✨ auth
This commit is contained in:
parent
060209827f
commit
1c3a136730
GPG key ID:
901B2ADDF27C2263
3 changed files with 23 additions and 9 deletions
3
Cargo.lock
generated
3
Cargo.lock
generated
|
|
@ -358,6 +358,7 @@ dependencies = [
|
|||
"axum",
|
||||
"axum-core",
|
||||
"bytes",
|
||||
"cookie",
|
||||
"futures-util",
|
||||
"headers",
|
||||
"http",
|
||||
|
|
@ -421,6 +422,8 @@ name = "based_auth"
|
|||
version = "0.1.0"
|
||||
source = "git+https://git.hydrar.de/jmarya/based_auth#bab73914bdddc53cbec5c1d2fabdcfe857838aa8"
|
||||
dependencies = [
|
||||
"axum",
|
||||
"axum-extra",
|
||||
"bcrypt",
|
||||
"chrono",
|
||||
"data-encoding",
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ axum-client-ip = { version = "1.0.0", optional = true }
|
|||
toml = "0.8.21"
|
||||
hex = "0.4.3"
|
||||
rand = "0.9.1"
|
||||
based_auth = { git = "https://git.hydrar.de/jmarya/based_auth" }
|
||||
based_auth = { git = "https://git.hydrar.de/jmarya/based_auth", features = ["axum"] }
|
||||
http2 = "0.4.21"
|
||||
ureq = { version = "3.0.11", features = ["json"] }
|
||||
rumqttc = { version = "0.24.0", features = ["url", "websocket"] }
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ use axum_client_ip::ClientIp;
|
|||
use axum_extra::TypedHeader;
|
||||
use axum_extra::headers::Authorization;
|
||||
use axum_extra::headers::authorization::Bearer;
|
||||
use based_auth::APIUser;
|
||||
use based_auth::Sessions;
|
||||
use based_auth::User;
|
||||
use owl::get;
|
||||
|
|
@ -30,12 +31,23 @@ use sheepd::DeviceList;
|
|||
use super::mqtt::is_within_80_seconds;
|
||||
use super::mqtt::send_msg;
|
||||
|
||||
macro_rules! check_admin {
|
||||
($user:ident) => {
|
||||
if !$user.read().is_admin() {
|
||||
return (
|
||||
StatusCode::UNAUTHORIZED,
|
||||
Json(api::Result::Err("Invalid credentials")),
|
||||
);
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
pub async fn device_shell_cmd(
|
||||
Path(device_id): Path<String>,
|
||||
TypedHeader(session): TypedHeader<Authorization<Bearer>>,
|
||||
APIUser(user): APIUser,
|
||||
Json(payload): Json<api::ShellParam>,
|
||||
) -> (StatusCode, Json<api::Result<ShellResponse>>) {
|
||||
// TODO : check auth
|
||||
check_admin!(user);
|
||||
|
||||
let machine: Option<Model<Machine>> = get!(device_id);
|
||||
|
||||
|
|
@ -65,9 +77,9 @@ pub async fn device_shell_cmd(
|
|||
|
||||
pub async fn device_get_api(
|
||||
Path(device_id): Path<String>,
|
||||
session: TypedHeader<Authorization<Bearer>>,
|
||||
APIUser(user): APIUser,
|
||||
) -> (StatusCode, Json<api::Result<DeviceEntry>>) {
|
||||
// TODO : check auth
|
||||
check_admin!(user);
|
||||
|
||||
let machine: Option<Model<Machine>> = get!(device_id.clone());
|
||||
|
||||
|
|
@ -94,10 +106,9 @@ pub fn device_online(id: &String) -> bool {
|
|||
.unwrap_or(false)
|
||||
}
|
||||
|
||||
pub async fn devices_list(
|
||||
session: TypedHeader<Authorization<Bearer>>,
|
||||
) -> (StatusCode, Json<api::Result<DeviceList>>) {
|
||||
// TODO : auth?
|
||||
pub async fn devices_list(APIUser(user): APIUser) -> (StatusCode, Json<api::Result<DeviceList>>) {
|
||||
check_admin!(user);
|
||||
|
||||
let machines: Vec<Model<Machine>> = query!(|_| true);
|
||||
|
||||
let mut ret = vec![];
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue