1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

//! Authentication and authorization data structures

use std::collections::BTreeSet;
use iron;
use hyper;

/// Authorization scopes.
#[derive(Clone, Debug, PartialEq)]
pub enum Scopes {
    /// Some set of scopes.
    Some(BTreeSet<String>),
    /// All possible scopes, authorization checking disabled.
    All,
}

/// Storage of authorization parameters for an incoming request, used for
/// REST API authorization.
#[derive(Clone, Debug, PartialEq)]
pub struct Authorization {
    pub subject: String,
    pub scopes: Scopes,
}
impl iron::typemap::Key for Authorization {
    type Value = Authorization;
}

/// Storage of raw authentication data, used both for storing incoming
/// request authentication, and for authenticating outgoing client requests.
#[derive(Clone, Debug, PartialEq)]
pub enum AuthData {
    /// HTTP Basic auth.
    Basic(hyper::header::Basic),
    /// HTTP Bearer auth, used for OAuth2.
    Bearer(hyper::header::Bearer),
    /// Header-based or query parameter-based API key auth.
    ApiKey(String),
}
impl iron::typemap::Key for AuthData {
    type Value = AuthData;
}

/// Dummy implementation of an Iron middleware to insert authorization data,
/// allowing all access to an endpoint with the subject "alice".
#[derive(Debug)]
pub struct AllowAllMiddleware(String);

impl AllowAllMiddleware {
    /// Create a middleware that authorizes with the configured subject.
    pub fn new<S: Into<String>>(subject: S) -> AllowAllMiddleware {
        AllowAllMiddleware(subject.into())
    }
}

impl iron::middleware::BeforeMiddleware for AllowAllMiddleware {
    fn before(&self, req: &mut iron::Request) -> iron::IronResult<()> {
        req.extensions.insert::<Authorization>(Authorization {
            subject: self.0.clone(),
            scopes: Scopes::All,
        });
        Ok(())
    }
}