buzzert/Kordophone
Private
Public Access
1
0
Fork 0
Code Packages Activity

client: actually do authentication properly

Browse Source
This commit is contained in:
James Magahern
2025-05-01 01:02:36 -07:00
parent 59cfc8008b
commit fd4c43d585
7 changed files with 105 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
kordophone-db/src/database.rs
View File

@@ -8,9 +8,6 @@ pub use tokio::sync::Mutex;
use crate::repository::Repository; use crate::repository::Repository;
use crate::settings::Settings; use crate::settings::Settings;
pub use kordophone::api::TokenStore;
use kordophone::model::JwtToken;
use diesel_migrations::{embed_migrations, EmbeddedMigrations, MigrationHarness}; use diesel_migrations::{embed_migrations, EmbeddedMigrations, MigrationHarness};
pub const MIGRATIONS: EmbeddedMigrations = embed_migrations!(); pub const MIGRATIONS: EmbeddedMigrations = embed_migrations!();
@@ -86,19 +83,3 @@ impl DatabaseAccess for Arc<Mutex<Database>> {
database.with_settings(f).await database.with_settings(f).await
} }
} }
static TOKEN_KEY: &str = "token";
#[async_trait]
impl TokenStore for Database {
async fn get_token(&mut self) -> Option<JwtToken> {
self.with_settings(|settings| {
let token: Result<Option<JwtToken>> = settings.get(TOKEN_KEY);
token.unwrap_or_default()
}).await
}
async fn set_token(&mut self, token: JwtToken) {
self.with_settings(|settings| settings.put(TOKEN_KEY, &token).unwrap()).await;
}
}

45
kordophone/src/api/http_client.rs
View File

@@ -3,7 +3,7 @@ extern crate serde;
use std::{path::PathBuf, str}; use std::{path::PathBuf, str};
use crate::api::TokenStore; use crate::api::AuthenticationStore;
use hyper::{Body, Client, Method, Request, Uri}; use hyper::{Body, Client, Method, Request, Uri};
use async_trait::async_trait; use async_trait::async_trait;
@@ -16,10 +16,9 @@ use crate::{
type HttpClient = Client<hyper::client::HttpConnector>; type HttpClient = Client<hyper::client::HttpConnector>;
pub struct HTTPAPIClient<K: TokenStore + Send + Sync> { pub struct HTTPAPIClient<K: AuthenticationStore + Send + Sync> {
pub base_url: Uri, pub base_url: Uri,
pub token_store: K, pub auth_store: K,
credentials: Option<Credentials>,
client: HttpClient, client: HttpClient,
} }
@@ -92,7 +91,7 @@ impl<B> AuthSetting for hyper::http::Request<B> {
} }
#[async_trait] #[async_trait]
impl<K: TokenStore + Send + Sync> APIInterface for HTTPAPIClient<K> { impl<K: AuthenticationStore + Send + Sync> APIInterface for HTTPAPIClient<K> {
type Error = Error; type Error = Error;
async fn get_version(&mut self) -> Result<String, Self::Error> { async fn get_version(&mut self) -> Result<String, Self::Error> {
@@ -111,10 +110,15 @@ impl<K: TokenStore + Send + Sync> APIInterface for HTTPAPIClient<K> {
jwt: String, jwt: String,
} }
log::debug!("Authenticating with username: {:?}", credentials.username);
let body = || -> Body { serde_json::to_string(&credentials).unwrap().into() }; let body = || -> Body { serde_json::to_string(&credentials).unwrap().into() };
let token: AuthResponse = self.request_with_body_retry("authenticate", Method::POST, body, false).await?; let token: AuthResponse = self.request_with_body_retry("authenticate", Method::POST, body, false).await?;
let token = JwtToken::new(&token.jwt).map_err(|_| Error::DecodeError)?; let token = JwtToken::new(&token.jwt).map_err(|_| Error::DecodeError)?;
self.token_store.set_token(token.clone()).await;
log::debug!("Saving token: {:?}", token);
self.auth_store.set_token(token.clone()).await;
Ok(token) Ok(token)
} }
@@ -144,12 +148,11 @@ impl<K: TokenStore + Send + Sync> APIInterface for HTTPAPIClient<K> {
} }
} }
impl<K: TokenStore + Send + Sync> HTTPAPIClient<K> { impl<K: AuthenticationStore + Send + Sync> HTTPAPIClient<K> {
pub fn new(base_url: Uri, credentials: Option<Credentials>, token_store: K) -> HTTPAPIClient<K> { pub fn new(base_url: Uri, auth_store: K) -> HTTPAPIClient<K> {
HTTPAPIClient { HTTPAPIClient {
base_url, base_url,
credentials, auth_store,
token_store,
client: Client::new(), client: Client::new(),
} }
} }
@@ -198,7 +201,7 @@ impl<K: TokenStore + Send + Sync> HTTPAPIClient<K> {
.expect("Unable to build request") .expect("Unable to build request")
}; };
let token = self.token_store.get_token().await; let token = self.auth_store.get_token().await;
let request = build_request(&token); let request = build_request(&token);
let mut response = self.client.request(request).await?; let mut response = self.client.request(request).await?;
@@ -213,11 +216,14 @@ impl<K: TokenStore + Send + Sync> HTTPAPIClient<K> {
return Err(Error::ClientError("Unauthorized".into())); return Err(Error::ClientError("Unauthorized".into()));
} }
if let Some(credentials) = &self.credentials { if let Some(credentials) = &self.auth_store.get_credentials().await {
self.authenticate(credentials.clone()).await?; log::debug!("Renewing token using credentials: u: {:?}", credentials.username);
let new_token = self.authenticate(credentials.clone()).await?;
let request = build_request(&token); let request = build_request(&Some(new_token));
response = self.client.request(request).await?; response = self.client.request(request).await?;
} else {
return Err(Error::ClientError("Unauthorized, no credentials provided".into()));
} }
}, },
@@ -233,6 +239,9 @@ impl<K: TokenStore + Send + Sync> HTTPAPIClient<K> {
let parsed: T = match serde_json::from_slice(&body) { let parsed: T = match serde_json::from_slice(&body) {
Ok(result) => Ok(result), Ok(result) => Ok(result),
Err(json_err) => { Err(json_err) => {
log::error!("Error deserializing JSON: {:?}", json_err);
log::error!("Body: {:?}", String::from_utf8_lossy(&body));
// If JSON deserialization fails, try to interpret it as plain text // If JSON deserialization fails, try to interpret it as plain text
// Unfortunately the server does return things like this... // Unfortunately the server does return things like this...
let s = str::from_utf8(&body).map_err(|_| Error::DecodeError)?; let s = str::from_utf8(&body).map_err(|_| Error::DecodeError)?;
@@ -247,17 +256,17 @@ impl<K: TokenStore + Send + Sync> HTTPAPIClient<K> {
#[cfg(test)] #[cfg(test)]
mod test { mod test {
use super::*; use super::*;
use crate::api::InMemoryTokenStore; use crate::api::InMemoryAuthenticationStore;
#[cfg(test)] #[cfg(test)]
fn local_mock_client() -> HTTPAPIClient<InMemoryTokenStore> { fn local_mock_client() -> HTTPAPIClient<InMemoryAuthenticationStore> {
let base_url = "http://localhost:5738".parse().unwrap(); let base_url = "http://localhost:5738".parse().unwrap();
let credentials = Credentials { let credentials = Credentials {
username: "test".to_string(), username: "test".to_string(),
password: "test".to_string(), password: "test".to_string(),
}; };
HTTPAPIClient::new(base_url, credentials.into(), InMemoryTokenStore::new()) HTTPAPIClient::new(base_url, InMemoryAuthenticationStore::new(Some(credentials)))
} }
#[cfg(test)] #[cfg(test)]

