move files into module

actix-web-httpauth/src/extractors/basic.rs

@@ -0,0 +1,152 @@
+//! Extractor for the "Basic" HTTP Authentication Scheme
+
+use std::borrow::Cow;
+
+use actix_web::dev::{Payload, ServiceRequest};
+use actix_web::http::header::Header;
+use actix_web::{FromRequest, HttpRequest};
+use futures::future;
+
+use super::config::AuthExtractorConfig;
+use super::errors::AuthenticationError;
+use super::AuthExtractor;
+use crate::headers::authorization::{Authorization, Basic};
+use crate::headers::www_authenticate::basic::Basic as Challenge;
+
+/// [`BasicAuth`] extractor configuration,
+/// used for [`WWW-Authenticate`] header later.
+///
+/// [`BasicAuth`]: ./struct.BasicAuth.html
+/// [`WWW-Authenticate`]:
+/// ../../headers/www_authenticate/struct.WwwAuthenticate.html
+#[derive(Debug, Clone, Default)]
+pub struct Config(Challenge);
+
+impl Config {
+    /// Set challenge `realm` attribute.
+    ///
+    /// The "realm" attribute indicates the scope of protection in the manner
+    /// described in HTTP/1.1 [RFC2617](https://tools.ietf.org/html/rfc2617#section-1.2).
+    pub fn realm<T>(mut self, value: T) -> Config
+    where
+        T: Into<Cow<'static, str>>,
+    {
+        self.0.realm = Some(value.into());
+        self
+    }
+}
+
+impl AsRef<Challenge> for Config {
+    fn as_ref(&self) -> &Challenge {
+        &self.0
+    }
+}
+
+impl AuthExtractorConfig for Config {
+    type Inner = Challenge;
+
+    fn into_inner(self) -> Self::Inner {
+        self.0
+    }
+}
+
+// Needs `fn main` to display complete example.
+#[allow(clippy::needless_doctest_main)]
+/// Extractor for HTTP Basic auth.
+///
+/// # Example
+///
+/// ```
+/// use actix_web::Result;
+/// use actix_web_httpauth::extractors::basic::BasicAuth;
+///
+/// async fn index(auth: BasicAuth) -> String {
+///     format!("Hello, {}!", auth.user_id())
+/// }
+/// ```
+///
+/// If authentication fails, this extractor fetches the [`Config`] instance
+/// from the [app data] in order to properly form the `WWW-Authenticate`
+/// response header.
+///
+/// ## Example
+///
+/// ```
+/// use actix_web::{web, App};
+/// use actix_web_httpauth::extractors::basic::{BasicAuth, Config};
+///
+/// async fn index(auth: BasicAuth) -> String {
+///     format!("Hello, {}!", auth.user_id())
+/// }
+///
+/// fn main() {
+///     let app = App::new()
+///         .data(Config::default().realm("Restricted area"))
+///         .service(web::resource("/index.html").route(web::get().to(index)));
+/// }
+/// ```
+///
+/// [`Config`]: ./struct.Config.html
+/// [app data]: https://docs.rs/actix-web/1.0.0-beta.5/actix_web/struct.App.html#method.data
+#[derive(Debug, Clone)]
+pub struct BasicAuth(Basic);
+
+impl BasicAuth {
+    /// Returns client's user-ID.
+    pub fn user_id(&self) -> &Cow<'static, str> {
+        &self.0.user_id()
+    }
+
+    /// Returns client's password.
+    pub fn password(&self) -> Option<&Cow<'static, str>> {
+        self.0.password()
+    }
+}
+
+impl FromRequest for BasicAuth {
+    type Future = future::Ready<Result<Self, Self::Error>>;
+    type Config = Config;
+    type Error = AuthenticationError<Challenge>;
+
+    fn from_request(
+        req: &HttpRequest,
+        _: &mut Payload,
+    ) -> <Self as FromRequest>::Future {
+        future::ready(
+            Authorization::<Basic>::parse(req)
+                .map(|auth| BasicAuth(auth.into_scheme()))
+                .map_err(|_| {
+                    // TODO: debug! the original error
+                    let challenge = req
+                        .app_data::<Self::Config>()
+                        .map(|config| config.0.clone())
+                        // TODO: Add trace! about `Default::default` call
+                        .unwrap_or_else(Default::default);
+
+                    AuthenticationError::new(challenge)
+                }),
+        )
+    }
+}
+
+impl AuthExtractor for BasicAuth {
+    type Error = AuthenticationError<Challenge>;
+    type Future = future::Ready<Result<Self, Self::Error>>;
+
+    fn from_service_request(req: &ServiceRequest) -> Self::Future {
+        future::ready(
+            Authorization::<Basic>::parse(req)
+                .map(|auth| BasicAuth(auth.into_scheme()))
+                .map_err(|_| {
+                    // TODO: debug! the original error
+                    let challenge = req
+                        .app_data::<Config>()
+                        .map(|config| config.0.clone())
+                        // TODO: Add trace! about `Default::default` call
+                        .unwrap_or_else(Default::default);
+
+                    AuthenticationError::new(challenge)
+                }),
+        )
+    }
+}

