tide-jwt 0.1.1

Tide (http-rs/tide) JWT Authorization Middleware
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

use async_trait::async_trait;
use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation};
use serde::{de::DeserializeOwned, Serialize};
use std::marker::PhantomData;
use tide::{Middleware, Next, Request, Response, StatusCode};

pub fn jwtsign<Claims: Serialize + DeserializeOwned + Send + Sync + 'static>(
    claims: &Claims,
    key: &EncodingKey,
) -> Result<String, jsonwebtoken::errors::Error> {
    encode(&Header::default(), claims, key)
}

pub fn jwtsign_secret<Claims: Serialize + DeserializeOwned + Send + Sync + 'static>(
    claims: &Claims,
    key: &str,
) -> Result<String, jsonwebtoken::errors::Error> {
    encode(
        &Header::default(),
        claims,
        &EncodingKey::from_base64_secret(key)?,
    )
}

pub fn jwtsign_with<Claims: Serialize + DeserializeOwned + Send + Sync + 'static>(
    header: &Header,
    claims: &Claims,
    key: &EncodingKey,
) -> Result<String, jsonwebtoken::errors::Error> {
    encode(header, claims, key)
}

pub struct JwtAuthenticationDecoder<Claims: DeserializeOwned + Send + Sync + 'static> {
    validation: Validation,
    key: DecodingKey,
    _claims: PhantomData<Claims>,
}

impl<Claims: DeserializeOwned + Send + Sync + 'static> JwtAuthenticationDecoder<Claims> {
    pub fn default(key: DecodingKey) -> Self {
        Self::new(Validation::default(), key)
    }

    pub fn new(validation: Validation, key: DecodingKey) -> Self {
        Self {
            validation,
            key,
            _claims: PhantomData::default(),
        }
    }
}

#[async_trait]
impl<State, Claims> Middleware<State> for JwtAuthenticationDecoder<Claims>
where
    State: Clone + Send + Sync + 'static,
    Claims: DeserializeOwned + Send + Sync + 'static,
{
    async fn handle(&self, mut req: Request<State>, next: Next<'_, State>) -> tide::Result {
        let header = req.header("Authorization");
        if header.is_none() {
            return Ok(next.run(req).await);
        }

        let values: Vec<_> = header.unwrap().into_iter().collect();

        if values.is_empty() {
            return Ok(next.run(req).await);
        }

        if values.len() > 1 {
            return Ok(Response::new(StatusCode::Unauthorized));
        }

        for value in values {
            let value = value.as_str();
            if !value.starts_with("Bearer") {
                continue;
            }

            let token = &value["Bearer ".len()..];
            println!("found authorization token: {token}");
            let data = match decode::<Claims>(token, &self.key, &self.validation) {
                Ok(c) => c,
                Err(_) => {
                    return Ok(Response::new(StatusCode::Unauthorized));
                }
            };

            req.set_ext(data.claims);
            break;
        }

        Ok(next.run(req).await)
    }
}