move oauth into separate crate
This commit is contained in:
parent
8c106eb9f2
commit
b844315bf9
@ -25,4 +25,5 @@ serde_derive = "1.0.136"
|
|||||||
quote = "1.0"
|
quote = "1.0"
|
||||||
sea-orm = { version = "0.6.0", features = [ "sqlx-sqlite", "runtime-actix-native-tls", "macros" ], default-features = false }
|
sea-orm = { version = "0.6.0", features = [ "sqlx-sqlite", "runtime-actix-native-tls", "macros" ], default-features = false }
|
||||||
|
|
||||||
actix_admin = { path = "actix_admin" }
|
actix_admin = { path = "actix_admin" }
|
||||||
|
azure_auth = { path = "azure_auth" }
|
21
azure_auth/Cargo.toml
Normal file
21
azure_auth/Cargo.toml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
[package]
|
||||||
|
name = "azure_auth"
|
||||||
|
version = "0.1.0"
|
||||||
|
edition = "2021"
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
actix-web = "4.0.1"
|
||||||
|
actix-rt = "2.7.0"
|
||||||
|
actix-session = "0.5.0"
|
||||||
|
|
||||||
|
oauth2 = "4.1"
|
||||||
|
base64 = "0.13.0"
|
||||||
|
async-trait = "0.1.53"
|
||||||
|
rand = "0.8.5"
|
||||||
|
url = "2.2.2"
|
||||||
|
http = "0.2.6"
|
||||||
|
dotenv = "0.15"
|
||||||
|
futures = "0.3.21"
|
||||||
|
serde = "1.0.136"
|
||||||
|
serde_json = "1.0.79"
|
||||||
|
serde_derive = "1.0.136"
|
@ -1,7 +1,11 @@
|
|||||||
|
#[macro_use]
|
||||||
|
extern crate serde_derive;
|
||||||
|
|
||||||
use actix_session::{Session};
|
use actix_session::{Session};
|
||||||
use actix_web::http::header;
|
use actix_web::http::header;
|
||||||
use actix_web::{web, HttpResponse};
|
use actix_web::{web, HttpResponse};
|
||||||
use http::{HeaderMap, Method};
|
use http::{HeaderMap, Method};
|
||||||
|
use oauth2::basic::BasicClient;
|
||||||
use oauth2::reqwest::async_http_client;
|
use oauth2::reqwest::async_http_client;
|
||||||
use oauth2::{
|
use oauth2::{
|
||||||
AccessToken, AuthorizationCode, CsrfToken, //PkceCodeChallenge,
|
AccessToken, AuthorizationCode, CsrfToken, //PkceCodeChallenge,
|
||||||
@ -9,13 +13,76 @@ use oauth2::{
|
|||||||
};
|
};
|
||||||
use std::str;
|
use std::str;
|
||||||
use url::Url;
|
use url::Url;
|
||||||
|
use oauth2::{
|
||||||
|
AuthUrl, ClientId, ClientSecret, TokenUrl,
|
||||||
|
};
|
||||||
|
|
||||||
pub async fn login(data: web::Data<super::AppState>) -> HttpResponse {
|
#[allow(non_snake_case)]
|
||||||
|
#[derive(Serialize, Deserialize, Debug)]
|
||||||
|
pub struct UserInfo {
|
||||||
|
mail: String,
|
||||||
|
userPrincipalName: String,
|
||||||
|
displayName: String,
|
||||||
|
givenName: String,
|
||||||
|
surname: String,
|
||||||
|
id: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
// AppDataTrait
|
||||||
|
pub trait AppDataTrait {
|
||||||
|
fn get_oauth(&self) -> &BasicClient;
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Clone, Debug)]
|
||||||
|
pub struct AzureAuth {
|
||||||
|
auth_url: AuthUrl,
|
||||||
|
token_url: TokenUrl,
|
||||||
|
client_id: ClientId,
|
||||||
|
client_secret: ClientSecret
|
||||||
|
}
|
||||||
|
|
||||||
|
impl AzureAuth {
|
||||||
|
pub fn new(oauth2_server: &String, client_id: &String, client_secret: &String) -> Self {
|
||||||
|
let azure_auth = AzureAuth {
|
||||||
|
auth_url: AuthUrl::new(format!("https://{}/oauth2/v2.0/authorize", oauth2_server)).expect("Invalid authorization endpoint URL"),
|
||||||
|
token_url: TokenUrl::new(format!("https://{}/oauth2/v2.0/token", oauth2_server)).expect("Invalid token endpoint URL"),
|
||||||
|
client_id: ClientId::new(client_id.clone()),
|
||||||
|
client_secret: ClientSecret::new(client_secret.clone())
|
||||||
|
};
|
||||||
|
|
||||||
|
azure_auth
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn get_api_base_url() -> &'static str {
|
||||||
|
"https://graph.microsoft.com/v1.0"
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn get_oauth_client(self) -> BasicClient {
|
||||||
|
BasicClient::new(
|
||||||
|
self.client_id,
|
||||||
|
Some(self.client_secret),
|
||||||
|
self.auth_url,
|
||||||
|
Some(self.token_url),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn create_scope<T: AppDataTrait + 'static>(self, _app_state: &T) -> actix_web::Scope {
|
||||||
|
let scope = web::scope("/auth")
|
||||||
|
.route("/login", web::get().to(login::<T>))
|
||||||
|
.route("/logout", web::get().to(logout))
|
||||||
|
.route("/auth", web::get().to(auth::<T>))
|
||||||
|
;
|
||||||
|
|
||||||
|
scope
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn login<T: AppDataTrait>(data: web::Data<T>) -> HttpResponse {
|
||||||
// Create a PKCE code verifier and SHA-256 encode it as a code challenge.
