redfish_axum/

allow_deny.rs

// Generated by redfish-codegen. Do not modify.

/// The default privileges required for accessing AllowDeny instances.
pub struct DefaultPrivileges;
impl redfish_core::privilege::OperationPrivilegeMapping for DefaultPrivileges {
    type Get = redfish_core::privilege::Login;
    type Head = redfish_core::privilege::Login;
    type Post = redfish_core::privilege::ConfigureManager;
    type Put = redfish_core::privilege::ConfigureManager;
    type Patch = redfish_core::privilege::ConfigureManager;
    type Delete = redfish_core::privilege::ConfigureManager;
}

/// This endpoint implements the AllowDeny component.
///
/// It can be mounted on the following components:
/// * [AllowDenyCollection][crate::allow_deny_collection::AllowDenyCollection]
pub struct AllowDeny<S, P>
where
    S: Clone,
{
    router: axum::routing::MethodRouter<S>,
    privilege_marker: std::marker::PhantomData<fn() -> P>,
    allowed_methods: Vec<axum::http::method::Method>,
}

impl<S> Default for AllowDeny<S, DefaultPrivileges>
where
    S: Clone,
{
    fn default() -> Self {
        Self {
            router: Default::default(),
            privilege_marker: Default::default(),
            allowed_methods: Vec::new(),
        }
    }
}

impl<S, P> AllowDeny<S, P>
where
    S: AsRef<dyn redfish_core::auth::AuthenticateRequest> + Clone + Send + Sync + 'static,
    P: redfish_core::privilege::OperationPrivilegeMapping + 'static,
    <P as redfish_core::privilege::OperationPrivilegeMapping>::Get: Send,
    <P as redfish_core::privilege::OperationPrivilegeMapping>::Put: Send,
    <P as redfish_core::privilege::OperationPrivilegeMapping>::Patch: Send,
    <P as redfish_core::privilege::OperationPrivilegeMapping>::Delete: Send,
{
    pub fn get<H, T>(mut self, handler: H) -> Self
    where
        H: axum::handler::Handler<T, S, axum::body::Body>,
        T: 'static,
    {
        let operation = axum::routing::get(
            |auth: redfish_core::extract::RedfishAuth<P::Get>,
             axum::extract::State(state): axum::extract::State<S>,
             mut request: axum::http::Request<axum::body::Body>| async {
                request.extensions_mut().insert(auth.user);
                handler.call(request, state).await
            },
        );
        self.router = self.router.get(operation);
        self.allowed_methods.push(axum::http::method::Method::GET);
        self
    }

    pub fn put<H, T>(mut self, handler: H) -> Self
    where
        H: axum::handler::Handler<T, S, axum::body::Body>,
        T: 'static,
    {
        let operation = axum::routing::put(
            |auth: redfish_core::extract::RedfishAuth<P::Put>,
             axum::extract::State(state): axum::extract::State<S>,
             mut request: axum::http::Request<axum::body::Body>| async {
                request.extensions_mut().insert(auth.user);
                handler.call(request, state).await
            },
        );
        self.router = self.router.put(operation);
        self.allowed_methods.push(axum::http::method::Method::PUT);
        self
    }

    pub fn patch<H, T>(mut self, handler: H) -> Self
    where
        H: axum::handler::Handler<T, S, axum::body::Body>,
        T: 'static,
    {
        let operation = axum::routing::patch(
            |auth: redfish_core::extract::RedfishAuth<P::Patch>,
             axum::extract::State(state): axum::extract::State<S>,
             mut request: axum::http::Request<axum::body::Body>| async {
                request.extensions_mut().insert(auth.user);
                handler.call(request, state).await
            },
        );
        self.router = self.router.patch(operation);
        self.allowed_methods.push(axum::http::method::Method::PATCH);
        self
    }

    pub fn delete<H, T>(mut self, handler: H) -> Self
    where
        H: axum::handler::Handler<T, S, axum::body::Body>,
        T: 'static,
    {
        let operation = axum::routing::delete(
            |auth: redfish_core::extract::RedfishAuth<P::Delete>,
             axum::extract::State(state): axum::extract::State<S>,
             mut request: axum::http::Request<axum::body::Body>| async {
                request.extensions_mut().insert(auth.user);
                handler.call(request, state).await
            },
        );
        self.router = self.router.delete(operation);
        self.allowed_methods.push(axum::http::method::Method::DELETE);
        self
    }

    pub fn into_router(self) -> axum::Router<S> {
        let Self {
            router,
            mut allowed_methods,
            ..
        } = self;
        let result = axum::Router::default();
        allowed_methods.dedup();
        let allow_header = allowed_methods
            .into_iter()
            .map(|method| method.to_string())
            .reduce(|one, two| one + "," + &two)
            .unwrap();
        result.route(
            "/",
            router.fallback(|| async {
                (
                    axum::http::StatusCode::METHOD_NOT_ALLOWED,
                    axum::Json(redfish_core::error::one_message(redfish_codegen::registries::base::v1_16_0::Base::OperationNotAllowed.into())),
                )
            })
            .route_layer(axum::middleware::from_fn_with_state(
                allow_header,
                |axum::extract::State(allow_header): axum::extract::State<String>,
                 request: axum::http::Request<axum::body::Body>,
                 next: axum::middleware::Next<axum::body::Body>| async move {
                    let apply_allow = matches!(*request.method(), axum::http::Method::GET | axum::http::Method::HEAD);
                    let mut response = next.run(request).await;
                    if apply_allow && !response.headers().contains_key(axum::http::header::ALLOW) {
                        response.headers_mut().insert(
                            axum::http::header::ALLOW,
                            axum::http::HeaderValue::from_str(&allow_header).unwrap(),
                        );
                    }
                    response
                },
            )),
        )
    }
}