bindle 0.9.1

An aggregate object storage system for applications
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294

use std::error::Error;
use std::fmt;
use std::io::Read;

use either::Either;
use serde::de::DeserializeOwned;
use serde::Deserialize;
use tracing::{debug, instrument, trace, warn};
use tracing_futures::Instrument;
use warp::reject::{custom, Reject, Rejection};
use warp::Filter;

use super::TOML_MIME_TYPE;
use crate::authn::Authenticator;
use crate::authz::always::Anonymous;
use crate::authz::Authorizer;

pub(crate) const PARCEL_ID_SEPARATOR: char = '@';

/// Query string options for the invoice endpoint
#[derive(Debug, Deserialize)]
pub struct InvoiceQuery {
    pub yanked: Option<bool>,
}

/// A warp filter that returns the invoice ID if the path is for an invoice and rejects it otherwise
pub fn invoice() -> impl Filter<Extract = (String,), Error = Rejection> + Copy {
    warp::path("_i")
        .and(warp::path::tail())
        .and_then(|tail: warp::path::Tail| {
            async move {
                let (inv, parcel) = match handle_tail(tail.as_str()) {
                    Ok(i) => i,
                    // The try operator doesn't work because I can't implement `From` for the sealed
                    // CombinedRejection type
                    Err(e) => return Err(e),
                };
                if parcel.is_some() {
                    return Err(custom(InvalidRequestPath));
                }
                Ok(inv)
            }
            .instrument(tracing::debug_span!("invoice_filter"))
        })
}

/// A warp filter that returns the invoice ID and parcel ID as a tuple if the path is for a parcel
/// and rejects it otherwise
pub fn parcel() -> impl Filter<Extract = ((String, String),), Error = Rejection> + Copy {
    warp::path("_i")
        .and(warp::path::tail())
        .and_then(|tail: warp::path::Tail| {
            async move {
                let (inv, parcel) = match handle_tail(tail.as_str()) {
                    Ok(i) => i,
                    // The try operator doesn't work because I can't implement `From` for the sealed
                    // CombinedRejection type
                    Err(e) => return Err(e),
                };
                let parcel = match parcel {
                    None => return Err(custom(InvalidRequestPath)),
                    Some(p) => p,
                };
                Ok((inv, parcel))
            }
            .instrument(tracing::debug_span!("parcel_filter"))
        })
}

#[instrument(level = "trace")]
fn handle_tail(tail: &str) -> Result<(String, Option<String>), Rejection> {
    let mut split: Vec<String> = tail
        .split(PARCEL_ID_SEPARATOR)
        .map(|s| s.to_owned())
        .collect();

    // The unwraps here are safe because we are checking length
    match split.len() {
        1 => {
            trace!(bindle_id = %split[0], "Matched only bindle ID");
            Ok((split.pop().unwrap(), None))
        }
        2 => {
            trace!(
                bindle_id = %split[0],
                sha = %split[1],
                "Matched bindle ID and sha"
            );
            let parcel = split.pop().unwrap();
            let inv = split.pop().unwrap();
            Ok((inv, Some(parcel)))
        }
        _ => Err(custom(InvalidRequestPath)),
    }
}

/// A warp filter for adding an authenticator
fn authenticate<Authn: Authenticator + Clone + Send + Sync>(
    authn: Authn,
) -> impl Filter<Extract = (Either<Anonymous, Authn::Item>,), Error = Rejection> + Clone {
    // We get the header optionally as anonymous auth could be enabled
    warp::any()
        .map(move || authn.clone())
        .and(warp::header::optional::<String>("Authorization"))
        .and_then(_authenticate)
}

#[instrument(level = "trace", skip(authn, auth_data), name = "authentication")]
async fn _authenticate<A: Authenticator + Clone + Send>(
    authn: A,
    auth_data: Option<String>,
) -> Result<Either<Anonymous, A::Item>, Rejection> {
    let data = match auth_data {
        Some(s) => s,
        // If we had no auth data, that means this is anonymous
        None => return Ok(Either::Left(Anonymous)),
    };
    match authn.authenticate(&data).await {
        Ok(a) => Ok(Either::Right(a)),
        Err(e) => {
            debug!(error = %e, "Authentication error");
            Err(warp::reject::custom(AuthnFail))
        }
    }
}

#[derive(Debug)]
struct AuthnFail;

impl warp::reject::Reject for AuthnFail {}

#[instrument(level = "trace", skip(err))]
pub(crate) async fn handle_authn_rejection(
    err: warp::Rejection,
) -> Result<impl warp::Reply, warp::Rejection> {
    if err.find::<AuthnFail>().is_some() {
        debug!("Handling rejection as authn rejection");
        Ok(crate::server::reply::reply_from_error(
            "unauthorized",
            warp::http::StatusCode::UNAUTHORIZED,
        ))
    } else {
        Err(err)
    }
}

