rustic_server 0.4.4

rustic server - a REST server built in rust to use with rustic and restic.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

use std::path::Path;

use axum::{http::StatusCode, response::IntoResponse};
use tracing::debug;

// used for using auto-generated TpeKind variant names
use strum::VariantNames;

use crate::{
    acl::{AccessType, AclChecker, ACL},
    error::{ApiErrorKind, ApiResult},
    typed_path::TpeKind,
};

pub fn check_auth_and_acl(
    user: String,
    tpe: impl Into<Option<TpeKind>>,
    path: &Path,
    access_type: AccessType,
) -> ApiResult<impl IntoResponse> {
    let tpe = tpe.into();

    // don't allow paths that includes any of the defined types
    for part in path.iter() {
        //FIXME: Rewrite to?? -> if TYPES.contains(part) {}
        if let Some(part) = part.to_str() {
            for tpe_i in TpeKind::VARIANTS.iter() {
                if &part == tpe_i {
                    debug!("PathNotAllowed: {:?}", part);
                    return Err(ApiErrorKind::AmbiguousPath(path.display().to_string()));
                }
            }
        }
    }

    let acl = ACL.get().unwrap();
    let path = if let Some(path) = path.to_str() {
        path
    } else {
        return Err(ApiErrorKind::NonUnicodePath(path.display().to_string()));
    };
    let allowed = acl.is_allowed(&user, path, tpe, access_type);
    tracing::debug!(name: "auth", %user, %path, "type" = ?tpe, allowed);

    match allowed {
        true => Ok(StatusCode::OK),
        false => Err(ApiErrorKind::PathNotAllowed(path.to_string())),
    }
}