Home Explore Help
Sign In
kestrel
/
uidc
1
0
Fork 0
Files Issues 5 Pull Requests 0 Wiki
Tree: 01a4263821
Branches Tags
uidc
/
src
/
server
/
oidc.rs

oidc.rs 4.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157 
  1. use crate::schema;
    2. 

  2. use serde::{Deserialize, Serialize};
    3. 

  3. use microrm::prelude::*;
    4. 

  4. 

  5. #[derive(Clone)]
    6. 

  6. pub struct ServerState {
    7. 

  7.     core: &'static super::ServerCoreState,
    8. 

  8. }
    9. 

  9. 

  10. type Request = tide::Request<ServerState>;
    11. 

  11. 

  12. #[derive(serde::Serialize)]
    13. 

  13. pub enum OIDCErrorType {
    14. 

  14.     InvalidRequest,
    15. 

  15.     UnauthorizedClient,
    16. 

  16.     AccessDenied,
    17. 

  17.     UnsupportedResponseType,
    18. 

  18.     InvalidScope,
    19. 

  19.     ServerError,
    20. 

  20.     TemporarilyUnavailable,
    21. 

  21. }
    22. 

  22. 

  23. pub struct OIDCError<'a>(OIDCErrorType, String, Option<&'a str>);
    24. 

  24. 

  25. impl<'a> OIDCError<'a> {
    26. 

  26.     fn to_response(self) -> tide::Response {
    27. 

  27.         #[derive(Serialize)]
    28. 

  28.         struct ErrorOut<'a> {
    29. 

  29.             error: OIDCErrorType,
    30. 

  30.             error_description: String,
    31. 

  31.             state: Option<&'a str>,
    32. 

  32.         }
    33. 

  33. 

  34.         let eo = ErrorOut {
    35. 

  35.             error: self.0,
    36. 

  36.             error_description: self.1,
    37. 

  37.             state: self.2,
    38. 

  38.         };
    39. 

  39. 

  40.         tide::Response::builder(400)
    41. 

  41.             .body(serde_json::to_vec(&eo).unwrap())
    42. 

  42.             .build()
    43. 

  43.     }
    44. 

  44. }
    45. 

  45. 

  46. #[derive(Deserialize)]
    47. 

  47. struct AuthorizeQueryParams {
    48. 

  48.     response_type: String,
    49. 

  49.     client_id: String,
    50. 

  50.     redirect_uri: String,
    51. 

  51.     scope: Option<String>,
    52. 

  52. }
    53. 

  53. 

  54. fn do_code_authorize(
    55. 

  55.     request: Request,
    56. 

  56.     qp: AuthorizeQueryParams,
    57. 

  57.     state: Option<&str>,
    58. 

  58.     client: microrm::WithID<schema::Client>,
    59. 

  59. ) -> Result<tide::Response, OIDCError> {
    60. 

  60.     todo!()
    61. 

  61. }
    62. 

  62. 

  63. fn do_token_authorize(
    64. 

  64.     request: Request,
    65. 

  65.     qp: AuthorizeQueryParams,
    66. 

  66.     state: Option<&str>,
    67. 

  67.     client: microrm::WithID<schema::Client>,
    68. 

  68. ) -> Result<tide::Response, OIDCError> {
    69. 

  69.     todo!()
    70. 

  70. }
    71. 

  71. 

  72. fn do_authorize(request: Request, state: Option<&str>) -> Result<tide::Response, OIDCError> {
    73. 

  73.     let qp: AuthorizeQueryParams = request
    74. 

  74.         .query()
    75. 

  75.         .map_err(|x| OIDCError(OIDCErrorType::InvalidRequest, x.to_string(), state))?;
    76. 

  76. 

  77.     // verify the realm and client_id and redirect_uri
    78. 

  78.     let qi = request.state().core.pool.query_interface();
    79. 

  79.     let realm = qi.get().by(
    80. 

  80.         schema::Realm::Shortname,
    81. 

  81.         &request.param("realm").unwrap(),
    82. 

  82.     ).one().expect("couldn't query db");
    83. 

  83.     if realm.is_none() {
    84. 

  84.         return Err(OIDCError(
    85. 

  85.             OIDCErrorType::InvalidRequest,
    86. 

  86.             "No such realm!".to_string(),
    87. 

  87.             state,
    88. 

  88.         ));
    89. 

  89.     }
    90. 

  90.     let realm = realm.unwrap();
    91. 

  91. 

  92.     let client = qi.get().by(schema::Client::Realm, &realm.id()).by(schema::Client::Shortname, &qp.client_id).one().expect("couldn't query db");
    93. 

  93.     if client.is_none() {
    94. 

  94.         return Err(OIDCError(
    95. 

  95.             OIDCErrorType::UnauthorizedClient,
    96. 

  96.             "Client does not exist".to_string(),
    97. 

  97.             state,
    98. 

  98.         ));
    99. 

  99.     }
    100. 

  100. 

  101.     if qp.response_type == "code" {
    102. 

  102.         do_code_authorize(request, qp, state, client.unwrap())
    103. 

  103.     } else if qp.response_type == "token" {
    104. 

  104.         do_token_authorize(request, qp, state, client.unwrap())
    105. 

  105.     } else {
    106. 

  106.         return Err(OIDCError(
    107. 

  107.             OIDCErrorType::UnsupportedResponseType,
    108. 

  108.             "Only code and token are understood.".to_string(),
    109. 

  109.             state,
    110. 

  110.         ));
    111. 

  111.     }
    112. 

  112. }
    113. 

  113. 

  114. async fn authorize(request: Request) -> tide::Result<tide::Response> {
    115. 

  115.     #[derive(Deserialize)]
    116. 

  116.     struct State {
    117. 

  117.         state: Option<String>,
    118. 

  118.     }
    119. 

  119.     let state: Option<String> = request.query::<State>().ok().map(|x| x.state).flatten();
    120. 

  120. 

  121.     let result = do_authorize(request, state.as_ref().map(|x| x.as_str()));
    122. 

  122. 

  123.     if let Err(e) = result {
    124. 

  124.         todo!()
    125. 

  125.     }
    126. 

  126. 

  127.     todo!()
    128. 

  128. }
    129. 

  129. 

  130. #[derive(Deserialize)]
    131. 

  131. struct TokenRequestBody {
    132. 

  132.     grant_type: String,
    133. 

  133.     refresh_token: Option<String>,
    134. 

  134.     scope: Option<String>,
    135. 

  135.     redirect_uri: Option<String>,
    136. 

  136.     code: Option<String>,
    137. 

  137.     client_id: Option<String>,
    138. 

  138. 

  139.     // direct grant
    140. 

  140.     username: Option<String>,
    141. 

  141.     password: Option<String>,
    142. 

  142. }
    143. 

  143. 

  144. async fn token(mut request: Request) -> tide::Result<tide::Response> {
    145. 

  145.     let body: Result<TokenRequestBody, _> = request.body_form().await;
    146. 

  146.     // let body : TokenRequestBody = request.body_form();
    147. 

  147.     todo!()
    148. 

  148. }
    149. 

  149. 

  150. pub fn oidc_v1_server(core: &'static super::ServerCoreState) -> tide::Server<ServerState> {
    151. 

  151.     let mut srv = tide::with_state(ServerState { core });
    152. 

  152. 

  153.     srv.at("authorize").get(authorize).post(authorize);
    154. 

  154.     srv.at("token").post(token);
    155. 

  155. 

  156.     srv
    157. 

  157. }
    158.