worterbuch 1.5.0-alpha.2

A message broker / database hybrid.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

/*
 *  Worterbuch server authorization module
 *
 *  Copyright (C) 2024 Michael Bachmann
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Affero General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

use crate::{
    Config,
    auth::{JwtClaims, get_claims},
};
use axum::{
    extract::{OptionalFromRequestParts, Request, State},
    http::request::Parts,
    middleware::Next,
    response::IntoResponse,
};
use axum_extra::{TypedHeader, extract::CookieJar};
use headers::{Authorization, authorization::Bearer};
use std::{convert::Infallible, future};
use worterbuch_common::error::WorterbuchResult;

pub async fn bearer_auth(
    State(config): State<Config>,
    jar: CookieJar,
    header_jwt: Option<TypedHeader<Authorization<Bearer>>>,
    mut req: Request,
    next: Next,
) -> WorterbuchResult<impl IntoResponse> {
    let cookie_jwt = jar.get("worterbuch_auth_jwt").map(|c| c.value().to_owned());

    let jwt = header_jwt.map(|h| h.token().to_owned()).or(cookie_jwt);

    match get_claims(jwt.as_deref(), &config) {
        Ok(claims) => {
            // Attach claims to request extensions
            req.extensions_mut().insert(claims);
        }
        Err(e) => {
            if config.auth_token_key.is_some() {
                return Err(e.into());
            }
        }
    }

    Ok(next.run(req).await)
}

impl<S> OptionalFromRequestParts<S> for JwtClaims
where
    S: Send + Sync,
{
    type Rejection = Infallible;

    fn from_request_parts(
        parts: &mut Parts,
        _: &S,
    ) -> impl Future<Output = Result<Option<Self>, Self::Rejection>> + Send {
        future::ready(Ok(parts.extensions.get::<JwtClaims>().cloned()))
    }
}