From ba37df30c1107c1592f2a07935221f288273536a Mon Sep 17 00:00:00 2001 From: "Agatha V. Lovelace" Date: Tue, 11 Apr 2023 21:41:23 +0200 Subject: [PATCH] Remove unnecessary axum-auth dependancy --- Cargo.lock | 52 +++++++++++++++++++++++++++++++++++++-------------- Cargo.toml | 5 ++--- src/server.rs | 31 +++++++++++++++++++----------- 3 files changed, 60 insertions(+), 28 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 864c53e..aa4cf84 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -272,6 +272,7 @@ dependencies = [ "bitflags", "bytes", "futures-util", + "headers", "http", "http-body", "hyper", @@ -292,18 +293,6 @@ dependencies = [ "tower-service", ] -[[package]] -name = "axum-auth" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9770f9a9147b2324066609acb5495538cb25f973129663fba2658ba7ed69407" -dependencies = [ - "async-trait", - "axum-core", - "base64", - "http", -] - [[package]] name = "axum-core" version = "0.2.7" @@ -645,12 +634,11 @@ checksum = "3f107b87b6afc2a64fd13cac55fe06d6c8859f12d4b14cbcdd2c67d0976781be" [[package]] name = "eleanor-server" -version = "0.1.0" +version = "0.1.1" dependencies = [ "adler", "argon2", "axum", - "axum-auth", "clap", "lofty", "miette", @@ -925,6 +913,31 @@ dependencies = [ "hashbrown", ] +[[package]] +name = "headers" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3e372db8e5c0d213e0cd0b9be18be2aca3d44cf2fe30a9d46a65581cd454584" +dependencies = [ + "base64", + "bitflags", + "bytes", + "headers-core", + "http", + "httpdate", + "mime", + "sha1", +] + +[[package]] +name = "headers-core" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7f66481bfee273957b1f20485a4ff3362987f85b2c236580d81b4eb7a326429" +dependencies = [ + "http", +] + [[package]] name = "heck" version = "0.3.3" @@ -2062,6 +2075,17 @@ dependencies = [ "serde", ] +[[package]] +name = "sha1" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "006769ba83e921b3085caa8334186b00cf92b4cb1a6cf4632fbccc8eff5c7549" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + [[package]] name = "sha2" version = "0.10.2" diff --git a/Cargo.toml b/Cargo.toml index 1ecc61f..9ceb96d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "eleanor-server" -version = "0.1.0" +version = "0.1.1" edition = "2021" authors = ["Agatha Lovelace "] @@ -9,8 +9,7 @@ authors = ["Agatha Lovelace "] [dependencies] adler = "1.0.2" argon2 = "0.4.1" -axum = "0.5.15" -axum-auth = "0.3.0" +axum = { version = "0.5.15", features = ["headers"] } clap = { version = "3.2.20", features = ["cargo"] } lofty = "0.7.3" miette = { version = "5.2.0", features = ["fancy"] } diff --git a/src/server.rs b/src/server.rs index bf96081..38b0c13 100644 --- a/src/server.rs +++ b/src/server.rs @@ -7,7 +7,8 @@ use argon2::{ Argon2, PasswordHash, PasswordHasher, PasswordVerifier, }; use axum::{ - extract::{FromRequest, Path, RequestParts}, + extract::{Path, RequestParts}, + headers::{authorization::Basic, Authorization, HeaderMapExt}, http::{ header::{self, HeaderName}, Request, StatusCode, @@ -17,7 +18,6 @@ use axum::{ routing::get, Extension, Router, }; -use axum_auth::AuthBasic; use miette::{miette, IntoDiagnostic}; use paris::success; use sea_orm::{ColumnTrait, DatabaseConnection, EntityTrait, ModelTrait, QueryFilter, Set}; @@ -101,7 +101,13 @@ pub async fn add_user( password: String, ) -> miette::Result<()> { let salt = SaltString::generate(&mut OsRng); - let argon2 = Argon2::default(); + let argon2 = Argon2::new( + argon2::Algorithm::Argon2id, + argon2::Version::V0x13, + argon2::Params::new(16384, 3, 1, None).map_err(|err| { + return miette!("Couldn't initialize argon2 parameters: {}", err.to_string()); + })?, + ); let hash = argon2 .hash_password(password.as_bytes(), &salt) @@ -146,8 +152,8 @@ pub async fn remove_user(db: &DatabaseConnection, username: String) -> miette::R Ok(()) } -fn verify_password(password: String, hash: String) -> miette::Result { - let hash = PasswordHash::new(&hash) +fn verify_password(password: &str, hash: &str) -> miette::Result { + let hash = PasswordHash::new(hash) .map_err(|err| return miette!("Couldn't parse password hash: {}", err.to_string()))?; Ok(Argon2::default() @@ -157,10 +163,10 @@ fn verify_password(password: String, hash: String) -> miette::Result { async fn authenticate( db: &DatabaseConnection, - AuthBasic((username, password)): AuthBasic, + auth: Authorization, ) -> Result<(), StatusCode> { let user = users::Entity::find() - .filter(users::Column::Name.eq(username)) + .filter(users::Column::Name.eq(auth.username())) .one(db) .await .ok() @@ -168,7 +174,7 @@ async fn authenticate( .ok_or(StatusCode::UNAUTHORIZED)?; // Compare the provided password with the password hash stored in the database - let authorized = verify_password(password.ok_or(StatusCode::UNAUTHORIZED)?, user.password) + let authorized = verify_password(auth.password(), &user.password) .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?; if authorized { @@ -182,16 +188,19 @@ async fn auth( req: Request, next: Next, ) -> Result { - let mut req = RequestParts::new(req); + let req = RequestParts::new(req); - let auth = AuthBasic::from_request(&mut req).await.map_err(|e| e.0)?; + let auth = req + .headers() + .typed_get::>() + .ok_or(StatusCode::UNAUTHORIZED)?; let db: &DatabaseConnection = req .extensions() .get() .ok_or(StatusCode::INTERNAL_SERVER_ERROR)?; - if let Err(error) = authenticate(db, auth.to_owned()).await { + if let Err(error) = authenticate(db, auth).await { Err(error) } else { let req = req