freighter-auth 1.0.0

Cloudflare's third-party Rust registry implementation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

//! A backend that says "yes" to every request for authorization.
//!
//! This is exactly as insecure as it sounds, and is meant primarily for testing purposes.

use crate::{AuthProvider, AuthResult};
use async_trait::async_trait;
use freighter_api_types::ownership::response::ListedOwner;
use rand::distributions::{Alphanumeric, DistString};

/// In the config specify `auth_allow_full_access_without_any_checks: true` to give full access to the registry,
/// including crate publishing, to anyone who can connect to it.
pub struct YesAuthProvider(());

impl YesAuthProvider {
    #[track_caller]
    pub fn new(yes_config: Config) -> AuthResult<Self> {
        if !yes_config.auth_allow_full_access_without_any_checks {
            return Err(anyhow::anyhow!("enabled 'yes' auth without explicit opt-in").into());
        }
        Ok(YesAuthProvider(()))
    }
}

#[derive(serde::Deserialize, Clone)]
pub struct Config {
    pub auth_allow_full_access_without_any_checks: bool,
}

#[async_trait]
impl AuthProvider for YesAuthProvider {
    type Config = Config;

    async fn healthcheck(&self) -> anyhow::Result<()> {
        Ok(())
    }

    async fn register(&self, _username: &str) -> AuthResult<String> {
        let token = Alphanumeric.sample_string(&mut rand::thread_rng(), 32);

        Ok(token)
    }

    async fn list_owners(&self, _token: &str, _crate_name: &str) -> AuthResult<Vec<ListedOwner>> {
        Ok(Vec::new())
    }

    async fn add_owners(&self, _token: &str, _users: &[&str], _crate_name: &str) -> AuthResult<()> {
        Ok(())
    }

    async fn remove_owners(
        &self,
        _token: &str,
        _users: &[&str],
        _crate_name: &str,
    ) -> AuthResult<()> {
        Ok(())
    }

    async fn publish(&self, _token: &str, _crate_name: &str) -> AuthResult<()> {
        Ok(())
    }

    async fn auth_yank(&self, _token: &str, _crate_name: &str) -> AuthResult<()> {
        Ok(())
    }

    async fn auth_config(&self, _token: &str) -> AuthResult<()> {
        Ok(())
    }

    async fn auth_index_fetch(&self, _token: &str, _crate_name: &str) -> AuthResult<()> {
        Ok(())
    }

    async fn auth_crate_download(&self, _token: &str, _crate_name: &str) -> AuthResult<()> {
        Ok(())
    }

    async fn auth_view_full_index(&self, _token: &str) -> AuthResult<()> {
        Ok(())
    }
}