From af8a5f2c219b20ba84780a4425fc83ed3758c938 Mon Sep 17 00:00:00 2001 From: ad hoc Date: Wed, 2 Mar 2022 19:20:57 +0100 Subject: [PATCH] async auth --- .../src/extractors/authentication/mod.rs | 119 ++++++++++++------ 1 file changed, 82 insertions(+), 37 deletions(-) diff --git a/meilisearch-http/src/extractors/authentication/mod.rs b/meilisearch-http/src/extractors/authentication/mod.rs index bf35e1729..ab0030fc1 100644 --- a/meilisearch-http/src/extractors/authentication/mod.rs +++ b/meilisearch-http/src/extractors/authentication/mod.rs @@ -2,28 +2,88 @@ mod error; use std::marker::PhantomData; use std::ops::Deref; +use std::pin::Pin; use actix_web::FromRequest; use futures::future::err; -use futures::future::{ok, Ready}; -use meilisearch_error::ResponseError; +use futures::Future; +use meilisearch_error::{Code, ResponseError}; use error::AuthenticationError; use meilisearch_auth::{AuthController, AuthFilter}; -pub struct GuardedData { +pub struct GuardedData { data: D, filters: AuthFilter, - _marker: PhantomData, + _marker: PhantomData

, } -impl GuardedData { +impl GuardedData { pub fn filters(&self) -> &AuthFilter { &self.filters } + + async fn auth_bearer( + auth: AuthController, + token: String, + index: Option, + data: Option, + ) -> Result + where + P: Policy + 'static, + { + match Self::authenticate(auth, token, index).await? { + (_, Some(filters)) => match data { + Some(data) => Ok(Self { + data, + filters, + _marker: PhantomData, + }), + None => Err(AuthenticationError::IrretrievableState.into()), + }, + (token, None) => { + let token = token.to_string(); + Err(AuthenticationError::InvalidToken(token).into()) + } + } + } + + async fn auth_token(auth: AuthController, data: Option) -> Result + where + P: Policy + 'static, + { + match Self::authenticate(auth, "", None).await?.1 { + Some(filters) => match data { + Some(data) => Ok(Self { + data, + filters, + _marker: PhantomData, + }), + None => Err(AuthenticationError::IrretrievableState.into()), + }, + None => Err(AuthenticationError::MissingAuthorizationHeader.into()), + } + } + + async fn authenticate( + auth: AuthController, + token: S, + index: Option, + ) -> Result<(S, Option), ResponseError> + where + P: Policy + 'static, + S: AsRef + 'static + Send, + { + Ok(tokio::task::spawn_blocking(move || { + let res = P::authenticate(auth, token.as_ref(), index.as_deref()); + (token, res) + }) + .await + .map_err(|e| ResponseError::from_msg(e.to_string(), Code::Internal))?) + } } -impl Deref for GuardedData { +impl Deref for GuardedData { type Target = D; fn deref(&self) -> &Self::Target { @@ -34,7 +94,7 @@ impl Deref for GuardedData { impl FromRequest for GuardedData { type Error = ResponseError; - type Future = Ready>; + type Future = Pin>>>; fn from_request( req: &actix_web::HttpRequest, @@ -51,40 +111,25 @@ impl FromRequest for GuardedData // TODO: find a less hardcoded way? let index = req.match_info().get("index_uid"); match type_token.next() { - Some(token) => match P::authenticate(auth, token, index) { - Some(filters) => match req.app_data::().cloned() { - Some(data) => ok(Self { - data, - filters, - _marker: PhantomData, - }), - None => err(AuthenticationError::IrretrievableState.into()), - }, - None => { - let token = token.to_string(); - err(AuthenticationError::InvalidToken(token).into()) - } - }, - None => { - err(AuthenticationError::InvalidToken("unknown".to_string()).into()) - } + Some(token) => Box::pin(Self::auth_bearer( + auth, + token.to_string(), + index.map(String::from), + req.app_data::().cloned(), + )), + None => Box::pin(err(AuthenticationError::InvalidToken( + "unknown".to_string(), + ) + .into())), } } - _otherwise => err(AuthenticationError::MissingAuthorizationHeader.into()), - }, - None => match P::authenticate(auth, "", None) { - Some(filters) => match req.app_data::().cloned() { - Some(data) => ok(Self { - data, - filters, - _marker: PhantomData, - }), - None => err(AuthenticationError::IrretrievableState.into()), - }, - None => err(AuthenticationError::MissingAuthorizationHeader.into()), + _otherwise => { + Box::pin(err(AuthenticationError::MissingAuthorizationHeader.into())) + } }, + None => Box::pin(Self::auth_token(auth, req.app_data::().cloned())), }, - None => err(AuthenticationError::IrretrievableState.into()), + None => Box::pin(err(AuthenticationError::IrretrievableState.into())), } } }