use an enum and database roles for auth checks
This commit is contained in:
parent
e65edc7795
commit
31d30b0eed
@ -18,6 +18,7 @@ use axum::{
|
|||||||
use axum_auth::AuthBearer;
|
use axum_auth::AuthBearer;
|
||||||
use axum_client_ip::ClientIp;
|
use axum_client_ip::ClientIp;
|
||||||
use axum_macros::debug_handler;
|
use axum_macros::debug_handler;
|
||||||
|
use entities::sea_orm_active_enums::Role;
|
||||||
use entities::{user, user_keys};
|
use entities::{user, user_keys};
|
||||||
use ethers::{prelude::Address, types::Bytes};
|
use ethers::{prelude::Address, types::Bytes};
|
||||||
use hashbrown::HashMap;
|
use hashbrown::HashMap;
|
||||||
@ -208,7 +209,6 @@ pub async fn post_login(
|
|||||||
#[derive(Deserialize)]
|
#[derive(Deserialize)]
|
||||||
pub struct PostUser {
|
pub struct PostUser {
|
||||||
primary_address: Address,
|
primary_address: Address,
|
||||||
secondary_address: Option<Address>,
|
|
||||||
// TODO: make sure the email address is valid. probably have a "verified" column in the database
|
// TODO: make sure the email address is valid. probably have a "verified" column in the database
|
||||||
email: Option<String>,
|
email: Option<String>,
|
||||||
// TODO: make them sign this JSON? cookie in session id is hard because its on a different domain
|
// TODO: make them sign this JSON? cookie in session id is hard because its on a different domain
|
||||||
@ -224,13 +224,9 @@ pub async fn post_user(
|
|||||||
) -> FrontendResult {
|
) -> FrontendResult {
|
||||||
let _ip: IpAddr = rate_limit_by_ip(&app, ip).await?;
|
let _ip: IpAddr = rate_limit_by_ip(&app, ip).await?;
|
||||||
|
|
||||||
verify_auth_token(
|
ProtectedAction::PostUser
|
||||||
app.as_ref(),
|
.verify(app.as_ref(), auth_token, &payload.primary_address)
|
||||||
auth_token,
|
.await?;
|
||||||
&payload.primary_address,
|
|
||||||
payload.secondary_address.as_ref(),
|
|
||||||
)
|
|
||||||
.await?;
|
|
||||||
|
|
||||||
// let user = user::ActiveModel {
|
// let user = user::ActiveModel {
|
||||||
// address: sea_orm::Set(payload.address.to_fixed_bytes().into()),
|
// address: sea_orm::Set(payload.address.to_fixed_bytes().into()),
|
||||||
@ -241,15 +237,21 @@ pub async fn post_user(
|
|||||||
todo!("finish post_user");
|
todo!("finish post_user");
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn verify_auth_token(
|
// TODO: what roles should exist?
|
||||||
app: &Web3ProxyApp,
|
enum ProtectedAction {
|
||||||
auth_token: String,
|
PostUser,
|
||||||
primary_address: &Address,
|
}
|
||||||
secondary_address: Option<&Address>,
|
|
||||||
) -> anyhow::Result<()> {
|
impl ProtectedAction {
|
||||||
let auth_user = secondary_address.unwrap_or(primary_address);
|
async fn verify(
|
||||||
|
self,
|
||||||
// TODO: Role-based access control?
|
app: &Web3ProxyApp,
|
||||||
|
auth_token: String,
|
||||||
todo!("verify_auth_token")
|
primary_address: &Address,
|
||||||
|
) -> anyhow::Result<()> {
|
||||||
|
// TODO: get the attached address from redis for the given auth_token.
|
||||||
|
// TODO: if auth_address == primary_address, allow
|
||||||
|
// TODO: if auth_address != primary_address, only allow if they are a secondary user with the correct role
|
||||||
|
todo!("verify token for the given user");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user