forked from didirus/AstralRinth
6cfd4637db
* WIP end-of-day push * Authorize endpoint, accept endpoints, DB stuff for oauth clients, their redirects, and client authorizations * OAuth Client create route * Get user clients * Client delete * Edit oauth client * Include redirects in edit client route * Database stuff for tokens * Reorg oauth stuff out of auth/flows and into its own module * Impl OAuth get access token endpoint * Accept oauth access tokens as auth and update through AuthQueue * User OAuth authorization management routes * Forgot to actually add the routes lol * Bit o cleanup * Happy path test for OAuth and minor fixes for things it found * Add dummy data oauth client (and detect/handle dummy data version changes) * More tests * Another test * More tests and reject endpoint * Test oauth client and authorization management routes * cargo sqlx prepare * dead code warning * Auto clippy fixes * Uri refactoring * minor name improvement * Don't compile-time check the test sqlx queries * Trying to fix db concurrency problem to get tests to pass * Try fix from test PR * Fixes for updated sqlx * Prevent restricted scopes from being requested or issued * Get OAuth client(s) * Remove joined oauth client info from authorization returns * Add default conversion to OAuthError::error so we can use ? * Rework routes * Consolidate scopes into SESSION_ACCESS * Cargo sqlx prepare * Parse to OAuthClientId automatically through serde and actix * Cargo clippy * Remove validation requiring 1 redirect URI on oauth client creation * Use serde(flatten) on OAuthClientCreationResult
101 lines
4.1 KiB
Rust
101 lines
4.1 KiB
Rust
pub mod checks;
|
|
pub mod email;
|
|
pub mod flows;
|
|
pub mod oauth;
|
|
pub mod pats;
|
|
pub mod session;
|
|
mod templates;
|
|
pub mod validate;
|
|
pub use checks::{
|
|
filter_authorized_projects, filter_authorized_versions, is_authorized, is_authorized_version,
|
|
};
|
|
// pub use pat::{generate_pat, PersonalAccessToken};
|
|
pub use validate::{check_is_moderator_from_headers, get_user_from_headers};
|
|
|
|
use crate::file_hosting::FileHostingError;
|
|
use crate::models::error::ApiError;
|
|
use actix_web::http::StatusCode;
|
|
use actix_web::HttpResponse;
|
|
use thiserror::Error;
|
|
|
|
#[derive(Error, Debug)]
|
|
pub enum AuthenticationError {
|
|
#[error("Environment Error")]
|
|
Env(#[from] dotenvy::Error),
|
|
#[error("An unknown database error occurred: {0}")]
|
|
Sqlx(#[from] sqlx::Error),
|
|
#[error("Database Error: {0}")]
|
|
Database(#[from] crate::database::models::DatabaseError),
|
|
#[error("Error while parsing JSON: {0}")]
|
|
SerDe(#[from] serde_json::Error),
|
|
#[error("Error while communicating to external provider")]
|
|
Reqwest(#[from] reqwest::Error),
|
|
#[error("Error uploading user profile picture")]
|
|
FileHosting(#[from] FileHostingError),
|
|
#[error("Error while decoding PAT: {0}")]
|
|
Decoding(#[from] crate::models::ids::DecodingError),
|
|
#[error("{0}")]
|
|
Mail(#[from] email::MailError),
|
|
#[error("Invalid Authentication Credentials")]
|
|
InvalidCredentials,
|
|
#[error("Authentication method was not valid")]
|
|
InvalidAuthMethod,
|
|
#[error("GitHub Token from incorrect Client ID")]
|
|
InvalidClientId,
|
|
#[error("User email/account is already registered on Modrinth")]
|
|
DuplicateUser,
|
|
#[error("Invalid state sent, you probably need to get a new websocket")]
|
|
SocketError,
|
|
#[error("Invalid callback URL specified")]
|
|
Url,
|
|
}
|
|
|
|
impl actix_web::ResponseError for AuthenticationError {
|
|
fn status_code(&self) -> StatusCode {
|
|
match self {
|
|
AuthenticationError::Env(..) => StatusCode::INTERNAL_SERVER_ERROR,
|
|
AuthenticationError::Sqlx(..) => StatusCode::INTERNAL_SERVER_ERROR,
|
|
AuthenticationError::Database(..) => StatusCode::INTERNAL_SERVER_ERROR,
|
|
AuthenticationError::SerDe(..) => StatusCode::BAD_REQUEST,
|
|
AuthenticationError::Reqwest(..) => StatusCode::INTERNAL_SERVER_ERROR,
|
|
AuthenticationError::InvalidCredentials => StatusCode::UNAUTHORIZED,
|
|
AuthenticationError::Decoding(..) => StatusCode::BAD_REQUEST,
|
|
AuthenticationError::Mail(..) => StatusCode::INTERNAL_SERVER_ERROR,
|
|
AuthenticationError::InvalidAuthMethod => StatusCode::UNAUTHORIZED,
|
|
AuthenticationError::InvalidClientId => StatusCode::UNAUTHORIZED,
|
|
AuthenticationError::Url => StatusCode::BAD_REQUEST,
|
|
AuthenticationError::FileHosting(..) => StatusCode::INTERNAL_SERVER_ERROR,
|
|
AuthenticationError::DuplicateUser => StatusCode::BAD_REQUEST,
|
|
AuthenticationError::SocketError => StatusCode::BAD_REQUEST,
|
|
}
|
|
}
|
|
|
|
fn error_response(&self) -> HttpResponse {
|
|
HttpResponse::build(self.status_code()).json(ApiError {
|
|
error: self.error_name(),
|
|
description: &self.to_string(),
|
|
})
|
|
}
|
|
}
|
|
|
|
impl AuthenticationError {
|
|
pub fn error_name(&self) -> &'static str {
|
|
match self {
|
|
AuthenticationError::Env(..) => "environment_error",
|
|
AuthenticationError::Sqlx(..) => "database_error",
|
|
AuthenticationError::Database(..) => "database_error",
|
|
AuthenticationError::SerDe(..) => "invalid_input",
|
|
AuthenticationError::Reqwest(..) => "network_error",
|
|
AuthenticationError::InvalidCredentials => "invalid_credentials",
|
|
AuthenticationError::Decoding(..) => "decoding_error",
|
|
AuthenticationError::Mail(..) => "mail_error",
|
|
AuthenticationError::InvalidAuthMethod => "invalid_auth_method",
|
|
AuthenticationError::InvalidClientId => "invalid_client_id",
|
|
AuthenticationError::Url => "url_error",
|
|
AuthenticationError::FileHosting(..) => "file_hosting",
|
|
AuthenticationError::DuplicateUser => "duplicate_user",
|
|
AuthenticationError::SocketError => "socket",
|
|
}
|
|
}
|
|
}
|