move oauth into separate crate
This commit is contained in:
parent
8c106eb9f2
commit
b844315bf9
@ -25,4 +25,5 @@ serde_derive = "1.0.136"
|
||||
quote = "1.0"
|
||||
sea-orm = { version = "0.6.0", features = [ "sqlx-sqlite", "runtime-actix-native-tls", "macros" ], default-features = false }
|
||||
|
||||
actix_admin = { path = "actix_admin" }
|
||||
actix_admin = { path = "actix_admin" }
|
||||
azure_auth = { path = "azure_auth" }
|
21
azure_auth/Cargo.toml
Normal file
21
azure_auth/Cargo.toml
Normal file
@ -0,0 +1,21 @@
|
||||
[package]
|
||||
name = "azure_auth"
|
||||
version = "0.1.0"
|
||||
edition = "2021"
|
||||
|
||||
[dependencies]
|
||||
actix-web = "4.0.1"
|
||||
actix-rt = "2.7.0"
|
||||
actix-session = "0.5.0"
|
||||
|
||||
oauth2 = "4.1"
|
||||
base64 = "0.13.0"
|
||||
async-trait = "0.1.53"
|
||||
rand = "0.8.5"
|
||||
url = "2.2.2"
|
||||
http = "0.2.6"
|
||||
dotenv = "0.15"
|
||||
futures = "0.3.21"
|
||||
serde = "1.0.136"
|
||||
serde_json = "1.0.79"
|
||||
serde_derive = "1.0.136"
|
@ -1,7 +1,11 @@
|
||||
#[macro_use]
|
||||
extern crate serde_derive;
|
||||
|
||||
use actix_session::{Session};
|
||||
use actix_web::http::header;
|
||||
use actix_web::{web, HttpResponse};
|
||||
use http::{HeaderMap, Method};
|
||||
use oauth2::basic::BasicClient;
|
||||
use oauth2::reqwest::async_http_client;
|
||||
use oauth2::{
|
||||
AccessToken, AuthorizationCode, CsrfToken, //PkceCodeChallenge,
|
||||
@ -9,13 +13,76 @@ use oauth2::{
|
||||
};
|
||||
use std::str;
|
||||
use url::Url;
|
||||
use oauth2::{
|
||||
AuthUrl, ClientId, ClientSecret, TokenUrl,
|
||||
};
|
||||
|
||||
pub async fn login(data: web::Data<super::AppState>) -> HttpResponse {
|
||||
#[allow(non_snake_case)]
|
||||
#[derive(Serialize, Deserialize, Debug)]
|
||||
pub struct UserInfo {
|
||||
mail: String,
|
||||
userPrincipalName: String,
|
||||
displayName: String,
|
||||
givenName: String,
|
||||
surname: String,
|
||||
id: String,
|
||||
}
|
||||
|
||||
// AppDataTrait
|
||||
pub trait AppDataTrait {
|
||||
fn get_oauth(&self) -> &BasicClient;
|
||||
}
|
||||
|
||||
#[derive(Clone, Debug)]
|
||||
pub struct AzureAuth {
|
||||
auth_url: AuthUrl,
|
||||
token_url: TokenUrl,
|
||||
client_id: ClientId,
|
||||
client_secret: ClientSecret
|
||||
}
|
||||
|
||||
impl AzureAuth {
|
||||
pub fn new(oauth2_server: &String, client_id: &String, client_secret: &String) -> Self {
|
||||
let azure_auth = AzureAuth {
|
||||
auth_url: AuthUrl::new(format!("https://{}/oauth2/v2.0/authorize", oauth2_server)).expect("Invalid authorization endpoint URL"),
|
||||
token_url: TokenUrl::new(format!("https://{}/oauth2/v2.0/token", oauth2_server)).expect("Invalid token endpoint URL"),
|
||||
client_id: ClientId::new(client_id.clone()),
|
||||
client_secret: ClientSecret::new(client_secret.clone())
|
||||
};
|
||||
|
||||
azure_auth
|
||||
}
|
||||
|
||||
pub fn get_api_base_url() -> &'static str {
|
||||
"https://graph.microsoft.com/v1.0"
|
||||
}
|
||||
|
||||
pub fn get_oauth_client(self) -> BasicClient {
|
||||
BasicClient::new(
|
||||
self.client_id,
|
||||
Some(self.client_secret),
|
||||
self.auth_url,
|
||||
Some(self.token_url),
|
||||
)
|
||||
}
|
||||
|
||||
pub fn create_scope<T: AppDataTrait + 'static>(self, _app_state: &T) -> actix_web::Scope {
|
||||
let scope = web::scope("/auth")
|
||||
.route("/login", web::get().to(login::<T>))
|
||||
.route("/logout", web::get().to(logout))
|
||||
.route("/auth", web::get().to(auth::<T>))
|
||||
;
|
||||
|
||||
scope
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn login<T: AppDataTrait>(data: web::Data<T>) -> HttpResponse {
|
||||
// Create a PKCE code verifier and SHA-256 encode it as a code challenge.
