http-signatures 0.8.0

An implementation of the HTTP Signatures RFC
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

// This file is part of HTTP Signatures

// HTTP Signatures is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.

// HTTP Signatures is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.

// You should have received a copy of the GNU General Public License
// along with HTTP Signatures  If not, see <http://www.gnu.org/licenses/>.

//! Available with the `use_hyper` feature. This module defines `VerifyHeader` for
//! `hyper::server::Request`.
//!
//! This allows easy verification of incomming requests in Hyper.
//!
//! See
//! [this example](https://git.asonix.dog/asonix/http-signatures/src/branch/master/examples/hyper-server)
//! for usage information.

use hyper::{header::AUTHORIZATION, Request};

use crate::{
    error::VerificationError,
    prelude::*,
    verify::{SignedHeader, VerifyKey},
};

impl<B> VerifyHeader for Request<B> {
    fn verify_signature_header(&self, key: VerifyKey) -> Result<(), VerificationError> {
        let auth_header = self
            .headers()
            .get("Signature")
            .ok_or(VerificationError::HeaderNotPresent)?
            .to_str()
            .map_err(|_| VerificationError::HeaderNotPresent)?;

        verify_header(self, auth_header, key)
    }

    fn verify_authorization_header(&self, key: VerifyKey) -> Result<(), VerificationError> {
        let ref auth_header = self
            .headers()
            .get(AUTHORIZATION)
            .ok_or(VerificationError::HeaderNotPresent)?
            .to_str()
            .map_err(|_| VerificationError::HeaderNotPresent)?;

        verify_header(self, auth_header, key)
    }
}

fn verify_header<B>(
    req: &Request<B>,
    header: &str,
    key: VerifyKey,
) -> Result<(), VerificationError> {
    let auth_header = SignedHeader::new(header)?;

    let headers: Vec<(&str, &str)> = req
        .headers()
        .iter()
        .filter_map(|(header_name, header_value)| {
            header_value
                .to_str()
                .ok()
                .map(|header_value| (header_name.as_str(), header_value))
        })
        .collect();

    auth_header.verify(
        headers.as_ref(),
        &req.method().as_ref().to_lowercase(),
        req.uri().path(),
        req.uri().query(),
        key,
    )
}