add thirdparty_protocols get and authorization middleware

2022-05-02 21:25:20 +02:00
parent 54f67d435e
commit ba84efd384
12 changed files with 289 additions and 22 deletions
--- a/src/api/client_server/errors/mod.rs
+++ b/src/api/client_server/errors/mod.rs
@ -13,7 +13,7 @@ pub struct ErrorResponse {
 }

 impl ErrorResponse {
-    fn new(errcode: ErrorCode, error: &str, retry_after_ms: Option<u64>) -> Self {
+    pub fn new(errcode: ErrorCode, error: &str, retry_after_ms: Option<u64>) -> Self {
        Self {
            errcode,
            error: error.to_owned(),
--- a/src/api/client_server/r0/auth.rs
+++ b/src/api/client_server/r0/auth.rs
@ -54,7 +54,7 @@ async fn post_login(
    match body {
        AuthenticationData::Password(auth_data) => {
            let user = auth_data.user().unwrap();
-            let user_id = UserId::new(&user, config.server_name())
+            let user_id = UserId::new(user, config.server_name())
                .ok()
                .ok_or(AuthenticationError::InvalidUserId)?;

@ -96,7 +96,7 @@ async fn get_username_available(
    let username = params
        .get("username")
        .ok_or(RegistrationError::MissingUserId)?;
-    let user_id = UserId::new(username, &config.server_name())
+    let user_id = UserId::new(username, config.server_name())
        .ok()
        .ok_or(RegistrationError::InvalidUserId)?;
    let exists = User::exists(&db, &user_id).await?;
@ -117,7 +117,7 @@ async fn post_register(
    let (user, device) = match &body.auth().expect("must be Some") {
        AuthenticationData::Password(auth_data) => {
            let username = body.username().ok_or(RegistrationError::MissingUserId)?;
-            let user_id = UserId::new(username, &config.server_name())
+            let user_id = UserId::new(username, config.server_name())
                .ok()
                .ok_or(RegistrationError::InvalidUserId)?;

--- a/src/api/client_server/r0/mod.rs
+++ b/src/api/client_server/r0/mod.rs
@ -1 +1,106 @@
-pub mod auth;
+use std::sync::Arc;
+
+use axum::{
+    http::{Request, StatusCode},
+    middleware::Next,
+    response::IntoResponse,
+    Json,
+};
+use sqlx::SqlitePool;
+
+use crate::{models::sessions::Session, types::error_code::ErrorCode};
+
+use super::errors::ErrorResponse;
+
+pub mod auth;
+pub mod thirdparty;
+
+async fn authentication_middleware<B>(mut req: Request<B>, next: Next<B>) -> impl IntoResponse {
+    let db: &SqlitePool = req.extensions().get().unwrap();
+    let auth_header = req
+        .headers()
+        .get(axum::http::header::AUTHORIZATION)
+        .and_then(|header| header.to_str().ok());
+
+    if auth_header.is_none() {
+        return (
+            StatusCode::FORBIDDEN,
+            Json(ErrorResponse::new(
+                ErrorCode::Forbidden,
+                "Authorization Header not given",
+                None,
+            )),
+        )
+            .into_response();
+    }
+
+    let auth_header = auth_header.expect("Validated above");
+    let idx = auth_header.find(' ');
+
+    let idx = match idx {
+        Some(idx) => idx,
+        None => {
+            return (
+                StatusCode::FORBIDDEN,
+                Json(ErrorResponse::new(
+                    ErrorCode::Forbidden,
+                    "Invalid Authorization Header",
+                    None,
+                )),
+            )
+                .into_response()
+        }
+    };
+
+    let session = match Session::find_by_key(db, &auth_header[idx + 1..]).await {
+        Ok(session) => session,
+        Err(_) => {
+            return (
+                StatusCode::INTERNAL_SERVER_ERROR,
+                Json(ErrorResponse::new(
+                    ErrorCode::Unknown,
+                    "Internal Server Error",
+                    None,
+                )),
+            )
+                .into_response()
+        }
+    };
+
+    let session = match session {
+        Some(session) => session,
+        None => {
+            return (
+                StatusCode::FORBIDDEN,
+                Json(ErrorResponse::new(ErrorCode::Forbidden, "Forbidden", None)),
+            )
+                .into_response()
+        }
+    };
+
+    let device = match session.device(db).await {
+        Ok(device) => device,
+        Err(_) => {
+            return (
+                StatusCode::FORBIDDEN,
+                Json(ErrorResponse::new(ErrorCode::Forbidden, "Forbidden", None)),
+            )
+                .into_response()
+        }
+    };
+
+    let user = match device.user(db).await {
+        Ok(user) => user,
+        Err(_) => {
+            return (
+                StatusCode::FORBIDDEN,
+                Json(ErrorResponse::new(ErrorCode::Forbidden, "Forbidden", None)),
+            )
+                .into_response()
+        }
+    };
+
+    req.extensions_mut().insert(Arc::new(user));
+
+    next.run(req).await.into_response()
+}
--- a/src/api/client_server/r0/thirdparty.rs
+++ b/src/api/client_server/r0/thirdparty.rs
@ -0,0 +1,17 @@
+use std::sync::Arc;
+
+use axum::{routing::get, Extension};
+
+use crate::{api::client_server::errors::api_error::ApiError, models::users::User};
+
+
+pub fn routes() -> axum::Router {
+    axum::Router::new()
+        .route("/r0/thirdparty/protocols", get(get_thirdparty_protocols))
+        .layer(axum::middleware::from_fn(super::authentication_middleware))
+}
+
+#[tracing::instrument(skip_all)]
+async fn get_thirdparty_protocols(Extension(user): Extension<Arc<User>>) -> Result<String, ApiError> {
+    Ok("{}".into())
+}