Start9/start-os
2
0
Fork 0
mirror of https://github.com/Start9Labs/start-os.git synced 2026-03-30 12:11:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

auth middleware

Browse Source
This commit is contained in:
Aiden McClelland
2021-07-29 18:37:31 -06:00
committed by Aiden McClelland
parent 2dc896ef04
commit 281dde2462
9 changed files with 825 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

220
appmgr/Cargo.lock generated
View File

@@ -104,6 +104,12 @@ dependencies = [
"libc",
]
[[package]]
name = "base-x"
version = "0.2.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a4521f3e3d031370679b3b140beb36dfe4801b09ac77e30c61941f97df3ef28b"
[[package]]
name = "base32"
version = "0.4.0"
@@ -360,7 +366,7 @@ dependencies = [
"num-integer",
"num-traits",
"serde",
"time",
"time 0.1.44",
"winapi",
]
@@ -390,12 +396,72 @@ dependencies = [
"vec_map",
]
[[package]]
name = "const_fn"
version = "0.4.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f92cfa0fd5690b3cf8c1ef2cabbd9b7ef22fa53cf5e1f92b05103f6d5d1cf6e7"
[[package]]
name = "constant_time_eq"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc"
[[package]]
name = "cookie"
version = "0.14.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "03a5d7b21829bc7b4bf4754a978a241ae54ea55a40f92bb20216e54096f4b951"
dependencies = [
"percent-encoding",
"time 0.2.27",
"version_check",
]
[[package]]
name = "cookie"
version = "0.15.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d5f1c7727e460397e56abc4bddc1d49e07a1ad78fc98eb2e1c8f032a58a2f80d"
dependencies = [
"percent-encoding",
"time 0.2.27",
"version_check",
]
[[package]]
name = "cookie_store"
version = "0.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3818dfca4b0cb5211a659bbcbb94225b7127407b2b135e650d717bfb78ab10d3"
dependencies = [
"cookie 0.14.4",
"idna",
"log",
"publicsuffix 1.5.6",
"serde",
"serde_json",
"time 0.2.27",
"url",
]
[[package]]
name = "cookie_store"
version = "0.15.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "55b4ac5559dd39f7bdc516f769cb412b151585d8886d216871a8435ed7f862cd"
dependencies = [
"cookie 0.15.1",
"idna",
"log",
"publicsuffix 2.1.0",
"serde",
"serde_json",
"time 0.2.27",
"url",
]
[[package]]
name = "core-foundation"
version = "0.9.1"
@@ -654,6 +720,12 @@ dependencies = [
"winapi",
]
[[package]]
name = "discard"
version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "212d0f5754cb6769937f4501cc0e67f4f4483c8d2c3e1e922ee9edbe4ab4c7c0"
[[package]]
name = "dotenv"
version = "0.15.0"
@@ -712,6 +784,7 @@ dependencies = [
"bollard",
"chrono",
"clap",
"cookie_store 0.15.0",
"digest 0.9.0",
"ed25519-dalek",
"emver",
@@ -732,6 +805,7 @@ dependencies = [
"rand 0.7.3",
"regex",
"reqwest",
"reqwest_cookie_store",
"rpassword",
"rpc-toolkit",
"rust-argon2",
@@ -1877,6 +1951,34 @@ dependencies = [
"unicode-xid 0.2.2",
]
[[package]]
name = "psl-types"
version = "2.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "66b398073e7cdd6f05934389a8f5961e3aabfa66675b6f440df4e2c793d51a4f"
[[package]]
name = "publicsuffix"
version = "1.5.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "95b4ce31ff0a27d93c8de1849cf58162283752f065a90d508f1105fa6c9a213f"
dependencies = [
"idna",
"url",
]
[[package]]
name = "publicsuffix"
version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c3ac055aef7cc7a1caefbc65144be879e862467dcd9b8a8d57b64a13e7dce15d"
dependencies = [
"byteorder",
"hashbrown",
"idna",
