mirror of
https://github.com/vbrandl/bind9-api.git
synced 2024-11-24 22:02:59 +01:00
Restructure code and use extractor
This commit is contained in:
parent
6fb2d1f133
commit
4aa4eef9cb
@ -9,41 +9,28 @@ extern crate futures;
|
|||||||
#[macro_use]
|
#[macro_use]
|
||||||
extern crate log;
|
extern crate log;
|
||||||
extern crate pretty_env_logger;
|
extern crate pretty_env_logger;
|
||||||
|
extern crate serde;
|
||||||
extern crate serde_json;
|
extern crate serde_json;
|
||||||
|
|
||||||
mod cli;
|
mod cli;
|
||||||
|
mod util;
|
||||||
|
|
||||||
use actix_web::{
|
use actix_web::{
|
||||||
error::{self, ErrorInternalServerError, ErrorUnauthorized, JsonPayloadError, ParseError}, http,
|
error::{self, ErrorInternalServerError}, http, middleware::Logger, server, App, Result, State,
|
||||||
middleware::Logger, server, App, HttpMessage, HttpRequest, Result,
|
|
||||||
};
|
};
|
||||||
use data::{Delete, Update};
|
use data::{Delete, Update};
|
||||||
use failure::Error;
|
use failure::Error;
|
||||||
use futures::future::{err as FutErr, Future};
|
|
||||||
use std::{
|
use std::{
|
||||||
io::Write, process::{Command, Stdio}, sync::Arc,
|
io::Write, process::{Command, Stdio}, sync::Arc,
|
||||||
};
|
};
|
||||||
|
use util::{Config, ExecuteError, Validated};
|
||||||
#[derive(Debug, Fail)]
|
|
||||||
enum ExecuteError {
|
|
||||||
#[fail(display = "Stdin error")]
|
|
||||||
Stdin,
|
|
||||||
}
|
|
||||||
|
|
||||||
struct Config {
|
|
||||||
token: String,
|
|
||||||
command: String,
|
|
||||||
key_path: String,
|
|
||||||
ok_marker: String,
|
|
||||||
server: String,
|
|
||||||
}
|
|
||||||
|
|
||||||
fn execute_nsupdate(input: &str, config: &Config) -> Result<String, Error> {
|
fn execute_nsupdate(input: &str, config: &Config) -> Result<String, Error> {
|
||||||
info!("executing update: {}", input);
|
info!("executing update: {}", input);
|
||||||
let mut cmd = Command::new(&config.command)
|
let mut cmd = Command::new(config.command())
|
||||||
.stdin(Stdio::piped())
|
.stdin(Stdio::piped())
|
||||||
.stdout(Stdio::piped())
|
.stdout(Stdio::piped())
|
||||||
.args(&["-k", &config.key_path])
|
.args(&["-k", config.key_path()])
|
||||||
.spawn()?;
|
.spawn()?;
|
||||||
{
|
{
|
||||||
let stdin = cmd.stdin.as_mut().ok_or(ExecuteError::Stdin)?;
|
let stdin = cmd.stdin.as_mut().ok_or(ExecuteError::Stdin)?;
|
||||||
@ -55,65 +42,30 @@ fn execute_nsupdate(input: &str, config: &Config) -> Result<String, Error> {
|
|||||||
Ok(output)
|
Ok(output)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn delete(req: HttpRequest<Arc<Config>>) -> Box<Future<Item = &'static str, Error = error::Error>> {
|
fn delete(
|
||||||
let state = req.state().clone();
|
(delete, state): (Validated<Delete>, State<Arc<Config>>),
|
||||||
let sig = extract_signature(&req);
|
) -> Result<&'static str, error::Error> {
|
||||||
if sig.is_err() {
|
|
||||||
return Box::new(FutErr(sig.unwrap_err()));
|
|
||||||
}
|
|
||||||
let sig = sig.unwrap();
|
|
||||||
let secret = state.token.clone();
|
|
||||||
Box::new(req.body().from_err().and_then(move |body| {
|
|
||||||
if crypto::verify_signature(secret.as_bytes(), &body, &sig) {
|
|
||||||
let delete: Delete = serde_json::from_slice(&body)
|
|
||||||
.map_err(|e| ErrorInternalServerError(JsonPayloadError::Deserialize(e)))?;
|
|
||||||
info!("Deleting {} record for {}", delete.record(), delete.name());
|
info!("Deleting {} record for {}", delete.record(), delete.name());
|
||||||
let stdin = format!(
|
let stdin = format!(
|
||||||
"server {}\nupdate delete {} {}\nsend\n",
|
"server {}\nupdate delete {} {}\nsend\n",
|
||||||
state.server,
|
state.server(),
|
||||||
delete.name(),
|
delete.name(),
|
||||||
delete.record()
|
delete.record()
|
||||||
);
|
);
|
||||||
Ok(execute_nsupdate(&stdin, &state)
|
Ok(execute_nsupdate(&stdin, &state)
|
||||||
.map_err(|_| ErrorInternalServerError("Error executing nsupdate"))
|
.map_err(|_| ErrorInternalServerError("Error executing nsupdate"))
|
||||||
.and_then(|s| {
|
.and_then(|s| {
|
||||||
if s.contains(&state.ok_marker) {
|
if s.contains(state.ok_marker()) {
|
||||||
Ok("OK")
|
Ok("OK")
|
||||||
} else {
|
} else {
|
||||||
Err(ErrorInternalServerError("Marker not found"))
|
Err(ErrorInternalServerError("Marker not found"))
|
||||||
}
|
}
|
||||||
})?)
