actix-admin/azure_auth/src/lib.rs

#[macro_use]
extern crate serde_derive;

use actix_session::{Session};
use actix_web::http::header;
use actix_web::{web, HttpResponse};
use http::{HeaderMap, Method};
use oauth2::basic::BasicClient;
use oauth2::reqwest::async_http_client;
use oauth2::{
    AccessToken, AuthorizationCode, CsrfToken, //PkceCodeChallenge,
    Scope, TokenResponse
};
use std::str;
use url::Url;
use oauth2::{
    AuthUrl, ClientId, ClientSecret, TokenUrl,
};

#[allow(non_snake_case)]
#[derive(Serialize, Deserialize, Debug)]
pub struct UserInfo {
    mail: String,
    userPrincipalName: String,
    displayName: String,
    givenName: String,
    surname: String,
    id: String,
}

// AppDataTrait
pub trait AppDataTrait {
    fn get_oauth(&self) -> &BasicClient;
}

#[derive(Clone, Debug)]
pub struct AzureAuth {
    auth_url: AuthUrl,
    token_url: TokenUrl,
    client_id: ClientId,
    client_secret: ClientSecret
}

impl AzureAuth {
    pub fn new(oauth2_server: &String, client_id: &String, client_secret: &String) -> Self {
        let azure_auth = AzureAuth {
            auth_url: AuthUrl::new(format!("https://{}/oauth2/v2.0/authorize", oauth2_server)).expect("Invalid authorization endpoint URL"),
            token_url: TokenUrl::new(format!("https://{}/oauth2/v2.0/token", oauth2_server)).expect("Invalid token endpoint URL"),
            client_id: ClientId::new(client_id.clone()),
            client_secret:  ClientSecret::new(client_secret.clone())
        };

        azure_auth
    }

    pub fn get_api_base_url() -> &'static str {
        "https://graph.microsoft.com/v1.0"
    }

    pub fn get_oauth_client(self) -> BasicClient {
        BasicClient::new(
            self.client_id,
            Some(self.client_secret),
            self.auth_url,
            Some(self.token_url),
        )
    }

    pub fn create_scope<T: AppDataTrait + 'static>(self) -> actix_web::Scope {
        let scope = web::scope("/auth")
            .route("/login", web::get().to(login::<T>))
            .route("/logout", web::get().to(logout))
            .route("/auth", web::get().to(auth::<T>))
        ;

        scope
    }
}

pub async fn login<T: AppDataTrait>(data: web::Data<T>) -> HttpResponse {
    // Create a PKCE code verifier and SHA-256 encode it as a code challenge.
    // let (_pkce_code_challenge, _pkce_code_verifier) = PkceCodeChallenge::new_random_sha256();
    // Generate the authorization URL to which we'll redirect the user.
    let (auth_url, _csrf_token) = &data
        .get_oauth()
        .authorize_url(CsrfToken::new_random)
        // Set the desired scopes.
        .add_scope(Scope::new("openid".to_string()))
        // Set the PKCE code challenge, need to pass verifier to /auth.
        //.set_pkce_challenge(pkce_code_challenge)
        .url();

    HttpResponse::Found()
        .append_header((header::LOCATION, auth_url.to_string()))
        .finish()
}

pub async fn logout(session: Session) -> HttpResponse {
    session.remove("user_info");
    HttpResponse::Found()
        .append_header((header::LOCATION, "/".to_string()))
        .finish()
}

async fn read_user(api_base_url: &str, access_token: &AccessToken) -> UserInfo {
    let url = Url::parse(format!("{}/me", api_base_url).as_str()).unwrap();

    let mut headers = HeaderMap::new();
    headers.insert(
        "Authorization",
        format!("Bearer {}", access_token.secret()).parse().unwrap(),
    );

    let resp = async_http_client(oauth2::HttpRequest {
        url,
        method: Method::GET,
        headers: headers,
        body: Vec::new(),
    })
    .await
    .expect("Request failed");

    let s: &str = match str::from_utf8(&resp.body) {
        Ok(v) => v,
        Err(e) => panic!("Invalid UTF-8 sequence: {}", e),
    };

    serde_json::from_slice(&resp.body).unwrap()
}

#[derive(Deserialize)]
pub struct AuthRequest {
    code: String,
    state: String,
}

pub async fn auth<T: AppDataTrait>(
    session: Session,
    data: web::Data<T>,
    params: web::Query<AuthRequest>,
) -> HttpResponse {
    let code = AuthorizationCode::new(params.code.clone());
    let _state = CsrfToken::new(params.state.clone());
    let api_base_url = AzureAuth::get_api_base_url();

