diff --git a/services/backup/src/error.rs b/services/backup/src/error.rs
--- a/services/backup/src/error.rs
+++ b/services/backup/src/error.rs
@@ -6,8 +6,8 @@
HttpResponse, ResponseError,
};
pub use aws_sdk_dynamodb::Error as DynamoDBError;
-use comm_lib::blob::client::BlobServiceError;
use comm_lib::database::Error as DBError;
+use comm_lib::{auth::AuthServiceError, blob::client::BlobServiceError};
use reqwest::StatusCode;
use tracing::{error, trace, warn};
@@ -17,6 +17,7 @@
pub enum BackupError {
NoBackup,
BlobError(BlobServiceError),
+ AuthError(AuthServiceError),
DB(comm_lib::database::Error),
}
@@ -46,6 +47,10 @@
error!("Unexpected blob error: {err}");
ErrorInternalServerError("server error")
}
+ BackupError::AuthError(err) => {
+ error!("Unexpected auth error: {err}");
+ ErrorInternalServerError("server error")
+ }
BackupError::DB(err) => match err {
DBError::AwsSdk(
err @ (DynamoDBError::InternalServerError(_)
diff --git a/services/backup/src/http/handlers/backup.rs b/services/backup/src/http/handlers/backup.rs
--- a/services/backup/src/http/handlers/backup.rs
+++ b/services/backup/src/http/handlers/backup.rs
@@ -1,10 +1,10 @@
use actix_web::{
- error::ErrorBadRequest,
+ error::{ErrorBadRequest, ErrorInternalServerError},
web::{self, Bytes},
- HttpResponse, Responder,
+ HttpRequest, HttpResponse, Responder,
};
use comm_lib::{
- auth::UserIdentity,
+ auth::{AuthService, UserIdentity},
backup::LatestBackupIDResponse,
blob::{client::BlobServiceClient, types::BlobInfo},
http::multipart::{get_named_text_field, get_text_field},
@@ -27,6 +27,7 @@
mut multipart: actix_multipart::Multipart,
) -> actix_web::Result<HttpResponse> {
let backup_id = get_named_text_field("backup_id", &mut multipart).await?;
+ let blob_client = blob_client.with_user_identity(user.clone());
tracing::Span::current().record("backup_id", &backup_id);
info!("Backup data upload started");
@@ -119,7 +120,7 @@
#[instrument(skip_all, fields(hash_field_name, data_field_name))]
async fn forward_field_to_blob<'revoke, 'blob: 'revoke>(
multipart: &mut actix_multipart::Multipart,
- blob_client: &'blob web::Data<BlobServiceClient>,
+ blob_client: &'blob BlobServiceClient,
hash_field_name: &str,
data_field_name: &str,
) -> actix_web::Result<(BlobInfo, Defer<'revoke>)> {
@@ -188,7 +189,7 @@
#[instrument(skip_all)]
async fn create_attachment_holder<'revoke, 'blob: 'revoke>(
attachment: &str,
- blob_client: &'blob web::Data<BlobServiceClient>,
+ blob_client: &'blob BlobServiceClient,
) -> Result<(String, Defer<'revoke>), BackupError> {
let holder = uuid::Uuid::new_v4().to_string();
@@ -216,6 +217,7 @@
blob_client: web::Data<BlobServiceClient>,
db_client: web::Data<DatabaseClient>,
) -> actix_web::Result<HttpResponse> {
+ let blob_client = blob_client.with_user_identity(user.clone());
info!("Download user keys request");
let backup_id = path.into_inner();
download_user_blob(
@@ -236,6 +238,7 @@
db_client: web::Data<DatabaseClient>,
) -> actix_web::Result<HttpResponse> {
info!("Download user data request");
+ let blob_client = blob_client.with_user_identity(user.clone());
let backup_id = path.into_inner();
download_user_blob(
|item| &item.user_data,
@@ -251,7 +254,7 @@
data_extractor: impl FnOnce(&BackupItem) -> &BlobInfo,
user_id: &str,
backup_id: &str,
- blob_client: web::Data<BlobServiceClient>,
+ blob_client: BlobServiceClient,
db_client: web::Data<DatabaseClient>,
) -> actix_web::Result<HttpResponse> {
let backup_item = db_client
@@ -302,7 +305,21 @@
path: web::Path<String>,
db_client: web::Data<DatabaseClient>,
blob_client: web::Data<BlobServiceClient>,
+ req: HttpRequest,
) -> actix_web::Result<HttpResponse> {
+ let auth_service = req.app_data::<AuthService>().ok_or_else(|| {
+ tracing::error!(
+ "Failed to get AuthService from request. Check HTTP server config."
+ );
+ ErrorInternalServerError("internal error")
+ })?;
+ let services_token = auth_service
+ .get_services_token()
+ .await
+ .map_err(BackupError::from)?;
+ let blob_client = blob_client.with_authentication(
+ comm_lib::auth::AuthorizationCredential::ServicesToken(services_token),
+ );
let username = path.into_inner();
// Treat username as user_id in the initial version
let user_id = username;
diff --git a/services/backup/src/http/handlers/log.rs b/services/backup/src/http/handlers/log.rs
--- a/services/backup/src/http/handlers/log.rs
+++ b/services/backup/src/http/handlers/log.rs
@@ -90,7 +90,7 @@
ctx,
Self::handle_msg(
user.user_id.clone(),
- self.blob_client.clone(),
+ self.blob_client.clone().with_user_identity(user.clone()),
self.db_client.clone(),
request,
),