2024-08-04 07:29:57 +09:00
|
|
|
use axum::{
|
|
|
|
|
extract::{Request, State},
|
2025-04-26 12:03:00 +00:00
|
|
|
http::StatusCode,
|
2024-08-04 07:29:57 +09:00
|
|
|
middleware::Next,
|
|
|
|
|
response::Response,
|
|
|
|
|
};
|
2025-05-17 20:39:29 +00:00
|
|
|
|
2025-08-08 20:36:51 +00:00
|
|
|
use subtle::ConstantTimeEq;
|
|
|
|
|
|
2024-08-04 07:29:57 +09:00
|
|
|
use tracing::error;
|
|
|
|
|
|
2025-05-17 20:39:29 +00:00
|
|
|
use crate::auth::AuthState;
|
2025-09-01 03:36:13 +00:00
|
|
|
use crate::{ApiContext, util::json_err};
|
2024-08-04 07:29:57 +09:00
|
|
|
|
2025-05-17 20:39:29 +00:00
|
|
|
pub async fn auth(State(ctx): State<ApiContext>, mut req: Request, next: Next) -> Response {
|
2025-04-26 12:03:00 +00:00
|
|
|
let mut authed_system_id: Option<i32> = None;
|
|
|
|
|
let mut authed_app_id: Option<i32> = None;
|
|
|
|
|
|
|
|
|
|
// fetch user authorization
|
2025-05-17 20:39:29 +00:00
|
|
|
if let Some(system_auth_header) = req
|
|
|
|
|
.headers()
|
2024-08-04 07:29:57 +09:00
|
|
|
.get("authorization")
|
|
|
|
|
.map(|h| h.to_str().ok())
|
2025-04-26 12:03:00 +00:00
|
|
|
.flatten()
|
|
|
|
|
&& let Some(system_id) =
|
|
|
|
|
match libpk::db::repository::legacy_token_auth(&ctx.db, system_auth_header).await {
|
2024-08-04 07:29:57 +09:00
|
|
|
Ok(val) => val,
|
|
|
|
|
Err(err) => {
|
|
|
|
|
error!(?err, "failed to query authorization token in postgres");
|
2025-04-26 12:03:00 +00:00
|
|
|
return json_err(
|
|
|
|
|
StatusCode::INTERNAL_SERVER_ERROR,
|
|
|
|
|
r#"{"message": "500: Internal Server Error", "code": 0}"#.to_string(),
|
|
|
|
|
);
|
2024-08-04 07:29:57 +09:00
|
|
|
}
|
|
|
|
|
}
|
2025-04-26 12:03:00 +00:00
|
|
|
{
|
|
|
|
|
authed_system_id = Some(system_id);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// fetch app authorization
|
|
|
|
|
// todo: actually fetch it from db
|
2025-05-17 20:39:29 +00:00
|
|
|
if let Some(app_auth_header) = req
|
|
|
|
|
.headers()
|
2025-04-26 12:03:00 +00:00
|
|
|
.get("x-pluralkit-app")
|
|
|
|
|
.map(|h| h.to_str().ok())
|
|
|
|
|
.flatten()
|
|
|
|
|
&& let Some(config_token2) = libpk::config
|
|
|
|
|
.api
|
|
|
|
|
.as_ref()
|
|
|
|
|
.expect("missing api config")
|
|
|
|
|
.temp_token2
|
|
|
|
|
.as_ref()
|
2025-08-08 20:36:51 +00:00
|
|
|
&& app_auth_header
|
|
|
|
|
.as_bytes()
|
|
|
|
|
.ct_eq(config_token2.as_bytes())
|
|
|
|
|
.into()
|
2025-04-26 12:03:00 +00:00
|
|
|
{
|
|
|
|
|
authed_app_id = Some(1);
|
|
|
|
|
}
|
|
|
|
|
|
2025-08-08 20:57:38 +00:00
|
|
|
// todo: fix syntax
|
|
|
|
|
let internal = if req.headers().get("x-pluralkit-client-ip").is_none()
|
|
|
|
|
&& let Some(auth_header) = req
|
|
|
|
|
.headers()
|
|
|
|
|
.get("x-pluralkit-internalauth")
|
|
|
|
|
.map(|h| h.to_str().ok())
|
|
|
|
|
.flatten()
|
|
|
|
|
&& let Some(real_token) = libpk::config.internal_auth.clone()
|
|
|
|
|
&& auth_header.as_bytes().ct_eq(real_token.as_bytes()).into()
|
|
|
|
|
{
|
|
|
|
|
true
|
|
|
|
|
} else {
|
|
|
|
|
false
|
|
|
|
|
};
|
|
|
|
|
|
2025-05-17 20:39:29 +00:00
|
|
|
req.extensions_mut()
|
2025-08-08 20:57:38 +00:00
|
|
|
.insert(AuthState::new(authed_system_id, authed_app_id, internal));
|
2025-04-26 12:03:00 +00:00
|
|
|
|
2025-05-17 20:39:29 +00:00
|
|
|
next.run(req).await
|
2024-08-04 07:29:57 +09:00
|
|
|
}
|