|
||||
// let (_pkce_code_challenge, _pkce_code_verifier) = PkceCodeChallenge::new_random_sha256();
|
||||
// Generate the authorization URL to which we'll redirect the user.
|
||||
let (auth_url, _csrf_token) = &data
|
||||
.oauth
|
||||
.get_oauth()
|
||||
.authorize_url(CsrfToken::new_random)
|
||||
// Set the desired scopes.
|
||||
.add_scope(Scope::new("openid".to_string()))
|
||||
@ -35,17 +102,6 @@ pub async fn logout(session: Session) -> HttpResponse {
|
||||
.finish()
|
||||
}
|
||||
|
||||
#[allow(non_snake_case)]
|
||||
#[derive(Serialize, Deserialize, Debug)]
|
||||
pub struct UserInfo {
|
||||
mail: String,
|
||||
userPrincipalName: String,
|
||||
displayName: String,
|
||||
givenName: String,
|
||||
surname: String,
|
||||
id: String,
|
||||
}
|
||||
|
||||
async fn read_user(api_base_url: &str, access_token: &AccessToken) -> UserInfo {
|
||||
let url = Url::parse(format!("{}/me", api_base_url).as_str()).unwrap();
|
||||
|
||||
@ -79,24 +135,25 @@ pub struct AuthRequest {
|
||||
state: String,
|
||||
}
|
||||
|
||||
pub async fn auth(
|
||||
pub async fn auth<T: AppDataTrait>(
|
||||
session: Session,
|
||||
data: web::Data<super::AppState>,
|
||||
data: web::Data<T>,
|
||||
params: web::Query<AuthRequest>,
|
||||
) -> HttpResponse {
|
||||
let code = AuthorizationCode::new(params.code.clone());
|
||||
let _state = CsrfToken::new(params.state.clone());
|
||||
let api_base_url = AzureAuth::get_api_base_url();
|
||||
|
||||
// Exchange the code with a token.
|
||||
let token = &data
|
||||
.oauth
|
||||
.get_oauth()
|
||||
.exchange_code(code)
|
||||
//.set_pkce_verifier()
|
||||
.request_async(async_http_client)
|
||||
.await
|
||||
.expect("exchange_code failed");
|
||||
|
||||
let user_info = read_user(&data.api_base_url, token.access_token()).await;
|
||||
let user_info = read_user(api_base_url, token.access_token()).await;
|
||||
|
||||
session.insert("user_info", &user_info).unwrap();
|
||||
|
@ -1,9 +1,6 @@
|
||||
// setup
|
||||
use sea_orm::sea_query::{ColumnDef, TableCreateStatement};
|
||||
use sea_orm::{error::*, sea_query, ConnectionTrait, DbConn, ExecResult};
|
||||
use sea_orm::{{ DatabaseConnection, ConnectOptions }};
|
||||
use sea_orm::{ entity::*, query::*, SelectorTrait, ModelTrait, ColumnTrait, PaginatorTrait, EntityTrait };
|
||||
use async_trait::async_trait;
|
||||
pub mod post;
|
||||
pub use post::Entity as Post;
|
||||
|
||||
|
62
src/main.rs
62
src/main.rs
@ -1,35 +1,30 @@
|
||||
#[macro_use]
|
||||
extern crate serde_derive;
|
||||
|
||||
use actix_session::{Session, CookieSession};
|
||||
use actix_web::{web, App, HttpResponse, HttpServer};
|
||||
use tera::{ Tera, Context};
|
||||
use oauth2::basic::BasicClient;
|
||||
use oauth2::{
|
||||
AuthUrl, ClientId, ClientSecret,
|
||||
RedirectUrl, TokenUrl,
|
||||
};
|
||||
use oauth2::{ RedirectUrl };
|
||||
use std::time::{Duration};
|
||||
use std::env;
|
||||
use sea_orm::{{ DatabaseConnection, ConnectOptions, EntityName }};
|
||||
use actix_admin::{ActixAdminViewModelTrait, AppDataTrait, ActixAdminViewModel, ActixAdminModel};
|
||||
use std::collections::HashMap;
|
||||
use sea_orm::{{ DatabaseConnection, ConnectOptions }};
|
||||
|
||||
use actix_admin::{ AppDataTrait as ActixAdminAppDataTrait, ActixAdminViewModel, ActixAdminModel};
|
||||
use azure_auth::{ AzureAuth, UserInfo, AppDataTrait as AzureAuthAppDataTrait };
|
||||
|
||||
mod web_auth;
|
||||
mod entity;
|
||||
|
||||
use entity::{ Post };
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct AppState {
|
||||
pub oauth: BasicClient,
|
||||
pub api_base_url: String,
|
||||
pub tmpl: Tera,
|
||||
pub db: DatabaseConnection,
|
||||
pub view_model_map: HashMap<&'static str, ActixAdminViewModel>
|
||||
