|
@ -6,6 +6,41 @@ use crate::config::model::Config; |
|
|
use crate::config::model::UserConfig;
|
|
|
use crate::config::model::UserConfig;
|
|
|
use crate::server::router::AppState;
|
|
|
use crate::server::router::AppState;
|
|
|
|
|
|
|
|
|
|
|
|
fn get_match_value<S>(req: &HttpRequest<S>, key: &str) -> Option<String> {
|
|
|
|
|
|
let match_info = req.resource().match_info();
|
|
|
|
|
|
match match_info.get(key) {
|
|
|
|
|
|
Some(value) => Some(String::from(value)),
|
|
|
|
|
|
None => None
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
fn get_header_value<S>(req: &HttpRequest<S>, key: &str) -> Option<String> {
|
|
|
|
|
|
match req.headers().get(key) {
|
|
|
|
|
|
Some(header) => match header.to_str() {
|
|
|
|
|
|
Ok(header_value) => Some(String::from(header_value)),
|
|
|
|
|
|
Err(_e) => None
|
|
|
|
|
|
},
|
|
|
|
|
|
None => None
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
fn get_user_from_request(req: &HttpRequest<AppState>) -> Option<&UserConfig> {
|
|
|
|
|
|
let config: &Config = &req.state().config;
|
|
|
|
|
|
let username = get_username_from_request(req);
|
|
|
|
|
|
match username {
|
|
|
|
|
|
Some(username) => config.get_user(&username),
|
|
|
|
|
|
None => None
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
fn get_username_from_request<S>(req: &HttpRequest<S>) -> Option<String> {
|
|
|
|
|
|
get_header_value(req, "X-AUTH-USERNAME")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
fn get_token_from_request<S>(req: &HttpRequest<S>) -> Option<String> {
|
|
|
|
|
|
get_header_value(req, "X-AUTH-TOKEN")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
fn valid_username_and_token_in_vec(username: &str, token: &str, users: Vec<&UserConfig>) -> bool {
|
|
|
fn valid_username_and_token_in_vec(username: &str, token: &str, users: Vec<&UserConfig>) -> bool {
|
|
|
for user in users {
|
|
|
for user in users {
|
|
|
if user.username == username && user.token == token {
|
|
|
if user.username == username && user.token == token {
|
|
@ -15,33 +50,45 @@ fn valid_username_and_token_in_vec(username: &str, token: &str, users: Vec<&User |
|
|
return false;
|
|
|
return false;
|
|
|
}
|
|
|
}
|
|
|
|
|
|
|
|
|
pub struct APIAuthForRootAndZone;
|
|
|
|
|
|
|
|
|
pub struct APIAuthUser;
|
|
|
|
|
|
|
|
|
impl Middleware<AppState> for APIAuthForRootAndZone {
|
|
|
|
|
|
|
|
|
pub struct APIAuthRootAndZone;
|
|
|
|
|
|
|
|
|
|
|
|
impl Middleware<AppState> for APIAuthUser {
|
|
|
fn start(&self, req: &HttpRequest<AppState>) -> Result<Started> {
|
|
|
fn start(&self, req: &HttpRequest<AppState>) -> Result<Started> {
|
|
|
let config: &Config = &req.state().config;
|
|
|
let config: &Config = &req.state().config;
|
|
|
let match_info = req.resource().match_info();
|
|
|
|
|
|
let root = match_info.get("root");
|
|
|
|
|
|
let zone = match_info.get("zone");
|
|
|
|
|
|
|
|
|
let username = get_username_from_request(req);
|
|
|
|
|
|
let token = get_token_from_request(req);
|
|
|
|
|
|
if username.is_none() || token.is_none() {
|
|
|
|
|
|
Ok(Started::Response(HttpResponse::Unauthorized().into()))
|
|
|
|
|
|
} else if config.is_valid_username_and_token(&username.unwrap(), &token.unwrap()) {
|
|
|
|
|
|
Ok(Started::Done)
|
|
|
|
|
|
} else {
|
|
|
|
|
|
Ok(Started::Response(HttpResponse::Unauthorized().into()))
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
impl Middleware<AppState> for APIAuthRootAndZone {
|
|
|
|
|
|
fn start(&self, req: &HttpRequest<AppState>) -> Result<Started> {
|
|
|
|
|
|
let config: &Config = &req.state().config;
|
|
|
|
|
|
let root = get_match_value(req, "root");
|
|
|
|
|
|
let zone = get_match_value(req, "zone");
|
|
|
if root.is_none() || zone.is_none() {
|
|
|
if root.is_none() || zone.is_none() {
|
|
|
Ok(Started::Response(HttpResponse::BadRequest().into()))
|
|
|
Ok(Started::Response(HttpResponse::BadRequest().into()))
|
|
|
} else {
|
|
|
} else {
|
|
|
match config.get_users_for_root_and_zone(root.unwrap(), zone.unwrap()) {
|
|
|
|
|
|
|
|
|
match config.get_users_for_root_and_zone(&root.unwrap(), &zone.unwrap()) {
|
|
|
Some(users) => {
|
|
|
Some(users) => {
|
|
|
let username_header = req.headers().get("X-AUTH-USERNAME");
|
|
|
|
|
|
let token_header = req.headers().get("X-AUTH-TOKEN");
|
|
|
|
|
|
if username_header.is_none() || token_header.is_none() {
|
|
|
|
|
|
|
|
|
let username = get_username_from_request(req);
|
|
|
|
|
|
let token = get_token_from_request(req);
|
|
|
|
|
|
if username.is_none() || token.is_none() {
|
|
|
Ok(Started::Response(HttpResponse::BadRequest().into()))
|
|
|
Ok(Started::Response(HttpResponse::BadRequest().into()))
|
|
|
} else {
|
|
|
|
|
|
let username = username_header.unwrap().to_str();
|
|
|
|
|
|
let token = token_header.unwrap().to_str();
|
|
|
|
|
|
if valid_username_and_token_in_vec(username.unwrap(), token.unwrap(), users) {
|
|
|
|
|
|
|
|
|
} else if valid_username_and_token_in_vec(&username.unwrap(), &token.unwrap(), users) {
|
|
|
Ok(Started::Done)
|
|
|
Ok(Started::Done)
|
|
|
} else {
|
|
|
} else {
|
|
|
Ok(Started::Response(HttpResponse::Unauthorized().into()))
|
|
|
Ok(Started::Response(HttpResponse::Unauthorized().into()))
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
|
|
|
None => Ok(Started::Response(HttpResponse::Unauthorized().into()))
|
|
|
None => Ok(Started::Response(HttpResponse::Unauthorized().into()))
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|