actix-web-httpauth/src/extractors/bearer.rs

@@ -0,0 +1,180 @@
+//! Extractor for the "Bearer" HTTP Authentication Scheme
+
+use std::borrow::Cow;
+use std::default::Default;
+
+use actix_web::dev::{Payload, ServiceRequest};
+use actix_web::http::header::Header;
+use actix_web::{FromRequest, HttpRequest};
+use futures::future;
+
+use super::config::AuthExtractorConfig;
+use super::errors::AuthenticationError;
+use super::AuthExtractor;
+use crate::headers::authorization;
+use crate::headers::www_authenticate::bearer;
+pub use crate::headers::www_authenticate::bearer::Error;
+
+/// [BearerAuth](./struct/BearerAuth.html) extractor configuration.
+#[derive(Debug, Clone, Default)]
+pub struct Config(bearer::Bearer);
+
+impl Config {
+    /// Set challenge `scope` attribute.
+    ///
+    /// The `"scope"` attribute is a space-delimited list of case-sensitive
+    /// scope values indicating the required scope of the access token for
+    /// accessing the requested resource.
+    pub fn scope<T: Into<Cow<'static, str>>>(mut self, value: T) -> Config {
+        self.0.scope = Some(value.into());
+        self
+    }
+
+    /// Set challenge `realm` attribute.
+    ///
+    /// The "realm" attribute indicates the scope of protection in the manner
+    /// described in HTTP/1.1 [RFC2617](https://tools.ietf.org/html/rfc2617#section-1.2).
+    pub fn realm<T: Into<Cow<'static, str>>>(mut self, value: T) -> Config {
+        self.0.realm = Some(value.into());
+        self
+    }
+}
+
+impl AsRef<bearer::Bearer> for Config {
+    fn as_ref(&self) -> &bearer::Bearer {
+        &self.0
+    }
+}
+
+impl AuthExtractorConfig for Config {
+    type Inner = bearer::Bearer;
+
+    fn into_inner(self) -> Self::Inner {
+        self.0
+    }
+}
+
+// Needs `fn main` to display complete example.
+#[allow(clippy::needless_doctest_main)]
+/// Extractor for HTTP Bearer auth
+///
+/// # Example
+///
+/// ```
+/// use actix_web_httpauth::extractors::bearer::BearerAuth;
+///
+/// async fn index(auth: BearerAuth) -> String {
+///     format!("Hello, user with token {}!", auth.token())
+/// }
+/// ```
+///
+/// If authentication fails, this extractor fetches the [`Config`] instance
+/// from the [app data] in order to properly form the `WWW-Authenticate`
+/// response header.
+///
+/// ## Example
+///
+/// ```
+/// use actix_web::{web, App};
+/// use actix_web_httpauth::extractors::bearer::{BearerAuth, Config};
+///
+/// async fn index(auth: BearerAuth) -> String {
+///     format!("Hello, {}!", auth.token())
+/// }
+///
+/// fn main() {
+///     let app = App::new()
+///         .data(
+///             Config::default()
+///                 .realm("Restricted area")
+///                 .scope("email photo"),
+///         )
+///         .service(web::resource("/index.html").route(web::get().to(index)));
+/// }
+/// ```
+#[derive(Debug, Clone)]
+pub struct BearerAuth(authorization::Bearer);
+
+impl BearerAuth {
+    /// Returns bearer token provided by client.
+    pub fn token(&self) -> &str {
+        self.0.token()
+    }
+}
+
+impl FromRequest for BearerAuth {
+    type Config = Config;
+    type Future = future::Ready<Result<Self, Self::Error>>;
+    type Error = AuthenticationError<bearer::Bearer>;
+
+    fn from_request(
+        req: &HttpRequest,
+        _payload: &mut Payload,
+    ) -> <Self as FromRequest>::Future {
+        future::ready(
+            authorization::Authorization::<authorization::Bearer>::parse(req)
+                .map(|auth| BearerAuth(auth.into_scheme()))
+                .map_err(|_| {
+                    let bearer = req
+                        .app_data::<Self::Config>()
+                        .map(|config| config.0.clone())
+                        .unwrap_or_else(Default::default);
+
+                    AuthenticationError::new(bearer)
+                }),
+        )
+    }
+}
+
+impl AuthExtractor for BearerAuth {
+    type Future = future::Ready<Result<Self, Self::Error>>;
+    type Error = AuthenticationError<bearer::Bearer>;
+
+    fn from_service_request(req: &ServiceRequest) -> Self::Future {
+        future::ready(
+            authorization::Authorization::<authorization::Bearer>::parse(req)
+                .map(|auth| BearerAuth(auth.into_scheme()))
+                .map_err(|_| {
+                    let bearer = req
+                        .app_data::<Config>()
+                        .map(|config| config.0.clone())
+                        .unwrap_or_else(Default::default);
+
+                    AuthenticationError::new(bearer)
+                }),
+        )
+    }
+}
+
+/// Extended error customization for HTTP `Bearer` auth.
+impl AuthenticationError<bearer::Bearer> {
+    /// Attach `Error` to the current Authentication error.
+    ///
+    /// Error status code will be changed to the one provided by the `kind`
+    /// Error.
+    pub fn with_error(mut self, kind: Error) -> Self {
+        *self.status_code_mut() = kind.status_code();
+        self.challenge_mut().error = Some(kind);
+        self
+    }
+
+    /// Attach error description to the current Authentication error.
+    pub fn with_error_description<T>(mut self, desc: T) -> Self
+    where
+        T: Into<Cow<'static, str>>,
+    {
+        self.challenge_mut().error_description = Some(desc.into());
+        self
+    }
+
+    /// Attach error URI to the current Authentication error.
+    ///
+    /// It is up to implementor to provide properly formed absolute URI.
+    pub fn with_error_uri<T>(mut self, uri: T) -> Self
+    where
+        T: Into<Cow<'static, str>>,
+    {
+        self.challenge_mut().error_uri = Some(uri.into());
+        self
+    }
+}

