WIP login

This commit is contained in:
Quentin 2024-02-27 01:05:51 +01:00
parent ea32a813a7
commit 9a58a4e932
Signed by: quentin
GPG key ID: E9602264D639FF68

View file

@ -1,6 +1,7 @@
use std::net::SocketAddr; use std::net::SocketAddr;
use anyhow::Result; use anyhow::{anyhow, Result};
use base64::Engine;
use hyper::service::service_fn; use hyper::service::service_fn;
use hyper::{Request, Response, body::Bytes}; use hyper::{Request, Response, body::Bytes};
use hyper::server::conn::http1 as http; use hyper::server::conn::http1 as http;
@ -46,11 +47,17 @@ impl Server {
}; };
tracing::info!("DAV: accepted connection from {}", remote_addr); tracing::info!("DAV: accepted connection from {}", remote_addr);
let stream = TokioIo::new(socket); let stream = TokioIo::new(socket);
let conn = tokio::spawn(async { let login = self.login_provider.clone();
let conn = tokio::spawn(async move {
//@FIXME should create a generic "public web" server on which "routers" could be //@FIXME should create a generic "public web" server on which "routers" could be
//abitrarily bound //abitrarily bound
//@FIXME replace with a handler supporting http2 and TLS //@FIXME replace with a handler supporting http2 and TLS
match http::Builder::new().serve_connection(stream, service_fn(router)).await { match http::Builder::new().serve_connection(stream, service_fn(|req: Request<hyper::body::Incoming>| {
let login = login.clone();
async move {
auth(login, req).await
}
})).await {
Err(e) => tracing::warn!(err=?e, "connection failed"), Err(e) => tracing::warn!(err=?e, "connection failed"),
Ok(()) => tracing::trace!("connection terminated with success"), Ok(()) => tracing::trace!("connection terminated with success"),
} }
@ -66,6 +73,45 @@ impl Server {
} }
} }
async fn auth(
login: ArcLoginProvider,
req: Request<impl hyper::body::Body>,
) -> Result<Response<Full<Bytes>>> {
let auth_val = match req.headers().get("Authorization") {
Some(hv) => hv.to_str()?,
None => return Ok(Response::builder()
.status(401)
.body(Full::new(Bytes::from("Missing Authorization field")))?),
};
let b64_creds_maybe_padded = match auth_val.split_once(" ") {
Some(("Basic", b64)) => b64,
_ => return Ok(Response::builder()
.status(400)
.body(Full::new(Bytes::from("Unsupported Authorization field")))?),
};
// base64urlencoded may have trailing equals, base64urlsafe has not
// theoretically authorization is padded but "be liberal in what you accept"
let b64_creds_clean = b64_creds_maybe_padded.trim_end_matches('=');
// Decode base64
let creds = base64::engine::general_purpose::STANDARD_NO_PAD.decode(b64_creds_clean)?;
let str_creds = std::str::from_utf8(&creds)?;
// Split username and password
let (username, password) = str_creds
.split_once(':')
.ok_or(anyhow!("Missing colon in Authorization, can't split decoded value into a username/password pair"))?;
// Call login provider
// Call router with user
unimplemented!();
}
async fn router(req: Request<impl hyper::body::Body>) -> Result<Response<Full<Bytes>>> { async fn router(req: Request<impl hyper::body::Body>) -> Result<Response<Full<Bytes>>> {
let path_segments: Vec<_> = req.uri().path().split("/").filter(|s| *s != "").collect(); let path_segments: Vec<_> = req.uri().path().split("/").filter(|s| *s != "").collect();
match path_segments.as_slice() { match path_segments.as_slice() {