25
kordophone/src/api/mod.rs
View File

@@ -33,29 +33,38 @@ pub trait APIInterface {
} }
#[async_trait] #[async_trait]
pub trait TokenStore { pub trait AuthenticationStore {
async fn get_credentials(&mut self) -> Option<Credentials>;
async fn get_token(&mut self) -> Option<JwtToken>; async fn get_token(&mut self) -> Option<JwtToken>;
async fn set_token(&mut self, token: JwtToken); async fn set_token(&mut self, token: JwtToken);
} }
pub struct InMemoryTokenStore { pub struct InMemoryAuthenticationStore {
credentials: Option<Credentials>,
token: Option<JwtToken>, token: Option<JwtToken>,
} }
impl Default for InMemoryTokenStore { impl Default for InMemoryAuthenticationStore {
fn default() -> Self { fn default() -> Self {
Self::new() Self::new(None)
} }
} }
impl InMemoryTokenStore { impl InMemoryAuthenticationStore {
pub fn new() -> Self { pub fn new(credentials: Option<Credentials>) -> Self {
Self { token: None } Self {
credentials,
token: None,
}
} }
} }
#[async_trait] #[async_trait]
impl TokenStore for InMemoryTokenStore { impl AuthenticationStore for InMemoryAuthenticationStore {
async fn get_credentials(&mut self) -> Option<Credentials> {
self.credentials.clone()
}
async fn get_token(&mut self) -> Option<JwtToken> { async fn get_token(&mut self) -> Option<JwtToken> {
self.token.clone() self.token.clone()
} }

