104 lines
3.3 KiB
Rust
104 lines
3.3 KiB
Rust
use std::cell::RefCell;
|
|
use std::pin::Pin;
|
|
use std::rc::Rc;
|
|
use std::task::{Context, Poll};
|
|
|
|
use actix_service::{Service, Transform};
|
|
use actix_web::{dev::ServiceRequest, dev::ServiceResponse, web};
|
|
use futures::future::{err, ok, Future, Ready};
|
|
|
|
use crate::error::{Error, ResponseError};
|
|
use crate::Data;
|
|
|
|
#[derive(Clone)]
|
|
pub enum Authentication {
|
|
Public,
|
|
Private,
|
|
Admin,
|
|
}
|
|
|
|
impl<S: 'static, B> Transform<S> for Authentication
|
|
where
|
|
S: Service<Request = ServiceRequest, Response = ServiceResponse<B>, Error = actix_web::Error>,
|
|
S::Future: 'static,
|
|
B: 'static,
|
|
{
|
|
type Request = ServiceRequest;
|
|
type Response = ServiceResponse<B>;
|
|
type Error = actix_web::Error;
|
|
type InitError = ();
|
|
type Transform = LoggingMiddleware<S>;
|
|
type Future = Ready<Result<Self::Transform, Self::InitError>>;
|
|
|
|
fn new_transform(&self, service: S) -> Self::Future {
|
|
ok(LoggingMiddleware {
|
|
acl: self.clone(),
|
|
service: Rc::new(RefCell::new(service)),
|
|
})
|
|
}
|
|
}
|
|
|
|
pub struct LoggingMiddleware<S> {
|
|
acl: Authentication,
|
|
service: Rc<RefCell<S>>,
|
|
}
|
|
|
|
#[allow(clippy::type_complexity)]
|
|
impl<S, B> Service for LoggingMiddleware<S>
|
|
where
|
|
S: Service<Request = ServiceRequest, Response = ServiceResponse<B>, Error = actix_web::Error> + 'static,
|
|
S::Future: 'static,
|
|
B: 'static,
|
|
{
|
|
type Request = ServiceRequest;
|
|
type Response = ServiceResponse<B>;
|
|
type Error = actix_web::Error;
|
|
type Future = Pin<Box<dyn Future<Output = Result<Self::Response, Self::Error>>>>;
|
|
|
|
fn poll_ready(&mut self, cx: &mut Context) -> Poll<Result<(), Self::Error>> {
|
|
self.service.poll_ready(cx)
|
|
}
|
|
|
|
fn call(&mut self, req: ServiceRequest) -> Self::Future {
|
|
let mut svc = self.service.clone();
|
|
// This unwrap is left because this error should never appear. If that's the case, then
|
|
// it means that actix-web has an issue or someone changes the type `Data`.
|
|
let data = req.app_data::<web::Data<Data>>().unwrap();
|
|
|
|
if data.api_keys().master.is_none() {
|
|
return Box::pin(svc.call(req));
|
|
}
|
|
|
|
let auth_header = match req.headers().get("X-Meili-API-Key") {
|
|
Some(auth) => match auth.to_str() {
|
|
Ok(auth) => auth,
|
|
Err(_) => return Box::pin(err(ResponseError::from(Error::MissingAuthorizationHeader).into())),
|
|
},
|
|
None => {
|
|
return Box::pin(err(ResponseError::from(Error::MissingAuthorizationHeader).into()));
|
|
}
|
|
};
|
|
|
|
let authenticated = match self.acl {
|
|
Authentication::Admin => data.api_keys().master.as_deref() == Some(auth_header),
|
|
Authentication::Private => {
|
|
data.api_keys().master.as_deref() == Some(auth_header)
|
|
|| data.api_keys().private.as_deref() == Some(auth_header)
|
|
}
|
|
Authentication::Public => {
|
|
data.api_keys().master.as_deref() == Some(auth_header)
|
|
|| data.api_keys().private.as_deref() == Some(auth_header)
|
|
|| data.api_keys().public.as_deref() == Some(auth_header)
|
|
}
|
|
};
|
|
|
|
if authenticated {
|
|
Box::pin(svc.call(req))
|
|
} else {
|
|
Box::pin(err(
|
|
ResponseError::from(Error::InvalidToken(auth_header.to_string())).into()
|
|
))
|
|
}
|
|
}
|
|
}
|