fts-server 0.3.0

A RESTful flow trading API server
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

use super::JWTVerifier;
use axum::{
    extract::{FromRef, FromRequestParts},
    http::{StatusCode, request::Parts},
};
use axum_extra::{
    TypedHeader,
    headers::{Authorization, authorization::Bearer},
};

/// An authenticated administrator identity.
///
/// This extractor verifies the JWT token from the request headers
/// and confirms that the user has administrator privileges.
/// It's used to authorize administrative operations.
pub struct Admin;

impl<S> FromRequestParts<S> for Admin
where
    S: Send + Sync,
    JWTVerifier: FromRef<S>,
{
    type Rejection = StatusCode;

    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
        // Extract the bearer token
        let header = Option::<TypedHeader<Authorization<Bearer>>>::from_request_parts(parts, state)
            .await
            .unwrap()
            .ok_or(StatusCode::UNAUTHORIZED)?;
        let TypedHeader(auth) = header;

        let jwt = JWTVerifier::from_ref(state);

        // Process the claims. According to simple-jwt docs, this will automatically
        // check and verify all the things a responsible implementation should.
        let admin = jwt
            .claims(auth.token())
            .ok_or(StatusCode::BAD_REQUEST)?
            .custom
            .admin;
        if admin {
            Ok(Self)
        } else {
            Err(StatusCode::FORBIDDEN)
        }
    }
}