asonix/http-signature-normalization
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
http-signature-normalization/http-signature-normalization-actix/src/digest/middleware.rs
asonix 686e52213e Add Http Signature verification middleware and... 
Move base64 out of base lib
2019-09-13 17:56:06 -05:00

145 lines
4 KiB
Rust
Raw Blame History

use actix_web::{
dev::{Body, Service, ServiceRequest, ServiceResponse, Transform},
error::PayloadError,
http::header::HeaderValue,
web::Bytes,
HttpMessage, HttpResponse, ResponseError,
};
use failure::Fail;
use futures::{
future::{err, ok, Either, FutureResult},
stream::once,
Future, Poll, Stream,
};
use std::{cell::RefCell, rc::Rc};
use super::{DigestPart, DigestVerify};
pub struct VerifyDigest<T>(bool, T);
pub struct VerifyMiddleware<T, S>(Rc<RefCell<S>>, bool, T);
#[derive(Debug, Fail)]
#[fail(display = "Error verifying digest")]
pub struct VerifyError;
impl<T> VerifyDigest<T>
where
T: DigestVerify + Clone,
{
pub fn new(verify_digest: T) -> Self {
VerifyDigest(true, verify_digest)
}
pub fn optional(self) -> Self {
VerifyDigest(false, self.1)
}
}
impl<T, S> Transform<S> for VerifyDigest<T>
where
T: DigestVerify + Clone + 'static,
S: Service<
Request = ServiceRequest,
Response = ServiceResponse<Body>,
Error = actix_web::Error,
> + 'static,
S::Error: 'static,
{
type Request = ServiceRequest;
type Response = ServiceResponse<Body>;
type Error = actix_web::Error;
type Transform = VerifyMiddleware<T, S>;
type InitError = ();
type Future = FutureResult<Self::Transform, Self::InitError>;
fn new_transform(&self, service: S) -> Self::Future {
ok(VerifyMiddleware(
Rc::new(RefCell::new(service)),
self.0,
self.1.clone(),
))
}
}
impl<T, S> Service for VerifyMiddleware<T, S>
where
T: DigestVerify + Clone + 'static,
S: Service<
Request = ServiceRequest,
Response = ServiceResponse<Body>,
Error = actix_web::Error,
> + 'static,
S::Error: 'static,
{
type Request = ServiceRequest;
type Response = ServiceResponse<Body>;
type Error = actix_web::Error;
type Future = Box<dyn Future<Item = Self::Response, Error = Self::Error>>;
fn poll_ready(&mut self) -> Poll<(), Self::Error> {
self.0.borrow_mut().poll_ready()
}
fn call(&mut self, mut req: ServiceRequest) -> Self::Future {
if let Some(digest) = req.headers().get("Digest") {
let vec = match parse_digest(digest) {
Some(vec) => vec,
None => return Box::new(err(VerifyError.into())),
};
let payload = req.take_payload();
let service = self.0.clone();
let mut verify_digest = self.2.clone();
Box::new(payload.concat2().from_err().and_then(move |bytes| {
if verify_digest.verify(&vec, &bytes.as_ref()) {
req.set_payload(
(Box::new(once(Ok(bytes)))
as Box<dyn Stream<Item = Bytes, Error = PayloadError>>)
.into(),
);
Either::A(service.borrow_mut().call(req))
} else {
Either::B(err(VerifyError.into()))
}
}))
} else if self.1 {
Box::new(err(VerifyError.into()))
} else {
Box::new(self.0.borrow_mut().call(req))
}
}
}
fn parse_digest(h: &HeaderValue) -> Option<Vec<DigestPart>> {
let h = h.to_str().ok()?.split(";").next()?;
let v: Vec<_> = h
.split(",")
.filter_map(|p| {
let mut iter = p.splitn(2, "=");
iter.next()
.and_then(|alg| iter.next().map(|value| (alg, value)))
})
.map(|(alg, value)| DigestPart {
algorithm: alg.to_owned(),
digest: value.to_owned(),
})
.collect();
if v.is_empty() {
None
} else {
Some(v)
}
}
impl ResponseError for VerifyError {
fn error_response(&self) -> HttpResponse {
HttpResponse::BadRequest().finish()
}
fn render_response(&self) -> HttpResponse {
Self::error_response(self)
}
}
Reference in a new issue View git blame Copy permalink