drawbridge_server/auth/
mod.rs1mod oidc;
4mod tls;
5
6pub use oidc::{Claims as OidcClaims, ScopeContext, ScopeLevel, Verifier as OidcVerifier};
7pub use tls::{Config as TlsConfig, TrustedCertificate};
8
9use super::{Repository, Store, User};
10
11use drawbridge_type::RepositoryContext;
12
13use axum::body::Body;
14use axum::extract::RequestParts;
15use axum::http::Request;
16use axum::response::IntoResponse;
17
18pub async fn assert_repository_read<'a>(
19 store: &'a Store,
20 cx: &'a RepositoryContext,
21 req: Request<Body>,
22) -> Result<(Repository<'a>, Option<User<'a>>), impl IntoResponse> {
23 let repo = store.repository(cx);
24 if repo
25 .is_public()
26 .await
27 .map_err(IntoResponse::into_response)?
28 {
29 Ok((repo, None))
30 } else {
31 RequestParts::new(req)
32 .extract::<OidcClaims>()
33 .await?
34 .assert_user(store, &cx.owner, ScopeContext::Repository, ScopeLevel::Read)
35 .await
36 .map_err(IntoResponse::into_response)
37 .map(|user| (repo, Some(user)))
38 }
39}