factoriauth/src/server.rs

use std::{net::SocketAddr, sync::Arc};

use axum::{
    extract::{Query, State},
    http::StatusCode,
    response::IntoResponse,
    routing::{get, post},
    Form, Json, Router,
};
use color_eyre::eyre::Context;
use secrecy::ExposeSecret;
use serde::{Deserialize, Serialize};
use tracing::{event, instrument, Level};

use crate::auth::{
    AuthenticationError, ServerPadlockGenerator, UserAuthenticator, UserServerKeyGenerator,
};
use crate::secrets::{Password, ServerHash, UserToken};

#[derive(Debug, Clone)]
struct AppState {
    user_authenticator: Arc<UserAuthenticator>,
    server_padlock_generator: Arc<ServerPadlockGenerator>,
    user_server_key_generator: Arc<UserServerKeyGenerator>,
}

#[instrument]
pub async fn run(
    listen: SocketAddr,
    user_authenticator: Arc<UserAuthenticator>,
    server_padlock_generator: Arc<ServerPadlockGenerator>,
    user_server_key_generator: Arc<UserServerKeyGenerator>,
) -> color_eyre::Result<()> {
    let app_state = AppState {
        user_authenticator,
        server_padlock_generator,
        user_server_key_generator,
    };

    let app = Router::new()
        .route("/tls-check/success", get(|| async { "OK" }))
        .route("/api-login", post(api_login))
        .route(
            "/generate-user-server-key-2",
            post(generate_user_server_key_2),
        )
        .route(
            "/generate-server-padlock-2",
            post(generate_server_padlock_2),
        )
        .with_state(app_state);

    let listener = tokio::net::TcpListener::bind(listen)
        .await
        .context(format!("Failed to listen on {listen}"))?;
    axum::serve(listener, app).await?;

    Ok(())
}

#[derive(Debug, Clone, PartialEq, Eq, Serialize)]
struct ApiError {
    #[serde(skip_serializing)]
    status: StatusCode,
    error: String,
    message: String,
}

impl From<AuthenticationError> for ApiError {
    fn from(err: AuthenticationError) -> Self {
        Self {
            status: StatusCode::UNAUTHORIZED,
            error: "authentication-failed".to_owned(),
            message: err.to_string(),
        }
    }
}

impl IntoResponse for ApiError {
    fn into_response(self) -> axum::response::Response {
        (self.status, Json(self)).into_response()
    }
}

type ApiResult<T> = Result<T, ApiError>;

fn default_api_version() -> String {
    "4".to_owned()
}

#[derive(Debug, Clone, PartialEq, Eq, Deserialize)]
struct ApiVersion {
    #[serde(default = "default_api_version")]
    api_version: String,
}

#[derive(Debug, Clone, Deserialize)]
struct LoginRequest {
    username: String,
    password: Password,
}

#[derive(Debug, Clone, Serialize)]
struct LoginResponse {
    username: String,
    token: String,
}

#[instrument]
async fn api_login(
    State(AppState {
        user_authenticator, ..
    }): State<AppState>,
    Query(ApiVersion { api_version }): Query<ApiVersion>,
    Form(LoginRequest { username, password }): Form<LoginRequest>,
) -> ApiResult<Json<LoginResponse>> {
    event!(Level::INFO, "Generating user key");

    let (username, user_token) = user_authenticator
        .get_user_token(&username, &password)
        .await?;

    Ok(Json(LoginResponse {
        username,
        token: user_token.0.expose_secret().to_owned(),
    }))
}

#[derive(Debug, Clone, Deserialize)]
struct UserServerKeyRequest {
    username: String,
    token: UserToken,
    server_hash: ServerHash,
}

#[derive(Debug, Clone, Serialize)]
struct UserServerKeyResponse {
    server_key: String,
    server_key_timestamp: String,
}

#[instrument]
async fn generate_user_server_key_2(
    State(AppState {
        user_server_key_generator,
        ..
    }): State<AppState>,
    Query(ApiVersion { api_version }): Query<ApiVersion>,
    Form(UserServerKeyRequest {
        username,
        token,
        server_hash,
    }): Form<UserServerKeyRequest>,
) -> ApiResult<Json<UserServerKeyResponse>> {
    event!(Level::INFO, "Creating user_server_key");

    let (server_key, server_key_timestamp) = user_server_key_generator
        .generate_user_server_key(&username, &token, &server_hash)
        .await?;

