-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathauth.rs
124 lines (110 loc) · 3.52 KB
/
auth.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
use actix_web::{
dev::ServiceRequest,
Error,
http::header,
};
use serde::Deserialize;
use base64_url::decode;
// #[derive(Debug, Deserialize)]
// struct Header {
// typ: String,
// alg: String,
// x5t: String,
// kid: String
// }
#[derive(Debug, Deserialize)]
struct Payload {
// aud: String,
// iss: String,
// appid: String,
// deviceid: String,
// family_name: String,
// given_name: String,
// name: String,
// oid: String,
// scp: String,
// sub: String,
// unique_name: String,
// upn: String,
roles: Option<Vec<String>>
}
pub async fn extract_roles(req: &ServiceRequest) -> Result<Vec<String>, Error> {
/*
Azure will be performing the authentication before we even see the
request so there is no need to validate token.
*/
let map = req.headers();
// If there is no authorization header than it is assumed that auth is not required.
if !map.contains_key(header::AUTHORIZATION) {
println!("[auth::extractor] No Authorization header in request.");
return Ok(vec!["admin".to_string()]);
}
let authorization = match map.get(header::AUTHORIZATION) {
Some(value) => match value.to_str() {
Ok(value) => value,
Err(error) => {
println!("[auth::extractor] Invalid Authorization header.");
println!("{:#?}", error);
return Ok(vec![])
}
}
None => {
println!("[auth::extractor] No Authorization header in request.");
return Ok(vec![])
}
};
if !authorization.contains(" ") {
println!("[auth::extractor] Invalid Authorization header.");
return Ok(vec![])
}
if !authorization.contains(".") {
println!("[auth::extractor] Invalid Authorization header.");
return Ok(vec![])
}
let bearer = authorization
.split(" ")
.collect::<Vec<&str>>()[1]
.split(".")
.collect::<Vec<&str>>();
// // Header
// let header_encoded = bearer[0];
// let header_decoded = decode(&header_encoded).unwrap();
// let header_string = std::str::from_utf8(&header_decoded).unwrap();
// let header: Header = serde_json::from_str(&header_string).unwrap();
// println!("Header decode successful!");
// Payload
let payload_encoded = bearer[1];
let payload_decoded = match decode(&payload_encoded) {
Ok(value) => value,
Err(error) => {
println!("[auth::extractor] Invalid Authorization header.");
println!("[auth::extractor] Unable to decode payload.");
println!("{:#?}", error);
return Ok(vec![])
}
};
let payload_string = match std::str::from_utf8(&payload_decoded) {
Ok(value) => value,
Err(error) => {
println!("[auth::extractor] Invalid Authorization header.");
println!("[auth::extractor] Unable to cast payload bytes to string.");
println!("{:#?}", error);
return Ok(vec![])
}
};
let payload: Payload = match serde_json::from_str(&payload_string) {
Ok(value) => value,
Err(error) => {
println!("[auth::extractor] Invalid Authorization header.");
println!("[auth::extractor] Unable to deserialize payload string.");
println!("{:#?}", error);
return Ok(vec![])
}
};
if payload.roles.is_some() {
return Ok(payload.roles.unwrap())
}
else {
return Ok(vec![])
}
}