actix-web-httpauth/src/extractors/config.rs

@@ -0,0 +1,23 @@
+use super::AuthenticationError;
+use crate::headers::www_authenticate::Challenge;
+
+/// Trait implemented for types that provides configuration
+/// for the authentication [extractors].
+///
+/// [extractors]: ./trait.AuthExtractor.html
+pub trait AuthExtractorConfig {
+    /// Associated challenge type.
+    type Inner: Challenge;
+
+    /// Convert the config instance into a HTTP challenge.
+    fn into_inner(self) -> Self::Inner;
+}
+
+impl<T> From<T> for AuthenticationError<<T as AuthExtractorConfig>::Inner>
+where
+    T: AuthExtractorConfig,
+{
+    fn from(config: T) -> Self {
+        AuthenticationError::new(config.into_inner())
+    }
+}

actix-web-httpauth/src/extractors/errors.rs

@@ -0,0 +1,60 @@
+use std::error::Error;
+use std::fmt;
+
+use actix_web::http::StatusCode;
+use actix_web::{HttpResponse, ResponseError};
+
+use crate::headers::www_authenticate::Challenge;
+use crate::headers::www_authenticate::WwwAuthenticate;
+
+/// Authentication error returned by authentication extractors.
+///
+/// Different extractors may extend `AuthenticationError` implementation
+/// in order to provide access to inner challenge fields.
+#[derive(Debug)]
+pub struct AuthenticationError<C: Challenge> {
+    challenge: C,
+    status_code: StatusCode,
+}
+
+impl<C: Challenge> AuthenticationError<C> {
+    /// Creates new authentication error from the provided `challenge`.
+    ///
+    /// By default returned error will resolve into the `HTTP 401` status code.
+    pub fn new(challenge: C) -> AuthenticationError<C> {
+        AuthenticationError {
+            challenge,
+            status_code: StatusCode::UNAUTHORIZED,
+        }
+    }
+
+    /// Returns mutable reference to the inner challenge instance.
+    pub fn challenge_mut(&mut self) -> &mut C {
+        &mut self.challenge
+    }
+
+    /// Returns mutable reference to the inner status code.
+    ///
+    /// Can be used to override returned status code, but by default
+    /// this lib tries to stick to the RFC, so it might be unreasonable.
+    pub fn status_code_mut(&mut self) -> &mut StatusCode {
+        &mut self.status_code
+    }
+}
+
+impl<C: Challenge> fmt::Display for AuthenticationError<C> {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        fmt::Display::fmt(&self.status_code, f)
+    }
+}
+
+impl<C: 'static + Challenge> Error for AuthenticationError<C> {}
+
+impl<C: 'static + Challenge> ResponseError for AuthenticationError<C> {
+    fn error_response(&self) -> HttpResponse {
+        HttpResponse::build(self.status_code)
+            // TODO: Get rid of the `.clone()`
+            .set(WwwAuthenticate(self.challenge.clone()))
+            .finish()
+    }
+}

actix-web-httpauth/src/extractors/mod.rs

@@ -0,0 +1,33 @@
+//! Type-safe authentication information extractors
+
+use actix_web::dev::ServiceRequest;
+use actix_web::Error;
+use futures::future::Future;
+
+pub mod basic;
+pub mod bearer;
+mod config;
+mod errors;
+
+pub use self::config::AuthExtractorConfig;
+pub use self::errors::AuthenticationError;
+
+/// Trait implemented by types that can extract
+/// HTTP authentication scheme credentials from the request.
+///
+/// It is very similar to actix' `FromRequest` trait,
+/// except it operates with a `ServiceRequest` struct instead,
+/// therefore it can be used in the middlewares.
+///
+/// You will not need it unless you want to implement your own
+/// authentication scheme.
+pub trait AuthExtractor: Sized {
+    /// The associated error which can be returned.
+    type Error: Into<Error>;
+
+    /// Future that resolves into extracted credentials type.
+    type Future: Future<Output = Result<Self, Self::Error>>;
+
+    /// Parse the authentication credentials from the actix' `ServiceRequest`.
+    fn from_service_request(req: &ServiceRequest) -> Self::Future;
+}