diff options
Diffstat (limited to 'src/login')
-rw-r--r-- | src/login/ldap_provider.rs | 22 | ||||
-rw-r--r-- | src/login/mod.rs | 20 | ||||
-rw-r--r-- | src/login/static_provider.rs | 61 |
3 files changed, 103 insertions, 0 deletions
diff --git a/src/login/ldap_provider.rs b/src/login/ldap_provider.rs new file mode 100644 index 0000000..ebe2771 --- /dev/null +++ b/src/login/ldap_provider.rs @@ -0,0 +1,22 @@ +use anyhow::Result; +use async_trait::async_trait; + +use crate::config::*; +use crate::login::*; + +pub struct LdapLoginProvider { + // TODO +} + +impl LdapLoginProvider { + pub fn new(config: LoginLdapConfig) -> Result<Self> { + unimplemented!() + } +} + +#[async_trait] +impl LoginProvider for LdapLoginProvider { + async fn login(&self, username: &str, password: &str) -> Result<Credentials> { + unimplemented!() + } +} diff --git a/src/login/mod.rs b/src/login/mod.rs new file mode 100644 index 0000000..5637e8a --- /dev/null +++ b/src/login/mod.rs @@ -0,0 +1,20 @@ +pub mod ldap_provider; +pub mod static_provider; + +use anyhow::Result; +use async_trait::async_trait; + +use crate::cryptoblob::Key as SymmetricKey; + +#[derive(Clone, Debug)] +pub struct Credentials { + pub aws_access_key_id: String, + pub aws_secret_access_key: String, + pub bucket: String, + pub master_key: SymmetricKey, +} + +#[async_trait] +pub trait LoginProvider { + async fn login(&self, username: &str, password: &str) -> Result<Credentials>; +} diff --git a/src/login/static_provider.rs b/src/login/static_provider.rs new file mode 100644 index 0000000..037948a --- /dev/null +++ b/src/login/static_provider.rs @@ -0,0 +1,61 @@ +use std::collections::HashMap; + +use anyhow::{anyhow, bail, Result}; +use async_trait::async_trait; +use rusoto_signature::Region; + +use crate::config::*; +use crate::cryptoblob::Key; +use crate::login::*; + +pub struct StaticLoginProvider { + default_bucket: Option<String>, + users: HashMap<String, LoginStaticUser>, + k2v_region: Region, +} + +impl StaticLoginProvider { + pub fn new(config: LoginStaticConfig, k2v_region: Region) -> Result<Self> { + Ok(Self { + default_bucket: config.default_bucket, + users: config.users, + k2v_region, + }) + } +} + +#[async_trait] +impl LoginProvider for StaticLoginProvider { + async fn login(&self, username: &str, password: &str) -> Result<Credentials> { + match self.users.get(username) { + None => bail!("User {} does not exist", username), + Some(u) => { + if u.password != password { + // TODO cryptographic password compare + bail!("Wrong password"); + } + let bucket = u + .bucket + .clone() + .or_else(|| self.default_bucket.clone()) + .ok_or(anyhow!( + "No bucket configured and no default bucket specieid" + ))?; + + // TODO if master key is not specified, retrieve it from K2V key storage + let master_key_str = u.master_key.as_ref().ok_or(anyhow!( + "Master key must be specified in config file for now, this will change" + ))?; + let master_key = Key::from_slice(&base64::decode(master_key_str)?) + .ok_or(anyhow!("Invalid master key"))?; + + Ok(Credentials { + aws_access_key_id: u.aws_access_key_id.clone(), + aws_secret_access_key: u.aws_secret_access_key.clone(), + bucket, + master_key, + }) + } + } + } +} |