diff --git a/src/auth.rs b/src/auth.rs new file mode 100644 index 00000000..2d40582c --- /dev/null +++ b/src/auth.rs @@ -0,0 +1,52 @@ +use axum::{extract::{FromRef, FromRequestParts}, http::{header::{self, HeaderValue, USER_AGENT}, request::Parts, StatusCode}}; +use sea_orm::{ColumnTrait, Condition, EntityTrait, QueryFilter}; + +use crate::{model, server::Context}; + +#[derive(Debug, Clone)] +pub enum Identity { + Anonymous, + User(String), + Server(String), +} + +pub struct AuthIdentity(pub Identity); + +#[axum::async_trait] +impl FromRequestParts for AuthIdentity +where + Context: FromRef, + S: Send + Sync, +{ + type Rejection = StatusCode; + + async fn from_request_parts(parts: &mut Parts, state: &S) -> Result { + let ctx = Context::from_ref(state); + let mut identity = Identity::Anonymous; + + let auth_header = parts + .headers + .get(header::AUTHORIZATION) + .map(|v| v.to_str().unwrap_or("")) + .unwrap_or(""); + + if auth_header.starts_with("Bearer ") { + match model::session::Entity::find_by_id(auth_header.replace("Bearer ", "")) + .filter(Condition::all().add(model::session::Column::Expires.gt(chrono::Utc::now()))) + .one(ctx.db()) + .await + { + Ok(Some(x)) => identity = Identity::User(x.actor), + Ok(None) => return Err(StatusCode::UNAUTHORIZED), + Err(e) => { + tracing::error!("failed querying user session: {e}"); + return Err(StatusCode::INTERNAL_SERVER_ERROR) + }, + } + } + + // TODO check and validate HTTP signature + + Ok(AuthIdentity(identity)) + } +} diff --git a/src/main.rs b/src/main.rs index b27ec408..e86cf31c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -5,6 +5,7 @@ pub mod activitypub; pub mod server; pub mod router; pub mod errors; +pub mod auth; use clap::{Parser, Subcommand}; use sea_orm::{ConnectOptions, Database, EntityTrait, IntoActiveModel};