"psl-types",
]
[[package]]
name = "quick-error"
version = "1.2.3"
@@ -2072,6 +2174,8 @@ checksum = "246e9f61b9bb77df069a947682be06e31ac43ea37862e244a69f177694ea6d22"
dependencies = [
"base64 0.13.0",
"bytes 1.0.1",
"cookie 0.14.4",
"cookie_store 0.12.0",
"encoding_rs",
"futures-core",
"futures-util",
@@ -2090,6 +2194,7 @@ dependencies = [
"serde",
"serde_json",
"serde_urlencoded",
"time 0.2.27",
"tokio 1.9.0",
"tokio-native-tls",
"url",
@@ -2099,6 +2204,19 @@ dependencies = [
"winreg",
]
[[package]]
name = "reqwest_cookie_store"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "48cbf3a2aeeeaa6d10a76db86068c3560320f6265c3a0e2642e0538e11c2d143"
dependencies = [
"bytes 1.0.1",
"cookie 0.15.1",
"cookie_store 0.15.0",
"reqwest",
"url",
]
[[package]]
name = "ring"
version = "0.16.20"
@@ -2461,9 +2579,9 @@ dependencies = [
[[package]]
name = "siphasher"
version = "0.3.5"
version = "0.3.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cbce6d4507c7e4a3962091436e56e95290cb71fa302d0d270e32130b75fbff27"
checksum = "729a25c17d72b06c68cb47955d44fda88ad2d3e7d77e025663fdd69b93dd71a1"
[[package]]
name = "slab"
@@ -2595,12 +2713,70 @@ dependencies = [
"tokio-rustls",
]
[[package]]
name = "standback"
version = "0.2.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e113fb6f3de07a243d434a56ec6f186dfd51cb08448239fe7bcae73f87ff28ff"
dependencies = [
"version_check",
]
[[package]]
name = "static_assertions"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
[[package]]
name = "stdweb"
version = "0.4.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d022496b16281348b52d0e30ae99e01a73d737b2f45d38fed4edf79f9325a1d5"
dependencies = [
"discard",
"rustc_version",
"stdweb-derive",
"stdweb-internal-macros",
"stdweb-internal-runtime",
"wasm-bindgen",
]
[[package]]
name = "stdweb-derive"
version = "0.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c87a60a40fccc84bef0652345bbbbbe20a605bf5d0ce81719fc476f5c03b50ef"
dependencies = [
"proc-macro2 1.0.28",
"quote 1.0.9",
"serde",
"serde_derive",
"syn 1.0.74",
]
[[package]]
name = "stdweb-internal-macros"
version = "0.2.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "58fa5ff6ad0d98d1ffa8cb115892b6e69d67799f6763e162a1c9db421dc22e11"
dependencies = [
"base-x",
"proc-macro2 1.0.28",
"quote 1.0.9",
"serde",
"serde_derive",
"serde_json",
"sha1",
"syn 1.0.74",
]
[[package]]
name = "stdweb-internal-runtime"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "213701ba3370744dcd1a12960caa4843b3d68b4d1c0a5d575e0d65b2ee9d16c0"
[[package]]
name = "string_cache"
version = "0.8.1"
@@ -2794,6 +2970,44 @@ dependencies = [
"winapi",
]
[[package]]
name = "time"
version = "0.2.27"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4752a97f8eebd6854ff91f1c1824cd6160626ac4bd44287f7f4ea2035a02a242"
dependencies = [
"const_fn",
"libc",
"standback",
"stdweb",
"time-macros",
"version_check",
"winapi",
]
[[package]]
name = "time-macros"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "957e9c6e26f12cb6d0dd7fc776bb67a706312e7299aed74c8dd5b17ebb27e2f1"
dependencies = [
"proc-macro-hack",
"time-macros-impl",
]
[[package]]
name = "time-macros-impl"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fd3c141a1b43194f3f56a1411225df8646c55781d5f26db825b3d98507eb482f"
dependencies = [
"proc-macro-hack",
"proc-macro2 1.0.28",
"quote 1.0.9",
"standback",
"syn 1.0.74",
]
[[package]]
name = "tiny-keccak"
version = "2.0.2"

