diff options
| author | metamuffin <metamuffin@disroot.org> | 2023-12-07 14:35:48 +0100 |
|---|---|---|
| committer | metamuffin <metamuffin@disroot.org> | 2023-12-07 14:35:48 +0100 |
| commit | 6566cbb3f25aa8b1247c259b5e546910b6044f93 (patch) | |
| tree | e94dd775fc1fd90b4ea7b272d871e71118f102f6 /src/filters/auth.rs | |
| parent | ab0d780062bff88d4fbcdd2c91ad5352c0d6279f (diff) | |
| download | gnix-6566cbb3f25aa8b1247c259b5e546910b6044f93.tar gnix-6566cbb3f25aa8b1247c259b5e546910b6044f93.tar.bz2 gnix-6566cbb3f25aa8b1247c259b5e546910b6044f93.tar.zst | |
move some files around and add horrible access log
Diffstat (limited to 'src/filters/auth.rs')
| -rw-r--r-- | src/filters/auth.rs | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/filters/auth.rs b/src/filters/auth.rs new file mode 100644 index 0000000..92a9ba3 --- /dev/null +++ b/src/filters/auth.rs @@ -0,0 +1,41 @@ +use crate::{config::HttpBasicAuthConfig, error::ServiceError, FilterRequest, FilterResponseOut}; +use base64::Engine; +use http_body_util::{combinators::BoxBody, BodyExt}; +use hyper::{ + header::{HeaderValue, AUTHORIZATION, WWW_AUTHENTICATE}, + Response, StatusCode, +}; +use log::debug; +use std::ops::ControlFlow; + +pub fn http_basic( + config: &HttpBasicAuthConfig, + req: &FilterRequest, + resp: &mut FilterResponseOut, +) -> Result<ControlFlow<()>, ServiceError> { + if let Some(auth) = req.headers().get(AUTHORIZATION) { + let k = auth + .as_bytes() + .strip_prefix(b"Basic ") + .ok_or(ServiceError::BadAuth)?; + let k = base64::engine::general_purpose::STANDARD.decode(k)?; + let k = String::from_utf8(k)?; + if config.valid.contains(&k) { + debug!("valid auth"); + return Ok(ControlFlow::Continue(())); + } else { + debug!("invalid auth"); + } + } + debug!("unauthorized; sending auth challenge"); + let mut r = Response::new(BoxBody::<_, ServiceError>::new( + String::new().map_err(|_| unreachable!()), + )); + *r.status_mut() = StatusCode::UNAUTHORIZED; + r.headers_mut().insert( + WWW_AUTHENTICATE, + HeaderValue::from_str(&format!("Basic realm=\"{}\"", config.realm)).unwrap(), + ); + *resp = Some(r); + Ok(ControlFlow::Break(())) +} |