    // Exchange the code with a token.
    let token = &data
        .get_oauth()
        .exchange_code(code)
        //.set_pkce_verifier()
        .request_async(async_http_client)
        .await
        .expect("exchange_code failed");

    let user_info = read_user(api_base_url, token.access_token()).await;

    session.insert("user_info", &user_info).unwrap();

    HttpResponse::Found().append_header(("location", "/")).finish()
}
move oauth into separate crate 2022-04-24 14:35:43 +02:00			`#[macro_use]`
			`extern crate serde_derive;`

add module and fix actix deprecations vom v3 2021-11-29 15:57:36 +01:00			`use actix_session::{Session};`
			`use actix_web::http::header;`
			`use actix_web::{web, HttpResponse};`
			`use http::{HeaderMap, Method};`
move oauth into separate crate 2022-04-24 14:35:43 +02:00			`use oauth2::basic::BasicClient;`
add module and fix actix deprecations vom v3 2021-11-29 15:57:36 +01:00			`use oauth2::reqwest::async_http_client;`
			`use oauth2::{`
			`AccessToken, AuthorizationCode, CsrfToken, //PkceCodeChallenge,`
			`Scope, TokenResponse`
			`};`
			`use std::str;`
			`use url::Url;`
move oauth into separate crate 2022-04-24 14:35:43 +02:00			`use oauth2::{`
			`AuthUrl, ClientId, ClientSecret, TokenUrl,`
			`};`

			`#[allow(non_snake_case)]`
			`#[derive(Serialize, Deserialize, Debug)]`
			`pub struct UserInfo {`
			`mail: String,`
			`userPrincipalName: String,`
			`displayName: String,`
			`givenName: String,`
			`surname: String,`
			`id: String,`
			`}`

			`// AppDataTrait`
			`pub trait AppDataTrait {`
			`fn get_oauth(&self) -> &BasicClient;`
			`}`

			`#[derive(Clone, Debug)]`
			`pub struct AzureAuth {`
			`auth_url: AuthUrl,`
			`token_url: TokenUrl,`
			`client_id: ClientId,`
			`client_secret: ClientSecret`
			`}`
add module and fix actix deprecations vom v3 2021-11-29 15:57:36 +01:00
move oauth into separate crate 2022-04-24 14:35:43 +02:00			`impl AzureAuth {`
			`pub fn new(oauth2_server: &String, client_id: &String, client_secret: &String) -> Self {`
			`let azure_auth = AzureAuth {`
			`auth_url: AuthUrl::new(format!("https://{}/oauth2/v2.0/authorize", oauth2_server)).expect("Invalid authorization endpoint URL"),`
			`token_url: TokenUrl::new(format!("https://{}/oauth2/v2.0/token", oauth2_server)).expect("Invalid token endpoint URL"),`
			`client_id: ClientId::new(client_id.clone()),`
			`client_secret: ClientSecret::new(client_secret.clone())`
			`};`

			`azure_auth`
			`}`

			`pub fn get_api_base_url() -> &'static str {`
			`"https://graph.microsoft.com/v1.0"`
			`}`

			`pub fn get_oauth_client(self) -> BasicClient {`
			`BasicClient::new(`
			`self.client_id,`
			`Some(self.client_secret),`
			`self.auth_url,`
			`Some(self.token_url),`
			`)`
			`}`

store actix_admin in appstate 2022-04-26 15:28:52 +02:00			`pub fn create_scope<T: AppDataTrait + 'static>(self) -> actix_web::Scope {`
move oauth into separate crate 2022-04-24 14:35:43 +02:00			`let scope = web::scope("/auth")`
			`.route("/login", web::get().to(login::<T>))`
			`.route("/logout", web::get().to(logout))`
			`.route("/auth", web::get().to(auth::<T>))`
			`;`

