tornadocontrib/web3-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use an enum and database roles for auth checks

Browse Source
This commit is contained in:
Bryan Stitt 2022-08-23 20:42:58 +00:00
parent e65edc7795
commit 31d30b0eed
1 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
web3_proxy/src/frontend/users.rs
View File

@ -18,6 +18,7 @@ use axum::{
use axum_auth::AuthBearer; use axum_auth::AuthBearer;
use axum_client_ip::ClientIp; use axum_client_ip::ClientIp;
use axum_macros::debug_handler; use axum_macros::debug_handler;
use entities::sea_orm_active_enums::Role;
use entities::{user, user_keys}; use entities::{user, user_keys};
use ethers::{prelude::Address, types::Bytes}; use ethers::{prelude::Address, types::Bytes};
use hashbrown::HashMap; use hashbrown::HashMap;
@ -208,7 +209,6 @@ pub async fn post_login(
#[derive(Deserialize)] #[derive(Deserialize)]
pub struct PostUser { pub struct PostUser {
primary_address: Address, primary_address: Address,
secondary_address: Option<Address>,
// TODO: make sure the email address is valid. probably have a "verified" column in the database // TODO: make sure the email address is valid. probably have a "verified" column in the database
email: Option<String>, email: Option<String>,
// TODO: make them sign this JSON? cookie in session id is hard because its on a different domain // TODO: make them sign this JSON? cookie in session id is hard because its on a different domain
@ -224,13 +224,9 @@ pub async fn post_user(
) -> FrontendResult { ) -> FrontendResult {
let _ip: IpAddr = rate_limit_by_ip(&app, ip).await?; let _ip: IpAddr = rate_limit_by_ip(&app, ip).await?;
verify_auth_token( ProtectedAction::PostUser
app.as_ref(), .verify(app.as_ref(), auth_token, &payload.primary_address)
auth_token, .await?;
&payload.primary_address,
payload.secondary_address.as_ref(),
)
.await?;
// let user = user::ActiveModel { // let user = user::ActiveModel {
// address: sea_orm::Set(payload.address.to_fixed_bytes().into()), // address: sea_orm::Set(payload.address.to_fixed_bytes().into()),
@ -241,15 +237,21 @@ pub async fn post_user(
todo!("finish post_user"); todo!("finish post_user");
} }
pub async fn verify_auth_token( // TODO: what roles should exist?
app: &Web3ProxyApp, enum ProtectedAction {
auth_token: String, PostUser,
primary_address: &Address, }
secondary_address: Option<&Address>,
) -> anyhow::Result<()> { impl ProtectedAction {
let auth_user = secondary_address.unwrap_or(primary_address); async fn verify(
self,
// TODO: Role-based access control? app: &Web3ProxyApp,
auth_token: String,
todo!("verify_auth_token") primary_address: &Address,
) -> anyhow::Result<()> {
// TODO: get the attached address from redis for the given auth_token.
// TODO: if auth_address == primary_address, allow
// TODO: if auth_address != primary_address, only allow if they are a secondary user with the correct role
todo!("verify token for the given user");
}
} }