2
appmgr/Cargo.toml
View File

@@ -53,6 +53,7 @@ basic-cookies = "0.1.4"
bollard = "0.11.0"
chrono = { version = "0.4.19", features = ["serde"] }
clap = "2.33"
cookie_store = "0.15.0"
digest = "0.9.0"
ed25519-dalek = { version = "1.0.1", features = ["serde"] }
emver = { version = "0.1.2", features = ["serde"] }
@@ -73,6 +74,7 @@ prettytable-rs = "0.8.0"
rand = "0.7.3"
regex = "1.4.2"
reqwest = { version = "0.11.2", features = ["stream", "json"] }
reqwest_cookie_store = "0.2.0"
rpassword = "5.0.0"
rpc-toolkit = { version = "*", path = "../../rpc-toolkit/rpc-toolkit" }
rust-argon2 = "0.8.3"

104
appmgr/sqlx-data.json
View File

@@ -1,5 +1,15 @@
{
"db": "SQLite",
"118d59de5cf930d5a3b5667b2220e9a3d593bd84276beb2b76c93b2694b0fd72": {
"query": "INSERT INTO session (id, user_agent, metadata) VALUES (?, ?, ?)",
"describe": {
"columns": [],
"parameters": {
"Right": 3
},
"nullable": []
}
},
"121a1c1c0c11c5588c17bbd9b2baeca4d27d1a6d82d6487fad142ffb58d1da0c": {
"query": "INSERT INTO tor (package, interface, key) VALUES (?, ?, ?)",
"describe": {
@@ -10,6 +20,100 @@
"nullable": []
}
},
"18aa5fba13df20495611fbbf7cb331f4b6da5b906148e0d9565905d3bb10071c": {
"query": "SELECT logged_out FROM session WHERE id = ?",
"describe": {
"columns": [
{
"name": "logged_out",
"ordinal": 0,
"type_info": "Datetime"
}
],
"parameters": {
"Right": 1
},
"nullable": [
true
]
}
},
"2932aa02735b6422fca4ba889abfb3de8598178d4690076dc278898753d9df62": {
"query": "UPDATE session SET logged_out = CURRENT_TIMESTAMP WHERE id = ?",
"describe": {
"columns": [],
"parameters": {
"Right": 1
},
"nullable": []
}
},
"3efd0daa61f4f8bead1adbe78a8225bc31fb940406d0415b578d3adc03a5e414": {
"query": "SELECT hash FROM password",
"describe": {
"columns": [
{
"name": "hash",
"ordinal": 0,
"type_info": "Text"
}
],
"parameters": {
"Right": 0
},
"nullable": [
false
]
}
},
"4691e3a2ce80b59009ac17124f54f925f61dc5ea371903e62cdffa5d7b67ca96": {
"query": "SELECT * FROM session WHERE logged_out IS NULL OR logged_out > CURRENT_TIMESTAMP",
"describe": {
"columns": [
{
"name": "id",
"ordinal": 0,
"type_info": "Text"
},
{
"name": "logged_in",
"ordinal": 1,
"type_info": "Datetime"
},
{
"name": "logged_out",
"ordinal": 2,
"type_info": "Datetime"
},
{
"name": "last_active",
"ordinal": 3,
"type_info": "Datetime"
},
{
"name": "user_agent",
"ordinal": 4,
"type_info": "Text"
},
{
"name": "metadata",
"ordinal": 5,
"type_info": "Text"
}
],
"parameters": {
"Right": 0
},
"nullable": [
false,
false,
true,
false,
true,
false
]
}
},
"8595651866e7db772260bd79e19d55b7271fd795b82a99821c935a9237c1aa16": {
"query": "SELECT interface, key FROM tor WHERE package = ?",
"describe": {

1
appmgr/src/bin/embassy-cli.rs
View File

@@ -44,6 +44,7 @@ fn inner_main() -> Result<(), Error> {
Some(a) => eprintln!("{}: {}", e.message, a),
None => eprintln!("{}", e.message),
}
std::process::exit(e.code);
}
);

6
appmgr/src/bin/embassyd.rs
View File

@@ -3,6 +3,7 @@ use std::time::Duration;
use embassy::context::{EitherContext, RpcContext};
use embassy::db::model::Database;
use embassy::middleware::auth::auth;
use embassy::middleware::cors::cors;
use embassy::status::{check_all, synchronize_all};
use embassy::util::daemon;
@@ -11,6 +12,7 @@ use futures::TryFutureExt;
use patch_db::json_ptr::JsonPointer;
use rpc_toolkit::hyper::StatusCode;
use rpc_toolkit::rpc_server;
use rpc_toolkit::rpc_server_helpers::DynMiddleware;
fn status_fn(_: i32) -> StatusCode {
StatusCode::OK
@@ -24,13 +26,15 @@ async fn inner_main(cfg_path: Option<&str>) -> Result<(), Error> {
.put(&<JsonPointer>::default(), &Database::init(), None)
.await?;
}
let auth = auth(rpc_ctx.clone());
let ctx = EitherContext::Rpc(rpc_ctx.clone());
let server = rpc_server!({
command: embassy::main_api,
context: ctx,
status: status_fn,
middleware: [
cors
cors,
auth,
]
});
let status_ctx = rpc_ctx.clone();

108
appmgr/src/context/cli.rs
View File

@@ -1,12 +1,14 @@
use std::fs::File;
use std::io::Read;
use std::net::IpAddr;
use std::io::{BufReader, Read};
use std::net::{IpAddr, Ipv4Addr};
use std::path::{Path, PathBuf};
use std::sync::Arc;
use anyhow::anyhow;
use clap::ArgMatches;
use cookie_store::CookieStore;
use reqwest::Proxy;
use reqwest_cookie_store::CookieStoreMutex;
use rpc_toolkit::reqwest::{Client, Url};
use rpc_toolkit::url::Host;
use rpc_toolkit::Context;
@@ -21,20 +23,36 @@ pub struct CliContextConfig {
#[serde(deserialize_with = "deserialize_host")]
pub host: Option<Host>,
pub port: Option<u16>,
pub url: Option<Url>,
#[serde(deserialize_with = "crate::util::deserialize_from_str_opt")]
pub proxy: Option<Url>,
pub developer_key_path: Option<PathBuf>,
pub cookie_path: Option<PathBuf>,
#[serde(flatten)]
pub server_config: RpcContextConfig,
}
#[derive(Debug)]
pub struct CliContextSeed {
pub host: Host,
pub port: u16,
pub url: Url,
pub client: Client,
pub cookie_store: Arc<CookieStoreMutex>,
pub cookie_path: PathBuf,
pub developer_key_path: PathBuf,
}
impl Drop for CliContextSeed {
fn drop(&mut self) {
let tmp = format!("{}.tmp", self.cookie_path.display());
let mut writer = File::create(&tmp).unwrap();
let store = self.cookie_store.lock().unwrap();
store.save_json(&mut writer).unwrap();
writer.sync_all().unwrap();
std::fs::rename(tmp, &self.cookie_path).unwrap();
}
}
const DEFAULT_HOST: Host<&'static str> = Host::Ipv4(Ipv4Addr::new(127, 0, 0, 1));
const DEFAULT_PORT: u16 = 5959;
#[derive(Debug, Clone)]
pub struct CliContext(Arc<CliContextSeed>);
@@ -62,26 +80,55 @@ impl CliContext {
base.port = Some(bind.port())
}
}
if let Some(host) = matches.value_of("host") {
base.host = Some(Host::parse(host).with_kind(crate::ErrorKind::ParseUrl)?);
}
if let Some(port) = matches.value_of("port") {
base.port = Some(port.parse()?);
}
if let Some(proxy) = matches.value_of("proxy") {
base.proxy = Some(proxy.parse()?);
}
let host = if let Some(host) = matches.value_of("host") {
Some(Host::parse(host).with_kind(crate::ErrorKind::ParseUrl)?)
} else {
base.host
};
let port = if let Some(port) = matches.value_of("port") {
Some(port.parse()?)
} else {
base.port
};
let proxy = if let Some(proxy) = matches.value_of("proxy") {
Some(proxy.parse()?)
} else {
base.proxy
};
let cookie_path = base.cookie_path.unwrap_or_else(|| {
cfg_path
.parent()
.unwrap_or(Path::new("/"))
.join(".cookies.json")
});
let cookie_store = Arc::new(CookieStoreMutex::new(if cookie_path.exists() {
CookieStore::load_json(BufReader::new(File::open(&cookie_path)?))
.map_err(|e| anyhow!("{}", e))
.with_kind(crate::ErrorKind::Deserialization)?
} else {
CookieStore::default()
}));
Ok(CliContext(Arc::new(CliContextSeed {
host: base.host.unwrap_or(Host::Ipv4([127, 0, 0, 1].into())),
port: base.port.unwrap_or(5959),
client: if let Some(proxy) = base.proxy {
Client::builder()
.proxy(Proxy::all(proxy).with_kind(crate::ErrorKind::ParseUrl)?)
.build()
.expect("cannot fail")
} else {
Client::new()
url: base.url.unwrap_or_else(|| {
format!(
"http://{}:{}",
host.unwrap_or_else(|| DEFAULT_HOST.to_owned()),
port.unwrap_or(DEFAULT_PORT)
)
.parse()
.unwrap()
}),
client: {
let mut builder = Client::builder().cookie_provider(cookie_store.clone());
if let Some(proxy) = proxy {
builder =
builder.proxy(Proxy::all(proxy).with_kind(crate::ErrorKind::ParseUrl)?)
}
builder.build().expect("cannot fail")
},
cookie_store,
cookie_path,
developer_key_path: base.developer_key_path.unwrap_or_else(|| {
cfg_path
.parent()
@@ -107,15 +154,20 @@ impl std::ops::Deref for CliContext {
}
}
impl Context for CliContext {
fn protocol(&self) -> &str {
self.0.url.scheme()
}
fn host(&self) -> Host<&str> {
match &self.0.host {
Host::Domain(a) => Host::Domain(a.as_str()),
Host::Ipv4(a) => Host::Ipv4(*a),
Host::Ipv6(a) => Host::Ipv6(*a),
}
self.0.url.host().unwrap_or(DEFAULT_HOST)
}
fn port(&self) -> u16 {
self.0.port
self.0.url.port().unwrap_or(DEFAULT_PORT)
}
fn path(&self) -> &str {
self.0.url.path()
}
fn url(&self) -> Url {
self.0.url.clone()
}
fn client(&self) -> &Client {
&self.0.client

