2019-05-15 17:38:55 +03:00
|
|
|
//! Extractor for the "Bearer" HTTP Authentication Scheme
|
|
|
|
|
|
2021-12-08 07:29:12 +00:00
|
|
|
use std::{borrow::Cow, default::Default};
|
2018-05-30 16:43:39 +03:00
|
|
|
|
2021-12-08 07:29:12 +00:00
|
|
|
use actix_utils::future::{ready, Ready};
|
|
|
|
|
use actix_web::{
|
|
|
|
|
dev::{Payload, ServiceRequest},
|
|
|
|
|
http::header::Header,
|
|
|
|
|
FromRequest, HttpRequest,
|
|
|
|
|
};
|
2018-05-30 16:43:39 +03:00
|
|
|
|
2021-12-08 07:29:12 +00:00
|
|
|
use super::{config::AuthExtractorConfig, errors::AuthenticationError, AuthExtractor};
|
2019-05-15 17:38:55 +03:00
|
|
|
pub use crate::headers::www_authenticate::bearer::Error;
|
2021-12-08 07:29:12 +00:00
|
|
|
use crate::headers::{authorization, www_authenticate::bearer};
|
2018-05-30 16:43:39 +03:00
|
|
|
|
|
|
|
|
/// [BearerAuth](./struct/BearerAuth.html) extractor configuration.
|
2019-05-15 17:38:55 +03:00
|
|
|
#[derive(Debug, Clone, Default)]
|
2018-05-30 16:43:39 +03:00
|
|
|
pub struct Config(bearer::Bearer);
|
|
|
|
|
|
|
|
|
|
impl Config {
|
|
|
|
|
/// Set challenge `scope` attribute.
|
|
|
|
|
///
|
2019-05-17 17:28:57 +03:00
|
|
|
/// The `"scope"` attribute is a space-delimited list of case-sensitive
|
|
|
|
|
/// scope values indicating the required scope of the access token for
|
|
|
|
|
/// accessing the requested resource.
|
2019-05-15 17:38:55 +03:00
|
|
|
pub fn scope<T: Into<Cow<'static, str>>>(mut self, value: T) -> Config {
|
2018-05-30 16:43:39 +03:00
|
|
|
self.0.scope = Some(value.into());
|
|
|
|
|
self
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Set challenge `realm` attribute.
|
|
|
|
|
///
|
2019-05-17 17:28:57 +03:00
|
|
|
/// The "realm" attribute indicates the scope of protection in the manner
|
|
|
|
|
/// described in HTTP/1.1 [RFC2617](https://tools.ietf.org/html/rfc2617#section-1.2).
|
2019-05-15 17:38:55 +03:00
|
|
|
pub fn realm<T: Into<Cow<'static, str>>>(mut self, value: T) -> Config {
|
2018-05-30 16:43:39 +03:00
|
|
|
self.0.realm = Some(value.into());
|
|
|
|
|
self
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-15 17:38:55 +03:00
|
|
|
impl AsRef<bearer::Bearer> for Config {
|
|
|
|
|
fn as_ref(&self) -> &bearer::Bearer {
|
|
|
|
|
&self.0
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-17 17:28:57 +03:00
|
|
|
impl AuthExtractorConfig for Config {
|
2018-05-30 16:43:39 +03:00
|
|
|
type Inner = bearer::Bearer;
|
|
|
|
|
|
|
|
|
|
fn into_inner(self) -> Self::Inner {
|
|
|
|
|
self.0
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-14 13:31:20 +09:00
|
|
|
// Needs `fn main` to display complete example.
|
|
|
|
|
#[allow(clippy::needless_doctest_main)]
|
2018-05-30 16:43:39 +03:00
|
|
|
/// Extractor for HTTP Bearer auth
|
|
|
|
|
///
|
|
|
|
|
/// # Example
|
|
|
|
|
///
|
2020-01-14 13:31:20 +09:00
|
|
|
/// ```
|
2018-05-30 16:43:39 +03:00
|
|
|
/// use actix_web_httpauth::extractors::bearer::BearerAuth;
|
|
|
|
|
///
|
2020-01-07 01:00:43 +09:00
|
|
|
/// async fn index(auth: BearerAuth) -> String {
|
2019-05-15 17:38:55 +03:00
|
|
|
/// format!("Hello, user with token {}!", auth.token())
|
|
|
|
|
/// }
|
|
|
|
|
/// ```
|
|
|
|
|
///
|
|
|
|
|
/// If authentication fails, this extractor fetches the [`Config`] instance
|
2019-05-17 17:28:57 +03:00
|
|
|
/// from the [app data] in order to properly form the `WWW-Authenticate`
|
|
|
|
|
/// response header.
|
2019-05-15 17:38:55 +03:00
|
|
|
///
|
|
|
|
|
/// ## Example
|
|
|
|
|
///
|
2020-01-14 13:31:20 +09:00
|
|
|
/// ```
|
2019-05-15 17:38:55 +03:00
|
|
|
/// use actix_web::{web, App};
|
|
|
|
|
/// use actix_web_httpauth::extractors::bearer::{BearerAuth, Config};
|
|
|
|
|
///
|
2020-01-07 01:00:43 +09:00
|
|
|
/// async fn index(auth: BearerAuth) -> String {
|
2019-05-15 17:38:55 +03:00
|
|
|
/// format!("Hello, {}!", auth.token())
|
|
|
|
|
/// }
|
|
|
|
|
///
|
|
|
|
|
/// fn main() {
|
|
|
|
|
/// let app = App::new()
|
2021-06-27 07:02:38 +01:00
|
|
|
/// .app_data(
|
2019-05-17 17:28:57 +03:00
|
|
|
/// Config::default()
|
|
|
|
|
/// .realm("Restricted area")
|
|
|
|
|
/// .scope("email photo"),
|
|
|
|
|
/// )
|
2019-05-15 17:38:55 +03:00
|
|
|
/// .service(web::resource("/index.html").route(web::get().to(index)));
|
2018-05-30 16:43:39 +03:00
|
|
|
/// }
|
|
|
|
|
/// ```
|
|
|
|
|
#[derive(Debug, Clone)]
|
|
|
|
|
pub struct BearerAuth(authorization::Bearer);
|
|
|
|
|
|
|
|
|
|
impl BearerAuth {
|
2019-05-15 17:38:55 +03:00
|
|
|
/// Returns bearer token provided by client.
