From d69d0216081c3c7af423ec50dbf19f15578f6a74 Mon Sep 17 00:00:00 2001 From: Amit Upadhyay Date: Mon, 23 Oct 2023 16:30:59 +0530 Subject: [PATCH] some auth refactor --- fastn-core/src/auth/github.rs | 24 ++++--- fastn-core/src/auth/mod.rs | 2 +- fastn-core/src/auth/routes.rs | 72 ++++--------------- fastn-core/src/auth/utils.rs | 2 +- fastn-core/src/commands/serve.rs | 12 +--- fastn-core/src/http.rs | 2 + .../src/library2022/processor/user_details.rs | 1 + 7 files changed, 34 insertions(+), 81 deletions(-) diff --git a/fastn-core/src/auth/github.rs b/fastn-core/src/auth/github.rs index 1d7646323b..fab82799c8 100644 --- a/fastn-core/src/auth/github.rs +++ b/fastn-core/src/auth/github.rs @@ -1,12 +1,14 @@ // TODO: This has be set while creating the GitHub OAuth Application -pub const CALLBACK_URL: &str = "/auth/github/callback/"; +pub const CALLBACK_URL: &str = "/-/auth/github/callback/"; #[derive(Debug, serde::Deserialize, serde::Serialize)] pub struct UserDetail { pub token: String, pub user_name: String, } -// route: /auth/login/ -pub async fn login(req: actix_web::HttpRequest) -> fastn_core::Result { + +pub async fn login( + req: &fastn_core::http::Request, +) -> fastn_core::Result { // GitHub will be redirect to this url after login process completed let mut next_url = "/".to_string(); @@ -22,8 +24,8 @@ pub async fn login(req: actix_web::HttpRequest) -> fastn_core::Result fastn_core::Result fastn_core::Result { +pub async fn callback( + req: &fastn_core::http::Request, +) -> fastn_core::Result { #[derive(serde::Deserialize)] pub struct QueryParams { pub code: String, @@ -66,8 +70,8 @@ pub async fn callback(req: actix_web::HttpRequest) -> fastn_core::Result::from_query(req.query_string())?.0; let auth_url = format!( "{}://{}{}", - req.connection_info().scheme(), - req.connection_info().host(), + req.connection_info.scheme(), + req.connection_info.host(), CALLBACK_URL ); let client = utils::github_client().set_redirect_uri(oauth2::RedirectUrl::new(auth_url)?); @@ -90,9 +94,7 @@ pub async fn callback(req: actix_web::HttpRequest) -> fastn_core::Result String { - match std::env::var("SECRET_KEY") { + match std::env::var("FASTN_SECRET_KEY") { Ok(secret) => secret, Err(_e) => { println!("WARN: SECRET_KEY not set"); diff --git a/fastn-core/src/auth/routes.rs b/fastn-core/src/auth/routes.rs index a42aeead38..7b688ae156 100644 --- a/fastn-core/src/auth/routes.rs +++ b/fastn-core/src/auth/routes.rs @@ -1,22 +1,14 @@ -// route: /auth/login/ -pub async fn login( - req: actix_web::HttpRequest, - edition: Option, - external_js: Vec, - inline_js: Vec, - external_css: Vec, - inline_css: Vec, -) -> fastn_core::Result { - if fastn_core::auth::utils::is_login(&req) { - return Ok(actix_web::HttpResponse::Found() - .append_header((actix_web::http::header::LOCATION, "/".to_string())) - .finish()); +// route: /-/auth/login/ +pub async fn login(req: &fastn_core::http::Request) -> fastn_core::Result { + if fastn_core::auth::utils::is_authenticated(req) { + return Ok(fastn_core::http::redirect("/".to_string())); } #[derive(serde::Deserialize)] pub struct QueryParams { pub platform: String, } + let query = match actix_web::web::Query::::from_query(req.query_string()) { Ok(q) => q, Err(err) => { @@ -28,35 +20,18 @@ pub async fn login( match query.platform.as_str() { "github" => fastn_core::auth::github::login(req).await, _ => { - let mut req = fastn_core::http::Request::from_actix(req, actix_web::web::Bytes::new()); - req.path = "/sorry/".to_string(); - fastn_core::commands::serve::serve( - req, - edition, - external_js, - inline_js, - external_css, - inline_css, - ) - .await + return Ok(actix_web::HttpResponse::BadRequest() + .body("Please select the platform, by which you want to login")); } // _ => unreachable!