navos/sheepd
navos/sheepd
1
0
Fork 1
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity

auth
Some checks failed
ci/woodpecker/push/build/1 Pipeline failed
Details
ci/woodpecker/push/build/2 Pipeline failed
Details

Browse source
This commit is contained in:
JMARyA 2025-05-06 16:03:41 +02:00
parent 060209827f
commit 1c3a136730
Signed by: jmarya
GPG key ID: 901B2ADDF27C2263
3 changed files with 23 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Cargo.lock generated
View file

@ -358,6 +358,7 @@ dependencies = [
"axum",
"axum-core",
"bytes",
"cookie",
"futures-util",
"headers",
"http",
@ -421,6 +422,8 @@ name = "based_auth"
version = "0.1.0"
source = "git+https://git.hydrar.de/jmarya/based_auth#bab73914bdddc53cbec5c1d2fabdcfe857838aa8"
dependencies = [
"axum",
"axum-extra",
"bcrypt",
"chrono",
"data-encoding",

2
Cargo.toml
View file

@ -38,7 +38,7 @@ axum-client-ip = { version = "1.0.0", optional = true }
toml = "0.8.21"
hex = "0.4.3"
rand = "0.9.1"
based_auth = { git = "https://git.hydrar.de/jmarya/based_auth" }
based_auth = { git = "https://git.hydrar.de/jmarya/based_auth", features = ["axum"] }
http2 = "0.4.21"
ureq = { version = "3.0.11", features = ["json"] }
rumqttc = { version = "0.24.0", features = ["url", "websocket"] }

27
src/herd_core/route.rs
View file

@ -16,6 +16,7 @@ use axum_client_ip::ClientIp;
use axum_extra::TypedHeader;
use axum_extra::headers::Authorization;
use axum_extra::headers::authorization::Bearer;
use based_auth::APIUser;
use based_auth::Sessions;
use based_auth::User;
use owl::get;
@ -30,12 +31,23 @@ use sheepd::DeviceList;
use super::mqtt::is_within_80_seconds;
use super::mqtt::send_msg;
macro_rules! check_admin {
($user:ident) => {
if !$user.read().is_admin() {
return (
StatusCode::UNAUTHORIZED,
Json(api::Result::Err("Invalid credentials")),
);
}
};
}
pub async fn device_shell_cmd(
Path(device_id): Path<String>,
TypedHeader(session): TypedHeader<Authorization<Bearer>>,
APIUser(user): APIUser,
Json(payload): Json<api::ShellParam>,
) -> (StatusCode, Json<api::Result<ShellResponse>>) {
// TODO : check auth
check_admin!(user);
let machine: Option<Model<Machine>> = get!(device_id);
@ -65,9 +77,9 @@ pub async fn device_shell_cmd(
pub async fn device_get_api(
Path(device_id): Path<String>,
session: TypedHeader<Authorization<Bearer>>,
APIUser(user): APIUser,
) -> (StatusCode, Json<api::Result<DeviceEntry>>) {
// TODO : check auth
check_admin!(user);
let machine: Option<Model<Machine>> = get!(device_id.clone());
@ -94,10 +106,9 @@ pub fn device_online(id: &String) -> bool {
.unwrap_or(false)
}
pub async fn devices_list(
session: TypedHeader<Authorization<Bearer>>,
) -> (StatusCode, Json<api::Result<DeviceList>>) {
// TODO : auth?
pub async fn devices_list(APIUser(user): APIUser) -> (StatusCode, Json<api::Result<DeviceList>>) {
check_admin!(user);
let machines: Vec<Model<Machine>> = query!(|_| true);
let mut ret = vec![];