    Ok(Json(UserServerKeyResponse {
        server_key: server_key.0.expose_secret().to_owned(),
        server_key_timestamp,
    }))
}

#[derive(Serialize)]
struct ServerPadlockResponse {
    server_hash: ServerHash,
    server_padlock: String,
}

#[instrument]
async fn generate_server_padlock_2(
    State(AppState {
        server_padlock_generator,
        ..
    }): State<AppState>,
    Query(ApiVersion { api_version }): Query<ApiVersion>,
) -> ApiResult<Json<ServerPadlockResponse>> {
    event!(Level::INFO, "Creating server padlock");

    let server_hash = server_padlock_generator
        .generate_hash()
        .await
        .map_err(AuthenticationError::from)?;
    let server_padlock = server_padlock_generator
        .generate_padlock(&server_hash)
        .await
        .map_err(AuthenticationError::from)?;

    Ok(Json(ServerPadlockResponse {
        server_hash,
        server_padlock: server_padlock.0.expose_secret().to_owned(),
    }))
}
Allow specifying IP address to listen on 2024-02-15 20:58:33 +01:00			`use std::{net::SocketAddr, sync::Arc};`
Update config keys, add port 2024-02-10 14:25:33 +01:00
Implement dummy /api_login 2024-02-10 11:44:31 +01:00			`use axum::{`
server: pass state to handlers 2024-02-10 19:34:07 +01:00			`extract::{Query, State},`
Allow converting AuthenticationError to ApiError 2024-02-10 13:23:20 +01:00			`http::StatusCode,`
			`response::IntoResponse,`
Implement dummy /api_login 2024-02-10 11:44:31 +01:00			`routing::{get, post},`
			`Form, Json, Router,`
			`};`
Allow specifying IP address to listen on 2024-02-15 20:58:33 +01:00			`use color_eyre::eyre::Context;`
/api_login: use UserToken 2024-02-10 12:39:34 +01:00			`use secrecy::ExposeSecret;`
Implement dummy /api_login 2024-02-10 11:44:31 +01:00			`use serde::{Deserialize, Serialize};`
			`use tracing::{event, instrument, Level};`

server: pass state to handlers 2024-02-10 19:34:07 +01:00			`use crate::auth::{`
			`AuthenticationError, ServerPadlockGenerator, UserAuthenticator, UserServerKeyGenerator,`
			`};`
Add /generate-user-server-key-2 prototype 2024-02-10 12:40:00 +01:00			`use crate::secrets::{Password, ServerHash, UserToken};`
Move axum stuff to separate module 2024-02-10 11:13:11 +01:00
small clean-ups remove one level of Arc in state 2024-02-11 16:23:11 +01:00			`#[derive(Debug, Clone)]`
server: pass state to handlers 2024-02-10 19:34:07 +01:00			`struct AppState {`
			`user_authenticator: Arc<UserAuthenticator>,`
			`server_padlock_generator: Arc<ServerPadlockGenerator>,`
			`user_server_key_generator: Arc<UserServerKeyGenerator>,`
			`}`

Move axum stuff to separate module 2024-02-10 11:13:11 +01:00			`#[instrument]`
server: pass state to handlers 2024-02-10 19:34:07 +01:00			`pub async fn run(`
Allow specifying IP address to listen on 2024-02-15 20:58:33 +01:00			`listen: SocketAddr,`
server: pass state to handlers 2024-02-10 19:34:07 +01:00			`user_authenticator: Arc<UserAuthenticator>,`
			`server_padlock_generator: Arc<ServerPadlockGenerator>,`
			`user_server_key_generator: Arc<UserServerKeyGenerator>,`
			`) -> color_eyre::Result<()> {`
small clean-ups remove one level of Arc in state 2024-02-11 16:23:11 +01:00			`let app_state = AppState {`
server: pass state to handlers 2024-02-10 19:34:07 +01:00			`user_authenticator,`
			`server_padlock_generator,`
			`user_server_key_generator,`
small clean-ups remove one level of Arc in state 2024-02-11 16:23:11 +01:00			`};`

