[services-lib] Add authorization http middleware
Summary:
ENG-4657
HTTP services need a way for clients to authenticate with them. This diff implements a middleware that will reject invalid requests and a UserIdentity extractor that is able to extract user identity from a correct request.
NOTE: actual checking if the access token is correct is skipped here, because the comm access token work isn't finished, so clients wouldn't be able to authorize anyway.
Test Plan:
Created a resource:
web::resource("/hello") .route( web::get() .to(|user: UserIdentity| async move { format!("{user:?}") }), ) .wrap(get_comm_authentication_middleware()),
- Made a request without adding Authorization token -> got a 401 response with www-authenticate: Bearer header
- Made a request with Authorization: Bearer eyJ1c2VySUQiOiAiMSIsICJhY2Nlc3NUb2tlbiI6ICIyIiwgInNpZ25pbmdQdWJsaWNLZXkiOiAiMyJ9 header
- got a 200 response with text: "UserIdentity { user_id: "1", access_token: "2", signing_public_key: "3" }"
Reviewers: bartek, jon, patryk, kamil
Reviewed By: bartek
Subscribers: ashoat, tomek
Differential Revision: https://phab.comm.dev/D8911