|
// Create a PKCE code verifier and SHA-256 encode it as a code challenge.
|
||||||
// let (_pkce_code_challenge, _pkce_code_verifier) = PkceCodeChallenge::new_random_sha256();
|
// let (_pkce_code_challenge, _pkce_code_verifier) = PkceCodeChallenge::new_random_sha256();
|
||||||
// Generate the authorization URL to which we'll redirect the user.
|
// Generate the authorization URL to which we'll redirect the user.
|
||||||
let (auth_url, _csrf_token) = &data
|
let (auth_url, _csrf_token) = &data
|
||||||
.oauth
|
.get_oauth()
|
||||||
.authorize_url(CsrfToken::new_random)
|
.authorize_url(CsrfToken::new_random)
|
||||||
// Set the desired scopes.
|
// Set the desired scopes.
|
||||||
.add_scope(Scope::new("openid".to_string()))
|
.add_scope(Scope::new("openid".to_string()))
|
||||||
@ -35,17 +102,6 @@ pub async fn logout(session: Session) -> HttpResponse {
|
|||||||
.finish()
|
.finish()
|
||||||
}
|
}
|
||||||
|
|
||||||
#[allow(non_snake_case)]
|
|
||||||
#[derive(Serialize, Deserialize, Debug)]
|
|
||||||
pub struct UserInfo {
|
|
||||||
mail: String,
|
|
||||||
userPrincipalName: String,
|
|
||||||
displayName: String,
|
|
||||||
givenName: String,
|
|
||||||
surname: String,
|
|
||||||
id: String,
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn read_user(api_base_url: &str, access_token: &AccessToken) -> UserInfo {
|
async fn read_user(api_base_url: &str, access_token: &AccessToken) -> UserInfo {
|
||||||
let url = Url::parse(format!("{}/me", api_base_url).as_str()).unwrap();
|
let url = Url::parse(format!("{}/me", api_base_url).as_str()).unwrap();
|
||||||
|
|
||||||
@ -79,24 +135,25 @@ pub struct AuthRequest {
|
|||||||
state: String,
|
state: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn auth(
|
pub async fn auth<T: AppDataTrait>(
|
||||||
session: Session,
|
session: Session,
|
||||||
data: web::Data<super::AppState>,
|
data: web::Data<T>,
|
||||||
params: web::Query<AuthRequest>,
|
params: web::Query<AuthRequest>,
|
||||||
) -> HttpResponse {
|
) -> HttpResponse {
|
||||||
let code = AuthorizationCode::new(params.code.clone());
|
let code = AuthorizationCode::new(params.code.clone());
|
||||||
let _state = CsrfToken::new(params.state.clone());
|
let _state = CsrfToken::new(params.state.clone());
|
||||||
|
let api_base_url = AzureAuth::get_api_base_url();
|
||||||
|
|
||||||
// Exchange the code with a token.
|
// Exchange the code with a token.
