navos/sheepd
navos/sheepd
1
0
Fork 1
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity

auth
Some checks failed
ci/woodpecker/push/build/1 Pipeline failed
Details
ci/woodpecker/push/build/2 Pipeline failed
Details

Browse source
This commit is contained in:
JMARyA 2025-05-06 16:03:41 +02:00
parent 060209827f
commit 1c3a136730
Signed by: jmarya
GPG key ID: 901B2ADDF27C2263
3 changed files with 23 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Cargo.lock generated
View file

@ -358,6 +358,7 @@ dependencies = [
"axum", "axum",
"axum-core", "axum-core",
"bytes", "bytes",
"cookie",
"futures-util", "futures-util",
"headers", "headers",
"http", "http",
@ -421,6 +422,8 @@ name = "based_auth"
version = "0.1.0" version = "0.1.0"
source = "git+https://git.hydrar.de/jmarya/based_auth#bab73914bdddc53cbec5c1d2fabdcfe857838aa8" source = "git+https://git.hydrar.de/jmarya/based_auth#bab73914bdddc53cbec5c1d2fabdcfe857838aa8"
dependencies = [ dependencies = [
"axum",
"axum-extra",
"bcrypt", "bcrypt",
"chrono", "chrono",
"data-encoding", "data-encoding",

2
Cargo.toml
View file

@ -38,7 +38,7 @@ axum-client-ip = { version = "1.0.0", optional = true }
toml = "0.8.21" toml = "0.8.21"
hex = "0.4.3" hex = "0.4.3"
rand = "0.9.1" rand = "0.9.1"
based_auth = { git = "https://git.hydrar.de/jmarya/based_auth" } based_auth = { git = "https://git.hydrar.de/jmarya/based_auth", features = ["axum"] }
http2 = "0.4.21" http2 = "0.4.21"
ureq = { version = "3.0.11", features = ["json"] } ureq = { version = "3.0.11", features = ["json"] }
rumqttc = { version = "0.24.0", features = ["url", "websocket"] } rumqttc = { version = "0.24.0", features = ["url", "websocket"] }

27
src/herd_core/route.rs
View file

@ -16,6 +16,7 @@ use axum_client_ip::ClientIp;
use axum_extra::TypedHeader; use axum_extra::TypedHeader;
use axum_extra::headers::Authorization; use axum_extra::headers::Authorization;
use axum_extra::headers::authorization::Bearer; use axum_extra::headers::authorization::Bearer;
use based_auth::APIUser;
use based_auth::Sessions; use based_auth::Sessions;
use based_auth::User; use based_auth::User;
use owl::get; use owl::get;
@ -30,12 +31,23 @@ use sheepd::DeviceList;
use super::mqtt::is_within_80_seconds; use super::mqtt::is_within_80_seconds;
use super::mqtt::send_msg; use super::mqtt::send_msg;
macro_rules! check_admin {
($user:ident) => {
if !$user.read().is_admin() {
return (
StatusCode::UNAUTHORIZED,
Json(api::Result::Err("Invalid credentials")),
);
}
};
}
pub async fn device_shell_cmd( pub async fn device_shell_cmd(
Path(device_id): Path<String>, Path(device_id): Path<String>,
TypedHeader(session): TypedHeader<Authorization<Bearer>>, APIUser(user): APIUser,
Json(payload): Json<api::ShellParam>, Json(payload): Json<api::ShellParam>,
) -> (StatusCode, Json<api::Result<ShellResponse>>) { ) -> (StatusCode, Json<api::Result<ShellResponse>>) {
// TODO : check auth check_admin!(user);
let machine: Option<Model<Machine>> = get!(device_id); let machine: Option<Model<Machine>> = get!(device_id);
@ -65,9 +77,9 @@ pub async fn device_shell_cmd(
pub async fn device_get_api( pub async fn device_get_api(
Path(device_id): Path<String>, Path(device_id): Path<String>,
session: TypedHeader<Authorization<Bearer>>, APIUser(user): APIUser,
) -> (StatusCode, Json<api::Result<DeviceEntry>>) { ) -> (StatusCode, Json<api::Result<DeviceEntry>>) {
// TODO : check auth check_admin!(user);
let machine: Option<Model<Machine>> = get!(device_id.clone()); let machine: Option<Model<Machine>> = get!(device_id.clone());
@ -94,10 +106,9 @@ pub fn device_online(id: &String) -> bool {
.unwrap_or(false) .unwrap_or(false)
} }
pub async fn devices_list( pub async fn devices_list(APIUser(user): APIUser) -> (StatusCode, Json<api::Result<DeviceList>>) {
session: TypedHeader<Authorization<Bearer>>, check_admin!(user);
) -> (StatusCode, Json<api::Result<DeviceList>>) {
// TODO : auth?
let machines: Vec<Model<Machine>> = query!(|_| true); let machines: Vec<Model<Machine>> = query!(|_| true);
let mut ret = vec![]; let mut ret = vec![];