Radish alpha
r
radicle-explorer
Radicle web interface
Radicle
Git (anonymous pull)
Log in to clone via SSH
Commits
httpd: Add `validate` fn to auth module
Sebastian Martinez committed 2 years ago
commit 7e681e7d7c4e50fa47f30b1aa0c5844a6413015e
parent b1169319c3413781074e299f8a47bb2e5ac08f8a
2 files changed +23 -20
modified radicle-httpd/src/api/auth.rs
@@ -1,8 +1,12 @@
- 
use radicle::crypto::PublicKey;

use serde::{Deserialize, Serialize};

use time::serde::timestamp;

use time::{Duration, OffsetDateTime};
+ 
use radicle::crypto::PublicKey;
+
+ 
use crate::api::error::Error;
+ 
use crate::api::Context;
+ 


pub const UNAUTHORIZED_SESSIONS_EXPIRATION: Duration = Duration::seconds(60);

pub const AUTHORIZED_SESSIONS_EXPIRATION: Duration = Duration::weeks(1);
@@ -23,3 +27,16 @@ pub struct Session {
    #[serde(with = "timestamp")]

    pub expires_at: OffsetDateTime,

}
+
+ 
pub async fn validate(ctx: &Context, token: &str) -> Result<(), Error> {
+ 
    let sessions_store = ctx.sessions.read().await;
+ 
    let session = sessions_store
+ 
        .get(token)
+ 
        .ok_or(Error::Auth("Unauthorized"))?;
+
+ 
    if session.status != AuthState::Authorized || session.expires_at <= OffsetDateTime::now_utc() {
+ 
        return Err(Error::Auth("Unauthorized"));
+ 
    }
+
+ 
    Ok(())
+ 
}
modified radicle-httpd/src/api/v1/projects.rs
@@ -64,7 +64,7 @@ pub fn router(ctx: Context) -> Router {
        )

        .route(

            "/projects/:project/patches/:id",
- 
            get(patch_handler).patch(patch_update_handler),
+ 
            patch(patch_update_handler).get(patch_handler),

        )

        .with_state(ctx)

}
@@ -481,8 +481,7 @@ async fn issue_create_handler(
    Path(project): Path<Id>,

    Json(issue): Json<IssueCreate>,

) -> impl IntoResponse {
- 
    let sessions = ctx.sessions.read().await;
- 
    sessions.get(&token).ok_or(Error::Auth("Unauthorized"))?;
+ 
    api::auth::validate(&ctx, &token).await?;

    let storage = &ctx.profile.storage;

    let signer = ctx

        .profile
@@ -514,12 +513,7 @@ async fn issue_update_handler(
    Path((project, issue_id)): Path<(Id, Oid)>,

    Json(action): Json<issue::Action>,

) -> impl IntoResponse {
- 
    ctx.sessions
- 
        .write()
- 
        .await
- 
        .get(&token)
- 
        .ok_or(Error::Auth("Unauthorized"))?;
-
+ 
    api::auth::validate(&ctx, &token).await?;

    let storage = &ctx.profile.storage;

    let signer = ctx.profile.signer().unwrap();

    let repo = storage.repository(project)?;
@@ -596,11 +590,7 @@ async fn patch_create_handler(
    Path(project): Path<Id>,

    Json(patch): Json<PatchCreate>,

) -> impl IntoResponse {
- 
    ctx.sessions
- 
        .read()
- 
        .await
- 
        .get(&token)
- 
        .ok_or(Error::Auth("Unauthorized"))?;
+ 
    api::auth::validate(&ctx, &token).await?;

    let storage = &ctx.profile.storage;

    let signer = ctx

        .profile
@@ -635,11 +625,7 @@ async fn patch_update_handler(
    Path((project, patch_id)): Path<(Id, Oid)>,

    Json(action): Json<patch::Action>,

) -> impl IntoResponse {
- 
    ctx.sessions
- 
        .write()
- 
        .await
- 
        .get(&token)
- 
        .ok_or(Error::Auth("Unauthorized"))?;
+ 
    api::auth::validate(&ctx, &token).await?;

    let storage = &ctx.profile.storage;

    let signer = ctx

        .profile