src/auth/scope_check.rs at ec1f430c31e32c8ce706275aa92b64aa91256969 · lewis.moe/bspds-sandbox

lewis.moe / bspds-sandbox
this repo has no description
bspds-sandbox / src / auth / scope_check.rs
at ec1f430c31e32c8ce706275aa92b64aa91256969 2.9 kB view raw
  1#![allow(clippy::result_large_err)]
  2
  3use axum::http::StatusCode;
  4use axum::response::{IntoResponse, Response};
  5use serde_json::json;
  6
  7use crate::oauth::scopes::{
  8    AccountAction, AccountAttr, IdentityAttr, RepoAction, ScopePermissions,
  9};
 10
 11pub fn check_repo_scope(
 12    is_oauth: bool,
 13    scope: Option<&str>,
 14    action: RepoAction,
 15    collection: &str,
 16) -> Result<(), Response> {
 17    if !is_oauth {
 18        return Ok(());
 19    }
 20
 21    let permissions = ScopePermissions::from_scope_string(scope);
 22    permissions.assert_repo(action, collection).map_err(|e| {
 23        (
 24            StatusCode::FORBIDDEN,
 25            axum::Json(json!({
 26                "error": "InsufficientScope",
 27                "message": e.to_string()
 28            })),
 29        )
 30            .into_response()
 31    })
 32}
 33
 34pub fn check_blob_scope(is_oauth: bool, scope: Option<&str>, mime: &str) -> Result<(), Response> {
 35    if !is_oauth {
 36        return Ok(());
 37    }
 38
 39    let permissions = ScopePermissions::from_scope_string(scope);
 40    permissions.assert_blob(mime).map_err(|e| {
 41        (
 42            StatusCode::FORBIDDEN,
 43            axum::Json(json!({
 44                "error": "InsufficientScope",
 45                "message": e.to_string()
 46            })),
 47        )
 48            .into_response()
 49    })
 50}
 51
 52pub fn check_rpc_scope(
 53    is_oauth: bool,
 54    scope: Option<&str>,
 55    aud: &str,
 56    lxm: &str,
 57) -> Result<(), Response> {
 58    if !is_oauth {
 59        return Ok(());
 60    }
 61
 62    let permissions = ScopePermissions::from_scope_string(scope);
 63    permissions.assert_rpc(aud, lxm).map_err(|e| {
 64        (
 65            StatusCode::FORBIDDEN,
 66            axum::Json(json!({
 67                "error": "InsufficientScope",
 68                "message": e.to_string()
 69            })),
 70        )
 71            .into_response()
 72    })
 73}
 74
 75pub fn check_account_scope(
 76    is_oauth: bool,
 77    scope: Option<&str>,
 78    attr: AccountAttr,
 79    action: AccountAction,
 80) -> Result<(), Response> {
 81    if !is_oauth {
 82        return Ok(());
 83    }
 84
 85    let permissions = ScopePermissions::from_scope_string(scope);
 86    permissions.assert_account(attr, action).map_err(|e| {
 87        (
 88            StatusCode::FORBIDDEN,
 89            axum::Json(json!({
 90                "error": "InsufficientScope",
 91                "message": e.to_string()
 92            })),
 93        )
 94            .into_response()
 95    })
 96}
 97
 98pub fn check_identity_scope(
 99    is_oauth: bool,
100    scope: Option<&str>,
101    attr: IdentityAttr,
102) -> Result<(), Response> {
103    if !is_oauth {
104        return Ok(());
105    }
106
107    let permissions = ScopePermissions::from_scope_string(scope);
108    permissions.assert_identity(attr).map_err(|e| {
109        (
110            StatusCode::FORBIDDEN,
111            axum::Json(json!({
112                "error": "InsufficientScope",
113                "message": e.to_string()
114            })),
115        )
116            .into_response()
117    })
118}