1
0
mirror of https://github.com/vbrandl/bind9-api.git synced 2024-11-24 22:02:59 +01:00

Restructure code and use extractor

This commit is contained in:
Valentin Brandl 2018-07-08 11:59:50 +02:00
parent 6fb2d1f133
commit 4aa4eef9cb
Signed by: vbrandl
GPG Key ID: CAD4DA1A789125F9
2 changed files with 159 additions and 109 deletions

View File

@ -9,41 +9,28 @@ extern crate futures;
#[macro_use] #[macro_use]
extern crate log; extern crate log;
extern crate pretty_env_logger; extern crate pretty_env_logger;
extern crate serde;
extern crate serde_json; extern crate serde_json;
mod cli; mod cli;
mod util;
use actix_web::{ use actix_web::{
error::{self, ErrorInternalServerError, ErrorUnauthorized, JsonPayloadError, ParseError}, http, error::{self, ErrorInternalServerError}, http, middleware::Logger, server, App, Result, State,
middleware::Logger, server, App, HttpMessage, HttpRequest, Result,
}; };
use data::{Delete, Update}; use data::{Delete, Update};
use failure::Error; use failure::Error;
use futures::future::{err as FutErr, Future};
use std::{ use std::{
io::Write, process::{Command, Stdio}, sync::Arc, io::Write, process::{Command, Stdio}, sync::Arc,
}; };
use util::{Config, ExecuteError, Validated};
#[derive(Debug, Fail)]
enum ExecuteError {
#[fail(display = "Stdin error")]
Stdin,
}
struct Config {
token: String,
command: String,
key_path: String,
ok_marker: String,
server: String,
}
fn execute_nsupdate(input: &str, config: &Config) -> Result<String, Error> { fn execute_nsupdate(input: &str, config: &Config) -> Result<String, Error> {
info!("executing update: {}", input); info!("executing update: {}", input);
let mut cmd = Command::new(&config.command) let mut cmd = Command::new(config.command())
.stdin(Stdio::piped()) .stdin(Stdio::piped())
.stdout(Stdio::piped()) .stdout(Stdio::piped())
.args(&["-k", &config.key_path]) .args(&["-k", config.key_path()])
.spawn()?; .spawn()?;
{ {
let stdin = cmd.stdin.as_mut().ok_or(ExecuteError::Stdin)?; let stdin = cmd.stdin.as_mut().ok_or(ExecuteError::Stdin)?;
@ -55,65 +42,30 @@ fn execute_nsupdate(input: &str, config: &Config) -> Result<String, Error> {
Ok(output) Ok(output)
} }
fn delete(req: HttpRequest<Arc<Config>>) -> Box<Future<Item = &'static str, Error = error::Error>> { fn delete(
let state = req.state().clone(); (delete, state): (Validated<Delete>, State<Arc<Config>>),
let sig = extract_signature(&req); ) -> Result<&'static str, error::Error> {
if sig.is_err() {
return Box::new(FutErr(sig.unwrap_err()));
}
let sig = sig.unwrap();
let secret = state.token.clone();
Box::new(req.body().from_err().and_then(move |body| {
if crypto::verify_signature(secret.as_bytes(), &body, &sig) {
let delete: Delete = serde_json::from_slice(&body)
.map_err(|e| ErrorInternalServerError(JsonPayloadError::Deserialize(e)))?;
info!("Deleting {} record for {}", delete.record(), delete.name()); info!("Deleting {} record for {}", delete.record(), delete.name());
let stdin = format!( let stdin = format!(
"server {}\nupdate delete {} {}\nsend\n", "server {}\nupdate delete {} {}\nsend\n",
state.server, state.server(),
delete.name(), delete.name(),
delete.record() delete.record()
); );
Ok(execute_nsupdate(&stdin, &state) Ok(execute_nsupdate(&stdin, &state)
.map_err(|_| ErrorInternalServerError("Error executing nsupdate")) .map_err(|_| ErrorInternalServerError("Error executing nsupdate"))
.and_then(|s| { .and_then(|s| {
if s.contains(&state.ok_marker) { if s.contains(state.ok_marker()) {
Ok("OK") Ok("OK")
} else { } else {
Err(ErrorInternalServerError("Marker not found")) Err(ErrorInternalServerError("Marker not found"))
} }
})?) })?)
} else {
Err(ErrorUnauthorized(ParseError::Header))
}
}))
} }
fn extract_signature<S>(req: &HttpRequest<S>) -> Result<Vec<u8>> { fn update(
Ok(req.headers() (update, state): (Validated<Update>, State<Arc<Config>>),
.get(data::TOKEN_HEADER) ) -> Result<&'static str, error::Error> {
.as_ref()
.ok_or_else(|| ErrorUnauthorized(ParseError::Header))?
.to_str()
.map_err(ErrorUnauthorized)
.and_then(|s| {
crypto::hex_str_to_bytes(s).map_err(|_| ErrorUnauthorized(ParseError::Header))
})
.map_err(ErrorUnauthorized)?)
}
fn update(req: HttpRequest<Arc<Config>>) -> Box<Future<Item = &'static str, Error = error::Error>> {
let state = req.state().clone();
let sig = extract_signature(&req);
if sig.is_err() {
return Box::new(FutErr(sig.unwrap_err()));
}
let sig = sig.unwrap();
let secret = state.token.clone();
Box::new(req.body().from_err().and_then(move |body| {
if crypto::verify_signature(secret.as_bytes(), &body, &sig) {
let update: Update = serde_json::from_slice(&body)
.map_err(|e| ErrorInternalServerError(JsonPayloadError::Deserialize(e)))?;
info!( info!(
"Updating {} record for {} with value \"{}\"", "Updating {} record for {} with value \"{}\"",
update.record(), update.record(),
@ -122,7 +74,7 @@ fn update(req: HttpRequest<Arc<Config>>) -> Box<Future<Item = &'static str, Erro
); );
let stdin = format!( let stdin = format!(
"server {}\nupdate add {} {} {} {}\nsend\n", "server {}\nupdate add {} {} {} {}\nsend\n",
state.server, state.server(),
update.name(), update.name(),
update.ttl(), update.ttl(),
update.record(), update.record(),
@ -131,16 +83,12 @@ fn update(req: HttpRequest<Arc<Config>>) -> Box<Future<Item = &'static str, Erro
Ok(execute_nsupdate(&stdin, &state) Ok(execute_nsupdate(&stdin, &state)
.map_err(|_| ErrorInternalServerError("Error executing nsupdate")) .map_err(|_| ErrorInternalServerError("Error executing nsupdate"))
.and_then(|s| { .and_then(|s| {
if s.contains(&state.ok_marker) { if s.contains(state.ok_marker()) {
Ok("OK") Ok("OK")
} else { } else {
Err(ErrorInternalServerError("Marker not found")) Err(ErrorInternalServerError("Marker not found"))
} }
})?) })?)
} else {
Err(ErrorUnauthorized(ParseError::Header))
}
}))
} }
fn main() { fn main() {
@ -152,13 +100,7 @@ fn main() {
let key_path = matches.value_of("KEYPATH").unwrap().to_owned(); let key_path = matches.value_of("KEYPATH").unwrap().to_owned();
let ok_marker = matches.value_of("OKMARK").unwrap_or("").to_owned(); let ok_marker = matches.value_of("OKMARK").unwrap_or("").to_owned();
let server = matches.value_of("SERVER").unwrap_or("127.0.0.1").to_owned(); let server = matches.value_of("SERVER").unwrap_or("127.0.0.1").to_owned();
let config = Arc::new(Config { let config = Arc::new(Config::new(token, command, key_path, ok_marker, server));
token,
command,
key_path,
ok_marker,
server,
});
let port: u16 = matches let port: u16 = matches
.value_of("PORT") .value_of("PORT")
.unwrap_or("8000") .unwrap_or("8000")