1
appmgr/src/lib.rs
View File

@@ -60,6 +60,7 @@ pub fn echo(#[context] _ctx: EitherContext, #[arg] message: String) -> Result<St
developer::init,
inspect::inspect,
package,
auth::auth,
))]
pub fn main_api(#[context] ctx: EitherContext) -> Result<EitherContext, RpcError> {
Ok(ctx)

27
appmgr/src/middleware/auth.rs
View File

@@ -4,12 +4,13 @@ use chrono::Utc;
use digest::Digest;
use futures::future::BoxFuture;
use futures::FutureExt;
use http::StatusCode;
use rpc_toolkit::command_helpers::prelude::RequestParts;
use rpc_toolkit::hyper::header::COOKIE;
use rpc_toolkit::hyper::http::Error as HttpError;
use rpc_toolkit::hyper::{Body, Request, Response};
use rpc_toolkit::rpc_server_helpers::{
noop3, noop4, DynMiddleware, DynMiddlewareStage2, DynMiddlewareStage3,
noop3, noop4, to_response, DynMiddleware, DynMiddlewareStage2, DynMiddlewareStage3,
};
use rpc_toolkit::yajrc::RpcMethod;
use rpc_toolkit::Metadata;
@@ -60,11 +61,12 @@ async fn is_authed(ctx: &RpcContext, req: &RequestParts) -> Result<(), Error> {
}
}
pub async fn auth<M: Metadata>(ctx: RpcContext) -> DynMiddleware<M> {
pub fn auth<M: Metadata>(ctx: RpcContext) -> DynMiddleware<M> {
Box::new(
|req: &mut Request<Body>,
metadata: M|
-> BoxFuture<Result<Result<DynMiddlewareStage2, Response<Body>>, HttpError>> {
move |req: &mut Request<Body>,
metadata: M|
-> BoxFuture<Result<Result<DynMiddlewareStage2, Response<Body>>, HttpError>> {
let ctx = ctx.clone();
async move {
let mut header_stub = Request::new(Body::empty());
*header_stub.headers_mut() = req.headers().clone();
@@ -75,14 +77,13 @@ pub async fn auth<M: Metadata>(ctx: RpcContext) -> DynMiddleware<M> {
.unwrap_or(true)
{
if let Err(e) = is_authed(&ctx, req).await {
let m3: DynMiddlewareStage3 = Box::new(|_, rpc_res| {
async move {
*rpc_res = Err(e.into());
Ok(Ok(noop4()))
}
.boxed()
});
return Ok(Ok(m3));
let (res_parts, _) = Response::new(()).into_parts();
return Ok(Err(to_response(
&req.headers,
res_parts,
Err(e.into()),
|_| StatusCode::OK,
)?));
}
}
Ok(Ok(noop3()))