+ info!("Loaded primary auth key: {}", auth_key_ident);
+ let mut confectionary = AuthConfectionary::new(auth_location, auth_key_ident, auth_key)?;
+ match env::var("AUTH_ALT_KEYS") {
+ Ok(var) => {
+ for pair in var.split(",") {
+ let pair: Vec<&str> = pair.split(":").collect();
+ if pair.len() != 2 {
+ println!("{:#?}", pair);
+ bail!("couldn't parse keypair from AUTH_ALT_KEYS (expected 'ident:key' pairs separated by commas)");
+ }
+ info!("Loading alt auth key: {}", pair[0]);
+ confectionary.add_keypair(pair[0].to_string(), pair[1].to_string())?;
+ }
+ }
+ Err(_) => (),
+ }
+ Ok(confectionary)
}
/// Instantiate a new API server with a pooled database connection
@@ -114,7 +149,11 @@ pub fn server() -> Result<api_server::Server> {
let pool = diesel::r2d2::Pool::builder()
.build(manager)
.expect("Failed to create database pool.");
- Ok(api_server::Server { db_pool: pool })
+ let confectionary = env_confectionary()?;
+ Ok(api_server::Server {
+ db_pool: pool,
+ auth_confectionary: confectionary,
+ })
}
pub fn test_server() -> Result<api_server::Server> {
@@ -122,7 +161,8 @@ pub fn test_server() -> Result<api_server::Server> {
let database_url = env::var("TEST_DATABASE_URL").expect("TEST_DATABASE_URL must be set");
env::set_var("DATABASE_URL", database_url);
- let server = server()?;
+ let mut server = server()?;
+ server.auth_confectionary = AuthConfectionary::new_dummy();
let conn = server.db_pool.get().expect("db_pool error");
// run migrations; revert latest (dummy data); re-run latest