Implement dummy /api_login 2024-02-10 11:44:31 +01:00			`let app = Router::new()`
			`.route("/tls-check/success", get(\|\| async { "OK" }))`
Add /generate-user-server-key-2 prototype 2024-02-10 12:40:00 +01:00			`.route("/api-login", post(api_login))`
			`.route(`
			`"/generate-user-server-key-2",`
			`post(generate_user_server_key_2),`
server: pass state to handlers 2024-02-10 19:34:07 +01:00			`)`
Implement /generate-server-padlock-2 2024-02-10 19:59:28 +01:00			`.route(`
			`"/generate-server-padlock-2",`
			`post(generate_server_padlock_2),`
			`)`
server: pass state to handlers 2024-02-10 19:34:07 +01:00			`.with_state(app_state);`
small clean-ups remove one level of Arc in state 2024-02-11 16:23:11 +01:00
Allow specifying IP address to listen on 2024-02-15 20:58:33 +01:00			`let listener = tokio::net::TcpListener::bind(listen)`
			`.await`
			`.context(format!("Failed to listen on {listen}"))?;`
Move axum stuff to separate module 2024-02-10 11:13:11 +01:00			`axum::serve(listener, app).await?;`

			`Ok(())`
			`}`
Implement dummy /api_login 2024-02-10 11:44:31 +01:00
Add API error type 2024-02-10 11:49:36 +01:00			`#[derive(Debug, Clone, PartialEq, Eq, Serialize)]`
			`struct ApiError {`
Allow converting AuthenticationError to ApiError 2024-02-10 13:23:20 +01:00			`#[serde(skip_serializing)]`
			`status: StatusCode,`
Add API error type 2024-02-10 11:49:36 +01:00			`error: String,`
			`message: String,`
			`}`

Allow converting AuthenticationError to ApiError 2024-02-10 13:23:20 +01:00			`impl From<AuthenticationError> for ApiError {`
			`fn from(err: AuthenticationError) -> Self {`
			`Self {`
			`status: StatusCode::UNAUTHORIZED,`
			`error: "authentication-failed".to_owned(),`
			`message: err.to_string(),`
			`}`
			`}`
			`}`

			`impl IntoResponse for ApiError {`
			`fn into_response(self) -> axum::response::Response {`
			`(self.status, Json(self)).into_response()`
			`}`
			`}`

			`type ApiResult<T> = Result<T, ApiError>;`
Add API error type 2024-02-10 11:49:36 +01:00
server: use default API version if not specified 2024-02-10 19:35:20 +01:00			`fn default_api_version() -> String {`
			`"4".to_owned()`
			`}`

Implement dummy /api_login 2024-02-10 11:44:31 +01:00			`#[derive(Debug, Clone, PartialEq, Eq, Deserialize)]`
			`struct ApiVersion {`
server: use default API version if not specified 2024-02-10 19:35:20 +01:00			`#[serde(default = "default_api_version")]`
Implement dummy /api_login 2024-02-10 11:44:31 +01:00			`api_version: String,`
			`}`

			`#[derive(Debug, Clone, Deserialize)]`
			`struct LoginRequest {`
			`username: String,`
			`password: Password,`
			`}`

			`#[derive(Debug, Clone, Serialize)]`
			`struct LoginResponse {`
			`username: String,`
			`token: String,`
			`}`