|
})?)
|
||||||
} else {
|
|
||||||
Err(ErrorUnauthorized(ParseError::Header))
|
|
||||||
}
|
|
||||||
}))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
fn extract_signature<S>(req: &HttpRequest<S>) -> Result<Vec<u8>> {
|
fn update(
|
||||||
Ok(req.headers()
|
(update, state): (Validated<Update>, State<Arc<Config>>),
|
||||||
.get(data::TOKEN_HEADER)
|
) -> Result<&'static str, error::Error> {
|
||||||
.as_ref()
|
|
||||||
.ok_or_else(|| ErrorUnauthorized(ParseError::Header))?
|
|
||||||
.to_str()
|
|
||||||
.map_err(ErrorUnauthorized)
|
|
||||||
.and_then(|s| {
|
|
||||||
crypto::hex_str_to_bytes(s).map_err(|_| ErrorUnauthorized(ParseError::Header))
|
|
||||||
})
|
|
||||||
.map_err(ErrorUnauthorized)?)
|
|
||||||
}
|
|
||||||
|
|
||||||
fn update(req: HttpRequest<Arc<Config>>) -> Box<Future<Item = &'static str, Error = error::Error>> {
|
|
||||||
let state = req.state().clone();
|
|
||||||
let sig = extract_signature(&req);
|
|
||||||
if sig.is_err() {
|
|
||||||
return Box::new(FutErr(sig.unwrap_err()));
|
|
||||||
}
|
|
||||||
let sig = sig.unwrap();
|
|
||||||
let secret = state.token.clone();
|
|
||||||
Box::new(req.body().from_err().and_then(move |body| {
|
|
||||||
if crypto::verify_signature(secret.as_bytes(), &body, &sig) {
|
|
||||||
let update: Update = serde_json::from_slice(&body)
|
|
||||||
.map_err(|e| ErrorInternalServerError(JsonPayloadError::Deserialize(e)))?;
|
|
||||||
info!(
|
info!(
|
||||||
"Updating {} record for {} with value \"{}\"",
|
"Updating {} record for {} with value \"{}\"",
|
||||||
update.record(),
|
update.record(),
|
||||||
@ -122,7 +74,7 @@ fn update(req: HttpRequest<Arc<Config>>) -> Box<Future<Item = &'static str, Erro
|
|||||||
);
|
);
|
||||||
let stdin = format!(
|
let stdin = format!(
|
||||||
"server {}\nupdate add {} {} {} {}\nsend\n",
|
"server {}\nupdate add {} {} {} {}\nsend\n",
|
||||||
state.server,
|
state.server(),
|
||||||
update.name(),
|
update.name(),
|
||||||
update.ttl(),
|
update.ttl(),
|
||||||
update.record(),
|
update.record(),
|
||||||
@ -131,16 +83,12 @@ fn update(req: HttpRequest<Arc<Config>>) -> Box<Future<Item = &'static str, Erro
|
|||||||
Ok(execute_nsupdate(&stdin, &state)
|
Ok(execute_nsupdate(&stdin, &state)
|
||||||
.map_err(|_| ErrorInternalServerError("Error executing nsupdate"))
|
.map_err(|_| ErrorInternalServerError("Error executing nsupdate"))
|
||||||
.and_then(|s| {
|
.and_then(|s| {
|
||||||
if s.contains(&state.ok_marker) {
|
if s.contains(state.ok_marker()) {
|
||||||
Ok("OK")
|
Ok("OK")
|
||||||
} else {
|
} else {
|
||||||
Err(ErrorInternalServerError("Marker not found"))
|
Err(ErrorInternalServerError("Marker not found"))
|
||||||
}
|
}
|
||||||
})?)
|
})?)
