1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
use actix_web::{
dev::{Service, ServiceRequest, ServiceResponse, Transform},
Error, HttpMessage,
};
use actix_web_httpauth::{extractors::bearer::BearerAuth, extractors::AuthExtractor};
use future::{ok, LocalBoxFuture, Ready};
use futures::prelude::*;
use crate::{extractor::CognitoInfo, validator::CognitoValidator};
use std::{
cell::RefCell,
rc::Rc,
sync::Arc,
task::{Context, Poll},
};
pub struct Cognito {
pub validator: Arc<CognitoValidator>,
}
impl Cognito {
pub fn new(validator: Arc<CognitoValidator>) -> Self {
Self { validator }
}
}
impl<S, B> Transform<S> for Cognito
where
S: Service<Request = ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
S::Future: 'static,
B: 'static,
{
type Request = ServiceRequest;
type Response = ServiceResponse<B>;
type Error = Error;
type InitError = ();
type Transform = CognitoMiddleware<S>;
type Future = Ready<Result<Self::Transform, Self::InitError>>;
fn new_transform(&self, service: S) -> Self::Future {
ok(CognitoMiddleware {
service: Rc::new(RefCell::new(service)),
validator: self.validator.clone(),
})
}
}
pub struct CognitoMiddleware<S> {
pub service: Rc<RefCell<S>>,
pub validator: Arc<CognitoValidator>,
}
impl<S, B> Service for CognitoMiddleware<S>
where
S: Service<Request = ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
S::Future: 'static,
B: 'static,
{
type Request = ServiceRequest;
type Response = ServiceResponse<B>;
type Error = S::Error;
type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;
fn poll_ready(&mut self, cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
self.service.borrow_mut().poll_ready(cx)
}
fn call(&mut self, req: ServiceRequest) -> Self::Future {
if self.validator.disabled {
log::info!("🔓 Cognito validation is disabled");
req.extensions_mut().insert(CognitoInfo::disabled());
self.service.call(req).boxed_local()
} else {
log::debug!("🔒 Cognito validation is enabled");
let service = Rc::clone(&self.service);
let validator = self.validator.clone();
async move {
let credentials = BearerAuth::from_service_request(&req).await.map_err(|_| {
log::warn!("👎 No Cognito token present");
actix_web::error::ErrorUnauthorized("❌ No Token")
})?;
let token = credentials.token().to_string();
let is_valid_token = validator.validate(credentials).await;
if is_valid_token {
log::debug!("👍 Valid Cognito token");
req.extensions_mut().insert(CognitoInfo::enabled(token));
service.borrow_mut().call(req).await
} else {
log::warn!("👎 Invalid Cognito token");
Err(actix_web::error::ErrorUnauthorized("❌ Invalid Token"))
}
}
.boxed_local()
}
}
}