github token support (#629)

* github token support * sqlx-data * renamed github, modrinth tokens * removed prints
2023-06-08 16:35:12 -07:00
parent abc99c7e69
commit b84d9c5d55
6 changed files with 89 additions and 10 deletions
--- a/src/util/auth.rs
+++ b/src/util/auth.rs
@@ -313,9 +313,12 @@ where
        let token: &str = token.trim_start_matches("Bearer ");

        // Tokens beginning with Ory are considered to be Kratos tokens (in reality, extracted cookies) and can be forwarded to Minos
-        let possible_user = match token.split_at(4) {
-            ("mod_", _) => get_user_from_pat(token, executor).await?,
-            ("ory_", _) => get_user_from_minos_session_token(token, executor).await?,
+        let possible_user = match token.split_once('_') {
+            Some(("modrinth", _)) => get_user_from_pat(token, executor).await?,
+            Some(("ory", _)) => get_user_from_minos_session_token(token, executor).await?,
+            Some(("github", _)) | Some(("gho", _)) | Some(("ghp", _)) => {
+                get_user_from_github_token(token, executor).await?
+            }
            _ => return Err(AuthenticationError::InvalidAuthMethod),
        };
        Ok(possible_user)
@@ -341,11 +344,36 @@ where
        );
    let res = req.send().await?.error_for_status()?;
    let minos_user: MinosUser = res.json().await?;
-
    let db_user = models::User::get_from_minos_kratos_id(minos_user.id.clone(), executor).await?;
    Ok(db_user)
 }

+#[derive(Serialize, Deserialize, Debug)]
+pub struct GitHubUser {
+    pub id: u64,
+}
+// Get a database user from a GitHub PAT
+pub async fn get_user_from_github_token<'a, E>(
+    access_token: &str,
+    executor: E,
+) -> Result<Option<user_item::User>, AuthenticationError>
+where
+    E: sqlx::Executor<'a, Database = sqlx::Postgres>,
+{
+    let github_user: GitHubUser = reqwest::Client::new()
+        .get("https://api.github.com/user")
+        .header(reqwest::header::USER_AGENT, "Modrinth")
+        .header(
+            reqwest::header::AUTHORIZATION,
+            format!("token {access_token}"),
+        )
+        .send()
+        .await?
+        .json()
+        .await?;
+    Ok(user_item::User::get_from_github_id(github_user.id, executor).await?)
+}
+
 pub async fn check_is_moderator_from_headers<'a, 'b, E>(
    headers: &HeaderMap,
    executor: E,
--- a/src/util/guards.rs
+++ b/src/util/guards.rs
@@ -4,7 +4,6 @@ pub const ADMIN_KEY_HEADER: &str = "Modrinth-Admin";
 pub fn admin_key_guard(ctx: &GuardContext) -> bool {
    let admin_key = std::env::var("LABRINTH_ADMIN_KEY")
        .expect("No admin key provided, this should have been caught by check_env_vars");
-
    ctx.head()
        .headers()
        .get(ADMIN_KEY_HEADER)
--- a/src/util/pat.rs
+++ b/src/util/pat.rs
@@ -75,7 +75,7 @@ where
    Ok(None)
 }

-// Generate a new 128 char PAT token starting with 'mod_'
+// Generate a new 128 char PAT token starting with 'modrinth_pat_'
 pub async fn generate_pat(
    con: &mut sqlx::Transaction<'_, sqlx::Postgres>,
 ) -> Result<String, DatabaseError> {
@@ -86,9 +86,9 @@ pub async fn generate_pat(
    // First generate the PAT token as a random 128 char string. This may include uppercase and lowercase and numbers only.
    loop {
        let mut access_token = String::with_capacity(63);
-        access_token.push_str("mod_");
-        for _ in 0..60 {
-            let c = rng.gen_range(0..60);
+        access_token.push_str("modrinth_pat_");
+        for _ in 0..51 {
+            let c = rng.gen_range(0..62);
            if c < 10 {
                access_token.push(char::from_u32(c + 48).unwrap()); // 0-9
            } else if c < 36 {