mirror of
https://github.com/lennart-k/rustical.git
synced 2025-12-14 02:22:21 +00:00
completely rebuilt the auth implementation to support OIDC in the future
This commit is contained in:
Lennart
@@ -17,7 +17,6 @@ quick-xml = { version = "0.36", features = [
|
||||
roxmltree = "0.20"
|
||||
rustical_store = { path = "../store/" }
|
||||
rustical_dav = { path = "../dav/" }
|
||||
rustical_auth = { path = "../auth/" }
|
||||
serde = { version = "1.0", features = ["serde_derive", "derive"] }
|
||||
serde_json = "1.0"
|
||||
tokio = { version = "1.40", features = ["sync", "full"] }
|
||||
|
||||
@@ -2,7 +2,7 @@ use crate::CalDavContext;
|
||||
use crate::Error;
|
||||
use actix_web::web::{Data, Path};
|
||||
use actix_web::HttpResponse;
|
||||
use rustical_auth::{AuthInfoExtractor, CheckAuthentication};
|
||||
use rustical_store::auth::User;
|
||||
use rustical_store::model::Calendar;
|
||||
use rustical_store::CalendarStore;
|
||||
use serde::{Deserialize, Serialize};
|
||||
@@ -53,14 +53,14 @@ struct MkcalendarRequest {
|
||||
set: PropElement<MkcolCalendarProp>,
|
||||
}
|
||||
|
||||
pub async fn route_mkcalendar<A: CheckAuthentication, C: CalendarStore + ?Sized>(
|
||||
pub async fn route_mkcalendar<C: CalendarStore + ?Sized>(
|
||||
path: Path<(String, String)>,
|
||||
body: String,
|
||||
auth: AuthInfoExtractor<A>,
|
||||
user: User,
|
||||
context: Data<CalDavContext<C>>,
|
||||
) -> Result<HttpResponse, Error> {
|
||||
let (principal, cid) = path.into_inner();
|
||||
if principal != auth.inner.user_id {
|
||||
if principal != user.id {
|
||||
return Err(Error::Unauthorized);
|
||||
}
|
||||
|
||||
|
||||
@@ -5,9 +5,8 @@ use actix_web::{
|
||||
};
|
||||
use calendar_multiget::{handle_calendar_multiget, CalendarMultigetRequest};
|
||||
use calendar_query::{handle_calendar_query, CalendarQueryRequest};
|
||||
use rustical_auth::{AuthInfoExtractor, CheckAuthentication};
|
||||
use rustical_dav::methods::propfind::ServicePrefix;
|
||||
use rustical_store::CalendarStore;
|
||||
use rustical_store::{auth::User, CalendarStore};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use sync_collection::{handle_sync_collection, SyncCollectionRequest};
|
||||
use tokio::sync::RwLock;
|
||||
@@ -32,17 +31,17 @@ pub enum ReportRequest {
|
||||
SyncCollection(SyncCollectionRequest),
|
||||
}
|
||||
|
||||
pub async fn route_report_calendar<A: CheckAuthentication, C: CalendarStore + ?Sized>(
|
||||
pub async fn route_report_calendar<C: CalendarStore + ?Sized>(
|
||||
path: Path<(String, String)>,
|
||||
body: String,
|
||||
auth: AuthInfoExtractor<A>,
|
||||
user: User,
|
||||
req: HttpRequest,
|
||||
cal_store: Data<RwLock<C>>,
|
||||
prefix: Data<ServicePrefix>,
|
||||
) -> Result<impl Responder, Error> {
|
||||
let prefix = prefix.into_inner();
|
||||
let (principal, cid) = path.into_inner();
|
||||
if principal != auth.inner.user_id {
|
||||
if principal != user.id {
|
||||
return Err(Error::Unauthorized);
|
||||
}
|
||||
|
||||
|
||||
@@ -5,18 +5,18 @@ use actix_web::http::header::HeaderValue;
|
||||
use actix_web::web::{Data, Path};
|
||||
use actix_web::HttpRequest;
|
||||
use actix_web::HttpResponse;
|
||||
use rustical_auth::{AuthInfoExtractor, CheckAuthentication};
|
||||
use rustical_store::auth::User;
|
||||