|
||||||
let token = &data
|
let token = &data
|
||||||
.oauth
|
.get_oauth()
|
||||||
.exchange_code(code)
|
.exchange_code(code)
|
||||||
//.set_pkce_verifier()
|
//.set_pkce_verifier()
|
||||||
.request_async(async_http_client)
|
.request_async(async_http_client)
|
||||||
.await
|
.await
|
||||||
.expect("exchange_code failed");
|
.expect("exchange_code failed");
|
||||||
|
|
||||||
let user_info = read_user(&data.api_base_url, token.access_token()).await;
|
let user_info = read_user(api_base_url, token.access_token()).await;
|
||||||
|
|
||||||
session.insert("user_info", &user_info).unwrap();
|
session.insert("user_info", &user_info).unwrap();
|
||||||
|
|
@ -1,9 +1,6 @@
|
|||||||
// setup
|
// setup
|
||||||
use sea_orm::sea_query::{ColumnDef, TableCreateStatement};
|
use sea_orm::sea_query::{ColumnDef, TableCreateStatement};
|
||||||
use sea_orm::{error::*, sea_query, ConnectionTrait, DbConn, ExecResult};
|
use sea_orm::{error::*, sea_query, ConnectionTrait, DbConn, ExecResult};
|
||||||
use sea_orm::{{ DatabaseConnection, ConnectOptions }};
|
|
||||||
use sea_orm::{ entity::*, query::*, SelectorTrait, ModelTrait, ColumnTrait, PaginatorTrait, EntityTrait };
|
|
||||||
use async_trait::async_trait;
|
|
||||||
pub mod post;
|
pub mod post;
|
||||||
pub use post::Entity as Post;
|
pub use post::Entity as Post;
|
||||||
|
|
||||||
|
62
src/main.rs
62
src/main.rs
@ -1,35 +1,30 @@
|
|||||||
#[macro_use]
|
|
||||||
extern crate serde_derive;
|
extern crate serde_derive;
|
||||||
|
|
||||||
use actix_session::{Session, CookieSession};
|
use actix_session::{Session, CookieSession};
|
||||||
use actix_web::{web, App, HttpResponse, HttpServer};
|
use actix_web::{web, App, HttpResponse, HttpServer};
|
||||||
use tera::{ Tera, Context};
|
use tera::{ Tera, Context};
|
||||||
use oauth2::basic::BasicClient;
|
use oauth2::basic::BasicClient;
|
||||||
use oauth2::{
|
use oauth2::{ RedirectUrl };
|
||||||
AuthUrl, ClientId, ClientSecret,
|
|
||||||
RedirectUrl, TokenUrl,
|
|
||||||
};
|
|
||||||
use std::time::{Duration};
|
use std::time::{Duration};
|
||||||
use std::env;
|
use std::env;
|
||||||
use sea_orm::{{ DatabaseConnection, ConnectOptions, EntityName }};
|
|
||||||
use actix_admin::{ActixAdminViewModelTrait, AppDataTrait, ActixAdminViewModel, ActixAdminModel};
|
|
||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
|
use sea_orm::{{ DatabaseConnection, ConnectOptions }};
|
||||||
|
|
||||||
|
use actix_admin::{ AppDataTrait as ActixAdminAppDataTrait, ActixAdminViewModel, ActixAdminModel};
|
||||||
|
use azure_auth::{ AzureAuth, UserInfo, AppDataTrait as AzureAuthAppDataTrait };
|
||||||
|
|
||||||
mod web_auth;
|
|
||||||
mod entity;
|
mod entity;
|
||||||
|
|
||||||
use entity::{ Post };
|
use entity::{ Post };
|
||||||
|
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
pub struct AppState {
|
pub struct AppState {
|
||||||
pub oauth: BasicClient,
|
pub oauth: BasicClient,
|
||||||
pub api_base_url: String,
|
|
||||||
pub tmpl: Tera,
|
pub tmpl: Tera,
|
||||||
pub db: DatabaseConnection,
|
pub db: DatabaseConnection,
|
||||||
pub view_model_map: HashMap<&'static str, ActixAdminViewModel>
|
pub view_model_map: HashMap<&'static str, ActixAdminViewModel>
|
||||||
}
|
}
|
||||||
|
|
||||||
impl AppDataTrait for AppState {
|
impl ActixAdminAppDataTrait for AppState {
|
||||||
fn get_db(&self) -> &DatabaseConnection {
|
fn get_db(&self) -> &DatabaseConnection {
|
||||||
&self.db
|
&self.db
|
||||||
}
|
}
|
||||||
@ -39,9 +34,15 @@ impl AppDataTrait for AppState {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl AzureAuthAppDataTrait for AppState {
|
||||||
|
fn get_oauth(&self) -> &BasicClient {
|
||||||
|
&self.oauth
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
async fn index(session: Session, data: web::Data<AppState>) -> HttpResponse {
|
async fn index(session: Session, data: web::Data<AppState>) -> HttpResponse {
|
||||||
let login = session.get::<web_auth::UserInfo>("user_info").unwrap();