68
kordophoned/src/daemon/mod.rs
View File

@@ -1,5 +1,6 @@
pub mod settings; pub mod settings;
use settings::Settings; use settings::Settings;
use settings::keys as SettingsKey;
pub mod events; pub mod events;
use events::*; use events::*;
@@ -26,7 +27,7 @@ use kordophone::model::JwtToken;
use kordophone::api::{ use kordophone::api::{
http_client::{Credentials, HTTPAPIClient}, http_client::{Credentials, HTTPAPIClient},
APIInterface, APIInterface,
TokenStore, AuthenticationStore,
}; };
#[derive(Debug, Error)] #[derive(Debug, Error)]
@@ -37,18 +38,52 @@ pub enum DaemonError {
pub type DaemonResult<T> = Result<T, Box<dyn Error + Send + Sync>>; pub type DaemonResult<T> = Result<T, Box<dyn Error + Send + Sync>>;
struct DatabaseTokenStore { struct DatabaseAuthenticationStore {
database: Arc<Mutex<Database>>, database: Arc<Mutex<Database>>,
} }
#[async_trait] #[async_trait]
impl TokenStore for DatabaseTokenStore { impl AuthenticationStore for DatabaseAuthenticationStore {
async fn get_credentials(&mut self) -> Option<Credentials> {
self.database.lock().await.with_settings(|settings| {
let username: Option<String> = settings.get::<String>(SettingsKey::USERNAME)
.unwrap_or_else(|e| {
log::warn!("error getting username from database: {}", e);
None
});
// TODO: This would be the point where we map from credential item to password.
let password: String = settings.get::<String>(SettingsKey::CREDENTIAL_ITEM)
.unwrap_or_else(|e| {
log::warn!("error getting password from database: {}", e);
None
})
.unwrap_or_else(|| {
log::warn!("warning: no password in database, [DEBUG] using default password");
"test".to_string()
});
if username.is_none() {
log::warn!("Username not present in database");
}
match (username, password) {
(Some(username), password) => Some(Credentials { username, password }),
_ => None,
}
}).await
}
async fn get_token(&mut self) -> Option<JwtToken> { async fn get_token(&mut self) -> Option<JwtToken> {
self.database.lock().await.get_token().await self.database.lock().await
.with_settings(|settings| settings.get::<JwtToken>(SettingsKey::TOKEN).unwrap_or_default()).await
} }
async fn set_token(&mut self, token: JwtToken) { async fn set_token(&mut self, token: JwtToken) {
self.database.lock().await.set_token(token).await; self.database.lock().await
.with_settings(|settings| settings.put(SettingsKey::TOKEN, &token)).await.unwrap_or_else(|e| {
log::error!("Failed to set token: {}", e);
});
} }
} }
@@ -252,9 +287,7 @@ impl Daemon {
} }
async fn get_settings(&mut self) -> Result<Settings> { async fn get_settings(&mut self) -> Result<Settings> {
let settings = self.database.with_settings(Settings::from_db let settings = self.database.with_settings(Settings::from_db).await?;
).await?;
Ok(settings) Ok(settings)
} }
@@ -262,30 +295,19 @@ impl Daemon {
self.database.with_settings(|s| settings.save(s)).await self.database.with_settings(|s| settings.save(s)).await
} }
async fn get_client(&mut self) -> Result<HTTPAPIClient<DatabaseTokenStore>> { async fn get_client(&mut self) -> Result<HTTPAPIClient<DatabaseAuthenticationStore>> {
Self::get_client_impl(&mut self.database).await Self::get_client_impl(&mut self.database).await
} }
async fn get_client_impl(database: &mut Arc<Mutex<Database>>) -> Result<HTTPAPIClient<DatabaseTokenStore>> { async fn get_client_impl(database: &mut Arc<Mutex<Database>>) -> Result<HTTPAPIClient<DatabaseAuthenticationStore>> {
let settings = database.with_settings(Settings::from_db let settings = database.with_settings(Settings::from_db).await?;
).await?;
let server_url = settings.server_url let server_url = settings.server_url
.ok_or(DaemonError::ClientNotConfigured)?; .ok_or(DaemonError::ClientNotConfigured)?;
let client = HTTPAPIClient::new( let client = HTTPAPIClient::new(
server_url.parse().unwrap(), server_url.parse().unwrap(),
DatabaseAuthenticationStore { database: database.clone() }
match (settings.username, settings.credential_item) {
(Some(username), Some(password)) => Some(
Credentials {
username,
password,
}
),
_ => None,
},
DatabaseTokenStore { database: database.clone() }
); );
Ok(client) Ok(client)

