145 lines
4 KiB
Rust
145 lines
4 KiB
Rust
use actix_web::{
|
|
dev::{Body, Service, ServiceRequest, ServiceResponse, Transform},
|
|
error::PayloadError,
|
|
http::header::HeaderValue,
|
|
web::Bytes,
|
|
HttpMessage, HttpResponse, ResponseError,
|
|
};
|
|
use failure::Fail;
|
|
use futures::{
|
|
future::{err, ok, Either, FutureResult},
|
|
stream::once,
|
|
Future, Poll, Stream,
|
|
};
|
|
use std::{cell::RefCell, rc::Rc};
|
|
|
|
use super::{DigestPart, DigestVerify};
|
|
|
|
pub struct VerifyDigest<T>(bool, T);
|
|
pub struct VerifyMiddleware<T, S>(Rc<RefCell<S>>, bool, T);
|
|
|
|
#[derive(Debug, Fail)]
|
|
#[fail(display = "Error verifying digest")]
|
|
pub struct VerifyError;
|
|
|
|
impl<T> VerifyDigest<T>
|
|
where
|
|
T: DigestVerify + Clone,
|
|
{
|
|
pub fn new(verify_digest: T) -> Self {
|
|
VerifyDigest(true, verify_digest)
|
|
}
|
|
|
|
pub fn optional(self) -> Self {
|
|
VerifyDigest(false, self.1)
|
|
}
|
|
}
|
|
|
|
impl<T, S> Transform<S> for VerifyDigest<T>
|
|
where
|
|
T: DigestVerify + Clone + 'static,
|
|
S: Service<
|
|
Request = ServiceRequest,
|
|
Response = ServiceResponse<Body>,
|
|
Error = actix_web::Error,
|
|
> + 'static,
|
|
S::Error: 'static,
|
|
{
|
|
type Request = ServiceRequest;
|
|
type Response = ServiceResponse<Body>;
|
|
type Error = actix_web::Error;
|
|
type Transform = VerifyMiddleware<T, S>;
|
|
type InitError = ();
|
|
type Future = FutureResult<Self::Transform, Self::InitError>;
|
|
|
|
fn new_transform(&self, service: S) -> Self::Future {
|
|
ok(VerifyMiddleware(
|
|
Rc::new(RefCell::new(service)),
|
|
self.0,
|
|
self.1.clone(),
|
|
))
|
|
}
|
|
}
|
|
|
|
impl<T, S> Service for VerifyMiddleware<T, S>
|
|
where
|
|
T: DigestVerify + Clone + 'static,
|
|
S: Service<
|
|
Request = ServiceRequest,
|
|
Response = ServiceResponse<Body>,
|
|
Error = actix_web::Error,
|
|
> + 'static,
|
|
S::Error: 'static,
|
|
{
|
|
type Request = ServiceRequest;
|
|
type Response = ServiceResponse<Body>;
|
|
type Error = actix_web::Error;
|
|
type Future = Box<dyn Future<Item = Self::Response, Error = Self::Error>>;
|
|
|
|
fn poll_ready(&mut self) -> Poll<(), Self::Error> {
|
|
self.0.borrow_mut().poll_ready()
|
|
}
|
|
|
|
fn call(&mut self, mut req: ServiceRequest) -> Self::Future {
|
|
if let Some(digest) = req.headers().get("Digest") {
|
|
let vec = match parse_digest(digest) {
|
|
Some(vec) => vec,
|
|
None => return Box::new(err(VerifyError.into())),
|
|
};
|
|
let payload = req.take_payload();
|
|
let service = self.0.clone();
|
|
let mut verify_digest = self.2.clone();
|
|
|
|
Box::new(payload.concat2().from_err().and_then(move |bytes| {
|
|
if verify_digest.verify(&vec, &bytes.as_ref()) {
|
|
req.set_payload(
|
|
(Box::new(once(Ok(bytes)))
|
|
as Box<dyn Stream<Item = Bytes, Error = PayloadError>>)
|
|
.into(),
|
|
);
|
|
|
|
Either::A(service.borrow_mut().call(req))
|
|
} else {
|
|
Either::B(err(VerifyError.into()))
|
|
}
|
|
}))
|
|
} else if self.1 {
|
|
Box::new(err(VerifyError.into()))
|
|
} else {
|
|
Box::new(self.0.borrow_mut().call(req))
|
|
}
|
|
}
|
|
}
|
|
|
|
fn parse_digest(h: &HeaderValue) -> Option<Vec<DigestPart>> {
|
|
let h = h.to_str().ok()?.split(";").next()?;
|
|
let v: Vec<_> = h
|
|
.split(",")
|
|
.filter_map(|p| {
|
|
let mut iter = p.splitn(2, "=");
|
|
iter.next()
|
|
.and_then(|alg| iter.next().map(|value| (alg, value)))
|
|
})
|
|
.map(|(alg, value)| DigestPart {
|
|
algorithm: alg.to_owned(),
|
|
digest: value.to_owned(),
|
|
})
|
|
.collect();
|
|
|
|
if v.is_empty() {
|
|
None
|
|
} else {
|
|
Some(v)
|
|
}
|
|
}
|
|
|
|
impl ResponseError for VerifyError {
|
|
fn error_response(&self) -> HttpResponse {
|
|
HttpResponse::BadRequest().finish()
|
|
}
|
|
|
|
fn render_response(&self) -> HttpResponse {
|
|
Self::error_response(self)
|
|
}
|
|
}
|