use rustical_store::model::CalendarObject;
|
||||
use rustical_store::CalendarStore;
|
||||
|
||||
pub async fn get_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
|
||||
pub async fn get_event<C: CalendarStore + ?Sized>(
|
||||
context: Data<CalDavContext<C>>,
|
||||
path: Path<(String, String, String)>,
|
||||
auth: AuthInfoExtractor<A>,
|
||||
user: User,
|
||||
) -> Result<HttpResponse, Error> {
|
||||
let (principal, cid, mut uid) = path.into_inner();
|
||||
|
||||
if auth.inner.user_id != principal {
|
||||
if user.id != principal {
|
||||
return Ok(HttpResponse::Unauthorized().body(""));
|
||||
}
|
||||
|
||||
@@ -26,7 +26,7 @@ pub async fn get_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
|
||||
.await
|
||||
.get_calendar(&principal, &cid)
|
||||
.await?;
|
||||
if auth.inner.user_id != calendar.principal {
|
||||
if user.id != calendar.principal {
|
||||
return Ok(HttpResponse::Unauthorized().body(""));
|
||||
}
|
||||
|
||||
@@ -46,16 +46,15 @@ pub async fn get_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
|
||||
.body(event.get_ics().to_owned()))
|
||||
}
|
||||
|
||||
pub async fn put_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
|
||||
pub async fn put_event<C: CalendarStore + ?Sized>(
|
||||
context: Data<CalDavContext<C>>,
|
||||
path: Path<(String, String, String)>,
|
||||
body: String,
|
||||
auth: AuthInfoExtractor<A>,
|
||||
user: User,
|
||||
req: HttpRequest,
|
||||
) -> Result<HttpResponse, Error> {
|
||||
let (principal, cid, mut uid) = path.into_inner();
|
||||
let auth_info = auth.inner;
|
||||
if auth_info.user_id != principal {
|
||||
if user.id != principal {
|
||||
return Ok(HttpResponse::Unauthorized().body(""));
|
||||
}
|
||||
|
||||
@@ -65,7 +64,7 @@ pub async fn put_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
|
||||
.await
|
||||
.get_calendar(&principal, &cid)
|
||||
.await?;
|
||||
if auth_info.user_id != calendar.principal {
|
||||
if user.id != calendar.principal {
|
||||
return Ok(HttpResponse::Unauthorized().body(""));
|
||||
}
|
||||
// Incredibly bodged method of normalising the uid but works for a prototype
|
||||
|
||||
@@ -5,7 +5,6 @@ use calendar::resource::CalendarResourceService;
|
||||
use calendar_object::resource::CalendarObjectResourceService;
|
||||
use principal::PrincipalResourceService;
|
||||
use root::RootResourceService;
|
||||
use rustical_auth::CheckAuthentication;
|
||||
use rustical_dav::methods::{
|
||||
propfind::ServicePrefix, route_delete, route_propfind, route_proppatch,
|
||||
};
|
||||
@@ -30,10 +29,9 @@ pub fn configure_well_known(cfg: &mut web::ServiceConfig, caldav_root: String) {
|
||||
cfg.service(web::redirect("/caldav", caldav_root).permanent());
|
||||
}
|
||||
|
||||
pub fn configure_dav<A: CheckAuthentication, C: CalendarStore + ?Sized>(
|
||||
pub fn configure_dav<C: CalendarStore + ?Sized>(
|
||||
cfg: &mut web::ServiceConfig,
|
||||
prefix: String,
|
||||
auth: Arc<A>,
|
||||
store: Arc<RwLock<C>>,
|
||||
) {
|
||||
let propfind_method = || web::method(Method::from_str("PROPFIND").unwrap());
|
||||
@@ -46,7 +44,6 @@ pub fn configure_dav<A: CheckAuthentication, C: CalendarStore + ?Sized>(
|
||||
}))
|
||||
.app_data(Data::new(ServicePrefix(prefix)))
|
||||
.app_data(Data::from(store.clone()))
