2024-08-04 07:29:57 +09:00
|
|
|
use axum::{
|
|
|
|
|
extract::{Request, State},
|
2025-04-26 12:03:00 +00:00
|
|
|
http::StatusCode,
|
2024-08-04 07:29:57 +09:00
|
|
|
middleware::Next,
|
|
|
|
|
response::Response,
|
|
|
|
|
};
|
|
|
|
|
use tracing::error;
|
|
|
|
|
|
2025-04-26 12:03:00 +00:00
|
|
|
use crate::{util::json_err, ApiContext};
|
2024-08-04 07:29:57 +09:00
|
|
|
|
2025-04-26 12:03:00 +00:00
|
|
|
pub const INTERNAL_SYSTEMID_HEADER: &'static str = "x-pluralkit-systemid";
|
|
|
|
|
pub const INTERNAL_APPID_HEADER: &'static str = "x-pluralkit-appid";
|
|
|
|
|
|
|
|
|
|
// todo: auth should pass down models in request context
|
|
|
|
|
// not numerical ids in headers
|
2024-11-14 13:39:47 +09:00
|
|
|
|
2024-08-04 07:29:57 +09:00
|
|
|
pub async fn authnz(State(ctx): State<ApiContext>, mut request: Request, next: Next) -> Response {
|
|
|
|
|
let headers = request.headers_mut();
|
2025-04-26 12:03:00 +00:00
|
|
|
|
|
|
|
|
headers.remove(INTERNAL_SYSTEMID_HEADER);
|
|
|
|
|
headers.remove(INTERNAL_APPID_HEADER);
|
|
|
|
|
|
|
|
|
|
let mut authed_system_id: Option<i32> = None;
|
|
|
|
|
let mut authed_app_id: Option<i32> = None;
|
|
|
|
|
|
|
|
|
|
// fetch user authorization
|
|
|
|
|
if let Some(system_auth_header) = headers
|
2024-08-04 07:29:57 +09:00
|
|
|
.get("authorization")
|
|
|
|
|
.map(|h| h.to_str().ok())
|
2025-04-26 12:03:00 +00:00
|
|
|
.flatten()
|
|
|
|
|
&& let Some(system_id) =
|
|
|
|
|
match libpk::db::repository::legacy_token_auth(&ctx.db, system_auth_header).await {
|
2024-08-04 07:29:57 +09:00
|
|
|
Ok(val) => val,
|
|
|
|
|
Err(err) => {
|
|
|
|
|
error!(?err, "failed to query authorization token in postgres");
|
2025-04-26 12:03:00 +00:00
|
|
|
return json_err(
|
|
|
|
|
StatusCode::INTERNAL_SERVER_ERROR,
|
|
|
|
|
r#"{"message": "500: Internal Server Error", "code": 0}"#.to_string(),
|
|
|
|
|
);
|
2024-08-04 07:29:57 +09:00
|
|
|
}
|
|
|
|
|
}
|
2025-04-26 12:03:00 +00:00
|
|
|
{
|
|
|
|
|
authed_system_id = Some(system_id);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// fetch app authorization
|
|
|
|
|
// todo: actually fetch it from db
|
|
|
|
|
if let Some(app_auth_header) = headers
|
|
|
|
|
.get("x-pluralkit-app")
|
|
|
|
|
.map(|h| h.to_str().ok())
|
|
|
|
|
.flatten()
|
|
|
|
|
&& let Some(config_token2) = libpk::config
|
|
|
|
|
.api
|
|
|
|
|
.as_ref()
|
|
|
|
|
.expect("missing api config")
|
|
|
|
|
.temp_token2
|
|
|
|
|
.as_ref()
|
|
|
|
|
// this is NOT how you validate tokens
|
|
|
|
|
// but this is low abuse risk so we're keeping it for now
|
|
|
|
|
&& app_auth_header == config_token2
|
|
|
|
|
{
|
|
|
|
|
authed_app_id = Some(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// add headers for ratelimiter / dotnet-api
|
|
|
|
|
{
|
|
|
|
|
let headers = request.headers_mut();
|
|
|
|
|
if let Some(sid) = authed_system_id {
|
|
|
|
|
headers.append(INTERNAL_SYSTEMID_HEADER, sid.into());
|
|
|
|
|
}
|
|
|
|
|
if let Some(aid) = authed_app_id {
|
|
|
|
|
headers.append(INTERNAL_APPID_HEADER, aid.into());
|
2024-08-04 07:29:57 +09:00
|
|
|
}
|
|
|
|
|
}
|
2025-04-26 12:03:00 +00:00
|
|
|
|
2024-11-14 13:39:47 +09:00
|
|
|
let mut response = next.run(request).await;
|
2025-04-26 12:03:00 +00:00
|
|
|
|
|
|
|
|
// add headers for logger module (ugh)
|
|
|
|
|
{
|
|
|
|
|
let headers = response.headers_mut();
|
|
|
|
|
if let Some(sid) = authed_system_id {
|
|
|
|
|
headers.append(INTERNAL_SYSTEMID_HEADER, sid.into());
|
|
|
|
|
}
|
|
|
|
|
if let Some(aid) = authed_app_id {
|
|
|
|
|
headers.append(INTERNAL_APPID_HEADER, aid.into());
|
|
|
|
|
}
|
2024-11-14 13:39:47 +09:00
|
|
|
}
|
2025-04-26 12:03:00 +00:00
|
|
|
|
2024-11-14 13:39:47 +09:00
|
|
|
response
|
2024-08-04 07:29:57 +09:00
|
|
|
}
|