|
2018-05-30 16:43:39 +03:00
|
|
|
pub fn token(&self) -> &str {
|
2019-05-15 17:38:55 +03:00
|
|
|
self.0.token()
|
|
|
|
|
}
|
2019-05-17 17:28:57 +03:00
|
|
|
}
|
2019-05-15 17:38:55 +03:00
|
|
|
|
2019-05-17 17:28:57 +03:00
|
|
|
impl FromRequest for BearerAuth {
|
2020-05-21 17:23:59 +09:00
|
|
|
type Future = Ready<Result<Self, Self::Error>>;
|
2019-05-17 17:28:57 +03:00
|
|
|
type Error = AuthenticationError<bearer::Bearer>;
|
|
|
|
|
|
2021-08-30 23:27:44 +01:00
|
|
|
fn from_request(req: &HttpRequest, _payload: &mut Payload) -> <Self as FromRequest>::Future {
|
2020-05-21 17:23:59 +09:00
|
|
|
ready(
|
2020-01-07 01:00:43 +09:00
|
|
|
authorization::Authorization::<authorization::Bearer>::parse(req)
|
|
|
|
|
.map(|auth| BearerAuth(auth.into_scheme()))
|
|
|
|
|
.map_err(|_| {
|
|
|
|
|
let bearer = req
|
2021-10-21 13:10:00 +00:00
|
|
|
.app_data::<Config>()
|
2020-01-07 01:00:43 +09:00
|
|
|
.map(|config| config.0.clone())
|
|
|
|
|
.unwrap_or_else(Default::default);
|
|
|
|
|
|
|
|
|
|
AuthenticationError::new(bearer)
|
|
|
|
|
}),
|
|
|
|
|
)
|
2018-05-30 16:43:39 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-17 17:28:57 +03:00
|
|
|
impl AuthExtractor for BearerAuth {
|
2020-05-21 17:23:59 +09:00
|
|
|
type Future = Ready<Result<Self, Self::Error>>;
|
2019-05-15 17:38:55 +03:00
|
|
|
type Error = AuthenticationError<bearer::Bearer>;
|
2018-05-30 16:43:39 +03:00
|
|
|
|
2019-05-17 17:28:57 +03:00
|
|
|
fn from_service_request(req: &ServiceRequest) -> Self::Future {
|
2020-05-21 17:23:59 +09:00
|
|
|
ready(
|
2020-01-07 01:00:43 +09:00
|
|
|
authorization::Authorization::<authorization::Bearer>::parse(req)
|
|
|
|
|
.map(|auth| BearerAuth(auth.into_scheme()))
|
|
|
|
|
.map_err(|_| {
|
|
|
|
|
let bearer = req
|
|
|
|
|
.app_data::<Config>()
|
|
|
|
|
.map(|config| config.0.clone())
|
|
|
|
|
.unwrap_or_else(Default::default);
|
|
|
|
|
|
|
|
|
|
AuthenticationError::new(bearer)
|
|
|
|
|
}),
|
|
|
|
|
)
|
2018-05-30 16:43:39 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Extended error customization for HTTP `Bearer` auth.
|
|
|
|
|
impl AuthenticationError<bearer::Bearer> {
|
2019-05-15 17:38:55 +03:00
|
|
|
/// Attach `Error` to the current Authentication error.
|
|
|
|
|
///
|
2019-05-17 17:28:57 +03:00
|
|
|
/// Error status code will be changed to the one provided by the `kind`
|
|
|
|
|
/// Error.
|
2018-05-30 16:43:39 +03:00
|
|
|
pub fn with_error(mut self, kind: Error) -> Self {
|
|
|
|
|
*self.status_code_mut() = kind.status_code();
|
|
|
|
|
self.challenge_mut().error = Some(kind);
|
|
|
|
|
self
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-15 17:38:55 +03:00
|
|
|
/// Attach error description to the current Authentication error.
|
|
|
|
|
pub fn with_error_description<T>(mut self, desc: T) -> Self
|
|
|
|
|
where
|
|
|
|
|
T: Into<Cow<'static, str>>,
|
|
|
|
|
{
|
2018-05-30 16:43:39 +03:00
|
|
|
self.challenge_mut().error_description = Some(desc.into());
|
|
|
|
|
self
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-15 17:38:55 +03:00
|
|
|
/// Attach error URI to the current Authentication error.
|
|
|
|
|
///
|
|
|
|
|
/// It is up to implementor to provide properly formed absolute URI.
|
|
|
|
|
pub fn with_error_uri<T>(mut self, uri: T) -> Self
|
|
|
|
|
where
|
|
|
|
|
T: Into<Cow<'static, str>>,
|
|
|
|
|
{
|
2018-05-30 16:43:39 +03:00
|
|
|
self.challenge_mut().error_uri = Some(uri.into());
|
|
|
|
|
self
|
|
|
|
|
}
|
|
|
|
|
}
|