/// A warp filter for adding an authorizer
pub(crate) fn authenticate_and_authorize<
    Authn: Authenticator + Clone + Send + Sync,
    Authz: Authorizer + Clone + Send + Sync,
>(
    authn: Authn,
    authz: Authz,
) -> impl Filter<Extract = ((),), Error = Rejection> + Clone {
    authenticate(authn)
        .and(warp::path::full())
        .and(warp::method())
        .and(warp::any().map(move || authz.clone()))
        .and_then(
            |item: Either<Anonymous, Authn::Item>,
             path: warp::path::FullPath,
             method: warp::http::Method,
             authz: Authz| {
                async move {
                    trace!(path = path.as_str(), %method, "Authorizing request");
                    if let Err(e) = item.either(
                        |anon| authz.authorize(anon, path.as_str(), &method),
                        |i| authz.authorize(i, path.as_str(), &method),
                    ) {
                        debug!(error = %e, "Authorization error");
                        return Err(warp::reject::custom(AuthzFail));
                    }
                    Ok(())
                }
                .instrument(tracing::trace_span!("authorization"))
            },
        )
}

#[derive(Debug)]
struct AuthzFail;

impl warp::reject::Reject for AuthzFail {}

#[instrument(level = "trace", skip(err))]
pub(crate) async fn handle_authz_rejection(
    err: warp::Rejection,
) -> std::result::Result<impl warp::Reply, warp::Rejection> {
    if err.find::<AuthzFail>().is_some() {
        debug!("Handling rejection as authz rejection");
        Ok(crate::server::reply::reply_from_error(
            "access denied",
            warp::http::StatusCode::FORBIDDEN,
        ))
    } else {
        Err(err)
    }
}

/// A warp filter that parses the body of a request from TOML to the specified type
// Lovingly borrowed from https://docs.rs/warp/0.2.5/src/warp/filters/body.rs.html
pub fn toml<T: DeserializeOwned + Send>() -> impl Filter<Extract = (T,), Error = Rejection> + Copy {
    // We can't use the http type constant here because clippy is warning about it having internal
    // mutability.
    warp::filters::header::header::<String>("Content-Type")
        .and(warp::body::aggregate())
        .and_then(parse_toml)
}

async fn parse_toml<T: DeserializeOwned + Send>(
    raw_header: String,
    buf: impl warp::Buf,
) -> Result<T, Rejection> {
    let mime: mime::Mime = raw_header
        .parse()
        .map_err(|err: mime::FromStrError| custom(BodyDeserializeError { cause: err.into() }))?;
    // As far as I can tell from the code, essence_str is lowercased, so we shouldn't need to
    // do it here
    if mime.essence_str() != TOML_MIME_TYPE {
        return Err(custom(BodyDeserializeError {
            cause: "content-type is not TOML".into(),
        }));
    }
    let mut raw = Vec::new();
    buf.reader()
        .read_to_end(&mut raw)
        .map_err(|err| custom(BodyDeserializeError { cause: err.into() }))?;
    toml::from_slice(&raw).map_err(|err| {
        warn!("Failed to deserialize TOML file: {}", err);
        custom(BodyDeserializeError { cause: err.into() })
    })
}

#[instrument(level = "trace", skip(err))]
pub(crate) async fn handle_deserialize_rejection(
    err: warp::Rejection,
) -> Result<impl warp::Reply, warp::Rejection> {
    if let Some(e) = err.find::<BodyDeserializeError>() {
        debug!("Handling rejection as deserialize rejection");
        Ok(crate::server::reply::reply_from_error(
            e,
            warp::http::StatusCode::BAD_REQUEST,
        ))
    } else if let Some(e) = err.find::<warp::body::BodyDeserializeError>() {
        // Because we are handling the built in JSON filter, we need to handle the error here as it
        // is different from ours
        debug!("Handling rejection as built in deserialize rejection");
        Ok(crate::server::reply::reply_from_error(
            e,
            warp::http::StatusCode::BAD_REQUEST,
        ))
    } else {
        Err(err)
    }
}

#[derive(Debug)]
struct BodyDeserializeError {
    cause: Box<dyn Error + Send + Sync>,
}

impl fmt::Display for BodyDeserializeError {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        write!(f, "Request body toml deserialize error: {}", self.cause)
    }
}

impl Error for BodyDeserializeError {
    fn source(&self) -> Option<&(dyn Error + 'static)> {
        Some(self.cause.as_ref())
    }
}

impl Reject for BodyDeserializeError {}

#[instrument(level = "trace", skip(err))]
pub(crate) async fn handle_invalid_request_path(
    err: warp::Rejection,
) -> Result<impl warp::Reply, warp::Rejection> {
    if err.find::<InvalidRequestPath>().is_some() {
        debug!("Handling rejection as invalid request rejection");
        Ok(crate::server::reply::reply_from_error(
            "Invalid URL. Missing Bindle ID and/or parcel SHA",
            warp::http::StatusCode::BAD_REQUEST,
        ))
    } else {
        Err(err)
    }
}

#[derive(Debug)]
struct InvalidRequestPath;

impl Reject for InvalidRequestPath {}