api-tools 0.7.0

An API tools library for Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170

//! Basic Auth layer

use super::body_from_parts;
use axum::{
    body::Body,
    http::{HeaderValue, Request, header},
    response::Response,
};
use futures::future::BoxFuture;
use http_auth_basic::Credentials;
use hyper::StatusCode;
use std::task::{Context, Poll};
use tower::{Layer, Service};

#[derive(Clone)]
pub struct BasicAuthLayer {
    pub username: String,
    pub password: String,
}

impl BasicAuthLayer {
    /// Create a new `BasicAuthLayer`
    pub fn new(username: &str, password: &str) -> Self {
        Self {
            username: username.to_string(),
            password: password.to_string(),
        }
    }
}

impl<S> Layer<S> for BasicAuthLayer {
    type Service = BasicAuthMiddleware<S>;

    fn layer(&self, inner: S) -> Self::Service {
        BasicAuthMiddleware {
            inner,
            username: self.username.clone(),
            password: self.password.clone(),
        }
    }
}

#[derive(Clone)]
pub struct BasicAuthMiddleware<S> {
    inner: S,
    username: String,
    password: String,
}

impl<S> Service<Request<Body>> for BasicAuthMiddleware<S>
where
    S: Service<Request<Body>, Response = Response> + Send + 'static,
    S::Future: Send + 'static,
{
    type Response = S::Response;
    type Error = S::Error;
    // `BoxFuture` is a type alias for `Pin<Box<dyn Future + Send + 'a>>`
    type Future = BoxFuture<'static, Result<Self::Response, Self::Error>>;

    fn poll_ready(&mut self, cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
        self.inner.poll_ready(cx)
    }

    fn call(&mut self, request: Request<Body>) -> Self::Future {
        let auth = request
            .headers()
            .get(header::AUTHORIZATION)
            .and_then(|h| h.to_str().ok())
            .map(str::to_string);
        let username = self.username.clone();
        let password = self.password.clone();

        let future = self.inner.call(request);
        Box::pin(async move {
            let mut response = Response::default();

            let ok = match auth {
                None => false,
                Some(auth) => match Credentials::from_header(auth) {
                    Err(_) => false,
                    Ok(cred) => cred.user_id == username && cred.password == password,
                },
            };
            response = match ok {
                true => future.await?,
                false => {
                    let (mut parts, _body) = response.into_parts();
                    let msg = body_from_parts(
                        &mut parts,
                        StatusCode::UNAUTHORIZED,
                        "Unauthorized",
                        Some(vec![(
                            header::WWW_AUTHENTICATE,
                            HeaderValue::from_static("basic realm=RESTRICTED"),
                        )]),
                    );
                    Response::from_parts(parts, Body::from(msg))
                }
            };

            Ok(response)
        })
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use axum::{
        body::Body,
        http::{Request, StatusCode, header},
        response::Response,
    };
    use base64::{Engine as _, engine::general_purpose};
    use std::convert::Infallible;
    use tower::ServiceExt;

    async fn dummy_service(_req: Request<Body>) -> Result<Response, Infallible> {
        Ok(Response::builder()
            .status(StatusCode::OK)
            .body(Body::from("ok"))
            .unwrap())
    }

    #[tokio::test]
    async fn test_basic_auth_layer() {
        let username = "user";
        let password = "pass";
        let layer = BasicAuthLayer::new(username, password);
        let service = layer.layer(tower::service_fn(dummy_service));

        // Request without Authorization header
        let req = Request::builder().uri("/").body(Body::empty()).unwrap();
        let resp = service.clone().oneshot(req).await.unwrap();
        assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);

        // Request with invalid credentials
        let bad_auth = format!("Basic {}", general_purpose::STANDARD.encode(""));
        let req = Request::builder()
            .uri("/")
            .header(header::AUTHORIZATION, bad_auth)
            .body(Body::empty())
            .unwrap();
        let resp = service.clone().oneshot(req).await.unwrap();
        assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);

        // Request with bad credentials
        let bad_auth = format!("Basic {}", general_purpose::STANDARD.encode("user:wrong"));
        let req = Request::builder()
            .uri("/")
            .header(header::AUTHORIZATION, bad_auth)
            .body(Body::empty())
            .unwrap();
        let resp = service.clone().oneshot(req).await.unwrap();
        assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);

        // Request with good credentials
        let good_auth = format!(
            "Basic {}",
            general_purpose::STANDARD.encode(format!("{}:{}", username, password))
        );
        let req = Request::builder()
            .uri("/")
            .header(header::AUTHORIZATION, good_auth)
            .body(Body::empty())
            .unwrap();
        let resp = service.oneshot(req).await.unwrap();
        assert_eq!(resp.status(), StatusCode::OK);
    }
}