commit 1633ecdaa9bf2a3a6ccd0c7891813cc856b7fa12
parent 3d70b083c9cf9db51439701ce221b3632328ecc7
Author: lash <dev@holbrook.no>
Date: Tue, 21 Jun 2022 06:56:02 +0000
Use auth result with identity property for auth_check
Diffstat:
4 files changed, 108 insertions(+), 48 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
@@ -17,6 +17,11 @@ tempfile = "^3.3.0"
version = "^0.7.2"
optional = true
+[dependencies.base64]
+version = "^0.13.0"
+optional = true
+
+
[features]
-pgpauth = ["pgp"]
+pgpauth = ["pgp", "base64"]
dev = []
diff --git a/src/auth/mock.rs b/src/auth/mock.rs
@@ -1,46 +1,57 @@
-use std::fmt;
-use std::error::Error;
+use crate::auth::{
+ AuthSpec,
+ AuthError,
+ AuthResult,
+};
-use crate::auth::AuthSpec;
-#[derive(Debug)]
-pub struct AuthError;
-
-impl fmt::Display for AuthError {
- fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
- fmt.write_str(self.description())
- }
-}
-
-impl Error for AuthError {
- fn description(&self) -> &str{
- "auth key signature mismatch"
- }
-}
-
-pub fn auth_check(auth: AuthSpec) -> bool {
+pub fn auth_check(auth: &AuthSpec) -> Result<AuthResult, AuthError> {
if auth.method != "mock" {
- return false;
+ return Err(AuthError{});
}
if auth.key != auth.signature {
- return false;
+ return Err(AuthError{});
}
- true
+ let res = AuthResult{
+ identity: auth.key.as_bytes().to_vec(),
+ };
+ Ok(res)
}
-#[test]
-fn test_mock_auth_check() {
- use super::mock::auth_check;
- use super::AuthSpec;
+#[cfg(test)]
+mod tests {
+ use super::auth_check;
+ use super::{AuthSpec, AuthResult};
use std::str::FromStr;
- let mut auth_spec = AuthSpec::from_str("foo:bar:baz").unwrap();
- assert!(!auth_check(auth_spec));
-
- auth_spec = AuthSpec::from_str("mock:bar:baz").unwrap();
- assert!(!auth_check(auth_spec));
-
- auth_spec = AuthSpec::from_str("mock:bar:bar").unwrap();
- assert!(auth_check(auth_spec));
+ #[test]
+ fn test_mock_auth_check() {
+ let mut auth_spec = AuthSpec::from_str("foo:bar:baz").unwrap();
+ match auth_check(&auth_spec) {
+ Ok(v) => {
+ panic!("expected invalid auth");
+ },
+ Err(e) => {
+ },
+ }
+
+ auth_spec = AuthSpec::from_str("mock:bar:baz").unwrap();
+ match auth_check(&auth_spec) {
+ Ok(v) => {
+ panic!("expected invalid auth");
+ },
+ Err(e) => {
+ },
+ }
+
+ auth_spec = AuthSpec::from_str("mock:bar:bar").unwrap();
+ match auth_check(&auth_spec) {
+ Ok(v) => {
+ },
+ Err(e) => {
+ panic!("{}", e);
+ },
+ }
+ }
}
diff --git a/src/auth/mod.rs b/src/auth/mod.rs
@@ -2,6 +2,10 @@ use std::str::FromStr;
use std::error::Error;
use std::fmt;
+pub struct AuthResult {
+ pub identity: Vec<u8>,
+}
+
pub struct AuthSpec {
pub method: String,
pub key: String,
@@ -56,5 +60,24 @@ impl fmt::Debug for AuthSpec {
}
}
+#[derive(Debug)]
+pub struct AuthError;
+
+impl fmt::Display for AuthError {
+ fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
+ fmt.write_str(self.description())
+ }
+}
+
+impl Error for AuthError {
+ fn description(&self) -> &str{
+ "auth key signature mismatch"
+ }
+}
+
+
#[cfg(feature = "dev")]
pub mod mock;
+
+#[cfg(feature = "pgpauth")]
+pub mod pgp;
diff --git a/src/main.rs b/src/main.rs
@@ -17,8 +17,12 @@ use sha2::{Sha256, Digest};
use env_logger;
mod auth;
+mod mutable;
-use auth::AuthSpec;
+use auth::{
+ AuthSpec,
+ AuthResult,
+};
use log::{debug, info, error};
@@ -28,13 +32,29 @@ use tempfile::NamedTempFile;
#[cfg(feature = "dev")]
use crate::auth::mock::auth_check as mock_auth_check;
-fn exec_auth(auth_spec: AuthSpec) -> bool {
+#[cfg(feature = "pgpauth")]
+use crate::auth::pgp::auth_check as pgp_auth_check;
+
+fn exec_auth(auth_spec: AuthSpec) -> Option<AuthResult> {
#[cfg(feature = "dev")]
- if mock_auth_check(auth_spec) {
- return true;
+ match mock_auth_check(&auth_spec) {
+ Ok(v) => {
+ return Some(v);
+ },
+ Err(e) => {
+ },
+ }
+
+ #[cfg(feature = "pgpauth")]
+ match pgp_auth_check(&auth_spec) {
+ Ok(v) => {
+ return Some(v);
+ },
+ Err(e) => {
+ },
}
- false
+ None
}
@@ -67,7 +87,7 @@ fn main() {
let mut auth_spec: Option<AuthSpec> = None;
let mut is_auth = false;
- let mut is_signed = false;
+ let mut is_signed: Option<AuthResult> = None;
for h in req.headers() {
let k = &h.field;
@@ -86,7 +106,6 @@ fn main() {
}
}
-
if is_auth {
match auth_spec {
Some(v) => {
@@ -108,11 +127,14 @@ fn main() {
match req.method() {
Method::Put => {
- if !is_signed {
- res_status = StatusCode(403);
- let mut res = Response::empty(res_status);
- req.respond(res);
- continue;
+ match is_signed {
+ Some(v) => {
+ res_status = StatusCode(403);
+ let mut res = Response::empty(res_status);
+ req.respond(res);
+ continue;
+ },
+ _ => {},
}
},
Method::Get => {
@@ -220,7 +242,6 @@ fn main() {
}
};
-
let final_path = path.join(&hash);
fs_copy(tempfile.path(), final_path.as_path());
