Yehowshua/ZIm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

WIP: Get compiling with Tokio by commenting almost everything

Browse source 
Co-Authored-By: Antonio Scandurra <me@as-cii.com>
This commit is contained in:
Nathan Sobo 2022-04-22 13:33:19 -06:00
parent 53bf7b61c0
commit 447c1d2f71
8 changed files with 6860 additions and 6914 deletions
Download patch file Download diff file Expand all files Collapse all files

184
crates/collab/src/auth.rs
View file

@ -1,102 +1,102 @@
use super::{
db::{self, UserId},
errors::TideResultExt,
};
use crate::Request;
use anyhow::{anyhow, Context};
use rand::thread_rng;
use rpc::auth as zed_auth;
use scrypt::{
password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString},
Scrypt,
};
use std::convert::TryFrom;
use surf::StatusCode;
use tide::Error;
// use super::{
// db::{self, UserId},
// errors::TideResultExt,
// };
// use crate::Request;
// use anyhow::{anyhow, Context};
// use rand::thread_rng;
// use rpc::auth as zed_auth;
// use scrypt::{
// password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString},
// Scrypt,
// };
// use std::convert::TryFrom;
// use surf::StatusCode;
// use tide::Error;
pub async fn process_auth_header(request: &Request) -> tide::Result<UserId> {
let mut auth_header = request
.header("Authorization")
.ok_or_else(|| {
Error::new(
StatusCode::BadRequest,
anyhow!("missing authorization header"),
)
})?
.last()
.as_str()
.split_whitespace();
let user_id = UserId(auth_header.next().unwrap_or("").parse().map_err(|_| {
Error::new(
StatusCode::BadRequest,
anyhow!("missing user id in authorization header"),
)
})?);
let access_token = auth_header.next().ok_or_else(|| {
Error::new(
StatusCode::BadRequest,
anyhow!("missing access token in authorization header"),
)
})?;
// pub async fn process_auth_header(request: &Request) -> tide::Result<UserId> {
// let mut auth_header = request
// .header("Authorization")
// .ok_or_else(|| {
// Error::new(
// StatusCode::BadRequest,
// anyhow!("missing authorization header"),
// )
// })?
// .last()
// .as_str()
// .split_whitespace();
// let user_id = UserId(auth_header.next().unwrap_or("").parse().map_err(|_| {
// Error::new(
// StatusCode::BadRequest,
// anyhow!("missing user id in authorization header"),
// )
// })?);
// let access_token = auth_header.next().ok_or_else(|| {
// Error::new(
// StatusCode::BadRequest,
// anyhow!("missing access token in authorization header"),
// )
// })?;
let state = request.state().clone();
let mut credentials_valid = false;
for password_hash in state.db.get_access_token_hashes(user_id).await? {
if verify_access_token(&access_token, &password_hash)? {
credentials_valid = true;
break;
}
}
// let state = request.state().clone();
// let mut credentials_valid = false;
// for password_hash in state.db.get_access_token_hashes(user_id).await? {
// if verify_access_token(&access_token, &password_hash)? {
// credentials_valid = true;
// break;
// }
// }
if !credentials_valid {
Err(Error::new(
StatusCode::Unauthorized,
anyhow!("invalid credentials"),
))?;
}
// if !credentials_valid {
// Err(Error::new(
// StatusCode::Unauthorized,
// anyhow!("invalid credentials"),
// ))?;
// }
Ok(user_id)
}
// Ok(user_id)
// }
const MAX_ACCESS_TOKENS_TO_STORE: usize = 8;
// const MAX_ACCESS_TOKENS_TO_STORE: usize = 8;
pub async fn create_access_token(db: &dyn db::Db, user_id: UserId) -> tide::Result<String> {
let access_token = zed_auth::random_token();
let access_token_hash =
hash_access_token(&access_token).context("failed to hash access token")?;
db.create_access_token_hash(user_id, &access_token_hash, MAX_ACCESS_TOKENS_TO_STORE)
.await?;
Ok(access_token)
}
// pub async fn create_access_token(db: &dyn db::Db, user_id: UserId) -> tide::Result<String> {
// let access_token = zed_auth::random_token();
// let access_token_hash =
// hash_access_token(&access_token).context("failed to hash access token")?;
// db.create_access_token_hash(user_id, &access_token_hash, MAX_ACCESS_TOKENS_TO_STORE)
// .await?;
// Ok(access_token)
// }
fn hash_access_token(token: &str) -> tide::Result<String> {
// Avoid slow hashing in debug mode.
let params = if cfg!(debug_assertions) {
scrypt::Params::new(1, 1, 1).unwrap()
} else {
scrypt::Params::recommended()
};
// fn hash_access_token(token: &str) -> tide::Result<String> {
// // Avoid slow hashing in debug mode.
// let params = if cfg!(debug_assertions) {
// scrypt::Params::new(1, 1, 1).unwrap()
// } else {
// scrypt::Params::recommended()
// };
Ok(Scrypt
.hash_password(
token.as_bytes(),
None,
params,
&SaltString::generate(thread_rng()),
)?
.to_string())
}
// Ok(Scrypt
// .hash_password(
// token.as_bytes(),
// None,
// params,
// &SaltString::generate(thread_rng()),
// )?
// .to_string())
// }
pub fn encrypt_access_token(access_token: &str, public_key: String) -> tide::Result<String> {
let native_app_public_key =
zed_auth::PublicKey::try_from(public_key).context("failed to parse app public key")?;
let encrypted_access_token = native_app_public_key
.encrypt_string(&access_token)
.context("failed to encrypt access token with public key")?;
Ok(encrypted_access_token)
}
// pub fn encrypt_access_token(access_token: &str, public_key: String) -> tide::Result<String> {
// let native_app_public_key =
// zed_auth::PublicKey::try_from(public_key).context("failed to parse app public key")?;
// let encrypted_access_token = native_app_public_key
// .encrypt_string(&access_token)
// .context("failed to encrypt access token with public key")?;
// Ok(encrypted_access_token)
// }
pub fn verify_access_token(token: &str, hash: &str) -> tide::Result<bool> {
let hash = PasswordHash::new(hash)?;
Ok(Scrypt.verify_password(token.as_bytes(), &hash).is_ok())
}
// pub fn verify_access_token(token: &str, hash: &str) -> tide::Result<bool> {
// let hash = PasswordHash::new(hash)?;
// Ok(Scrypt.verify_password(token.as_bytes(), &hash).is_ok())
// }