}
|
||||
|
||||
impl AppDataTrait for AppState {
|
||||
impl ActixAdminAppDataTrait for AppState {
|
||||
fn get_db(&self) -> &DatabaseConnection {
|
||||
&self.db
|
||||
}
|
||||
@ -39,9 +34,15 @@ impl AppDataTrait for AppState {
|
||||
}
|
||||
}
|
||||
|
||||
impl AzureAuthAppDataTrait for AppState {
|
||||
fn get_oauth(&self) -> &BasicClient {
|
||||
&self.oauth
|
||||
}
|
||||
}
|
||||
|
||||
async fn index(session: Session, data: web::Data<AppState>) -> HttpResponse {
|
||||
let login = session.get::<web_auth::UserInfo>("user_info").unwrap();
|
||||
let web_auth_link = if login.is_some() { "logout" } else { "login" };
|
||||
let login = session.get::<UserInfo>("user_info").unwrap();
|
||||
let web_auth_link = if login.is_some() { "/auth/logout" } else { "/auth/login" };
|
||||
|
||||
let mut ctx = Context::new();
|
||||
ctx.insert("web_auth_link", web_auth_link);
|
||||
@ -52,31 +53,13 @@ async fn index(session: Session, data: web::Data<AppState>) -> HttpResponse {
|
||||
#[actix_rt::main]
|
||||
async fn main() {
|
||||
dotenv::dotenv().ok();
|
||||
let oauth2_client_id = ClientId::new(
|
||||
env::var("OAUTH2_CLIENT_ID")
|
||||
.expect("Missing the OAUTH2_CLIENT_ID environment variable."),
|
||||
);
|
||||
let oauth2_client_secret = ClientSecret::new(
|
||||
env::var("OAUTH2_CLIENT_SECRET")
|
||||
.expect("Missing the OAUTH2_CLIENT_SECRET environment variable."),
|
||||
);
|
||||
let oauth2_server =
|
||||
env::var("OAUTH2_SERVER").expect("Missing the OAUTH2_SERVER environment variable.");
|
||||
|
||||
let auth_url = AuthUrl::new(format!("https://{}/oauth2/v2.0/authorize", oauth2_server))
|
||||
.expect("Invalid authorization endpoint URL");
|
||||
let token_url = TokenUrl::new(format!("https://{}/oauth2/v2.0/token", oauth2_server))
|
||||
.expect("Invalid token endpoint URL");
|
||||
|
||||
let api_base_url = "https://graph.microsoft.com/v1.0".to_string();
|
||||
let oauth2_client_id = env::var("OAUTH2_CLIENT_ID").expect("Missing the OAUTH2_CLIENT_ID environment variable.");
|
||||
let oauth2_client_secret = env::var("OAUTH2_CLIENT_SECRET").expect("Missing the OAUTH2_CLIENT_SECRET environment variable.");
|
||||
let oauth2_server = env::var("OAUTH2_SERVER").expect("Missing the OAUTH2_SERVER environment variable.");
|
||||
let azure_auth = AzureAuth::new(&oauth2_server, &oauth2_client_id, &oauth2_client_secret);
|
||||
|
||||
// Set up the config for the OAuth2 process.
|
||||
let client = BasicClient::new(
|
||||
oauth2_client_id,
|
||||
Some(oauth2_client_secret),
|
||||
auth_url,
|
||||
Some(token_url),
|
||||
)
|
||||
let client = azure_auth.clone().get_oauth_client()
|
||||
// This example will be running its own server at 127.0.0.1:5000.
|
||||
.set_redirect_uri(
|
||||
RedirectUrl::new("http://localhost:5000/auth".to_string())
|
||||
@ -109,7 +92,6 @@ async fn main() {
|
||||
|
||||
let app_state = AppState {
|
||||
oauth: client,
|
||||
api_base_url,
|
||||
tmpl: tera,
|
||||
db: conn,
|
||||
view_model_map: actix_admin.get_view_model_map()
|
||||
@ -119,11 +101,9 @@ async fn main() {
|
||||
App::new()
|
||||
.app_data(web::Data::new(app_state.clone()))
|
||||
.wrap(CookieSession::signed(&[0; 32]).secure(false))
|
||||
.service(actix_admin.clone().create_scope(&app_state))
|
||||
.route("/", web::get().to(index))
|
||||
.route("/login", web::get().to(web_auth::login))
|
||||
.route("/logout", web::get().to(web_auth::logout))
|
||||
.route("/auth", web::get().to(web_auth::auth))
|
||||
.service(actix_admin.clone().create_scope(&app_state))
|
||||
.service(azure_auth.clone().create_scope(&app_state))
|
||||
})
|
||||
.bind("127.0.0.1:5000")
|
||||
.expect("Can not bind to port 5000")
|
||||
|
Loading…
Reference in New Issue
Block a user