From 57a59a25f623302e674432049e2f2c13d6fea322 Mon Sep 17 00:00:00 2001 From: Cara Salter Date: Tue, 28 Jun 2022 14:10:15 -0400 Subject: auth: Finished PASETO auth Closes #4 --- Cargo.lock | 7 ------- Cargo.toml | 1 - src/errors.rs | 7 ------- src/handlers/auth.rs | 49 +++++++++++++++++++++++++++++++++++++++---------- 4 files changed, 39 insertions(+), 25 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 504227c..445c673 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -498,12 +498,6 @@ dependencies = [ "libc", ] -[[package]] -name = "hex" -version = "0.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" - [[package]] name = "http" version = "0.2.6" @@ -1329,7 +1323,6 @@ dependencies = [ "chrono", "color-eyre", "eyre", - "hex", "hyper", "kankyo", "paseto", diff --git a/Cargo.toml b/Cargo.toml index 6792e7a..e49c659 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,7 +23,6 @@ axum-macros = "0.2" paseto = "2" ring = "0.16" -hex = "0.4" rand = "0.8" diff --git a/src/errors.rs b/src/errors.rs index e32c6d5..a243c12 100644 --- a/src/errors.rs +++ b/src/errors.rs @@ -1,4 +1,3 @@ -use hex::FromHexError; use ring::error::KeyRejected; use thiserror::Error; @@ -36,12 +35,6 @@ pub enum ServiceError { PasetoInvalid(#[from] KeyRejected), } -impl From for ServiceError { - fn from(_: FromHexError) -> Self { - ServiceError::Generic(String::from("Could not convert from hex")) - } -} - impl From for ServiceError { fn from(_: RingUnspecified) -> Self { ServiceError::Generic("Unspecified RNG error".to_string()) diff --git a/src/handlers/auth.rs b/src/handlers/auth.rs index cafaeb8..56b38f2 100644 --- a/src/handlers/auth.rs +++ b/src/handlers/auth.rs @@ -1,7 +1,7 @@ use std::{ collections::HashMap, fs::{self, File}, - sync::Arc, + sync::Arc, io::Read, }; use axum::{extract::Query, middleware::Next, response::Response, Extension}; @@ -9,6 +9,7 @@ use axum_macros::debug_handler; use chrono::{Datelike, TimeZone, Utc}; use hyper::Request; use ring::{rand::SystemRandom, signature::Ed25519KeyPair}; +use tracing::debug; use uuid::Uuid; use std::io::Write; @@ -69,24 +70,52 @@ pub async fn requires_auth(req: Request, next: Next) -> Result Ok(next.run(req).await), + Some(h) => { + debug!("Header: {}", h); + let kp = load_or_gen_keypair()?; + debug!("KP: {:?}", kp); + match paseto::tokens::validate_public_token(h, None, &paseto::tokens::PasetoPublicKey::ED25519KeyPair(&kp), &paseto::tokens::TimeBackend::Chrono) { + Ok(_) => Ok(next.run(req).await), + Err(_) => Err(ServiceError::NotAuthorized) + } + } None => Err(ServiceError::NotAuthorized), } } fn load_or_gen_keypair() -> Result { let kp: Ed25519KeyPair; - if let Ok(c) = fs::read_to_string(".keypair") { - kp = Ed25519KeyPair::from_pkcs8(&hex::decode(c)?)?; - } else { - let srand = SystemRandom::new(); - let pkcs8 = Ed25519KeyPair::generate_pkcs8(&srand)?; - let mut file = match File::open(".keypair") { Ok(f) => f, - Err(_) => File::create(".keypair").unwrap(), + Err(_) => { + debug!("File does not exist, creating at .keypair"); + File::create(".keypair").unwrap() + } }; - file.write(pkcs8.as_ref()); + if let Ok(c) = fs::read(".keypair") { + if c.len() == 0 { + debug!("No keypair found. Generating..."); + + + let srand = SystemRandom::new(); + let pkcs8 = Ed25519KeyPair::generate_pkcs8(&srand)?; + + fs::write(".keypair", pkcs8.as_ref()).unwrap(); + debug!("Written keypair {:?} to .keypair", pkcs8.as_ref()); + + kp = Ed25519KeyPair::from_pkcs8(pkcs8.as_ref())?; + } else { + + debug!("Found keypair file, contents: {:?}", c); + kp = Ed25519KeyPair::from_pkcs8(&c)?; + debug!("Loaded keypair from file"); + } + } else { + debug!("Generating new keypair"); + let srand = SystemRandom::new(); + let pkcs8 = Ed25519KeyPair::generate_pkcs8(&srand)?; + fs::write(".keypair", pkcs8.as_ref()).unwrap(); + debug!("Written keypair {:?} to .keypair", pkcs8.as_ref()); kp = Ed25519KeyPair::from_pkcs8(pkcs8.as_ref())?; } -- cgit v1.2.3