tornadocontrib/web3-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use an enum and database roles for auth checks

Browse Source
This commit is contained in:
Bryan Stitt 2022-08-23 20:42:58 +00:00
parent e65edc7795
commit 31d30b0eed
1 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
web3_proxy/src/frontend/users.rs
View File

@ -18,6 +18,7 @@ use axum::{
use axum_auth::AuthBearer; use axum_auth::AuthBearer;
use axum_client_ip::ClientIp; use axum_client_ip::ClientIp;
use axum_macros::debug_handler; use axum_macros::debug_handler;
use entities::sea_orm_active_enums::Role;
use entities::{user, user_keys}; use entities::{user, user_keys};
use ethers::{prelude::Address, types::Bytes}; use ethers::{prelude::Address, types::Bytes};
use hashbrown::HashMap; use hashbrown::HashMap;
@ -208,7 +209,6 @@ pub async fn post_login(
#[derive(Deserialize)] #[derive(Deserialize)]
pub struct PostUser { pub struct PostUser {
primary_address: Address, primary_address: Address,
secondary_address: Option<Address>,
// TODO: make sure the email address is valid. probably have a "verified" column in the database // TODO: make sure the email address is valid. probably have a "verified" column in the database
email: Option<String>, email: Option<String>,
// TODO: make them sign this JSON? cookie in session id is hard because its on a different domain // TODO: make them sign this JSON? cookie in session id is hard because its on a different domain
@ -224,12 +224,8 @@ pub async fn post_user(
) -> FrontendResult { ) -> FrontendResult {
let _ip: IpAddr = rate_limit_by_ip(&app, ip).await?; let _ip: IpAddr = rate_limit_by_ip(&app, ip).await?;
verify_auth_token( ProtectedAction::PostUser
app.as_ref(), .verify(app.as_ref(), auth_token, &payload.primary_address)
auth_token,
&payload.primary_address,
payload.secondary_address.as_ref(),
)
.await?; .await?;
// let user = user::ActiveModel { // let user = user::ActiveModel {
@ -241,15 +237,21 @@ pub async fn post_user(
todo!("finish post_user"); todo!("finish post_user");
} }
pub async fn verify_auth_token( // TODO: what roles should exist?
enum ProtectedAction {
PostUser,
}
impl ProtectedAction {
async fn verify(
self,
app: &Web3ProxyApp, app: &Web3ProxyApp,
auth_token: String, auth_token: String,
primary_address: &Address, primary_address: &Address,
secondary_address: Option<&Address>, ) -> anyhow::Result<()> {
) -> anyhow::Result<()> { // TODO: get the attached address from redis for the given auth_token.
let auth_user = secondary_address.unwrap_or(primary_address); // TODO: if auth_address == primary_address, allow
// TODO: if auth_address != primary_address, only allow if they are a secondary user with the correct role
// TODO: Role-based access control? todo!("verify token for the given user");
}
todo!("verify_auth_token")
} }