			`#[instrument]`
			`async fn api_login(`
small clean-ups remove one level of Arc in state 2024-02-11 16:23:11 +01:00			`State(AppState {`
			`user_authenticator, ..`
			`}): State<AppState>,`
Implement dummy /api_login 2024-02-10 11:44:31 +01:00			`Query(ApiVersion { api_version }): Query<ApiVersion>,`
			`Form(LoginRequest { username, password }): Form<LoginRequest>,`
Add API error type 2024-02-10 11:49:36 +01:00			`) -> ApiResult<Json<LoginResponse>> {`
server: pass state to handlers 2024-02-10 19:34:07 +01:00			`event!(Level::INFO, "Generating user key");`

small clean-ups remove one level of Arc in state 2024-02-11 16:23:11 +01:00			`let (username, user_token) = user_authenticator`
bugfix: return existing token instead of creating a new one every time 2024-02-11 19:12:51 +01:00			`.get_user_token(&username, &password)`
server: pass state to handlers 2024-02-10 19:34:07 +01:00			`.await?;`
Implement dummy /api_login 2024-02-10 11:44:31 +01:00
			`Ok(Json(LoginResponse {`
			`username,`
/api_login: use UserToken 2024-02-10 12:39:34 +01:00			`token: user_token.0.expose_secret().to_owned(),`
Implement dummy /api_login 2024-02-10 11:44:31 +01:00			`}))`
			`}`
Add /generate-user-server-key-2 prototype 2024-02-10 12:40:00 +01:00
			`#[derive(Debug, Clone, Deserialize)]`
			`struct UserServerKeyRequest {`
			`username: String,`
			`token: UserToken,`
			`server_hash: ServerHash,`
			`}`

			`#[derive(Debug, Clone, Serialize)]`
			`struct UserServerKeyResponse {`
			`server_key: String,`
			`server_key_timestamp: String,`
			`}`

			`#[instrument]`
			`async fn generate_user_server_key_2(`
small clean-ups remove one level of Arc in state 2024-02-11 16:23:11 +01:00			`State(AppState {`
			`user_server_key_generator,`
			`..`
			`}): State<AppState>,`
Add /generate-user-server-key-2 prototype 2024-02-10 12:40:00 +01:00			`Query(ApiVersion { api_version }): Query<ApiVersion>,`
			`Form(UserServerKeyRequest {`
			`username,`
			`token,`
			`server_hash,`
			`}): Form<UserServerKeyRequest>,`
			`) -> ApiResult<Json<UserServerKeyResponse>> {`
server: pass state to handlers 2024-02-10 19:34:07 +01:00			`event!(Level::INFO, "Creating user_server_key");`
Add /generate-user-server-key-2 prototype 2024-02-10 12:40:00 +01:00
small clean-ups remove one level of Arc in state 2024-02-11 16:23:11 +01:00			`let (server_key, server_key_timestamp) = user_server_key_generator`
Add /generate-user-server-key-2 prototype 2024-02-10 12:40:00 +01:00			`.generate_user_server_key(&username, &token, &server_hash)`
			`.await?;`

			`Ok(Json(UserServerKeyResponse {`
			`server_key: server_key.0.expose_secret().to_owned(),`
			`server_key_timestamp,`
			`}))`
			`}`
Implement /generate-server-padlock-2 2024-02-10 19:59:28 +01:00
			`#[derive(Serialize)]`
			`struct ServerPadlockResponse {`
			`server_hash: ServerHash,`
			`server_padlock: String,`
			`}`

			`#[instrument]`
			`async fn generate_server_padlock_2(`
small clean-ups remove one level of Arc in state 2024-02-11 16:23:11 +01:00			`State(AppState {`
			`server_padlock_generator,`
			`..`
			`}): State<AppState>,`
Implement /generate-server-padlock-2 2024-02-10 19:59:28 +01:00			`Query(ApiVersion { api_version }): Query<ApiVersion>,`
			`) -> ApiResult<Json<ServerPadlockResponse>> {`
			`event!(Level::INFO, "Creating server padlock");`

Implement padlock proxy 2024-02-20 22:57:03 +01:00			`let server_hash = server_padlock_generator`
			`.generate_hash()`
			`.await`
			`.map_err(AuthenticationError::from)?;`
			`let server_padlock = server_padlock_generator`
			`.generate_padlock(&server_hash)`
			`.await`
			`.map_err(AuthenticationError::from)?;`
Implement /generate-server-padlock-2 2024-02-10 19:59:28 +01:00
			`Ok(Json(ServerPadlockResponse {`
			`server_hash,`
			`server_padlock: server_padlock.0.expose_secret().to_owned(),`
			`}))`
			`}`