Page MenuHomePhabricator

D12303.id40914.diff
No OneTemporary

D12303.id40914.diff

diff --git a/services/identity/src/http/handlers.rs b/services/identity/src/http/handlers.rs
new file mode 100644
--- /dev/null
+++ b/services/identity/src/http/handlers.rs
@@ -0,0 +1,50 @@
+use super::{
+ errors::{create_error_response, http400},
+ ErrorResponse, HttpRequest,
+};
+use comm_lib::auth::UserIdentity;
+use hyper::header::AUTHORIZATION;
+use hyper::StatusCode;
+use tracing::error;
+
+#[tracing::instrument(skip_all)]
+async fn verify_csat(
+ req: &HttpRequest,
+ db_client: &crate::DatabaseClient,
+) -> Result<(), ErrorResponse> {
+ let Some(auth_header) = req.headers().get(AUTHORIZATION) else {
+ return Err(create_error_response(
+ StatusCode::UNAUTHORIZED,
+ "missing Authorization header",
+ ));
+ };
+
+ let bearer_token = auth_header
+ .to_str()
+ .map_err(|_| http400("malfolmed Authorization header"))?
+ .strip_prefix("Bearer ")
+ .ok_or_else(|| http400("malfolmed Authorization header"))?;
+
+ let UserIdentity {
+ user_id,
+ device_id,
+ access_token,
+ } = bearer_token
+ .parse()
+ .map_err(|_| http400("malfolmed Authorization header"))?;
+
+ let result = db_client
+ .verify_access_token(user_id, device_id, access_token)
+ .await;
+ match result {
+ Ok(true) => Ok(()),
+ Ok(false) => Err(create_error_response(
+ StatusCode::FORBIDDEN,
+ "invalid credentials",
+ )),
+ Err(err) => {
+ error!("CSAT verification error: {err:?}");
+ Err(err.into())
+ }
+ }
+}
diff --git a/services/identity/src/http/mod.rs b/services/identity/src/http/mod.rs
--- a/services/identity/src/http/mod.rs
+++ b/services/identity/src/http/mod.rs
@@ -1,6 +1,7 @@
use hyper::{Body, Request, Response};
mod errors;
+mod handlers;
type HttpRequest = Request<Body>;
type HttpResponse = Response<Body>;

File Metadata

Mime Type
text/plain
Expires
Sun, Nov 24, 2:16 PM (20 h, 53 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2576260
Default Alt Text
D12303.id40914.diff (1 KB)

Event Timeline