			`scope`
			`}`
			`}`

			`pub async fn login<T: AppDataTrait>(data: web::Data<T>) -> HttpResponse {`
add module and fix actix deprecations vom v3 2021-11-29 15:57:36 +01:00			`// Create a PKCE code verifier and SHA-256 encode it as a code challenge.`
			`// let (_pkce_code_challenge, _pkce_code_verifier) = PkceCodeChallenge::new_random_sha256();`
			`// Generate the authorization URL to which we'll redirect the user.`
			`let (auth_url, _csrf_token) = &data`
move oauth into separate crate 2022-04-24 14:35:43 +02:00			`.get_oauth()`
add module and fix actix deprecations vom v3 2021-11-29 15:57:36 +01:00			`.authorize_url(CsrfToken::new_random)`
			`// Set the desired scopes.`
			`.add_scope(Scope::new("openid".to_string()))`
			`// Set the PKCE code challenge, need to pass verifier to /auth.`
			`//.set_pkce_challenge(pkce_code_challenge)`
			`.url();`

			`HttpResponse::Found()`
			`.append_header((header::LOCATION, auth_url.to_string()))`
			`.finish()`
			`}`

split into models and viewmodels 2022-04-23 20:03:09 +02:00			`pub async fn logout(session: Session) -> HttpResponse {`
add tera template 2021-11-29 17:35:11 +01:00			`session.remove("user_info");`
add module and fix actix deprecations vom v3 2021-11-29 15:57:36 +01:00			`HttpResponse::Found()`
			`.append_header((header::LOCATION, "/".to_string()))`
			`.finish()`
			`}`

			`async fn read_user(api_base_url: &str, access_token: &AccessToken) -> UserInfo {`
			`let url = Url::parse(format!("{}/me", api_base_url).as_str()).unwrap();`

			`let mut headers = HeaderMap::new();`
			`headers.insert(`
			`"Authorization",`
			`format!("Bearer {}", access_token.secret()).parse().unwrap(),`
			`);`

			`let resp = async_http_client(oauth2::HttpRequest {`
			`url,`
			`method: Method::GET,`
			`headers: headers,`
			`body: Vec::new(),`
			`})`
			`.await`
			`.expect("Request failed");`

			`let s: &str = match str::from_utf8(&resp.body) {`
			`Ok(v) => v,`
			`Err(e) => panic!("Invalid UTF-8 sequence: {}", e),`
			`};`

			`serde_json::from_slice(&resp.body).unwrap()`
			`}`

			`#[derive(Deserialize)]`
			`pub struct AuthRequest {`
			`code: String,`
			`state: String,`
			`}`

move oauth into separate crate 2022-04-24 14:35:43 +02:00			`pub async fn auth<T: AppDataTrait>(`
add module and fix actix deprecations vom v3 2021-11-29 15:57:36 +01:00			`session: Session,`
move oauth into separate crate 2022-04-24 14:35:43 +02:00			`data: web::Data<T>,`
add module and fix actix deprecations vom v3 2021-11-29 15:57:36 +01:00			`params: web::Query<AuthRequest>,`
			`) -> HttpResponse {`
			`let code = AuthorizationCode::new(params.code.clone());`
			`let _state = CsrfToken::new(params.state.clone());`
move oauth into separate crate 2022-04-24 14:35:43 +02:00			`let api_base_url = AzureAuth::get_api_base_url();`
add module and fix actix deprecations vom v3 2021-11-29 15:57:36 +01:00
			`// Exchange the code with a token.`
			`let token = &data`
move oauth into separate crate 2022-04-24 14:35:43 +02:00			`.get_oauth()`
add module and fix actix deprecations vom v3 2021-11-29 15:57:36 +01:00			`.exchange_code(code)`
			`//.set_pkce_verifier()`
			`.request_async(async_http_client)`
			`.await`
			`.expect("exchange_code failed");`

move oauth into separate crate 2022-04-24 14:35:43 +02:00			`let user_info = read_user(api_base_url, token.access_token()).await;`
add module and fix actix deprecations vom v3 2021-11-29 15:57:36 +01:00
add tera template 2021-11-29 17:35:11 +01:00			`session.insert("user_info", &user_info).unwrap();`
add module and fix actix deprecations vom v3 2021-11-29 15:57:36 +01:00
add tera template 2021-11-29 17:35:11 +01:00			`HttpResponse::Found().append_header(("location", "/")).finish()`
add module and fix actix deprecations vom v3 2021-11-29 15:57:36 +01:00			`}`