aimo-cli 0.1.0

AiMo Network router node Rust implementation
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

use axum::{extract::Request, http::StatusCode, middleware::Next, response::Response};
use axum_extra::{
    TypedHeader,
    headers::{Authorization, authorization::Bearer},
};

use crate::types::keys::SecretKeyV1;

/// Validate a secret key and forward secret key payload to axum's extension extractor
pub async fn auth_layer(
    TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
    mut req: Request,
    next: Next,
) -> Result<Response, (StatusCode, String)> {
    let sk = bearer.token();
    let (scope, payload) = SecretKeyV1::decode(sk).map_err(|_| {
        (
            StatusCode::UNAUTHORIZED,
            "Failed to decode secret key payload".to_string(),
        )
    })?;

    if scope != "dev" {
        return Err((
            StatusCode::UNAUTHORIZED,
            format!("Scope {scope} not supported"),
        ));
    }

    if let Err(err) = payload.verify_signature() {
        return Err((
            StatusCode::UNAUTHORIZED,
            format!("Failed to verify secret key: {err}"),
        ));
    }

    // Secret key is valid
    req.extensions_mut().insert(payload);

    Ok(next.run(req).await)
}