oidc_util/graphql/
authentication.rs

1use crate::security::validator::validate_token;
2use actix_web::http::header::HeaderMap;
3
4use alcoholic_jwt::{JWKS, ValidJWT};
5use async_graphql::{Context, Error};
6use error_util::error::AppError::GraphQLError;
7use crate::security::extract_header_value_from_request_to_string;
8
9pub async fn authenticate_for_jwt(ctx: &Context<'_>, jwks: JWKS, issuer_uri: &str) -> Result<ValidJWT, Error> {
10    let headers = ctx.data::<HeaderMap>().map_err(GraphQLError)?;
11
12    let auth_token = extract_header_value_from_request_to_string(headers, "authorization");
13    let token_split = auth_token.split(' ');
14    let data = token_split.take(2).collect::<Vec<_>>();
15
16    if data.len() < 2 {
17        return Err(Error::new("invalid token format"));
18    }
19
20    let bearer_text = "Bearer";
21    if let Some(bearer) = data.first() {
22        if !bearer.eq(&bearer_text) {
23            return Err(Error::new("invalid token format"));
24        }
25    }
26
27    if let Some(parsed_token) = data.get(1) {
28        validate_token(
29            parsed_token,
30            &jwks,
31            issuer_uri,
32        )
33            .map_err(|err| err.convert_app_error_to_graphql_error())
34    } else {
35        Err(Error::new("could not parse token"))
36    }
37}
38
39pub async fn authenticate_for_string(ctx: &Context<'_>, jwks: JWKS, issuer_uri: &str) -> Result<String, Error> {
40    let headers = ctx.data::<HeaderMap>().map_err(GraphQLError)?;
41
42    let auth_token = extract_header_value_from_request_to_string(headers, "authorization");
43    let token_split = auth_token.split(' ');
44    let data = token_split.take(2).collect::<Vec<_>>();
45
46    if data.len() < 2 {
47        return Err(Error::new("invalid token format"));
48    }
49
50    let bearer_text = "Bearer";
51    if let Some(bearer) = data.first() {
52        if !bearer.eq(&bearer_text) {
53            return Err(Error::new("invalid token format"));
54        }
55    }
56
57    if let Some(parsed_token) = data.get(1) {
58        let _ = validate_token(
59            parsed_token,
60            &jwks,
61            issuer_uri,
62        )
63            .map_err(|err| err.convert_app_error_to_graphql_error())?;
64        Ok(parsed_token.to_string())
65    } else {
66        Err(Error::new("could not parse token"))
67    }
68}