Skip to content

Commit

Permalink
Handle user auth (wip)
Browse files Browse the repository at this point in the history
  • Loading branch information
@apiraino
apiraino committed Aug 17, 2023
1 parent fa3bc11 commit 90181d0
Showing 1 changed file with 126 additions and 15 deletions.
141 changes: 126 additions & 15 deletions src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ use futures::StreamExt;
use hyper::{header, Body, Request, Response, Server, StatusCode};
use reqwest::Client;
use route_recognizer::Router;
use serde::Deserialize;
use serde::{Deserialize, Serialize};
use std::collections::HashMap;
use std::{env, net::SocketAddr, sync::Arc};
use tokio::io::AsyncReadExt;
Expand Down Expand Up @@ -66,6 +66,83 @@ fn validate_data(prefs: &ReviewCapacityUser) -> anyhow::Result<()> {
Ok(())
}

#[derive(Debug, Deserialize)]
struct Token {
access_token: String,
}

const GH_API_URL: &str = "https://api.github.com";

async fn exchange_code(code: &str) -> anyhow::Result<Token> {
// let mut params = HashMap::new();
// params.insert("client_id", CLIENT_ID);
// params.insert("client_secret", CLIENT_SECRET);
// params.insert("code", code);

#[derive(Serialize, Debug)]
struct ReqToken<'a> {
client_id: &'a str,
client_secret: &'a str,
code: &'a str,
}

let client = reqwest::Client::new();

// let token = client
// .post("https://github.com/login/oauth/access_token")
// .form(&params)
// .send()
// .await
// .unwrap()
// .json::<Token>()
// .await
// .unwrap();

let client_id = std::env::var("CLIENT_ID").expect("CLIENT_ID is not set");
let client_secret = std::env::var("CLIENT_SECRET").expect("CLIENT_SECRET is not set");

let payload = ReqToken {
client_id: &client_id,
client_secret: &client_secret,
code,
};

let token = client
.post("https://github.com/login/oauth/access_token")
.json(&payload)
.send()
.await
.unwrap();
//.json::<Token>()
//.await
//.unwrap();

log::debug!("Token received: {:?}", token);
Ok(Token {
access_token: "this-is-the-access-token".to_string(),
})
}

async fn get_user(access_token: &str) -> anyhow::Result<github::User> {
let client = Client::new();
// TODO: maybe fit this request in the github module
// let gh = github::GithubClient::new(client, access_token.to_string());
// let user = gh.get_profile();
log::debug!("Getting user profile with token={}", access_token);

let user: github::User = client
.get(format!("{}/user", GH_API_URL))
.bearer_auth(access_token)
.send()
.await
.unwrap()
.json::<github::User>()
.await
.unwrap();

Ok(user)
}

async fn serve_req(
req: Request<Body>,
ctx: Arc<Context>,
Expand Down Expand Up @@ -186,6 +263,29 @@ async fn serve_req(
.body(Body::from(triagebot::zulip::respond(&ctx, req).await))
.unwrap());
}
// if req.uri.path() == "/github-hook" {
// if req.method == hyper::Method::GET {
// if let Some(query) = req.uri.query() {
// let code = url::form_urlencoded::parse(query.as_bytes()).find(|(k, _)| k == "code");
// if let Some((_, code)) = code {
// log::debug!("Successfully authorized! Got code {}", code);
// //let token_data = exchange_code(&code).await.unwrap();
// // TODO: now what? redirect to the backoffice?
// return Ok(Response::builder()
// .status(StatusCode::OK)
// .body(Body::from(format!(
// "Successfully authorized! Got code {}",
// code
// )))
// .unwrap());
// }
// }
// }
// return Ok(Response::builder()
// .status(StatusCode::OK)
// .body(Body::from("Invoked the github-hook without params"))
// .unwrap());
// }
if req.uri.path() == "/review-settings" {
// TODO:
// - Get auth token
Expand Down Expand Up @@ -225,20 +325,31 @@ async fn serve_req(
}

if req.method == hyper::Method::GET {
// TODO: infer these from the authentication
let user = req
.headers
.get("Role")
.ok_or_else(|| header::HeaderValue::from_static(""))
.unwrap()
.to_str()
.unwrap_or("pnkfelix");
let is_admin = user == "pnkfelix";
log::debug!("user={}, is admin: {}", user, is_admin);

// query the DB, pull all users that are members in the TOML file
let review_capacity = get_prefs(&db_client, &mut members, user, is_admin).await;
body = serde_json::json!(&review_capacity);
if let Some(query) = req.uri.query() {
let code = url::form_urlencoded::parse(query.as_bytes()).find(|(k, _)| k == "code");
if let Some((_, code)) = code {
log::debug!("Successfully authorized! Got code {}", code);
// generate a token to impersonate the user
let token = exchange_code(&code).await.unwrap();
// TODO: figure out if the user is admin or normal user
let user = get_user(&token.access_token).await.unwrap();
// let user = req
// .headers
// .get("Role")
// .ok_or_else(|| header::HeaderValue::from_static(""))
// .unwrap()
// .to_str()
// .unwrap_or("pnkfelix");
// let user = "pnkfelix";
let is_admin = user.login == "pnkfelix";
// TODO: now set a cookie
log::debug!("user={}, is admin: {}", user.login, is_admin);
// query the DB, pull all users that are members in the TOML file
let review_capacity =
get_prefs(&db_client, &mut members, &user.login, is_admin).await;
body = serde_json::json!(&review_capacity);
}
}
}

return Ok(Response::builder()
Expand Down

0 comments on commit 90181d0

Please sign in to comment.