feat: replace http auth with bearer auth
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
This commit is contained in:
parent
58eef6b3fa
commit
cd0589fb2e
GPG key ID:
AD9F0F08E855ED88
3 changed files with 15 additions and 23 deletions
|
|
@ -17,7 +17,7 @@
|
|||
use actix_web::dev::ServiceRequest;
|
||||
use actix_web::web;
|
||||
use actix_web::Error;
|
||||
use actix_web_httpauth::extractors::basic::BasicAuth;
|
||||
use actix_web_httpauth::extractors::bearer::BearerAuth;
|
||||
|
||||
use crate::errors::*;
|
||||
use crate::AppCtx;
|
||||
|
|
@ -26,14 +26,13 @@ use crate::SETTINGS;
|
|||
pub mod meta;
|
||||
pub mod webhook;
|
||||
|
||||
pub async fn httpauth(
|
||||
pub async fn bearerauth(
|
||||
req: ServiceRequest,
|
||||
credentials: BasicAuth,
|
||||
credentials: BearerAuth,
|
||||
) -> Result<ServiceRequest, (Error, ServiceRequest)> {
|
||||
let _ctx: &AppCtx = req.app_data().unwrap();
|
||||
let username = credentials.user_id();
|
||||
let password = credentials.password().unwrap();
|
||||
if SETTINGS.authenticate(username, password) {
|
||||
let token = credentials.token();
|
||||
if SETTINGS.authenticate(token) {
|
||||
Ok(req)
|
||||
} else {
|
||||
let e = Error::from(ServiceError::Unauthorized);
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ use crate::errors::*;
|
|||
use crate::AppCtx;
|
||||
use crate::*;
|
||||
|
||||
use super::httpauth;
|
||||
use super::bearerauth;
|
||||
|
||||
pub mod routes {
|
||||
use super::*;
|
||||
|
|
@ -47,7 +47,7 @@ pub fn services(cfg: &mut web::ServiceConfig) {
|
|||
|
||||
#[actix_web_codegen_const_routes::post(
|
||||
path = "API_V1_ROUTES.webhook.post_event",
|
||||
wrap = "HttpAuthentication::basic(httpauth)"
|
||||
wrap = "HttpAuthentication::bearer(bearerauth)"
|
||||
)]
|
||||
async fn post_event(ctx: AppCtx, payload: web::Json<EventType>) -> ServiceResult<impl Responder> {
|
||||
ctx.conductor.process(payload.into_inner()).await;
|
||||
|
|
@ -71,10 +71,7 @@ pub mod tests {
|
|||
.await;
|
||||
|
||||
let creds = settings.creds.clone();
|
||||
let auth = format!(
|
||||
"Basic {}",
|
||||
base64::encode(format!("{}:{}", creds.username.clone(), creds.password))
|
||||
);
|
||||
let auth = format!("Bearer {}", creds.token,);
|
||||
|
||||
let msg = EventType::NewSite {
|
||||
hostname: "demo.librepages.org".into(),
|
||||
|
|
|
|||
|
|
@ -54,8 +54,7 @@ pub enum ConductorType {
|
|||
|
||||
#[derive(Debug, Clone, Deserialize)]
|
||||
pub struct Creds {
|
||||
pub username: String,
|
||||
pub password: String,
|
||||
pub token: String,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Deserialize)]
|
||||
|
|
@ -69,8 +68,8 @@ pub struct Settings {
|
|||
|
||||
#[cfg(not(tarpaulin_include))]
|
||||
impl Settings {
|
||||
pub fn authenticate(&self, username: &str, password: &str) -> bool {
|
||||
self.creds.username == username && self.creds.password == password
|
||||
pub fn authenticate(&self, token: &str) -> bool {
|
||||
self.creds.token == token
|
||||
}
|
||||
|
||||
pub fn new() -> Result<Self, ConfigError> {
|
||||
|
|
@ -148,16 +147,13 @@ mod tests {
|
|||
#[test]
|
||||
fn creds_works() {
|
||||
let settings = Settings::new().unwrap();
|
||||
let mut creds = settings.creds.clone();
|
||||
let creds = settings.creds.clone();
|
||||
|
||||
assert!(settings.authenticate(&creds.username, &creds.password));
|
||||
|
||||
creds.username = "noexist".into();
|
||||
assert!(!settings.authenticate(&creds.username, &creds.password));
|
||||
assert!(settings.authenticate(&creds.token));
|
||||
|
||||
let mut creds = settings.creds.clone();
|
||||
|
||||
creds.password = "noexist".into();
|
||||
assert!(!settings.authenticate(&creds.username, &creds.password));
|
||||
creds.token = "noexist".into();
|
||||
assert!(!settings.authenticate(&creds.token))
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue