1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
//! Editor bearer token authentication
use swagger::auth::{AuthData, Authorization, Scopes};
//use macaroon::{Macaroon, Verifier};
use std::collections::BTreeSet;
use database_models::*;
use database_schema::*;
use api_helpers::*;
use chrono;
use diesel;
use iron;
use diesel::prelude::*;
use errors::*;
use serde_json;
use std::str::FromStr;
use uuid::Uuid;
#[derive(Debug)]
pub struct OpenAuthMiddleware;
impl OpenAuthMiddleware {
/// Create a middleware that authorizes with the configured subject.
pub fn new() -> OpenAuthMiddleware {
OpenAuthMiddleware
}
}
impl iron::middleware::BeforeMiddleware for OpenAuthMiddleware {
fn before(&self, req: &mut iron::Request) -> iron::IronResult<()> {
req.extensions.insert::<Authorization>(Authorization {
subject: "undefined".to_string(),
scopes: Scopes::All,
issuer: None,
});
Ok(())
}
}
#[derive(Debug)]
pub struct MacaroonAuthMiddleware;
impl MacaroonAuthMiddleware {
pub fn new() -> MacaroonAuthMiddleware {
MacaroonAuthMiddleware
}
}
impl iron::middleware::BeforeMiddleware for MacaroonAuthMiddleware {
fn before(&self, req: &mut iron::Request) -> iron::IronResult<()> {
let res: Option<(String, Vec<String>)> = match req.extensions.get::<AuthData>() {
Some(AuthData::ApiKey(header)) => {
let header: Vec<String> = header.split_whitespace().map(|s| s.to_string()).collect();
// TODO: error types
assert!(header.len() == 2);
assert!(header[0] == "Bearer");
parse_macaroon_token(&header[1]).expect("valid macaroon")
},
None => None,
_ => panic!("valid auth header, or none")
};
if let Some((editor_id, scopes)) = res {
let mut scope_set = BTreeSet::new();
for s in scopes {
scope_set.insert(s);
}
req.extensions.insert::<Authorization>(Authorization {
subject: editor_id,
scopes: Scopes::Some(scope_set),
issuer: None,
});
};
Ok(())
}
}
// DUMMY: parse macaroon
/// On success, returns Some((editor_id, scopes)), where `scopes` is a vector of strings.
pub fn parse_macaroon_token(s: &str) -> Result<Option<(String,Vec<String>)>> {
Ok(Some(("some_editor_id".to_string(), vec![])))
}
pub fn print_editors(conn: &DbConn) -> Result<()>{
// iterate over all editors. format id, print flags, auth_epoch
let all_editors: Vec<EditorRow> = editor::table
.load(conn)?;
println!("editor_id\t\t\tis_admin/is_bot\tauth_epoch\t\t\tusername\twrangler_id");
for e in all_editors {
println!("{}\t{}\t{}\t{}\t{}\t{:?}",
FatCatId::from_uuid(&e.id).to_string(),
e.is_admin,
e.is_bot,
e.auth_epoch,
e.username,
e.wrangler_id,
);
}
Ok(())
}
pub fn create_editor(conn: &DbConn, username: String, is_admin: bool, is_bot: bool) -> Result<EditorRow> {
let ed: EditorRow = diesel::insert_into(editor::table)
.values((
editor::username.eq(username),
editor::is_admin.eq(is_admin),
editor::is_bot.eq(is_bot),
))
.get_result(conn)?;
Ok(ed)
}
pub fn create_token(conn: &DbConn, editor_id: FatCatId, expires: Option<chrono::NaiveDateTime>) -> Result<String> {
unimplemented!();
}
pub fn inspect_token(token: &str) -> Result<()> {
unimplemented!();
}
pub fn revoke_tokens(conn: &DbConn, editor_id: FatCatId) -> Result<()>{
unimplemented!();
}
pub fn revoke_tokens_everyone(conn: &DbConn) -> Result<u64> {
unimplemented!();
}
|