|
||||
.app_data(Data::from(auth))
|
||||
.service(
|
||||
web::resource("{path:.*}")
|
||||
// Without the guard this service would handle all requests
|
||||
@@ -55,20 +52,17 @@ pub fn configure_dav<A: CheckAuthentication, C: CalendarStore + ?Sized>(
|
||||
)
|
||||
.service(
|
||||
web::resource("")
|
||||
.route(propfind_method().to(route_propfind::<A, RootResourceService>))
|
||||
.route(proppatch_method().to(route_proppatch::<A, RootResourceService>)),
|
||||
.route(propfind_method().to(route_propfind::<RootResourceService>))
|
||||
.route(proppatch_method().to(route_proppatch::<RootResourceService>)),
|
||||
)
|
||||
.service(
|
||||
web::scope("/user").service(
|
||||
web::scope("/{principal}")
|
||||
.service(
|
||||
web::resource("")
|
||||
.route(propfind_method().to(route_propfind::<PrincipalResourceService<C>>))
|
||||
.route(
|
||||
propfind_method().to(route_propfind::<A, PrincipalResourceService<C>>),
|
||||
)
|
||||
.route(
|
||||
proppatch_method()
|
||||
.to(route_proppatch::<A, PrincipalResourceService<C>>),
|
||||
proppatch_method().to(route_proppatch::<PrincipalResourceService<C>>),
|
||||
),
|
||||
)
|
||||
.service(
|
||||
@@ -76,49 +70,47 @@ pub fn configure_dav<A: CheckAuthentication, C: CalendarStore + ?Sized>(
|
||||
.service(
|
||||
web::resource("")
|
||||
.route(
|
||||
report_method().to(
|
||||
calendar::methods::report::route_report_calendar::<A, C>,
|
||||
),
|
||||
report_method()
|
||||
.to(calendar::methods::report::route_report_calendar::<C>),
|
||||
)
|
||||
.route(
|
||||
propfind_method()
|
||||
.to(route_propfind::<A, CalendarResourceService<C>>),
|
||||
.to(route_propfind::<CalendarResourceService<C>>),
|
||||
)
|
||||
.route(
|
||||
proppatch_method()
|
||||
.to(route_proppatch::<A, CalendarResourceService<C>>),
|
||||
.to(route_proppatch::<CalendarResourceService<C>>),
|
||||
)
|
||||
.route(
|
||||
web::method(Method::DELETE)
|
||||
.to(route_delete::<A, CalendarResourceService<C>>),
|
||||
.to(route_delete::<CalendarResourceService<C>>),
|
||||
)
|
||||
.route(
|
||||
mkcalendar_method().to(
|
||||
calendar::methods::mkcalendar::route_mkcalendar::<A, C>,
|
||||
),
|
||||
mkcalendar_method()
|
||||
.to(calendar::methods::mkcalendar::route_mkcalendar::<C>),
|
||||
),
|
||||
)
|
||||
.service(
|
||||
web::resource("/{event}")
|
||||
.route(
|
||||
propfind_method()
|
||||
.to(route_propfind::<A, CalendarObjectResourceService<C>>),
|
||||
.to(route_propfind::<CalendarObjectResourceService<C>>),
|
||||
)
|
||||
.route(
|
||||
proppatch_method()
|
||||
.to(route_proppatch::<A, CalendarObjectResourceService<C>>),
|
||||
.to(route_proppatch::<CalendarObjectResourceService<C>>),
|
||||
)
|
||||
.route(
|
||||
web::method(Method::DELETE)
|
||||
.to(route_delete::<A, CalendarObjectResourceService<C>>),
|
||||
.to(route_delete::<CalendarObjectResourceService<C>>),
|
||||
)
|
||||
.route(
|
||||
web::method(Method::GET)
|
||||
.to(calendar_object::methods::get_event::<A, C>),
|
||||
.to(calendar_object::methods::get_event::<C>),
|
||||
)
|
||||
.route(
|
||||
web::method(Method::PUT)
|
||||
.to(calendar_object::methods::put_event::<A, C>),
|
||||
.to(calendar_object::methods::put_event::<C>),
|
||||
),
|
||||
),
|
||||
),
|
||||
|
||||
Reference in New Issue
Block a user