aboutsummaryrefslogtreecommitdiff
path: root/src/login
diff options
context:
space:
mode:
Diffstat (limited to 'src/login')
-rw-r--r--src/login/ldap_provider.rs22
-rw-r--r--src/login/mod.rs20
-rw-r--r--src/login/static_provider.rs61
3 files changed, 103 insertions, 0 deletions
diff --git a/src/login/ldap_provider.rs b/src/login/ldap_provider.rs
new file mode 100644
index 0000000..ebe2771
--- /dev/null
+++ b/src/login/ldap_provider.rs
@@ -0,0 +1,22 @@
+use anyhow::Result;
+use async_trait::async_trait;
+
+use crate::config::*;
+use crate::login::*;
+
+pub struct LdapLoginProvider {
+ // TODO
+}
+
+impl LdapLoginProvider {
+ pub fn new(config: LoginLdapConfig) -> Result<Self> {
+ unimplemented!()
+ }
+}
+
+#[async_trait]
+impl LoginProvider for LdapLoginProvider {
+ async fn login(&self, username: &str, password: &str) -> Result<Credentials> {
+ unimplemented!()
+ }
+}
diff --git a/src/login/mod.rs b/src/login/mod.rs
new file mode 100644
index 0000000..5637e8a
--- /dev/null
+++ b/src/login/mod.rs
@@ -0,0 +1,20 @@
+pub mod ldap_provider;
+pub mod static_provider;
+
+use anyhow::Result;
+use async_trait::async_trait;
+
+use crate::cryptoblob::Key as SymmetricKey;
+
+#[derive(Clone, Debug)]
+pub struct Credentials {
+ pub aws_access_key_id: String,
+ pub aws_secret_access_key: String,
+ pub bucket: String,
+ pub master_key: SymmetricKey,
+}
+
+#[async_trait]
+pub trait LoginProvider {
+ async fn login(&self, username: &str, password: &str) -> Result<Credentials>;
+}
diff --git a/src/login/static_provider.rs b/src/login/static_provider.rs
new file mode 100644
index 0000000..037948a
--- /dev/null
+++ b/src/login/static_provider.rs
@@ -0,0 +1,61 @@
+use std::collections::HashMap;
+
+use anyhow::{anyhow, bail, Result};
+use async_trait::async_trait;
+use rusoto_signature::Region;
+
+use crate::config::*;
+use crate::cryptoblob::Key;
+use crate::login::*;
+
+pub struct StaticLoginProvider {
+ default_bucket: Option<String>,
+ users: HashMap<String, LoginStaticUser>,
+ k2v_region: Region,
+}
+
+impl StaticLoginProvider {
+ pub fn new(config: LoginStaticConfig, k2v_region: Region) -> Result<Self> {
+ Ok(Self {
+ default_bucket: config.default_bucket,
+ users: config.users,
+ k2v_region,
+ })
+ }
+}
+
+#[async_trait]
+impl LoginProvider for StaticLoginProvider {
+ async fn login(&self, username: &str, password: &str) -> Result<Credentials> {
+ match self.users.get(username) {
+ None => bail!("User {} does not exist", username),
+ Some(u) => {
+ if u.password != password {
+ // TODO cryptographic password compare
+ bail!("Wrong password");
+ }
+ let bucket = u
+ .bucket
+ .clone()
+ .or_else(|| self.default_bucket.clone())
+ .ok_or(anyhow!(
+ "No bucket configured and no default bucket specieid"
+ ))?;
+
+ // TODO if master key is not specified, retrieve it from K2V key storage
+ let master_key_str = u.master_key.as_ref().ok_or(anyhow!(
+ "Master key must be specified in config file for now, this will change"
+ ))?;
+ let master_key = Key::from_slice(&base64::decode(master_key_str)?)
+ .ok_or(anyhow!("Invalid master key"))?;
+
+ Ok(Credentials {
+ aws_access_key_id: u.aws_access_key_id.clone(),
+ aws_secret_access_key: u.aws_secret_access_key.clone(),
+ bucket,
+ master_key,
+ })
+ }
+ }
+ }
+}