1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
use crate::{
config::DynNode,
error::ServiceError,
modules::{Node, NodeContext, NodeKind, NodeRequest, NodeResponse},
};
use base64::Engine;
use futures::Future;
use http_body_util::{combinators::BoxBody, BodyExt};
use hyper::{
header::{HeaderValue, AUTHORIZATION, WWW_AUTHENTICATE},
Response, StatusCode,
};
use log::debug;
use serde::Deserialize;
use serde_yaml::Value;
use std::{collections::HashSet, pin::Pin, sync::Arc};
pub struct HttpBasicAuthKind;
impl NodeKind for HttpBasicAuthKind {
fn name(&self) -> &'static str {
"http_basic_auth"
}
fn instanciate(&self, config: Value) -> anyhow::Result<Arc<dyn Node>> {
Ok(Arc::new(serde_yaml::from_value::<HttpBasicAuth>(config)?))
}
}
#[derive(Deserialize)]
pub struct HttpBasicAuth {
realm: String,
valid: HashSet<String>,
next: DynNode,
}
impl Node for HttpBasicAuth {
fn handle<'a>(
&'a self,
context: &'a mut NodeContext,
request: NodeRequest,
) -> Pin<Box<dyn Future<Output = Result<NodeResponse, ServiceError>> + Send + Sync + 'a>> {
Box::pin(async move {
if let Some(auth) = request.headers().get(AUTHORIZATION) {
let k = auth
.as_bytes()
.strip_prefix(b"Basic ")
.ok_or(ServiceError::BadAuth)?;
let k = base64::engine::general_purpose::STANDARD.decode(k)?;
let k = String::from_utf8(k)?;
if self.valid.contains(&k) {
debug!("valid auth");
return self.next.handle(context, request).await;
} else {
debug!("invalid auth");
}
}
debug!("unauthorized; sending auth challenge");
let mut r = Response::new(BoxBody::<_, ServiceError>::new(
String::new().map_err(|_| unreachable!()),
));
*r.status_mut() = StatusCode::UNAUTHORIZED;
r.headers_mut().insert(
WWW_AUTHENTICATE,
HeaderValue::from_str(&format!("Basic realm=\"{}\"", self.realm)).unwrap(),
);
Ok(r)
})
}
}
|