|
||||||
} else {
|
|
||||||
Err(ErrorUnauthorized(ParseError::Header))
|
|
||||||
}
|
|
||||||
}))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
fn main() {
|
fn main() {
|
||||||
@ -152,13 +100,7 @@ fn main() {
|
|||||||
let key_path = matches.value_of("KEYPATH").unwrap().to_owned();
|
let key_path = matches.value_of("KEYPATH").unwrap().to_owned();
|
||||||
let ok_marker = matches.value_of("OKMARK").unwrap_or("").to_owned();
|
let ok_marker = matches.value_of("OKMARK").unwrap_or("").to_owned();
|
||||||
let server = matches.value_of("SERVER").unwrap_or("127.0.0.1").to_owned();
|
let server = matches.value_of("SERVER").unwrap_or("127.0.0.1").to_owned();
|
||||||
let config = Arc::new(Config {
|
let config = Arc::new(Config::new(token, command, key_path, ok_marker, server));
|
||||||
token,
|
|
||||||
command,
|
|
||||||
key_path,
|
|
||||||
ok_marker,
|
|
||||||
server,
|
|
||||||
});
|
|
||||||
let port: u16 = matches
|
let port: u16 = matches
|
||||||
.value_of("PORT")
|
.value_of("PORT")
|
||||||
.unwrap_or("8000")
|
.unwrap_or("8000")
|
||||||
|
108
server/src/util.rs
Normal file
108
server/src/util.rs
Normal file
@ -0,0 +1,108 @@
|
|||||||
|
use actix_web::{
|
||||||
|
error::{Error, ErrorInternalServerError, ErrorUnauthorized, JsonPayloadError, ParseError},
|
||||||
|
FromRequest, HttpMessage, HttpRequest, Result,
|
||||||
|
};
|
||||||
|
use futures::future::{err as FutErr, Future};
|
||||||
|
use std::{ops::Deref, sync::Arc};
|
||||||
|
|
||||||
|
#[derive(Debug, Fail)]
|
||||||
|
pub enum ExecuteError {
|
||||||
|
#[fail(display = "Stdin error")]
|
||||||
|
Stdin,
|
||||||
|
}
|
||||||
|
|
||||||
|
pub struct Config {
|
||||||
|
token: String,
|
||||||
|
command: String,
|
||||||
|
key_path: String,
|
||||||
|
ok_marker: String,
|
||||||
|
server: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Config {
|
||||||
|
pub fn new(
|
||||||
|
token: String,
|
||||||
|
command: String,
|
||||||
|
key_path: String,
|
||||||
|
ok_marker: String,
|
||||||
|
server: String,
|
||||||
|
) -> Self {
|
||||||
|
Self {
|
||||||
|
token,
|
||||||
|
command,
|
||||||
|
key_path,
|
||||||
|
ok_marker,
|
||||||
|
server,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#[inline]
|
||||||
|
pub fn token(&self) -> &str {
|
||||||
|
&self.token
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
pub fn command(&self) -> &str {
|
||||||
|
&self.command
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
pub fn key_path(&self) -> &str {
|
||||||
|
&self.key_path
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
pub fn ok_marker(&self) -> &str {
|
||||||
|
&self.ok_marker
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
pub fn server(&self) -> &str {
|
||||||
|
&self.server
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub struct Validated<T>(T);
|
||||||
|
|
||||||
|
impl<T: 'static + ::serde::de::DeserializeOwned> FromRequest<Arc<Config>> for Validated<T> {
|
||||||
|
type Config = ();
|
||||||
|
type Result = Box<Future<Item = Self, Error = Error>>;
|
||||||
|
|
||||||
|
fn from_request(req: &HttpRequest<Arc<Config>>, _: &Self::Config) -> Self::Result {
|
||||||
|
let state = req.state().clone();
|
||||||
|
let sig = extract_signature(&req);
|
||||||
|
if sig.is_err() {
|
||||||
|
return Box::new(FutErr(sig.unwrap_err()));
|
||||||
|
}
|
||||||
|
let sig = sig.unwrap();
|
||||||
|
Box::new(req.clone().body().from_err().and_then(move |body| {
|
||||||
|
if ::crypto::verify_signature(state.token().as_bytes(), &body, &sig) {
|
||||||
|
let delete: T = ::serde_json::from_slice(&body)
|
||||||
|
.map_err(|e| ErrorInternalServerError(JsonPayloadError::Deserialize(e)))?;
|
||||||
|
Ok(Validated(delete))
|
||||||
|
} else {
|
||||||
|
Err(ErrorUnauthorized(ParseError::Header))
|
||||||
|
}
|
||||||
|
}))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<T> Deref for Validated<T> {
|
||||||
|
type Target = T;
|
||||||
|
|
||||||
|
fn deref(&self) -> &T {
|
||||||
|
&self.0
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn extract_signature<S>(req: &HttpRequest<S>) -> Result<Vec<u8>> {
|
||||||
|
Ok(req.headers()
|
||||||
|
.get(::data::TOKEN_HEADER)
|
||||||
|
.as_ref()
|
||||||
|
.ok_or_else(|| ErrorUnauthorized(ParseError::Header))?
|
||||||
|
.to_str()
|
||||||
|
.map_err(ErrorUnauthorized)
|
||||||
|
.and_then(|s| {
|
||||||
|
::crypto::hex_str_to_bytes(s).map_err(|_| ErrorUnauthorized(ParseError::Header))
|
||||||
|
})
|
||||||
|
.map_err(ErrorUnauthorized)?)
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user