(), } } -// route: /auth/logout/ -pub fn logout(req: actix_web::HttpRequest) -> fastn_core::Result { +// route: /-/auth/logout/ +pub fn logout() -> fastn_core::Result { // TODO: Refactor, Not happy with this code, too much of repetition of similar code - // It is logging out from all the platforms - - // Ideally it should capture the platform in the request and then logged out - // only from that platform Ok(actix_web::HttpResponse::Found() .cookie( actix_web::cookie::Cookie::build(fastn_core::auth::AuthProviders::GitHub.as_str(), "") - .domain(fastn_core::auth::utils::domain( - req.connection_info().host(), - )) - .path("/") .expires(actix_web::cookie::time::OffsetDateTime::now_utc()) .finish(), ) @@ -64,32 +39,15 @@ pub fn logout(req: actix_web::HttpRequest) -> fastn_core::Result, - external_js: Vec, - inline_js: Vec, - external_css: Vec, - inline_css: Vec, + req: fastn_core::http::Request, ) -> fastn_core::Result { match req.path() { - "/auth/login/" => { - login( - req, - edition, - external_js, - inline_js, - external_css, - inline_css, - ) - .await - } - fastn_core::auth::github::CALLBACK_URL => fastn_core::auth::github::callback(req).await, - "/auth/logout/" => logout(req), - _ => Ok(actix_web::HttpResponse::new( - actix_web::http::StatusCode::NOT_FOUND, - )), + "/-/auth/login/" => login(&req).await, + "/-/auth/github/" => fastn_core::auth::github::callback(&req).await, + "/-/auth/logout/" => logout(), + _ => Ok(fastn_core::not_found!("route not found: {}", req.path())), } } diff --git a/fastn-core/src/auth/utils.rs b/fastn-core/src/auth/utils.rs index 92018fd99f..db7a299663 100644 --- a/fastn-core/src/auth/utils.rs +++ b/fastn-core/src/auth/utils.rs @@ -51,7 +51,7 @@ pub async fn decrypt_str(encrypted_str: &String) -> Result bool { +pub fn is_authenticated(req: &fastn_core::http::Request) -> bool { let mut found_cookie = false; for auth_provider in fastn_core::auth::AuthProviders::AUTH_ITER.iter() { dbg!(&auth_provider); diff --git a/fastn-core/src/commands/serve.rs b/fastn-core/src/commands/serve.rs index 2ec1ea98dc..763988bd69 100644 --- a/fastn-core/src/commands/serve.rs +++ b/fastn-core/src/commands/serve.rs @@ -638,17 +638,6 @@ async fn route( return Ok(default_response); } - if req.path().starts_with("/auth/") { - return fastn_core::auth::routes::handle_auth( - req, - app_data.edition.clone(), - app_data.external_js.clone(), - app_data.inline_js.clone(), - app_data.external_css.clone(), - app_data.inline_css.clone(), - ) - .await; - } let req = fastn_core::http::Request::from_actix(req, body); match (req.method().to_lowercase().as_str(), req.path()) { ("post", "/-/sync/") if cfg!(feature = "remote") => sync(req).await, @@ -656,6 +645,7 @@ async fn route( ("get", "/-/clone/") if cfg!(feature = "remote") => clone(req).await, ("get", t) if t.starts_with("/-/view-src/") => view_source(req).await, ("get", t) if t.starts_with("/-/edit-src/") => edit_source(req).await, + ("get", t) if t.starts_with("/-/auth/") => fastn_core::auth::routes::handle_auth(req).await, ("post", "/-/edit/") => edit(req).await, ("post", "/-/revert/") => revert(req).await, ("get", "/-/editor-sync/") => editor_sync(req).await, diff --git a/fastn-core/src/http.rs b/fastn-core/src/http.rs index 6b81901445..67dc462100 100644 --- a/fastn-core/src/http.rs +++ b/fastn-core/src/http.rs @@ -86,6 +86,7 @@ pub struct Request { ip: Option, scheme: String, host: String, + pub connection_info: actix_web::dev::ConnectionInfo, // path_params: Vec<(String, )> } @@ -107,6 +108,7 @@ impl Request { uri: req.uri().to_string(), path: req.path().to_string(), query_string: req.query_string().to_string(), + connection_info: req.connection_info().clone(), headers, query: { actix_web::web::Query::>::from_query( diff --git a/fastn-core/src/library2022/processor/user_details.rs b/fastn-core/src/library2022/processor/user_details.rs index 3a97330076..4860cb91d5 100644 --- a/fastn-core/src/library2022/processor/user_details.rs +++ b/fastn-core/src/library2022/processor/user_details.rs @@ -10,6 +10,7 @@ pub fn process( for auth_provider in fastn_core::auth::AuthProviders::AUTH_ITER.iter() { if req.cookie(auth_provider.as_str()).is_some() { found_cookie = true; + break; } } found_cookie