10
kordophoned/src/daemon/settings.rs
View File

@@ -1,10 +1,11 @@
use kordophone_db::settings::Settings as DbSettings; use kordophone_db::settings::Settings as DbSettings;
use anyhow::Result; use anyhow::Result;
mod keys { pub mod keys {
pub static SERVER_URL: &str = "ServerURL"; pub static SERVER_URL: &str = "ServerURL";
pub static USERNAME: &str = "Username"; pub static USERNAME: &str = "Username";
pub static CREDENTIAL_ITEM: &str = "CredentialItem"; pub static CREDENTIAL_ITEM: &str = "CredentialItem";
pub static TOKEN: &str = "Token";
} }
#[derive(Debug)] #[derive(Debug)]
@@ -13,6 +14,7 @@ pub struct Settings {
pub server_url: Option<String>, pub server_url: Option<String>,
pub username: Option<String>, pub username: Option<String>,
pub credential_item: Option<String>, pub credential_item: Option<String>,
pub token: Option<String>,
} }
impl Settings { impl Settings {
@@ -20,11 +22,12 @@ impl Settings {
let server_url: Option<String> = db_settings.get(keys::SERVER_URL)?; let server_url: Option<String> = db_settings.get(keys::SERVER_URL)?;
let username: Option<String> = db_settings.get(keys::USERNAME)?; let username: Option<String> = db_settings.get(keys::USERNAME)?;
let credential_item: Option<String> = db_settings.get(keys::CREDENTIAL_ITEM)?; let credential_item: Option<String> = db_settings.get(keys::CREDENTIAL_ITEM)?;
let token: Option<String> = db_settings.get(keys::TOKEN)?;
Ok(Self { Ok(Self {
server_url, server_url,
username, username,
credential_item, credential_item,
token,
}) })
} }
@@ -38,6 +41,9 @@ impl Settings {
if let Some(credential_item) = &self.credential_item { if let Some(credential_item) = &self.credential_item {
db_settings.put(keys::CREDENTIAL_ITEM, &credential_item)?; db_settings.put(keys::CREDENTIAL_ITEM, &credential_item)?;
} }
if let Some(token) = &self.token {
db_settings.put(keys::TOKEN, &token)?;
}
Ok(()) Ok(())
} }
} }

4
kordophoned/src/dbus/server_impl.rs
View File

@@ -108,6 +108,7 @@ impl DbusSettings for ServerImpl {
server_url: Some(url), server_url: Some(url),
username: Some(user), username: Some(user),
credential_item: None, credential_item: None,
token: None,
}, r) }, r)
) )
} }
@@ -123,6 +124,7 @@ impl DbusSettings for ServerImpl {
server_url: Some(value), server_url: Some(value),
username: None, username: None,
credential_item: None, credential_item: None,
token: None,
}, r) }, r)
) )
} }
@@ -138,6 +140,7 @@ impl DbusSettings for ServerImpl {
server_url: None, server_url: None,
username: Some(value), username: Some(value),
credential_item: None, credential_item: None,
token: None,
}, r) }, r)
) )
} }
@@ -153,6 +156,7 @@ impl DbusSettings for ServerImpl {
server_url: None, server_url: None,
username: None, username: None,
credential_item: Some(value.to_string()), credential_item: Some(value.to_string()),
token: None,
}, r) }, r)
) )
} }

8
kpcli/src/client/mod.rs
View File

@@ -1,13 +1,13 @@
use kordophone::APIInterface; use kordophone::APIInterface;
use kordophone::api::http_client::HTTPAPIClient; use kordophone::api::http_client::HTTPAPIClient;
use kordophone::api::http_client::Credentials; use kordophone::api::http_client::Credentials;
use kordophone::api::InMemoryTokenStore; use kordophone::api::InMemoryAuthenticationStore;
use anyhow::Result; use anyhow::Result;
use clap::Subcommand; use clap::Subcommand;
use crate::printers::{ConversationPrinter, MessagePrinter}; use crate::printers::{ConversationPrinter, MessagePrinter};
pub fn make_api_client_from_env() -> HTTPAPIClient<InMemoryTokenStore> { pub fn make_api_client_from_env() -> HTTPAPIClient<InMemoryAuthenticationStore> {
dotenv::dotenv().ok(); dotenv::dotenv().ok();
// read from env // read from env
@@ -22,7 +22,7 @@ pub fn make_api_client_from_env() -> HTTPAPIClient<InMemoryTokenStore> {
.expect("KORDOPHONE_PASSWORD must be set"), .expect("KORDOPHONE_PASSWORD must be set"),
}; };
HTTPAPIClient::new(base_url.parse().unwrap(), credentials.into(), InMemoryTokenStore::new()) HTTPAPIClient::new(base_url.parse().unwrap(), InMemoryAuthenticationStore::new(Some(credentials)))
} }
#[derive(Subcommand)] #[derive(Subcommand)]
@@ -51,7 +51,7 @@ impl Commands {
} }
struct ClientCli { struct ClientCli {
api: HTTPAPIClient<InMemoryTokenStore>, api: HTTPAPIClient<InMemoryAuthenticationStore>,
} }
impl ClientCli { impl ClientCli {