|
let login = session.get::<UserInfo>("user_info").unwrap();
|
||||||
let web_auth_link = if login.is_some() { "logout" } else { "login" };
|
let web_auth_link = if login.is_some() { "/auth/logout" } else { "/auth/login" };
|
||||||
|
|
||||||
let mut ctx = Context::new();
|
let mut ctx = Context::new();
|
||||||
ctx.insert("web_auth_link", web_auth_link);
|
ctx.insert("web_auth_link", web_auth_link);
|
||||||
@ -52,31 +53,13 @@ async fn index(session: Session, data: web::Data<AppState>) -> HttpResponse {
|
|||||||
#[actix_rt::main]
|
#[actix_rt::main]
|
||||||
async fn main() {
|
async fn main() {
|
||||||
dotenv::dotenv().ok();
|
dotenv::dotenv().ok();
|
||||||
let oauth2_client_id = ClientId::new(
|
let oauth2_client_id = env::var("OAUTH2_CLIENT_ID").expect("Missing the OAUTH2_CLIENT_ID environment variable.");
|
||||||
env::var("OAUTH2_CLIENT_ID")
|
let oauth2_client_secret = env::var("OAUTH2_CLIENT_SECRET").expect("Missing the OAUTH2_CLIENT_SECRET environment variable.");
|
||||||
.expect("Missing the OAUTH2_CLIENT_ID environment variable."),
|
let oauth2_server = env::var("OAUTH2_SERVER").expect("Missing the OAUTH2_SERVER environment variable.");
|
||||||
);
|
let azure_auth = AzureAuth::new(&oauth2_server, &oauth2_client_id, &oauth2_client_secret);
|
||||||
let oauth2_client_secret = ClientSecret::new(
|
|
||||||
env::var("OAUTH2_CLIENT_SECRET")
|
|
||||||
.expect("Missing the OAUTH2_CLIENT_SECRET environment variable."),
|
|
||||||
);
|
|
||||||
let oauth2_server =
|
|
||||||
env::var("OAUTH2_SERVER").expect("Missing the OAUTH2_SERVER environment variable.");
|
|
||||||
|
|
||||||
let auth_url = AuthUrl::new(format!("https://{}/oauth2/v2.0/authorize", oauth2_server))
|
|
||||||
.expect("Invalid authorization endpoint URL");
|
|
||||||
let token_url = TokenUrl::new(format!("https://{}/oauth2/v2.0/token", oauth2_server))
|
|
||||||
.expect("Invalid token endpoint URL");
|
|
||||||
|
|
||||||
let api_base_url = "https://graph.microsoft.com/v1.0".to_string();
|
|
||||||
|
|
||||||
// Set up the config for the OAuth2 process.
|
// Set up the config for the OAuth2 process.
|
||||||
let client = BasicClient::new(
|
let client = azure_auth.clone().get_oauth_client()
|
||||||
oauth2_client_id,
|
|
||||||
Some(oauth2_client_secret),
|
|
||||||
auth_url,
|
|
||||||
Some(token_url),
|
|
||||||
)
|
|
||||||
// This example will be running its own server at 127.0.0.1:5000.
|
// This example will be running its own server at 127.0.0.1:5000.
|
||||||
.set_redirect_uri(
|
.set_redirect_uri(
|
||||||
RedirectUrl::new("http://localhost:5000/auth".to_string())
|
RedirectUrl::new("http://localhost:5000/auth".to_string())
|
||||||
@ -109,7 +92,6 @@ async fn main() {
|
|||||||
|
|
||||||
let app_state = AppState {
|
let app_state = AppState {
|
||||||
oauth: client,
|
oauth: client,
|
||||||
api_base_url,
|
|
||||||
tmpl: tera,
|
tmpl: tera,
|
||||||
db: conn,
|
db: conn,
|
||||||
view_model_map: actix_admin.get_view_model_map()
|
view_model_map: actix_admin.get_view_model_map()
|
||||||
@ -119,11 +101,9 @@ async fn main() {
|
|||||||
App::new()
|
App::new()
|
||||||
.app_data(web::Data::new(app_state.clone()))
|
.app_data(web::Data::new(app_state.clone()))
|
||||||
.wrap(CookieSession::signed(&[0; 32]).secure(false))
|
.wrap(CookieSession::signed(&[0; 32]).secure(false))
|
||||||
.service(actix_admin.clone().create_scope(&app_state))
|
|
||||||
.route("/", web::get().to(index))
|
.route("/", web::get().to(index))
|
||||||
.route("/login", web::get().to(web_auth::login))
|
.service(actix_admin.clone().create_scope(&app_state))
|
||||||
.route("/logout", web::get().to(web_auth::logout))
|
.service(azure_auth.clone().create_scope(&app_state))
|
||||||
.route("/auth", web::get().to(web_auth::auth))
|
|
||||||
})
|
})
|
||||||
.bind("127.0.0.1:5000")
|
.bind("127.0.0.1:5000")
|
||||||
.expect("Can not bind to port 5000")
|
.expect("Can not bind to port 5000")
|
||||||
|
Loading…
Reference in New Issue
Block a user