proxmox-rest-server: make check_auth async
This commit is contained in:
parent
b914b94773
commit
038f385089
@ -1,5 +1,7 @@
|
||||
use std::sync::{Arc, Mutex};
|
||||
use std::collections::HashMap;
|
||||
use std::future::Future;
|
||||
use std::pin::Pin;
|
||||
|
||||
use anyhow::{bail, format_err, Error};
|
||||
use lazy_static::lazy_static;
|
||||
@ -26,15 +28,17 @@ impl UserInformation for DummyUserInfo {
|
||||
struct DummyAuth;
|
||||
|
||||
impl ApiAuth for DummyAuth {
|
||||
fn check_auth(
|
||||
&self,
|
||||
_headers: &http::HeaderMap,
|
||||
_method: &hyper::Method,
|
||||
) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError> {
|
||||
// get some global/cached userinfo
|
||||
let userinfo = DummyUserInfo;
|
||||
// Do some user checks, e.g. cookie/csrf
|
||||
Ok(("User".to_string(), Box::new(userinfo)))
|
||||
fn check_auth<'a>(
|
||||
&'a self,
|
||||
_headers: &'a http::HeaderMap,
|
||||
_method: &'a hyper::Method,
|
||||
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
|
||||
Box::pin(async move {
|
||||
// get some global/cached userinfo
|
||||
let userinfo: Box<dyn UserInformation + Sync + Send> = Box::new(DummyUserInfo);
|
||||
// Do some user checks, e.g. cookie/csrf
|
||||
Ok(("User".to_string(), userinfo))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -16,6 +16,8 @@
|
||||
//! * generic interface to authenticate user
|
||||
|
||||
use std::sync::atomic::{Ordering, AtomicBool};
|
||||
use std::future::Future;
|
||||
use std::pin::Pin;
|
||||
|
||||
use anyhow::{bail, format_err, Error};
|
||||
use nix::unistd::Pid;
|
||||
@ -74,11 +76,11 @@ pub trait ApiAuth {
|
||||
///
|
||||
/// If credenthials are valid, returns the username and a
|
||||
/// [UserInformation] object to query additional user data.
|
||||
fn check_auth(
|
||||
&self,
|
||||
headers: &http::HeaderMap,
|
||||
method: &hyper::Method,
|
||||
) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>;
|
||||
fn check_auth<'a>(
|
||||
&'a self,
|
||||
headers: &'a http::HeaderMap,
|
||||
method: &'a hyper::Method,
|
||||
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>>;
|
||||
}
|
||||
|
||||
lazy_static::lazy_static!{
|
||||
|
@ -654,7 +654,7 @@ async fn handle_request(
|
||||
let mut user_info: Box<dyn UserInformation + Send + Sync> = Box::new(EmptyUserInformation {});
|
||||
|
||||
if auth_required {
|
||||
match auth.check_auth(&parts.headers, &method) {
|
||||
match auth.check_auth(&parts.headers, &method).await {
|
||||
Ok((authid, info)) => {
|
||||
rpcenv.set_auth_id(Some(authid));
|
||||
user_info = info;
|
||||
@ -726,7 +726,7 @@ async fn handle_request(
|
||||
|
||||
if comp_len == 0 {
|
||||
let language = extract_lang_header(&parts.headers);
|
||||
match auth.check_auth(&parts.headers, &method) {
|
||||
match auth.check_auth(&parts.headers, &method).await {
|
||||
Ok((auth_id, _user_info)) => {
|
||||
return Ok(api.get_index(Some(auth_id), language, parts));
|
||||
}
|
||||
|
@ -1,6 +1,8 @@
|
||||
//! Authentication via a static ticket file
|
||||
use std::fs::File;
|
||||
use std::io::prelude::*;
|
||||
use std::future::Future;
|
||||
use std::pin::Pin;
|
||||
|
||||
use anyhow::{bail, format_err, Error};
|
||||
|
||||
@ -25,21 +27,25 @@ pub struct StaticAuth {
|
||||
}
|
||||
|
||||
impl ApiAuth for StaticAuth {
|
||||
fn check_auth(
|
||||
&self,
|
||||
headers: &http::HeaderMap,
|
||||
_method: &hyper::Method,
|
||||
) -> Result<(String, Box<dyn UserInformation + Send + Sync>), AuthError> {
|
||||
match headers.get(hyper::header::AUTHORIZATION) {
|
||||
Some(header) if header.to_str().unwrap_or("") == &self.ticket => {
|
||||
Ok((String::from("root@pam"), Box::new(SimpleUserInformation {})))
|
||||
fn check_auth<'a>(
|
||||
&'a self,
|
||||
headers: &'a http::HeaderMap,
|
||||
_method: &'a hyper::Method,
|
||||
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
|
||||
Box::pin(async move {
|
||||
|
||||
match headers.get(hyper::header::AUTHORIZATION) {
|
||||
Some(header) if header.to_str().unwrap_or("") == &self.ticket => {
|
||||
let user_info: Box<dyn UserInformation + Send + Sync> = Box::new(SimpleUserInformation {});
|
||||
Ok((String::from("root@pam"), user_info))
|
||||
}
|
||||
_ => {
|
||||
return Err(AuthError::Generic(format_err!(
|
||||
"invalid file restore ticket provided"
|
||||
)));
|
||||
}
|
||||
}
|
||||
_ => {
|
||||
return Err(AuthError::Generic(format_err!(
|
||||
"invalid file restore ticket provided"
|
||||
)));
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,7 +1,10 @@
|
||||
//! Provides authentication primitives for the HTTP server
|
||||
use anyhow::format_err;
|
||||
|
||||
use std::sync::Arc;
|
||||
use std::future::Future;
|
||||
use std::pin::Pin;
|
||||
|
||||
use anyhow::format_err;
|
||||
|
||||
use proxmox::api::UserInformation;
|
||||
|
||||
@ -55,16 +58,15 @@ impl UserApiAuth {
|
||||
_ => None,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl ApiAuth for UserApiAuth {
|
||||
|
||||
fn check_auth(
|
||||
async fn check_auth_async(
|
||||
&self,
|
||||
headers: &http::HeaderMap,
|
||||
method: &hyper::Method,
|
||||
) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError> {
|
||||
|
||||
// fixme: make all IO async
|
||||
|
||||
let user_info = CachedUserInfo::new()?;
|
||||
|
||||
let auth_data = Self::extract_auth_data(headers);
|
||||
@ -124,3 +126,13 @@ impl ApiAuth for UserApiAuth {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl ApiAuth for UserApiAuth {
|
||||
fn check_auth<'a>(
|
||||
&'a self,
|
||||
headers: &'a http::HeaderMap,
|
||||
method: &'a hyper::Method,
|
||||
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
|
||||
Box::pin(self.check_auth_async(headers, method))
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user