esetres 0.1.4

A self hosted file storage server.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

use crate::{
    config,
    db::schema::{Access, Token},
    jwt::validate,
};
use axum::{
    http::HeaderMap,
    routing::{get, post, put},
    Extension, Router,
};
use bcrypt::verify;
use std::{collections::HashMap, sync::Arc};
use tokio::sync::Mutex;
use tower::ServiceBuilder;
use tower_http::cors::{Any, CorsLayer};

pub mod buckets;

pub mod cache;

pub mod files;

pub mod health;

pub mod middleware;

pub struct AppState {
    pub config: config::Object
}

pub fn create(tokens: HashMap<String, Token>, app_state: AppState) -> Router {
    /* State initialization */

    let state = Arc::new(app_state);

    let token_cache = Arc::new(Mutex::new(tokens));

    /* CORS Config */

    let cors = CorsLayer::new()
        .allow_origin(Any)
        .allow_methods(Any)
        .allow_headers(Any);

    axum::Router::new()
        .route("/health", axum::routing::get(health::health_check))
        .route(
            "/buckets",
            post(buckets::create).layer(axum::middleware::from_fn(middleware::authorization)),
        )
        .route(
            "/cache/invalidate",
            post(cache::invalidate).layer(axum::middleware::from_fn(middleware::from_host)),
        )
        .route(
            "/buckets/:bucketId/public/:resourcePath",
            get(files::public_get),
        )
        .route(
            "/buckets/:bucketId/public/:resourcePath",
            put(files::public_upload)
                .delete(files::public_delete)
                .layer(axum::middleware::from_fn(middleware::authorization)),
        )
        .route(
            "/buckets/:bucketId/private/:resourcePath",
            get(files::private_get)
                .put(files::private_upload)
                .delete(files::private_delete)
                .layer(axum::middleware::from_fn(middleware::authorization)),
        )
        .with_state(state)
        .layer(
            ServiceBuilder::new()
                .layer(cors)
                .layer(Extension(token_cache)),
        )
}

pub async fn is_authed(
    headers: HeaderMap,
    bucket_id: Option<&str>,
    required_access: Access,
    token_cache: Arc<Mutex<HashMap<String, Token>>>,
) -> bool {
    let token = if let Some(header) = headers.get("Authorization") {
        // remove `Bearer ` prefix to get token
        let header = header.to_str().unwrap();
        
        let t = header.trim_start_matches("Bearer ");
        if t == "" {
            return false;
        }

        t
    } else {
        return false;
    };

    let token_data = if let Ok(data) = validate(token.to_string()) {
        data
    } else {
        return false;
    };

    let cache = token_cache.lock().await;

    let cached_token = if let Some(t) = cache.get(&token_data.claims.nm) {
        t
    } else {
        return false;
    };

    // controls access to specific buckets
    if let Some(identifier) = bucket_id {
        if cached_token.bucket_scope != "*" && cached_token.bucket_scope != identifier {
            return false;
        }
    }

    if cached_token.access != Access::FULL && required_access != cached_token.access {
        return false;
    }

    if let Ok(valid) = verify(&token, &cached_token.token) {
        if !valid {
            return false;
        }
    } else {
        return false;
    }

    true
}