Page MenuHomePhabricator
Files F2902734

D9283.id31392.diff
No OneTemporary
Actions

D9283.id31392.diff
View Options

diff --git a/services/comm-services-lib/src/auth/types.rs b/services/comm-services-lib/src/auth/types.rs
--- a/services/comm-services-lib/src/auth/types.rs
+++ b/services/comm-services-lib/src/auth/types.rs
@@ -38,6 +38,19 @@
}
}
+impl std::fmt::Display for AuthorizationCredential {
+ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+ match self {
+ AuthorizationCredential::UserToken(UserIdentity { user_id, .. }) => {
+ write!(f, "UserTokenCredential(user_id={})", user_id)
+ }
+ AuthorizationCredential::ServicesToken(_) => {
+ write!(f, "ServicesTokenCredential")
+ }
+ }
+ }
+}
+
#[derive(Debug, Clone, Serialize, Deserialize, derive_more::Constructor)]
pub struct ServicesAuthToken {
#[serde(rename = "servicesToken")]
diff --git a/services/comm-services-lib/src/http/auth.rs b/services/comm-services-lib/src/http/auth.rs
--- a/services/comm-services-lib/src/http/auth.rs
+++ b/services/comm-services-lib/src/http/auth.rs
@@ -1,6 +1,7 @@
use actix_web::{
body::{EitherBody, MessageBody},
dev::{Service, ServiceRequest, ServiceResponse, Transform},
+ error::ErrorInternalServerError,
FromRequest, HttpMessage,
};
use actix_web_httpauth::{
@@ -15,9 +16,9 @@
pin::Pin,
str::FromStr,
};
-use tracing::debug;
+use tracing::{debug, error, trace};
-use crate::auth::{AuthorizationCredential, UserIdentity};
+use crate::auth::{AuthService, AuthorizationCredential, UserIdentity};
impl FromRequest for AuthorizationCredential {
type Error = actix_web::Error;
@@ -89,7 +90,22 @@
}
};
- // TODO: call identity service, for now just allow every request
+ let auth_service = req
+ .app_data::<AuthService>()
+ .expect("FATAL: missing AuthService app data. Check HTTP server config.");
+
+ match auth_service.verify_auth_credential(&credential).await {
+ Ok(true) => trace!("Request is authenticated with {credential}"),
+ Ok(false) => {
+ // TODO: Return 401 here when we're ready to reject unauthenticated requests
+ trace!("Request is not authenticated. Token: {credential:?}");
+ }
+ Err(err) => {
+ error!("Error verifying auth credential: {err}");
+ return Err((ErrorInternalServerError("internal error"), req));
+ }
+ };
+
req.extensions_mut().insert(credential);
Ok(req)

File Metadata

Mime Type
text/plain
Expires
Sun, Oct 6, 6:42 PM (22 h, 18 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2250610
Default Alt Text
D9283.id31392.diff (2 KB)

Event Timeline