snowykami/meilisearch
1
0
Fork 0
mirror of https://github.com/meilisearch/meilisearch.git synced 2025-01-19 01:18:31 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

implement authentication policies

Browse Source
This commit is contained in:
marin postma 2021-06-24 14:22:12 +02:00
parent 5b71751391
commit 0c1c7a3dd9
No known key found for this signature in database
GPG Key ID: 6088B7721C3E39F9
2 changed files with 60 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
meilisearch-http/src/extractors/authentication/mod.rs
View File

@ -1,37 +1,43 @@
use std::collections::{HashMap, HashSet}; use std::any::{Any, TypeId};
use std::collections::HashMap;
use std::marker::PhantomData; use std::marker::PhantomData;
use std::ops::Deref; use std::ops::Deref;
use std::any::{Any, TypeId};
use actix_web::FromRequest; use actix_web::FromRequest;
use futures::future::err; use futures::future::err;
use futures::future::{Ready, ok}; use futures::future::{ok, Ready};
use crate::error::{AuthenticationError, ResponseError}; use crate::error::{AuthenticationError, ResponseError};
macro_rules! create_policies { macro_rules! create_policies {
($($name:ident), *) => { ($($name:ident), *) => {
$( pub mod policies {
pub struct $name { use std::collections::HashSet;
inner: HashSet<Vec<u8>> use crate::extractors::authentication::Policy;
}
impl $name { $(
pub fn new() -> Self { #[derive(Debug)]
Self { inner: HashSet::new() } pub struct $name {
inner: HashSet<Vec<u8>>
} }
pub fn add(&mut self, token: Vec<u8>) { impl $name {
self.inner.insert(token); pub fn new() -> Self {
} Self { inner: HashSet::new() }
} }
impl Policy for $name { pub fn add(&mut self, token: Vec<u8>) {
fn authenticate(&self, token: &[u8]) -> bool { &mut self.inner.insert(token);
self.inner.contains(token) }
} }
}
)* impl Policy for $name {
fn authenticate(&self, token: &[u8]) -> bool {
self.inner.contains(token)
}
}
)*
}
}; };
} }
@ -41,7 +47,7 @@ create_policies!(Public, Private, Admin);
macro_rules! init_policies { macro_rules! init_policies {
($($name:ident), *) => { ($($name:ident), *) => {
{ {
let mut policies = Policies::new(); let mut policies = crate::extractors::authentication::Policies::new();
$( $(
let policy = $name::new(); let policy = $name::new();
policies.insert(policy); policies.insert(policy);
@ -53,11 +59,11 @@ macro_rules! init_policies {
/// Adds user to all specified policies. /// Adds user to all specified policies.
macro_rules! create_users { macro_rules! create_users {
($policies:ident, $($user:literal => { $($policy:ty), * }), *) => { ($policies:ident, $($user:expr => { $($policy:ty), * }), *) => {
{ {
$( $(
$( $(
$policies.get_mut::<$policy>().map(|p| p.add($user.to_owned())) $policies.get_mut::<$policy>().map(|p| p.add($user.to_owned()));
)* )*
)* )*
} }
@ -81,13 +87,16 @@ pub trait Policy {
fn authenticate(&self, token: &[u8]) -> bool; fn authenticate(&self, token: &[u8]) -> bool;
} }
#[derive(Debug)]
pub struct Policies { pub struct Policies {
inner: HashMap<TypeId, Box<dyn Any>>, inner: HashMap<TypeId, Box<dyn Any>>,
} }
impl Policies { impl Policies {
pub fn new() -> Self { pub fn new() -> Self {
Self { inner: HashMap::new() } Self {
inner: HashMap::new(),
}
} }
pub fn insert<S: Policy + 'static>(&mut self, policy: S) { pub fn insert<S: Policy + 'static>(&mut self, policy: S) {
@ -101,7 +110,8 @@ impl Policies {
} }
pub fn get_mut<S: Policy + 'static>(&mut self) -> Option<&mut S> { pub fn get_mut<S: Policy + 'static>(&mut self) -> Option<&mut S> {
self.inner.get_mut(&TypeId::of::<S>()) self.inner
.get_mut(&TypeId::of::<S>())
.and_then(|p| p.downcast_mut::<S>()) .and_then(|p| p.downcast_mut::<S>())
} }
} }

30
meilisearch-http/src/lib.rs
View File

@ -1,6 +1,7 @@
pub mod data; pub mod data;
#[macro_use] #[macro_use]
pub mod error; pub mod error;
#[macro_use]
pub mod extractors; pub mod extractors;
pub mod helpers; pub mod helpers;
mod index; mod index;
@ -11,17 +12,21 @@ pub mod routes;
#[cfg(all(not(debug_assertions), feature = "analytics"))] #[cfg(all(not(debug_assertions), feature = "analytics"))]
pub mod analytics; pub mod analytics;
use crate::extractors::authentication::AuthConfig;
pub use self::data::Data; pub use self::data::Data;
pub use option::Opt; pub use option::Opt;
use actix_web::web; use actix_web::web;
use extractors::payload::PayloadConfig; use extractors::payload::PayloadConfig;
use extractors::authentication::policies::*;
pub fn configure_data(config: &mut web::ServiceConfig, data: Data) { pub fn configure_data(config: &mut web::ServiceConfig, data: Data) {
let http_payload_size_limit = data.http_payload_size_limit(); let http_payload_size_limit = data.http_payload_size_limit();
config config
.data(data) .data(data.clone())
.app_data(data)
.app_data( .app_data(
web::JsonConfig::default() web::JsonConfig::default()
.limit(http_payload_size_limit) .limit(http_payload_size_limit)
@ -35,8 +40,24 @@ pub fn configure_data(config: &mut web::ServiceConfig, data: Data) {
); );
} }
pub fn configure_auth(config: &mut web::ServiceConfig, opt: &Options) { pub fn configure_auth(config: &mut web::ServiceConfig, data: &Data) {
todo!() let keys = data.api_keys();
let auth_config = if let Some(ref master_key) = keys.master {
let private_key = keys.private.as_ref().unwrap();
let public_key = keys.public.as_ref().unwrap();
let mut policies = init_policies!(Public, Private, Admin);
create_users!(
policies,
master_key.as_bytes() => { Admin, Private, Public },
private_key.as_bytes() => { Private, Public },
public_key.as_bytes() => { Public }
);
AuthConfig::Auth(policies)
} else {
AuthConfig::NoAuth
};
config.app_data(auth_config);
} }
#[cfg(feature = "mini-dashboard")] #[cfg(feature = "mini-dashboard")]
@ -84,10 +105,11 @@ macro_rules! create_app {
use actix_web::App; use actix_web::App;
use actix_web::{middleware, web}; use actix_web::{middleware, web};
use meilisearch_http::routes::*; use meilisearch_http::routes::*;
use meilisearch_http::{configure_data, dashboard}; use meilisearch_http::{configure_data, dashboard, configure_auth};
App::new() App::new()
.configure(|s| configure_data(s, $data.clone())) .configure(|s| configure_data(s, $data.clone()))
.configure(|s| configure_auth(s, &$data))
.configure(document::services) .configure(document::services)
.configure(index::services) .configure(index::services)
.configure(search::services) .configure(search::services)