1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
|
use async_trait::async_trait;
#[allow(unused_imports)]
use log::{error, info};
use std::sync::Arc;
use tide::prelude::*;
#[allow(unused_imports)]
use tide::{Next, Request, Response, Result};
use url::Url;
use crate::database;
use crate::ApplicationState;
#[derive(Deserialize, Serialize, Debug, PartialEq, Clone)]
pub struct User {
pub me: Url,
pub client_id: Url,
scope: String,
}
impl User {
pub fn check_scope(&self, scope: &str) -> bool {
self.scopes().any(|i| i == scope)
}
pub fn scopes(&self) -> std::str::SplitAsciiWhitespace<'_> {
self.scope.split_ascii_whitespace()
}
pub fn new(me: &str, client_id: &str, scope: &str) -> Self {
Self {
me: Url::parse(me).unwrap(),
client_id: Url::parse(client_id).unwrap(),
scope: scope.to_string(),
}
}
}
#[cfg(any(not(debug_assertions), test))]
async fn get_token_data(
token: String,
token_endpoint: &http_types::Url,
http_client: &surf::Client,
) -> (http_types::StatusCode, Option<User>) {
match http_client
.get(token_endpoint)
.header("Authorization", token)
.header("Accept", "application/json")
.send()
.await
{
Ok(mut resp) => {
if resp.status() == 200 {
match resp.body_json::<User>().await {
Ok(user) => {
info!(
"Token endpoint request successful. Validated user: {}",
user.me
);
(resp.status(), Some(user))
}
Err(err) => {
error!(
"Token endpoint parsing error (HTTP status {}): {}",
resp.status(),
err
);
(http_types::StatusCode::InternalServerError, None)
}
}
} else {
error!("Token endpoint returned non-200: {}", resp.status());
(resp.status(), None)
}
}
Err(err) => {
error!("Token endpoint connection error: {}", err);
(http_types::StatusCode::InternalServerError, None)
}
}
}
pub struct IndieAuthMiddleware {
#[allow(dead_code)] // it's not really dead since it's only dead in debug scope
cache: Arc<retainer::Cache<String, User>>,
monitor_task: Option<async_std::task::JoinHandle<()>>,
}
impl IndieAuthMiddleware {
/// Create a new instance of IndieAuthMiddleware.
///
/// Note that creating a new instance automatically launches a task
/// to garbage-collect stale cache entries. Please do not create
/// instances willy-nilly because of that.
pub fn new() -> Self {
let cache: Arc<retainer::Cache<String, User>> = Arc::new(retainer::Cache::new());
let cache_clone = cache.clone();
let task = async_std::task::spawn(async move {
cache_clone
.monitor(4, 0.1, std::time::Duration::from_secs(30))
.await
});
#[cfg(all(debug_assertions, not(test)))]
error!("ATTENTION: You are running in debug mode. NO REQUESTS TO TOKEN ENDPOINT WILL BE MADE. YOU WILL BE PROCEEDING WITH DEBUG USER CREDENTIALS. DO NOT RUN LIKE THIS IN PRODUCTION.");
Self {
cache,
monitor_task: Some(task),
}
}
}
impl Drop for IndieAuthMiddleware {
fn drop(&mut self) {
// Cancel the task, or a VERY FUNNY thing might occur.
// If I understand this correctly, keeping a task active
// WILL keep an active reference to a value, so I'm pretty sure
// that something VERY FUNNY might occur whenever `cache` is dropped
// and its related task is not cancelled. So let's cancel it so
// [`cache`] can be dropped once and for all.
// First, get the ownership of a task, sneakily switching it out with None
// (wow, this is sneaky, didn't know Safe Rust could even do that!!!)
// (it is safe tho cuz None is no nullptr and dereferencing it doesn't cause unsafety)
// (could cause a VERY FUNNY race condition to occur though
// if you tried to refer to the value in another thread!)
let task = std::mem::take(&mut self.monitor_task)
.expect("Dropped IndieAuthMiddleware TWICE? Impossible!");
// Then cancel the task, using another task to request cancellation.
// Because apparently you can't run async code from Drop...
// This should drop the last reference for the [`cache`],
// allowing it to be dropped.
async_std::task::spawn(async move { task.cancel().await });
}
}
#[async_trait]
impl<B> tide::Middleware<ApplicationState<B>> for IndieAuthMiddleware
where
B: database::Storage + Send + Sync + Clone,
{
#[cfg(all(not(test), debug_assertions))]
async fn handle(
&self,
mut req: Request<ApplicationState<B>>,
next: Next<'_, ApplicationState<B>>,
) -> Result {
req.set_ext(User::new(
"http://localhost:8080/",
"https://curl.haxx.se/",
"create update delete undelete media",
));
Ok(next.run(req).await)
}
#[cfg(any(not(debug_assertions), test))]
async fn handle(
&self,
mut req: Request<ApplicationState<B>>,
next: Next<'_, ApplicationState<B>>,
) -> Result {
let header = req.header("Authorization");
match header {
None => {
// TODO: move that to the request handling functions
// or make a middleware that refuses to accept unauthenticated requests
Ok(Response::builder(401)
.body(json!({
"error": "unauthorized",
"error_description": "Please provide an access token."
}))
.build())
}
Some(value) => {
let endpoint = &req.state().token_endpoint;
let http_client = &req.state().http_client;
let token = value.last().to_string();
match self.cache.get(&token).await {
Some(user) => {
req.set_ext::<User>(user.clone());
Ok(next.run(req).await)
},
None => match get_token_data(value.last().to_string(), endpoint, http_client).await {
(http_types::StatusCode::Ok, Some(user)) => {
// Note that this can run multiple requests before the value appears in the cache.
// This seems to be in line with some other implementations of a function cache
// (e.g. the [`cached`](https://lib.rs/crates/cached) crate and Python's `functools.lru_cache`)
//
// TODO: ensure the duration is no more than the token's remaining time until expiration
// (in case the expiration time is defined on the token - AFAIK currently non-standard in IndieAuth)
self.cache.insert(token, user.clone(), std::time::Duration::from_secs(600)).await;
req.set_ext(user);
Ok(next.run(req).await)
},
// TODO: Refactor to return Err(IndieAuthError) so downstream middleware could catch it
// and present a prettier interface to the error (maybe even hiding data from the user)
(http_types::StatusCode::InternalServerError, None) => {
Ok(Response::builder(500).body(json!({
"error": "token_endpoint_fail",
"error_description": "Token endpoint made a boo-boo and refused to answer."
})).build())
},
(_, None) => {
Ok(Response::builder(401).body(json!({
"error": "unauthorized",
"error_description": "The token endpoint refused to accept your token."
})).build())
},
(_, Some(_)) => {
// This shouldn't happen.
panic!("The token validation function has caught rabies and returns malformed responses. Aborting.");
}
}
}
}
}
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn user_scopes_are_checkable() {
let user = User::new(
"https://fireburn.ru/",
"https://quill.p3k.io/",
"create update media",
);
assert!(user.check_scope("create"));
assert!(!user.check_scope("delete"));
}
}
|
