2023-11-21 01:07:02 +00:00
|
|
|
use crate::models::SessionToken;
|
|
|
|
|
|
|
|
pub struct AuthInfo {
|
|
|
|
pub session_token: Option<SessionToken>,
|
|
|
|
pub auth_token: Option<()>,
|
|
|
|
}
|
|
|
|
|
|
|
|
#[macro_export]
|
|
|
|
macro_rules! auth {
|
|
|
|
($i:expr,$c:expr) => {{
|
|
|
|
let authorization_hdr_value = match $i.headers().get("Authorization") {
|
|
|
|
Some(hdr) => hdr,
|
|
|
|
None => $crate::err!(
|
|
|
|
actix_web::http::StatusCode::UNAUTHORIZED,
|
|
|
|
$crate::make_err!("ERR_UNAUTHORIZED", "unauthorized")
|
|
|
|
),
|
|
|
|
};
|
|
|
|
let hdr_value_split = $crate::handle_error!(authorization_hdr_value.to_str())
|
|
|
|
.split(' ')
|
|
|
|
.collect::<Vec<_>>();
|
|
|
|
if hdr_value_split.len() < 2 {
|
|
|
|
$crate::err!(
|
|
|
|
actix_web::http::StatusCode::UNAUTHORIZED,
|
|
|
|
$crate::make_err!("ERR_UNAUTHORIZED", "unauthorized")
|
|
|
|
)
|
|
|
|
}
|
|
|
|
let tokens = hdr_value_split[1..].to_vec();
|
|
|
|
let mut auth_info = $crate::auth::AuthInfo {
|
|
|
|
session_token: None,
|
|
|
|
auth_token: None,
|
|
|
|
};
|
|
|
|
for token in tokens {
|
|
|
|
if token.starts_with("sess-") {
|
|
|
|
// handle session token
|
|
|
|
|
|
|
|
use $crate::schema::session_tokens::dsl::*;
|
|
|
|
|
|
|
|
let tokens = $crate::handle_error!(
|
|
|
|
session_tokens
|
|
|
|
.filter(id.eq(token))
|
|
|
|
.select($crate::models::SessionToken::as_select())
|
|
|
|
.load(&mut $c)
|
|
|
|
.await
|
|
|
|
);
|
|
|
|
let real_token = match tokens.get(0) {
|
|
|
|
Some(tok) => tok,
|
|
|
|
None => $crate::err!(
|
|
|
|
actix_web::http::StatusCode::UNAUTHORIZED,
|
|
|
|
$crate::make_err!("ERR_UNAUTHORIZED", "unauthorized")
|
|
|
|
),
|
|
|
|
};
|
|
|
|
auth_info.session_token = Some(real_token.clone());
|
|
|
|
} else if token.starts_with("auth-") {
|
|
|
|
// parse auth token
|
|
|
|
todo!()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
auth_info
|
|
|
|
}};
|
|
|
|
}
|
|
|
|
|
|
|
|
#[macro_export]
|
|
|
|
macro_rules! enforce {
|
2023-11-21 16:26:25 +00:00
|
|
|
(sess $i:expr) => {{
|
2023-11-21 01:07:02 +00:00
|
|
|
if $i.session_token.is_none() {
|
|
|
|
$crate::err!(
|
|
|
|
actix_web::http::StatusCode::UNAUTHORIZED,
|
|
|
|
$crate::make_err!("ERR_UNAUTHORIZED", "unauthorized")
|
|
|
|
)
|
|
|
|
}
|
2023-11-21 16:26:25 +00:00
|
|
|
$i.session_token.unwrap()
|
|
|
|
}};
|
|
|
|
(auth $i:expr) => {{
|
2023-11-21 01:07:02 +00:00
|
|
|
if $i.auth_token.is_none() {
|
|
|
|
$crate::err!(
|
|
|
|
actix_web::http::StatusCode::UNAUTHORIZED,
|
2023-11-21 16:26:25 +00:00
|
|
|
$crate::make_err!(
|
|
|
|
"ERR_2FA_REQUIRED",
|
|
|
|
"must provide a valid 2FA token to access this endpoint"
|
|
|
|
)
|
2023-11-21 01:07:02 +00:00
|
|
|
)
|
|
|
|
}
|
2023-11-21 16:26:25 +00:00
|
|
|
$i.auth_token.unwrap()
|
|
|
|
}};
|
|
|
|
(sess auth $i:expr) => {{
|
|
|
|
if $i.session_token.is_none() {
|
2023-11-21 01:07:02 +00:00
|
|
|
$crate::err!(
|
|
|
|
actix_web::http::StatusCode::UNAUTHORIZED,
|
|
|
|
$crate::make_err!("ERR_UNAUTHORIZED", "unauthorized")
|
|
|
|
)
|
|
|
|
}
|
2023-11-21 16:26:25 +00:00
|
|
|
if $i.auth_token.is_none() {
|
|
|
|
$crate::err!(
|
|
|
|
actix_web::http::StatusCode::UNAUTHORIZED,
|
|
|
|
$crate::make_err!(
|
|
|
|
"ERR_2FA_REQUIRED",
|
|
|
|
"must provide a valid 2FA token to access this endpoint"
|
|
|
|
)
|
|
|
|
)
|
|
|
|
}
|
|
|
|
($i.session_token.unwrap(), $i.auth_token.unwrap())
|
|
|
|
}};
|
|
|
|
(auth sess $i:expr) => {{
|
|
|
|
if $i.session_token.is_none() {
|
2023-11-21 01:07:02 +00:00
|
|
|
$crate::err!(
|
|
|
|
actix_web::http::StatusCode::UNAUTHORIZED,
|
|
|
|
$crate::make_err!("ERR_UNAUTHORIZED", "unauthorized")
|
|
|
|
)
|
|
|
|
}
|
2023-11-21 16:26:25 +00:00
|
|
|
if $i.auth_token.is_none() {
|
|
|
|
$crate::err!(
|
|
|
|
actix_web::http::StatusCode::UNAUTHORIZED,
|
|
|
|
$crate::make_err!(
|
|
|
|
"ERR_2FA_REQUIRED",
|
|
|
|
"must provide a valid 2FA token to access this endpoint"
|
|
|
|
)
|
|
|
|
)
|
|
|
|
}
|
|
|
|
($i.session_token.unwrap(), $i.auth_token.unwrap())
|
|
|
|
}};
|
2023-11-21 01:07:02 +00:00
|
|
|
}
|