108
server/src/util.rs Normal file
View File

@ -0,0 +1,108 @@
use actix_web::{
error::{Error, ErrorInternalServerError, ErrorUnauthorized, JsonPayloadError, ParseError},
FromRequest, HttpMessage, HttpRequest, Result,
};
use futures::future::{err as FutErr, Future};
use std::{ops::Deref, sync::Arc};
#[derive(Debug, Fail)]
pub enum ExecuteError {
#[fail(display = "Stdin error")]
Stdin,
}
pub struct Config {
token: String,
command: String,
key_path: String,
ok_marker: String,
server: String,
}
impl Config {
pub fn new(
token: String,
command: String,
key_path: String,
ok_marker: String,
server: String,
) -> Self {
Self {
token,
command,
key_path,
ok_marker,
server,
}
}
#[inline]
pub fn token(&self) -> &str {
&self.token
}
#[inline]
pub fn command(&self) -> &str {
&self.command
}
#[inline]
pub fn key_path(&self) -> &str {
&self.key_path
}
#[inline]
pub fn ok_marker(&self) -> &str {
&self.ok_marker
}
#[inline]
pub fn server(&self) -> &str {
&self.server
}
}
pub struct Validated<T>(T);
impl<T: 'static + ::serde::de::DeserializeOwned> FromRequest<Arc<Config>> for Validated<T> {
type Config = ();
type Result = Box<Future<Item = Self, Error = Error>>;
fn from_request(req: &HttpRequest<Arc<Config>>, _: &Self::Config) -> Self::Result {
let state = req.state().clone();
let sig = extract_signature(&req);
if sig.is_err() {
return Box::new(FutErr(sig.unwrap_err()));
}
let sig = sig.unwrap();
Box::new(req.clone().body().from_err().and_then(move |body| {
if ::crypto::verify_signature(state.token().as_bytes(), &body, &sig) {
let delete: T = ::serde_json::from_slice(&body)
.map_err(|e| ErrorInternalServerError(JsonPayloadError::Deserialize(e)))?;
Ok(Validated(delete))
} else {
Err(ErrorUnauthorized(ParseError::Header))
}
}))
}
}
impl<T> Deref for Validated<T> {
type Target = T;
fn deref(&self) -> &T {
&self.0
}
}
fn extract_signature<S>(req: &HttpRequest<S>) -> Result<Vec<u8>> {
Ok(req.headers()
.get(::data::TOKEN_HEADER)
.as_ref()
.ok_or_else(|| ErrorUnauthorized(ParseError::Header))?
.to_str()
.map_err(ErrorUnauthorized)
.and_then(|s| {
::crypto::hex_str_to_bytes(s).map_err(|_| ErrorUnauthorized(ParseError::Header))
})
.map_err(ErrorUnauthorized)?)
}