-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Sogar registry inside devolutions-gateway (#166)
* -added regsitry for hosting the files -added logic for managing files * -fixed cargo warnings * -refactored code * -refactored code * -updated librecording api * -refactored code -fixed clippy warning * -update code according to the sigar changes Co-authored-by: Anastasiia Romaniuk <romaniuk.anastasiia@apriorit.com>
- Loading branch information
1 parent
40da875
commit 1727a72
Showing
18 changed files
with
1,106 additions
and
137 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
pub mod health; | ||
pub mod jet; | ||
pub mod sessions; | ||
pub mod sogar_token; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
use crate::config::{Config, SogarUser}; | ||
use picky::{ | ||
jose::{jws::JwsAlg, jwt::JwtSig}, | ||
key::PrivateKey, | ||
}; | ||
use saphir::{ | ||
controller::Controller, | ||
http::{Method, StatusCode}, | ||
macros::controller, | ||
prelude::Request, | ||
}; | ||
use serde::{Deserialize, Serialize}; | ||
use slog_scope::error; | ||
use sogar_core::AccessToken; | ||
use std::sync::Arc; | ||
|
||
pub struct TokenController { | ||
config: Arc<Config>, | ||
} | ||
|
||
impl TokenController { | ||
pub fn new(config: Arc<Config>) -> Self { | ||
Self { config } | ||
} | ||
} | ||
|
||
#[controller(name = "registry")] | ||
impl TokenController { | ||
#[post("/oauth2/token")] | ||
async fn get_token(&self, mut req: Request) -> (StatusCode, Option<String>) { | ||
match req.form::<AccessToken>().await { | ||
Ok(body) => { | ||
let password_out = body.password; | ||
let username_out = body.username; | ||
|
||
for user in &self.config.sogar_user { | ||
if let (Some(username), Some(hashed_password)) = (&user.username, &user.password) { | ||
if username == &username_out { | ||
let matched = argon2::verify_encoded(hashed_password.as_str(), password_out.as_bytes()); | ||
if matched.is_err() || !matched.unwrap() { | ||
return (StatusCode::UNAUTHORIZED, None); | ||
} | ||
|
||
return create_token(&self.config.delegation_private_key, user); | ||
} | ||
} | ||
} | ||
|
||
(StatusCode::UNAUTHORIZED, None) | ||
} | ||
Err(e) => { | ||
error!("Failed to read request body! Error is {}", e); | ||
(StatusCode::BAD_REQUEST, None) | ||
} | ||
} | ||
} | ||
} | ||
|
||
fn create_token(private_key: &Option<PrivateKey>, user: &SogarUser) -> (StatusCode, Option<String>) { | ||
#[derive(Serialize, Deserialize, Debug)] | ||
struct ResponseAccessToken { | ||
access_token: String, | ||
} | ||
|
||
match private_key { | ||
Some(private_key) => { | ||
let signed_result = JwtSig::new(JwsAlg::RS256, user).encode(private_key); | ||
|
||
match signed_result { | ||
Ok(access_token) => { | ||
let response = ResponseAccessToken { access_token }; | ||
|
||
match serde_json::to_string(&response) { | ||
Ok(token) => (StatusCode::OK, Some(token)), | ||
Err(e) => { | ||
error!("Failed serialize token! Error is {}", e); | ||
(StatusCode::BAD_REQUEST, None) | ||
} | ||
} | ||
} | ||
Err(e) => { | ||
error!("Failed to create token! Error is {}", e); | ||
(StatusCode::BAD_REQUEST, None) | ||
} | ||
} | ||
} | ||
None => { | ||
error!("Private key is missing. Not able to create the jwt token."); | ||
(StatusCode::BAD_REQUEST, None) | ||
} | ||
} | ||
} |
Oops, something went wrong.