From 63b98acc4beab529feee23d1fa5fd4f09e385010 Mon Sep 17 00:00:00 2001 From: Jakob Helgesson Date: Wed, 4 Dec 2024 18:54:55 +0100 Subject: [PATCH] Add AuthToken as security schema in openapi --- engine/src/auth/middleware.rs | 39 ++++++++++++++++++++++++++++--- engine/src/routes/sessions/mod.rs | 18 +++++++++----- 2 files changed, 48 insertions(+), 9 deletions(-) diff --git a/engine/src/auth/middleware.rs b/engine/src/auth/middleware.rs index 301903c..2a13d8f 100644 --- a/engine/src/auth/middleware.rs +++ b/engine/src/auth/middleware.rs @@ -1,6 +1,10 @@ use std::sync::Arc; use poem::{web::Data, Error, FromRequest, Request, RequestBody, Result}; +use poem_openapi::{ + registry::{MetaSecurityScheme, Registry}, + ApiExtractor, ApiExtractorType, ExtractParamOptions, +}; use reqwest::StatusCode; use super::hash::hash_session; @@ -24,9 +28,19 @@ impl AuthToken { } } -impl<'a> FromRequest<'a> for AuthToken { - async fn from_request(req: &'a Request, body: &mut RequestBody) -> Result { - let state = Data::<&Arc>::from_request(req, body).await?; +impl<'a> ApiExtractor<'a> for AuthToken { + const TYPES: &'static [ApiExtractorType] = &[ApiExtractorType::SecurityScheme]; + + type ParamType = (); + + type ParamRawType = (); + + async fn from_request( + req: &'a Request, + body: &mut RequestBody, + _param_opts: ExtractParamOptions, + ) -> Result { + let state = > as FromRequest>::from_request(req, body).await?; // extract cookies from request let _cookies = req.headers().get("Cookie").and_then(|x| x.to_str().ok()); @@ -57,4 +71,23 @@ impl<'a> FromRequest<'a> for AuthToken { None => Ok(AuthToken::None), } } + + fn register(registry: &mut Registry) { + registry.create_security_scheme( + "AuthToken", + MetaSecurityScheme { + ty: "http", + description: Some("Session token for authentication"), + name: None, + key_in: None, + scheme: Some("bearer"), + bearer_format: Some("Bearer"), + flows: None, + openid_connect_url: None, + }, + ); + } + fn security_schemes() -> Vec<&'static str> { + vec!["AuthToken"] + } } diff --git a/engine/src/routes/sessions/mod.rs b/engine/src/routes/sessions/mod.rs index 1bfe3f7..6d60eb3 100644 --- a/engine/src/routes/sessions/mod.rs +++ b/engine/src/routes/sessions/mod.rs @@ -5,16 +5,16 @@ use poem_openapi::{param::Path, payload::Json, OpenApi}; use reqwest::StatusCode; use tracing::info; -use crate::{auth::middleware::AuthToken, models::sessions::Session, state::AppState}; use super::ApiTags; -pub mod delete; +use crate::{auth::middleware::AuthToken, models::sessions::Session, state::AppState}; +// pub mod delete; pub struct SessionsApi; #[OpenApi] impl SessionsApi { /// /sessions - /// + /// /// Get all sessions for the current user #[oai(path = "/sessions", method = "get", tag = "ApiTags::Auth")] async fn get_sessions( @@ -22,7 +22,9 @@ impl SessionsApi { auth: AuthToken, state: Data<&Arc>, ) -> Result>> { - let active_user = auth.ok().ok_or(Error::from_status(StatusCode::UNAUTHORIZED))?; + let active_user = auth + .ok() + .ok_or(Error::from_status(StatusCode::UNAUTHORIZED))?; Ok(Json( Session::get_by_user_id(&state.database, active_user.session.user_id) @@ -32,9 +34,13 @@ impl SessionsApi { } /// /sessions/:session_id - /// + /// /// Delete a Session by `session_id` - #[oai(path = "/sessions/:session_id", method = "delete", tag = "ApiTags::Auth")] + #[oai( + path = "/sessions/:session_id", + method = "delete", + tag = "ApiTags::Auth" + )] async fn delete_session( &self, auth: AuthToken,